src.nth.io/

summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Hoersten <[email protected]>2020-06-15 23:25:16 -0500
committerLuke Hoersten <[email protected]>2020-06-15 23:25:16 -0500
commita10a0a3f06f514e4e7968b1b8db37342211979a7 (patch)
tree2e801be7e2a01490d2c3159ab8fd4db0c99f163d
parentc3b3d832a2a53b32ab561ca38fe37df820615e90 (diff)
Added stream support to nginx configs.
Diffstat
-rw-r--r--nginx-html-root/meta/main.yaml4
-rw-r--r--nginx-html-root/tasks/main.yaml22
-rw-r--r--nginx/defaults/main.yaml13
-rw-r--r--nginx/files/nginx.conf91
-rw-r--r--nginx/tasks/main.yaml37
5 files changed, 117 insertions, 50 deletions
diff --git a/nginx-html-root/meta/main.yaml b/nginx-html-root/meta/main.yaml
deleted file mode 100644
index b1ddd3f..0000000
--- a/nginx-html-root/meta/main.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-
-dependencies:
- - role: nginx
diff --git a/nginx-html-root/tasks/main.yaml b/nginx-html-root/tasks/main.yaml
deleted file mode 100644
index 3401ba0..0000000
--- a/nginx-html-root/tasks/main.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-
-- name: install nginx packages
- become: yes
- apt: name="nginx"
-
-- name: disable default site
- become: yes
- file: path="/etc/nginx/sites-enabled/default" state="absent"
- notify: restart nginx
-
-- name: create http directory
- become: yes
- file: path="{{nginx_html_root}}" state="directory"
-
-- name: install root files
- become: yes
- copy: src="{{nginx_html_src}}" dest="{{nginx_html_root}}"
-
-- name: enable nginx service
- become: yes
- systemd: name="nginx" enabled="yes" state="started"
diff --git a/nginx/defaults/main.yaml b/nginx/defaults/main.yaml
index c0db79d..b1964ee 100644
--- a/nginx/defaults/main.yaml
+++ b/nginx/defaults/main.yaml
@@ -1,10 +1,7 @@
---
-nginx_port: 80
-nginx_ssl_port: 443
-nginx_ssl_cert: "/etc/letsencrypt/live/{{nginx_server_name}}/fullchain.pem"
-nginx_ssl_privkey: "/etc/letsencrypt/live/{{nginx_server_name}}/privkey.pem"
-nginx_enable_certbot: No
-nginx_server_name: "{{ansible_host}}"
-nginx_conf_dst: "{{nginx_server_name}}.nginx.conf"
-nginx_admin_email: "admin@{{nginx_server_name}}"
+nginx_conf_src: "files/{{nginx_server_name}}/nginx.conf.j2"
+nginx_root_src: "files/{{nginx_server_name}}/root"
+nginx_root_dest: "/var/www/{{nginx_server_name}}"
+nginx_server_type: "site"
+nginx_root: false
diff --git a/nginx/files/nginx.conf b/nginx/files/nginx.conf
new file mode 100644
index 0000000..2f7cb0a
--- /dev/null
+++ b/nginx/files/nginx.conf
@@ -0,0 +1,91 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+ worker_connections 768;
+ # multi_accept on;
+}
+
+http {
+
+ ##
+ # Basic Settings
+ ##
+
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+ # server_tokens off;
+
+ # server_names_hash_bucket_size 64;
+ # server_name_in_redirect off;
+
+ include /etc/nginx/mime.types;
+ default_type application/octet-stream;
+
+ ##
+ # SSL Settings
+ ##
+
+ ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+ ssl_prefer_server_ciphers on;
+
+ ##
+ # Logging Settings
+ ##
+
+ access_log /var/log/nginx/access.log;
+ error_log /var/log/nginx/error.log;
+
+ ##
+ # Gzip Settings
+ ##
+
+ gzip on;
+
+ gzip_vary on;
+ gzip_proxied any;
+ gzip_comp_level 6;
+ gzip_buffers 16 8k;
+ gzip_http_version 1.1;
+ gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+ ##
+ # Virtual Host Configs
+ ##
+
+ include /etc/nginx/conf.d/*.conf;
+ include /etc/nginx/sites-enabled/*;
+}
+
+stream {
+ ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
+ ssl_prefer_server_ciphers on;
+
+ include /etc/nginx/streams-enabled/*;
+}
+
+#mail {
+# # See sample authentication script at:
+# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+#
+# # auth_http localhost/auth.php;
+# # pop3_capabilities "TOP" "USER";
+# # imap_capabilities "IMAP4rev1" "UIDPLUS";
+#
+# server {
+# listen localhost:110;
+# protocol pop3;
+# proxy on;
+# }
+#
+# server {
+# listen localhost:143;
+# protocol imap;
+# proxy on;
+# }
+#}
diff --git a/nginx/tasks/main.yaml b/nginx/tasks/main.yaml
index 5cace24..846650d 100644
--- a/nginx/tasks/main.yaml
+++ b/nginx/tasks/main.yaml
@@ -1,39 +1,44 @@
---
-- name: install nginx packages
+- name: apt install nginx
become: yes
apt: name="nginx"
-- name: install site
+- name: disable default site
become: yes
- template: src="{{nginx_conf_src}}" dest="/etc/nginx/sites-available/{{nginx_conf_dst}}"
- notify: restart nginx
+ file: path="/etc/nginx/sites-enabled/default" state="absent"
-- name: install nginx packages
+- name: install base config
become: yes
- apt: name="python-certbot-nginx"
+ copy: src="nginx.conf" dest="/etc/nginx/nginx.conf"
notify: restart nginx
- when: nginx_enable_certbot
-- name: install certbot in nginx
+- name: make stream dirs
become: yes
- command: "certbot certonly --nginx -n --agree-tos -d {{nginx_server_name}} -m {{nginx_admin_email}}"
- changed_when: false
- when: nginx_enable_certbot
+ file: path="/etc/nginx/streams-{{item}}" state="directory"
+ loop: ["available", "enabled"]
-- name: disable default site
+- name: make config available
become: yes
- file: path="/etc/nginx/sites-enabled/default" state="absent"
+ template:
+ src: "{{nginx_conf_src}}"
+ dest: "/etc/nginx/{{nginx_server_type}}s-available/{{nginx_server_name}}.conf"
notify: restart nginx
-- name: enable site
+- name: enable config
become: yes
file:
- src: "/etc/nginx/sites-available/{{nginx_conf_dst}}"
- dest: "/etc/nginx/sites-enabled/{{nginx_conf_dst}}"
+ src: "/etc/nginx/{{nginx_server_type}}s-available/{{nginx_server_name}}.conf"
+ dest: "/etc/nginx/{{nginx_server_type}}s-enabled/{{nginx_server_name}}.conf"
state: "link"
notify: restart nginx
+- name: copy root files
+ become: yes
+ copy: src="{{nginx_root_src}}" dest="{{nginx_root_dest}}/"
+ when: nginx_root
+ notify: restart nginx
+
- name: enable nginx service
become: yes
systemd: name="nginx" enabled="yes" state="started"