diff options
author | bnewbold <bnewbold@robocracy.org> | 2016-04-09 23:16:19 -0400 |
---|---|---|
committer | bnewbold <bnewbold@robocracy.org> | 2016-04-09 23:16:19 -0400 |
commit | a2463bf3e8feb50a8b4d9450ec0745fa9d6b4e5e (patch) | |
tree | e057e3b252d78fa0af35eaf63a6f0875bf88bd0b | |
parent | 68f2a39b1494c4959d37d54f1733d169183bab38 (diff) | |
download | infra-a2463bf3e8feb50a8b4d9450ec0745fa9d6b4e5e.tar.gz infra-a2463bf3e8feb50a8b4d9450ec0745fa9d6b4e5e.zip |
nginx: first pass of live, workable nginx role
-rw-r--r-- | roles/nginx/HOWTO_new_site.txt | 19 | ||||
-rw-r--r-- | roles/nginx/defaults/main.yml | 6 | ||||
-rw-r--r-- | roles/nginx/handlers/main.yml | 8 | ||||
-rw-r--r-- | roles/nginx/tasks/main.yml | 25 | ||||
-rw-r--r-- | roles/nginx/tasks/nginx.yml | 39 | ||||
-rw-r--r-- | roles/nginx/templates/etc_nginx_sites-available_default.j2 | 28 |
6 files changed, 98 insertions, 27 deletions
diff --git a/roles/nginx/HOWTO_new_site.txt b/roles/nginx/HOWTO_new_site.txt new file mode 100644 index 0000000..ef9ee37 --- /dev/null +++ b/roles/nginx/HOWTO_new_site.txt @@ -0,0 +1,19 @@ + +For a static website: + + server { + listen 80; + listen [::]:80; + server_name <example.com>; + + root /srv/http/<example.com>/www; + index index.html; + + location / { + try_files $uri $uri/ =404; + } + } + +For a reverse proxied website: + + XXX: TODO diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml new file mode 100644 index 0000000..728f381 --- /dev/null +++ b/roles/nginx/defaults/main.yml @@ -0,0 +1,6 @@ + +ninx_default_404: nginx_default_404.html +nginx_default_50x: nginx_default_50x.html +nginx_default_favicon: nginx_default_favicon.png +nginx_default_index: nginx_default_index.html +nginx_default_robots: nginx_default_robots.txt diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml index c63e4a3..7732673 100644 --- a/roles/nginx/handlers/main.yml +++ b/roles/nginx/handlers/main.yml @@ -1,7 +1,9 @@ --- -- name: test nginx +- name: nginx test command: nginx -t - notify: reload nginx -- name: restart nginx +- name: nginx reload + command: nginx -s reload + +- name: nginx restart service: name=nginx state=restarted enabled=yes diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 8b32f07..042b317 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -1,24 +1 @@ ---- -- name: Install nginx - apt: name=nginx state=present - -- name: Copy nginx configuration for wordpress - template: src=default.conf dest=/etc/nginx/conf.d/default.conf - notify: restart nginx - -mkdir -p /srv/http/default - -- name: Setup default nginx pages - copy: - src: "{{item.src}}" - dest: "/srv/http/default/www/{{item.dest}}" - owner: www-data - group: www-data - force: no - tags: - - nginx - with_items: - - {src: "static_files/nginx_default_404.html", dest: "404.html"} - - {src: "static_files/nginx_default_50x.html", dest: "50x.html"} - - {src: "static_files/nginx_default_favicon.png", dest: "favicon.png"} - - {src: "static_files/nginx_default_index.html", dest: "index.html"} +- include: nginx.yml tags=nginx diff --git a/roles/nginx/tasks/nginx.yml b/roles/nginx/tasks/nginx.yml new file mode 100644 index 0000000..fdc91c8 --- /dev/null +++ b/roles/nginx/tasks/nginx.yml @@ -0,0 +1,39 @@ +--- + +- name: Ensure Apache HTTP is Not Installed + apt: name=apache2 state=absent + +- name: Install nginx + apt: name=nginx state=present + +- name: Create default nginx content directory + file: path=/srv/http/default/www + state=directory + owner=www-data + group=www-data + mode=0775 + recurse=yes + +- name: Setup default nginx pages + copy: + src: "{{item.src}}" + dest: "/srv/http/default/www/{{item.dest}}" + owner: www-data + group: www-data + force: no + with_items: + - {src: "{{ nginx_default_404 }}", dest: "404.html"} + - {src: "{{ nginx_default_50x }}", dest: "50x.html"} + - {src: "{{ nginx_default_favicon }}", dest: "favicon.png"} + - {src: "{{ nginx_default_index }}", dest: "index.html"} + +- name: Copy generic (default) nginx site configuration + template: src=etc_nginx_sites-available_default.j2 + dest=/etc/nginx/sites-available/default + +- name: Create nginx symlink for default + file: state=link + src=/etc/nginx/sites-available/default + dest=/etc/nginx/sites-enabled/default + notify: nginx restart # reload not sufficient? + diff --git a/roles/nginx/templates/etc_nginx_sites-available_default.j2 b/roles/nginx/templates/etc_nginx_sites-available_default.j2 new file mode 100644 index 0000000..1b0ec79 --- /dev/null +++ b/roles/nginx/templates/etc_nginx_sites-available_default.j2 @@ -0,0 +1,28 @@ +# Default server configuration +server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /srv/http/default/www; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + +} |