Pains-Perdus
/
nginx
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: Pains-Perdus:b1c93d608910b1d88e1825009b91489b91062577
Branches Tags
Pains-Perdus:master
Pains-Perdus:fix_filter
...
compare: Pains-Perdus:86b8b1b12be635234fc6f8fe19ff59806d8a9662
Branches Tags
Pains-Perdus:master
Pains-Perdus:fix_filter

2 Commits
b1c93d6089 ... 86b8b1b12b

Author SHA1 Message Date
histausse 86b8b1b12b
add dedicated logs to http sites 2 years ago
histausse e5dbdf1e3a
some updates 2 years ago
4 changed files with 28 additions and 7 deletions
Show Stats

9
README.md
Unescape Escape View File

@ -41,7 +41,8 @@ The variable `http_sites` is a dictionnary of the http site managed by nginx.
http_sites: http_sites:
`server_name`: `server_name`:
root_snippets: root_snippets:
- ? TODO - ? TODO (currently, raw strings added to the config (like `location.my_location.config`)
use_certbot: bool, optionnal, indicate that the certbot role should generate this certificat.
locations: locations:
`location`: `location`:
templates: templates:
@ -61,6 +62,12 @@ Inside the templates, `server_name` is accessed with `{{ item.key }}`, en variab
Inside templates of a location, in addition to the variables of the server block, the variables of the location block can be accessed with `{{ location.value.varname }}`, and the value of `location` with `{{ location.key }}`. Inside templates of a location, in addition to the variables of the server block, the variables of the location block can be accessed with `{{ location.value.varname }}`, and the value of `location` with `{{ location.key }}`.
## Recommander role
The `certbot` role is recommanded to use with this role. It generate LE certificates and has this role has a dependency.
https://gitea.auro.re/Pains-Perdus/certbot
## Copyright ## Copyright
Copyright 2021 Jean-Marie Mineau <histausse@protonmail.com> Copyright 2021 Jean-Marie Mineau <histausse@protonmail.com>

11
tasks/main.yml
Unescape Escape View File

@ -106,5 +106,14 @@
template: template:
src: http_proxy_acme.j2 src: http_proxy_acme.j2
dest: "/etc/nginx/sites-available/acme_http_proxy_{{ item.key }}" dest: "/etc/nginx/sites-available/acme_http_proxy_{{ item.key }}"
loop: "{{ ssl_reverse_proxy_upstream | dict2items}}" loop: "{{ ssl_reverse_proxy_upstream | default({}) | dict2items}}"
notify: Reload nginx
- name: Activate sites
file:
src: "/etc/nginx/sites-available/acme_http_proxy_{{ item.key }}"
dest: "/etc/nginx/sites-enabled/acme_http_proxy_{{ item.key }}"
state: link
force: yes
loop: "{{ ssl_reverse_proxy_upstream | default({}) | dict2items}}"
notify: Reload nginx notify: Reload nginx

2
templates/http_proxy_acme.j2
Unescape Escape View File

@ -1,4 +1,4 @@
i{{ ansible_managed | comment }} {{ ansible_managed | comment }}
server { server {
listen 80; listen 80;
listen [::]:80; listen [::]:80;

13
templates/http_server.j2
Unescape Escape View File

@ -4,16 +4,20 @@ server {
listen [::]:80; listen [::]:80;
server_name {{ item.key }}; server_name {{ item.key }};
# Redirect to https
location / { access_log /var/log/nginx/http_{{ item.key }}.log;
return 302 https://$host$request_uri; error_log /var/log/nginx/http_{{ item.key }}_error.log;
}
# ACME directory, to limit interaction with certbot # ACME directory, to limit interaction with certbot
location /.well-known/acme-challenge/ { location /.well-known/acme-challenge/ {
root /var/www/well-known/acme-challenge/; root /var/www/well-known/acme-challenge/;
} }
# Redirect to https
location / {
return 302 https://$host$request_uri;
}
include /etc/nginx/mime.types; include /etc/nginx/mime.types;
default_type application/octet-stream; default_type application/octet-stream;
@ -55,6 +59,7 @@ server {
{{ config }} {{ config }}
{%- endfor -%} {%- endfor -%}
{%- endfilter %}
# Logs # Logs
access_log /var/log/nginx/{{ item.key }}.log; access_log /var/log/nginx/{{ item.key }}.log;

Write Preview
Loading…
Cancel
Save