Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: HanXHX/ansible-nginx
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 1.6.0
Choose a base ref
...
head repository: HanXHX/ansible-nginx
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: master
Choose a head ref

Commits on Apr 26, 2019

  1. Remove obsolete code (php 5.6 support) (#41)

    Closes #39
    HanXHX authored Apr 26, 2019
    Copy the full SHA
    247f849 View commit details
  2. Fix lints warnings (#40)

    * Add new filter plugins related to SSL
    * Ignore lint on few tasks
    HanXHX authored Apr 26, 2019
    Copy the full SHA
    39d3f5f View commit details

Commits on Apr 30, 2019

  1. Reload nginx with acme.sh

    Sometimes fu****** systemd don't want you to restart nginx in a loop. I
    t crashes the role.
    HanXHX committed Apr 30, 2019
    Copy the full SHA
    cf010e4 View commit details

Commits on May 3, 2019

  1. Copy the full SHA
    bb5e00d View commit details

Commits on Aug 7, 2019

  1. Cache fonts

    HanXHX committed Aug 7, 2019
    Copy the full SHA
    f5885c5 View commit details

Commits on Aug 20, 2019

  1. Copy the full SHA
    9933106 View commit details

Commits on Dec 26, 2019

  1. Copy the full SHA
    c524b97 View commit details
  2. Fix install role

    HanXHX committed Dec 26, 2019
    Copy the full SHA
    21edb6b View commit details
  3. Fix tests on Sury

    HanXHX committed Dec 26, 2019
    Copy the full SHA
    1280a44 View commit details
  4. Ajout symfony template

    HanXHX committed Dec 26, 2019
    Copy the full SHA
    2a612a5 View commit details

Commits on Dec 29, 2019

  1. Copy the full SHA
    a9a72dd View commit details
  2. [WIP] Working on FreeBSD tests

    Replace ngrok by serveo.net?
    HanXHX committed Dec 29, 2019
    Copy the full SHA
    4a2478a View commit details

Commits on Dec 30, 2019

  1. Fix some issues:

    - "main_name" is name/name[0] not filename
    - improve some tests
    - better proxy protocol handling (not necessary to declare ports twice)
    HanXHX committed Dec 30, 2019
    Copy the full SHA
    9b286f9 View commit details
  2. Add tests on proxy protocol

    HanXHX committed Dec 30, 2019
    Copy the full SHA
    2f8ce00 View commit details

Commits on Dec 31, 2019

  1. Better SSL management

    - Use filter plugins
    - Acme: can use proxy protocol
    - Acme: uses all sites name
    - Acme: add more tests while crashing
    HanXHX committed Dec 31, 2019
    Copy the full SHA
    729173c View commit details
  2. DH length 4096 -> 2048

    HanXHX committed Dec 31, 2019
    Copy the full SHA
    a1e7645 View commit details
  3. Copy the full SHA
    0363a37 View commit details
  4. Copy the full SHA
    5cdd1a8 View commit details

Commits on Jan 1, 2020

  1. Compat with python3

    HanXHX committed Jan 1, 2020
    Copy the full SHA
    8c3b1c7 View commit details

Commits on Feb 4, 2020

  1. Fix SSL with multiple names

    HanXHX committed Feb 4, 2020
    Copy the full SHA
    d8f6088 View commit details
  2. Copy the full SHA
    93b90c7 View commit details
  3. Copy the full SHA
    1e7a0fc View commit details
  4. Typofix

    HanXHX committed Feb 4, 2020
    Copy the full SHA
    3e228d0 View commit details

Commits on May 18, 2020

  1. Compat python3

    HanXHX committed May 18, 2020
    Copy the full SHA
    4c63efa View commit details

Commits on Aug 24, 2020

  1. Drop Backuppc support

    HanXHX committed Aug 24, 2020
    Copy the full SHA
    da08953 View commit details
  2. Manage custom templates for sites

    Issue #12 related
    HanXHX committed Aug 24, 2020
    Copy the full SHA
    204e957 View commit details
  3. Copy the full SHA
    0f8688f View commit details
  4. Copy the full SHA
    40ebe61 View commit details

Commits on Sep 1, 2021

  1. Copy the full SHA
    8b73a83 View commit details
  2. Copy the full SHA
    8268eb2 View commit details
  3. Drop Backuppc support

    HanXHX committed Sep 1, 2021
    Copy the full SHA
    6e5fce0 View commit details
  4. Copy the full SHA
    bdddb06 View commit details
  5. Fix yaml lint

    HanXHX committed Sep 1, 2021
    Copy the full SHA
    6c7e0c2 View commit details
  6. Fix Ansible Lint

    HanXHX committed Sep 1, 2021
    Copy the full SHA
    a2780d3 View commit details
  7. Fix Ansible Lint

    HanXHX committed Sep 1, 2021
    Copy the full SHA
    8c6c4dc View commit details
  8. Copy the full SHA
    6aea2bc View commit details

Commits on Sep 3, 2021

  1. Copy the full SHA
    5e2f988 View commit details
  2. Fix ansible lint

    HanXHX committed Sep 3, 2021
    Copy the full SHA
    297dc1f View commit details

Commits on Sep 10, 2021

  1. Copy the full SHA
    8de5573 View commit details
  2. Some changes on acme.sh install process

    - Remove useless git directory
    - Force use letsencrypt as default CA
    HanXHX committed Sep 10, 2021
    Copy the full SHA
    0622f8a View commit details
  3. Code refactoring on tests

    HanXHX committed Sep 10, 2021
    Copy the full SHA
    7135bc6 View commit details
  4. Fix passlib install

    - Do not break idempotence on Debian Stretch
    - Python 2 must not be used now...
    HanXHX committed Sep 10, 2021
    Copy the full SHA
    815e391 View commit details
  5. Quickfix on invalid FQDN

    HanXHX committed Sep 10, 2021
    Copy the full SHA
    2654300 View commit details
  6. Drop Debian Stretch support

    HanXHX committed Sep 10, 2021
    Copy the full SHA
    55e075a View commit details

Commits on Nov 25, 2022

  1. Fix linter

    HanXHX committed Nov 25, 2022
    Copy the full SHA
    9f727ad View commit details

Commits on May 31, 2023

  1. 🙈 Ignore pycharm files

    HanXHX committed May 31, 2023
    Copy the full SHA
    3b69a4f View commit details
  2. 🔒 Modernize TLS helpers

    HanXHX committed May 31, 2023
    Copy the full SHA
    2574377 View commit details
  3. 🚨 Fix linter

    HanXHX committed May 31, 2023
    Copy the full SHA
    d262ddd View commit details
  4. 🚀 Add core options

    HanXHX committed May 31, 2023
    Copy the full SHA
    c552dd3 View commit details
  5. ✨ Add Debian 12 and CI

    HanXHX committed May 31, 2023
    Copy the full SHA
    c834420 View commit details
Showing with 1,988 additions and 1,132 deletions.
  1. +4 −0 .ansible-lint
  2. +43 −0 .github/workflows/ci.yml
  3. +17 −0 .github/workflows/galaxy.yml
  4. +43 −0 .github/workflows/molecule.yml
  5. +2 −0 .gitignore
  6. +0 −40 .travis.yml
  7. +6 −0 .yamllint.yml
  8. +41 −14 README.md
  9. +17 −9 Vagrantfile
  10. +17 −3 defaults/main.yml
  11. +0 −5 doc/freebsd.md
  12. +6 −7 doc/php.md
  13. +85 −17 doc/site.md
  14. +4 −4 doc/ssl.md
  15. +50 −2 filter_plugins/nginx.py
  16. +1 −16 filter_plugins/php.py
  17. +6 −38 handlers/main.yml
  18. +29 −21 meta/main.yml
  19. +19 −0 molecule/_shared/Dockerfile.j2
  20. +39 −0 molecule/_shared/base.yml
  21. +20 −0 molecule/_shared/converge.yml
  22. +19 −0 molecule/_shared/file/test.crt
  23. +28 −0 molecule/_shared/file/test.key
  24. +15 −0 molecule/_shared/prepare.yml
  25. +7 −0 molecule/_shared/requirements.yml
  26. +16 −0 molecule/_shared/templates/custom_template.conf.j2
  27. +259 −0 molecule/_shared/vars/misc.yml
  28. +19 −0 molecule/_shared/verify.yml
  29. +13 −0 molecule/debian-10/molecule.yml
  30. +13 −0 molecule/debian-11/molecule.yml
  31. +13 −0 molecule/debian-12/molecule.yml
  32. 0 molecule/default/.gitkeep
  33. +20 −0 molecule/ubuntu-20.04/molecule.yml
  34. +13 −0 molecule/ubuntu-22.04/molecule.yml
  35. +4 −0 requirements.yml
  36. +22 −10 tasks/config.yml
  37. +7 −4 tasks/htpasswd.yml
  38. +27 −0 tasks/install/Debian.yml
  39. +17 −17 tasks/{install_FreeBSD.yml → install/FreeBSD.yml}
  40. +36 −0 tasks/install/acme.yml
  41. +8 −0 tasks/install/main.yml
  42. +0 −60 tasks/install_Debian.yml
  43. +8 −8 tasks/main.yml
  44. +20 −7 tasks/prepare.yml
  45. +39 −20 tasks/site.yml
  46. +81 −71 tasks/ssl/acme.yml
  47. +2 −2 tasks/ssl/main.yml
  48. +54 −35 tasks/ssl/standard.yml
  49. +12 −13 tasks/upstream.yml
  50. +11 −3 templates/etc/nginx/conf.d/FAKESITE.conf.j2
  51. +13 −4 templates/etc/nginx/conf.d/php.conf.j2
  52. +14 −8 templates/etc/nginx/helper/ssl-legacy.j2
  53. +11 −9 templates/etc/nginx/helper/ssl-strong.j2
  54. +3 −0 templates/etc/nginx/nginx.conf.j2
  55. +0 −33 templates/etc/nginx/sites-available/_backuppc.j2
  56. +42 −21 templates/etc/nginx/sites-available/_base.j2
  57. +1 −13 templates/etc/nginx/sites-available/_php.j2
  58. +1 −2 templates/etc/nginx/sites-available/_php_index.j2
  59. +1 −2 templates/etc/nginx/sites-available/_php_index2.j2
  60. +27 −0 templates/etc/nginx/sites-available/_symfony.j2
  61. +252 −0 tests/group_vars/all.yml
  62. +0 −18 tests/includes/post_Debian.yml
  63. +0 −22 tests/includes/post_FreeBSD.yml
  64. +262 −0 tests/includes/post_common.yml
  65. +43 −41 tests/includes/pre_Debian.yml
  66. +12 −12 tests/includes/pre_FreeBSD.yml
  67. +43 −13 tests/includes/pre_common.yml
  68. +16 −0 tests/templates/custom_template.conf.j2
  69. +8 −500 tests/test.yml
  70. +2 −3 vars/Debian.yml
  71. +2 −3 vars/FreeBSD.yml
  72. +3 −2 vars/main.yml
4 changes: 4 additions & 0 deletions .ansible-lint
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---

enable_list:
- fqcn-builtins
43 changes: 43 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
---

name: ci
'on':
pull_request:
push:
branches:
- master

jobs:

yaml-lint:
name: YAML Lint
runs-on: ubuntu-latest
steps:

- name: Fetch code
uses: actions/checkout@v3

- name: Set up Python 3.
uses: actions/setup-python@v2
with:
python-version: '3.x'

- name: Install test dependencies.
run: pip3 install yamllint

- name: Lint code.
run: |
yamllint .
ansible-lint:
name: Ansible Lint
runs-on: ubuntu-latest

steps:
- name: Fetch code
uses: actions/checkout@v3
with:
fetch-depth: 0

- name: Run ansible-lint
uses: ansible/ansible-lint-action@v6.15.0
17 changes: 17 additions & 0 deletions .github/workflows/galaxy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---

name: Deploy on Ansible Galaxy

'on':
- push

jobs:
build:
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
- name: galaxy
uses: robertdebock/galaxy-action@1.2.0
with:
galaxy_api_key: ${{ secrets.galaxy_api_key }}
43 changes: 43 additions & 0 deletions .github/workflows/molecule.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
---

name: Molecule

'on':
pull_request:
push:
branches:
- master

jobs:
build:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
scenario:
- debian-10
- debian-11
- debian-12
- ubuntu-22.04
allowed-to-fail:
- false
include:
- scenario: ubuntu-20.04
allowed-to-fail: true

steps:
- name: Checkout
uses: actions/checkout@v3
with:
path: "${{ github.repository }}"

- name: Molecule
uses: gofrolist/molecule-action@v2.3.19
with:
molecule_options: --base-config molecule/_shared/base.yml
molecule_args: --scenario-name ${{ matrix.scenario }}
molecule_working_dir: "HanXHX/ansible-nginx"
continue-on-error: ${{ matrix.allowed-to-fail }}

- name: Fake command
run: echo "End of job"
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -2,3 +2,5 @@
*.swp
*.retry
*.pyc
/tests/hanxhx.php
/.idea
40 changes: 0 additions & 40 deletions .travis.yml

This file was deleted.

6 changes: 6 additions & 0 deletions .yamllint.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
---

extends: default

rules:
line-length: disable
55 changes: 41 additions & 14 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
Nginx for Debian/FreeBSD Ansible role
=====================================

[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.nginx-blue.svg)](https://galaxy.ansible.com/HanXHX/nginx/) [![Build Status](https://travis-ci.org/HanXHX/ansible-nginx.svg?branch=master)](https://travis-ci.org/HanXHX/ansible-nginx)
[![Ansible Galaxy](http://img.shields.io/badge/ansible--galaxy-HanXHX.nginx-blue.svg)](https://galaxy.ansible.com/HanXHX/nginx/) ![GitHub Workflow Status (master branch)](https://img.shields.io/github/actions/workflow/status/hanxhx/ansible-nginx/molecule.yml?branch=master)

Install and configure Nginx on Debian/FreeBSD.

@@ -20,18 +20,23 @@ Features:

Supported OS:

| OS | Working | Stable (active support) |
| ------------------ | ------- | ----------------------- |
| Debian Jessie (8) | Yes | Check latest supported version ([1.5.0](https://github.com/HanXHX/ansible-nginx/releases/tag/1.5.0)) |
| Debian Stretch (9) | Yes | Yes |
| Debian Buster (10) | Yes | No |
| FreeBSD 11 | Yes | No |
| FreeBSD 12 | Yes | No |
| OS | Working | Stable (active support) |
|----------------------|---------|------------------------------------------------------------------------------------------------------|
| Debian Jessie (8) | Yes | Check latest supported version ([1.5.0](https://github.com/HanXHX/ansible-nginx/releases/tag/1.5.0)) |
| Debian Stretch (9) | Yes | Check latest supported version ([1.9.0](https://github.com/HanXHX/ansible-nginx/releases/tag/1.9.0)) |
| Debian Buster (10) | Yes | Yes |
| Debian Bullseye (11) | Yes | Yes |
| Debian Bookworm (12) | Yes | Not yet :) |
| FreeBSD 11 | NA | No |
| FreeBSD 12 | NA | No |
| Ubuntu 20.04 | Yes | Yes |
| Ubuntu 22.04 | Yes | Yes |

Requirements
------------

Ansible 2.6+. If you set true to `nginx_backports`, you must install backports repository before lauching this role.
- Ansible >=2.11
- If you set true to `nginx_backports`, you must install backports repository before lauching this role.

Role Variables
--------------
@@ -55,6 +60,7 @@ FreeBSD:
- `nginx_error_log_level`: default log level
- `nginx_auto_config_httpv2`: boolean, auto configure HTTP2 where possible
- `nginx_fastcgi_fix_realpath`: boolean, use realpath for fastcgi (fix problems with symlinks and PHP opcache)
- `nginx_default_hsts`: string, default header sent for HSTS

### Nginx Configuration

@@ -63,13 +69,14 @@ FreeBSD:
- `nginx_pid`: daemon pid file
- `nginx_events_*`: all variables in events block
- `nginx_http_*`: all variables in http block
- `nginx_custom_core`: instructions list (for core, will put data in `/etc/nginx/nginx.conf`)
- `nginx_custom_http`: instructions list (will put data in `/etc/nginx/conf.d/custom.conf`)
- `nginx_module_packages`: package list module to install (Debian)
- `nginx_load_modules`: module list to load (full path), should be used only on FreeBSD

### Misc

- `nginx_debug_role`: set _true_ if you need to see output of no\_log tasks
- `nginx_debug_role`: set _true_ if you need to see output of no\_log tasks

About modules
-------------
@@ -96,14 +103,34 @@ Fine configuration
Note
----

- Active support for Debian.
- FreeBSD support is experimental (no Travis). I only test (for the moment) 10.2 (but it can work on other versions).
- I don't manage BackupPC for FreeBSD (PR welcome).
- Active support for Debian/Ubuntu.
- FreeBSD support is experimental. I only test (for the moment) 10.2 (but it can work on other versions).

Dependencies
------------

None
See: [requirements.yml](requirements.yml).


If you need to dev this role locally on Vagrant
------------------------------------------------

Before use vagrant, run once:

```commandline
ansible-galaxy install -p ./tests/ HanXHX.php,master
```

If you need to dev this role locally with molecule
--------------------------------------------------

Check available scenarios in [molecule](molecule) directory.

With `debian-12` scenario:

```commandline
molecule -v -c molecule/_shared/base.yml verify -s debian-12
```

Example Playbook
----------------
26 changes: 17 additions & 9 deletions Vagrantfile
Original file line number Diff line number Diff line change
@@ -6,20 +6,18 @@
Vagrant.configure("2") do |config|

vms_debian = [
{ :name => "debian-stretch", :box => "debian/stretch64", :vars => { "nginx_php": [{"version": "7.0"}] }},
{ :name => "debian-stretch-sury", :box => "debian/stretch64", :vars => { "nginx_php": [{"version": "7.1"}], "sury": true }},
{ :name => "debian-buster", :box => "debian/buster64", :vars => { "nginx_php": [{"version": "7.3"}] }}
{ :name => "debian-buster", :box => "debian/buster64", :vars => {} },
{ :name => "debian-bullseye", :box => "debian/bullseye64", :vars => {} }
]

vms_freebsd = [
{ :name => "freebsd-11", :box => "freebsd/FreeBSD-11.1-STABLE", :vars => {} },
{ :name => "freebsd-12", :box => "freebsd/FreeBSD-12.0-CURRENT", :vars => {} }
{ :name => "freebsd-11", :box => "freebsd/FreeBSD-11.3-STABLE", :vars => {} },
{ :name => "freebsd-12", :box => "freebsd/FreeBSD-12.1-STABLE", :vars => {} }
]

conts = [
{ :name => "docker-debian-stretch", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { "nginx_php": [{"version": "7.0"}] }},
{ :name => "docker-debian-stretch-sury", :docker => "hanxhx/vagrant-ansible:debian9", :vars => { "nginx_php": [{"version": "7.1"}], "sury": true }},
{ :name => "docker-debian-buster", :docker => "hanxhx/vagrant-ansible:debian10", :vars => { "nginx_php": [{"version": "7.3"}] }},
{ :name => "docker-debian-buster", :docker => "hanxhx/vagrant-ansible:debian10", :vars => {} },
{ :name => "docker-debian-bullseye", :docker => "hanxhx/vagrant-ansible:debian11", :vars => {} },
]

config.vm.network "private_network", type: "dhcp"
@@ -32,6 +30,11 @@ Vagrant.configure("2") do |config|
d.remains_running = true
d.has_ssh = true
end

if opts[:name].include? "bullseye"
m.vm.provision "shell", inline: "[ -f '/root/first_provision' ] || (apt-get update -qq && apt-get -y dist-upgrade && touch /root/first_provision)"
end

m.vm.provision "ansible" do |ansible|
ansible.playbook = "tests/test.yml"
ansible.verbose = 'vv'
@@ -48,6 +51,11 @@ Vagrant.configure("2") do |config|
v.cpus = 1
v.memory = 256
end

if opts[:name].include? "bullseye"
m.vm.provision "shell", inline: "[ -f '/root/first_provision' ] || (apt-get update -qq && apt-get -y dist-upgrade && touch /root/first_provision)"
end

m.vm.provision "ansible" do |ansible|
ansible.playbook = "tests/test.yml"
ansible.verbose = 'vv'
@@ -66,7 +74,7 @@ Vagrant.configure("2") do |config|
v.cpus = 2
v.memory = 512
end
m.vm.provision "shell", inline: "pkg install -y python bash"
m.vm.provision "shell", inline: "[ -e /usr/local/bin/bash ] || pkg install -y python bash"
m.vm.provision "ansible" do |ansible|
ansible.playbook = "tests/test.yml"
ansible.verbose = 'vv'
20 changes: 17 additions & 3 deletions defaults/main.yml
Original file line number Diff line number Diff line change
@@ -14,18 +14,19 @@ nginx_log_dir: '/var/log/nginx'
nginx_resolver_hosts: ['8.8.8.8', '8.8.4.4']
nginx_resolver_valid: '300s'
nginx_resolver_timeout: '5s'
nginx_error_log_level: 'warn' # http://nginx.org/en/docs/ngx_core_module.html#error_log
nginx_error_log_level: 'warn' # http://nginx.org/en/docs/ngx_core_module.html#error_log
nginx_auto_config_httpv2: true
nginx_default_site: null
nginx_default_site_ssl: null
nginx_fastcgi_fix_realpath: true
nginx_default_hsts: 'max-age=63072000; includeSubDomains'

#
# Nginx directories
#
nginx_htpasswd_dir: '{{ nginx_etc_dir }}/htpasswd'
nginx_ssl_dir: '{{ nginx_etc_dir }}/ssl'
nginx_helper_dir: '{{ nginx_etc_dir}}/helper'
nginx_helper_dir: '{{ nginx_etc_dir }}/helper'

#
# Load upstream
@@ -83,6 +84,19 @@ nginx_http_gzip_disable: '"msie6"'
# Custom global configuration
#
nginx_custom_http: []
nginx_custom_core: []

#
# Nginx default
#
nginx_default_listen:
- '80'
- '[::]:80'
nginx_default_listen_ssl:
- '443'
- '[::]:443'
nginx_default_listen_proxy_protocol: []
nginx_default_listen_proxy_protocol_ssl: []

#
# Sites
@@ -115,7 +129,7 @@ nginx_load_modules: []
#
nginx_dh: null
nginx_dh_path: '{{ nginx_ssl_dir }}/dhparam.pem'
nginx_dh_length: 4096
nginx_dh_length: 2048

#
# acme.sh
5 changes: 0 additions & 5 deletions doc/freebsd.md
Original file line number Diff line number Diff line change
@@ -10,8 +10,3 @@ About modules
-------------

Dynamic modules must be set with full path (see `nginx_load_modules` path).

Sites not tested
----------------

- BackupPC
Loading