nginx role upgrade

group_vars/all

@@ -5,5 +5,5 @@ github_keys: https://github.com/jasperf.keys
 git_branch: master
 sudo_user: admin
 web_user: web
-upassword: userpassword
+upassword: mfKVVXCewyXKUK5XviYFwjgsG
 domain: larastud.io

roles/geerlingguy.nginx/.travis.yml

@@ -5,7 +5,8 @@ env:
   - distro: centos7
   - distro: ubuntu1604
   - distro: ubuntu1404
-  - distro: ubuntu1204
+  - distro: debian9
+  - distro: debian8
 
 script:
   # Configure test script so we can run extra tests after playbook is run.

roles/geerlingguy.nginx/README.md

@@ -2,9 +2,9 @@
 
 [![Build Status](https://travis-ci.org/geerlingguy/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-nginx)
 
-Installs Nginx on RedHat/CentOS or Debian/Ubuntu Linux, FreeBSD or OpenBSD servers.
+Installs Nginx on RedHat/CentOS, Debian/Ubuntu, Archlinux, FreeBSD or OpenBSD servers.
 
-This role installs and configures the latest version of Nginx from the Nginx yum repository (on RedHat-based systems) or via apt (on Debian-based systems) or pkgng (on FreeBSD systems) or pkg_add (on OpenBSD systems). You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside `/etc/nginx/conf.d/`, describing the location and options to use for your particular website.
+This role installs and configures the latest version of Nginx from the Nginx yum repository (on RedHat-based systems), apt (on Debian-based systems), pacman (Archlinux), pkgng (on FreeBSD systems) or pkg_add (on OpenBSD systems). You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside `/etc/nginx/conf.d/`, describing the location and options to use for your particular website.
 
 ## Requirements
 
@@ -19,15 +19,17 @@ Available variables are listed below, along with default values (see `defaults/m
 A list of vhost definitions (server blocks) for Nginx virtual hosts. Each entry will create a separate config file named by `server_name`. If left empty, you will need to supply your own virtual host configuration. See the commented example in `defaults/main.yml` for available server options. If you have a large number of customizations required for your server definition(s), you're likely better off managing the vhost configuration file yourself, leaving this variable set to `[]`.
 
     nginx_vhosts:
-      - listen: "80 default_server"
+      - listen: "443 ssl http2"
         server_name: "example.com"
+        server_name_redirect: "www.example.com"
         root: "/var/www/example.com"
         index: "index.php index.html index.htm"
         error_page: ""
         access_log: ""
         error_log: ""
         state: "present"
         template: "{{ nginx_vhost_template }}"
+        filename: "example.com.conf"
         extra_parameters: |
           location ~ \.php$ {
               fastcgi_split_path_info ^(.+\.php)(/.+)$;
@@ -36,11 +38,24 @@ A list of vhost definitions (server blocks) for Nginx virtual hosts. Each entry
               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
               include fastcgi_params;
           }
+          ssl_certificate     /etc/ssl/certs/ssl-cert-snakeoil.pem;
+          ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+          ssl_protocols       TLSv1.1 TLSv1.2;
+          ssl_ciphers         HIGH:!aNULL:!MD5;
 
 An example of a fully-populated nginx_vhosts entry, using a `|` to declare a block of syntax for the `extra_parameters`.
 
 Please take note of the indentation in the above block. The first line should be a normal 2-space indent. All other lines should be indented normally relative to that line. In the generated file, the entire block will be 4-space indented. This style will ensure the config file is indented correctly.
 
+      - listen: "80"
+        server_name: "example.com www.example.com"
+        return: "301 https://example.com$request_uri"
+        filename: "example.com.80.conf"
+
+An example of a secondary vhost which will redirect to the one shown above.
+
+*Note: The `filename` defaults to the first domain in `server_name`, if you have two vhosts with the same domain, eg. a redirect, you need to manually set the `filename` so the second one doesn't override the first one*
+
     nginx_remove_default_vhost: false
 
 Whether to remove the 'default' virtualhost configuration supplied by Nginx. Useful if you want the base `/` URL to be directed at one of your own virtual hosts configured in a separate .conf file.
@@ -102,6 +117,17 @@ Extra lines to be inserted in the top-level `http` block in `nginx.conf`. The va
       proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header   Host $http_host;
 
+See the template in `templates/nginx.conf.j2` for more details on the placement.
+
+    nginx_extra_conf_options: ""
+
+Extra lines to be inserted in the top of `nginx.conf`. The value should be defined literally (as you would insert it directly in the `nginx.conf`, adhering to the Nginx configuration syntax - such as `;` for line termination, etc.), for example:
+
+    nginx_extra_conf_options: |
+      worker_rlimit_nofile 8192;
+
+See the template in `templates/nginx.conf.j2` for more details on the placement.
+
     nginx_log_format: |
       '$remote_addr - $remote_user [$time_local] "$request" '
       '$status $body_bytes_sent "$http_referer" '

roles/geerlingguy.nginx/defaults/main.yml

@@ -9,7 +9,7 @@ nginx_yum_repo_enabled: true
 nginx_ppa_use: false
 nginx_ppa_version: stable
 
-# The name of the nginx apt/yum package to install.
+# The name of the nginx package to install.
 nginx_package_name: "nginx"
 
 nginx_conf_template: "nginx.conf.j2"
@@ -20,7 +20,7 @@ nginx_worker_connections: "1024"
 nginx_multi_accept: "off"
 
 nginx_error_log: "/var/log/nginx/error.log warn"
-nginx_access_log: "/var/log/nginx/access.log main buffer=16k"
+nginx_access_log: "/var/log/nginx/access.log main buffer=16k flush=2m"
 
 nginx_sendfile: "on"
 nginx_tcp_nopush: "on"
@@ -55,12 +55,14 @@ nginx_extra_http_options: ""
 nginx_remove_default_vhost: false
 nginx_vhosts: []
 # Example vhost below, showing all available options:
-# - listen: "80 default_server" # default: "80 default_server"
+# - listen: "80" # default: "80"
 #   server_name: "example.com" # default: N/A
 #   root: "/var/www/example.com" # default: N/A
 #   index: "index.html index.htm" # default: "index.html index.htm"
+#   filename: "example.com.conf" # Can be used to set the filename of the vhost file.
 #
 #   # Properties that are only added if defined:
+#   server_name_redirect: "www.example.com" # default: N/A
 #   error_page: ""
 #   access_log: ""
 #   error_log: ""

roles/geerlingguy.nginx/meta/main.yml

@@ -16,6 +16,10 @@ galaxy_info:
       versions:
       - all
     - name: Ubuntu
+      versions:
+      - trusty
+      - xenial
+    - name: Archlinux
       versions:
       - all
     - name: FreeBSD

roles/geerlingguy.nginx/tasks/main.yml

@@ -24,6 +24,9 @@
 - include: setup-OpenBSD.yml
   when: ansible_os_family == 'OpenBSD'
 
+- include: setup-Archlinux.yml
+  when: ansible_os_family == 'Archlinux'
+
 # Vhost configuration.
 - include: vhosts.yml
 

roles/geerlingguy.nginx/tasks/setup-Archlinux.yml

@@ -0,0 +1,5 @@
+---
+- name: Ensure nginx is installed.
+  pacman:
+    name: "{{ nginx_package_name }}"
+    state: installed

roles/geerlingguy.nginx/tasks/vhosts.yml

@@ -15,7 +15,7 @@
 - name: Add managed vhost config files.
   template:
     src: "{{ item.template|default(nginx_vhost_template) }}"
-    dest: "{{ nginx_vhost_path }}/{{ item.server_name.split(' ')[0] }}.conf"
+    dest: "{{ nginx_vhost_path }}/{{ item.filename|default(item.server_name.split(' ')[0] ~ '.conf') }}"
     force: yes
     owner: root
     group: root
@@ -26,7 +26,7 @@
 
 - name: Remove managed vhost config files.
   file:
-    path: "{{ nginx_vhost_path }}/{{ item.server_name.split(' ')[0] }}.conf"
+    path: "{{ nginx_vhost_path }}/{{ item.filename|default(item.server_name.split(' ')[0] ~ '.conf') }}"
     state: absent
   when: item.state|default('present') == 'absent'
   with_items: "{{ nginx_vhosts }}"

roles/geerlingguy.nginx/templates/nginx.conf.j2

@@ -7,17 +7,17 @@ pid        {{ nginx_pidfile }};
 worker_processes  {{ nginx_worker_processes }};
 {% endblock %}
 
+{% if nginx_extra_conf_options %}
+{{ nginx_extra_conf_options }}
+{% endif %}
+
 {% block events %}
 events {
     worker_connections  {{ nginx_worker_connections }};
     multi_accept {{ nginx_multi_accept }};
 }
 {% endblock %}
 
-{% if nginx_extra_conf_options %}
-{{ nginx_extra_conf_options }}
-{% endif %}
-
 http {
     {% block http_begin %}{% endblock %}
 

roles/geerlingguy.nginx/templates/vhost.j2

@@ -1,5 +1,6 @@
 {% block server_redirect %}
 {% if item.server_name_redirect is defined %}
+server {
     listen       {{ item.listen | default('80') }};
     server_name  {{ item.server_name_redirect }};
     return       301 $scheme://{{ item.server_name.split(' ')[0] }}$request_uri;

roles/geerlingguy.nginx/tests/test.yml

@@ -10,11 +10,12 @@
 
   pre_tasks:
     - name: Update apt cache.
-      apt: update_cache=yes cache_valid_time=86400
+      apt: update_cache=yes cache_valid_time=600
       when: ansible_os_family == 'Debian'
+      changed_when: false
 
     - name: Install dependencies.
-      package: name=curl
+      package: name=curl state=present
 
   roles:
     - role_under_test

roles/geerlingguy.nginx/vars/Archlinux.yml

@@ -0,0 +1,9 @@
+---
+root_group: root
+nginx_conf_path: /etc/nginx/conf.d
+nginx_conf_file_path: /etc/nginx/nginx.conf
+nginx_mime_file_path: /etc/nginx/mime.types
+nginx_pidfile: /run/nginx.pid
+nginx_vhost_path: /etc/nginx/sites-enabled
+nginx_default_vhost_path: /etc/nginx/sites-enabled/default
+__nginx_user: "http"

server.yml

@@ -79,13 +79,13 @@
 #   - name: set APP_ENV=production
 #     lineinfile: dest=/var/www/laravel/.env regexp='^APP_ENV=' line=APP_ENV=production
 
-# - name: Install Certbot Plugin and create Certs
-#   hosts: web
-#   remote_user: root
-#   gather_facts: false
-#   tasks:
-#     - name: Install "python-certbot-nginx"
-#       raw: sudo apt-get install python-certbot-nginx
+- name: Install Certbot Plugin and create Certs
+  hosts: web
+  remote_user: root
+  gather_facts: false
+  tasks:
+    - name: Install "python-certbot-nginx"
+      raw: sudo apt-get install python-certbot-nginx
 
 # - name: Run certbot generation for each host
 #   command: /opt/certbot/certbot-auto --nginx -n -d {{ item['host'] }} --email {{ item['admin_email'] }} --redirect --agree-tos

vars/main.yml

@@ -55,10 +55,6 @@ nginx_server_names_hash_bucket_size: "128"
 nginx_remove_default_vhost: true
 #one vhost, one block, filename is server_name unless added
 nginx_vhosts:
-  - listen: "80"
-    server_name: "{{domain}}"
-    return: "301 https://{{domain}}$request_uri"
-    filename: "{{domain}}.80.conf"
   - listen: "443 ssl http2"
     server_name: "{{domain}}"
     root: "/var/www/{{domain}}/current/public"
@@ -71,7 +67,6 @@ nginx_vhosts:
       location / {
           try_files $uri $uri/ /index.php$is_args$args;
       }
-
       location ~ \.php$ {
           fastcgi_split_path_info ^(.+\.php)(/.+)$;
           fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
@@ -84,6 +79,11 @@ nginx_vhosts:
       # ssl_certificate_key /etc/ssl/certs/domain_com.key;
       # ssl_protocols       TLSv1.1 TLSv1.2;
       # ssl_ciphers         HIGH:!aNULL:!MD5;
+  - listen: "80"
+    server_name: "{{domain}}"
+    return: "301 https://{{domain}}$request_uri"
+    state: "present"
+    filename: "{{domain}}.80.conf"
 
 # Certbot Details if used instead of own SSL Certificates
 certbot_auto_renew_user: root