Skip to content

Commit

Permalink
issue #256 : WIP
Browse files Browse the repository at this point in the history
Signed-off-by: Peter Ansell <p_ansell@yahoo.com>
  • Loading branch information
ansell committed May 31, 2019
1 parent 9d9df95 commit d0e7dbc
Showing 1 changed file with 61 additions and 34 deletions.
95 changes: 61 additions & 34 deletions ansible/roles/nginx_vhost/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,27 @@
# FIXME: Why is this exemption to the typical system present
- name: determine if a virtual host is required (vhost not required for localhost, 127.0.0.1 or any hostname with a colon in it)
set_fact: vhost_required={{ hostname.find(':') == -1 and hostname.find('localhost') == -1 and hostname.find('127.0.0.1') == -1 }}
tags:
- nginx_vhost

#- name: is a virtual host required?
# debug: msg="Virtual Host required for hostname {{hostname}}? {{vhost_required}}"
- name: is a virtual host required?
debug: msg="Virtual Host required for hostname {{hostname}}? {{vhost_required}}"

- name: check whether HTTPS is required
set_fact: ssl={{ ssl | default(false) }}
tags:
- nginx_vhost

- name: check whether we are rewriting HTTP to HTTPS
set_fact: force_https={{ force_https | default(false) }}
tags:
- nginx_vhost

- name: is HTTPS required?
debug: msg="HTTPS required for hostname {{hostname}}? {{ssl}}"

- name: will HTTP rewrite to HTTPS?
debug: msg="Rewrite HTTPS for hostname {{hostname}}? {{ssl and force_https}}"

# Actively fail to ensure that future users are aware they need to specify appname as a parameter to calling into nginx_vhost
- name: is appname specified?
Expand All @@ -13,22 +30,17 @@
tags:
- nginx_vhost

- name: check whether HTTPS is required
set_fact: ssl={{ ssl | default(false) }}
- name: is nginx_root specified?
debug: msg="nginx_root required for hostname {{hostname}}?"
failed_when: nginx_root is not defined or nginx_root | length == 0
tags:
- nginx_vhost

- name: check whether we are rewriting HTTP to HTTPS
set_fact: force_https={{ force_https | default(false) }}
- name: set vhost_fragments_dir variable
set_fact: vhost_fragments_dir="{{nginx_conf_dir}}/vhost_fragments_v2/{{hostname}}/{{appname}}/"
tags:
- nginx_vhost

#- name: is HTTPS required?
# debug: msg="HTTPS required for hostname {{hostname}}? {{ssl}}"

#- name: will HTTP rewrite to HTTPS?
# debug: msg="Rewrite HTTPS for hostname {{hostname}}? {{ssl and force_https}}"

- name: make sure required parameters are defined
fail: msg="One or more mandatory parameters are not defined - ssl_certificate_server_dir, ssl_cert_file, ssl_key_file. If you don't want https, set ssl=false in inventory."
when: ssl and (ssl_key_file is undefined or ssl_cert_file is undefined or ssl_certificate_server_dir is undefined)
Expand Down Expand Up @@ -101,10 +113,18 @@
tags:
- nginx_vhost

- name: Remove previous vhost_fragments directory for this hostname
file:
path: "{{item}}"
state: absent
with_fileglob: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}"
tags:
- nginx_vhost

# check dir exists for servername fragments
- name: ensure vhost fragments dir is present
- name: ensure vhost_fragments_dir is present
file:
path: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}"
path: "{{ vhost_fragments_dir }}"
state: directory
mode: 0755
owner: root
Expand All @@ -113,6 +133,12 @@
tags:
- nginx_vhost

- name: create root directory
file: path="{{ nginx_root }}" state=directory mode=0755 force=yes follow=yes
when: vhost_required
tags:
- nginx_vhost

- name: ensure nginx cache dir is present if configured
file:
path: "{{nginx_cache_path}}"
Expand All @@ -137,7 +163,7 @@
- name: add upstream fragment
template:
src: "fragment_02_upstream.j2"
dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_02_upstream_{{ hostname }}_127.0.0.1_{{ tomcat_server_port | default('8080', True) }}"
dest: "{{nginx_conf_dir}}/vhost_fragments_v2/{{hostname}}/{{appname}}/http_02_upstream_{{ hostname }}_127.0.0.1_{{ tomcat_server_port | default('8080', True) }}"
when: vhost_required and nginx_load_balancing | bool == true and item.is_proxy and item.proxy_pass is defined
with_items:
- "{{ nginx_paths}} "
Expand All @@ -147,15 +173,15 @@
- name: add blocking fragment
template:
src: "fragment_03_blocking.j2"
dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_03_blocking"
dest: "{{nginx_conf_dir}}/vhost_fragments_v2/{{hostname}}/http_03_blocking"
when: vhost_required
tags:
- nginx_vhost

- name: add cache fragment if configured
template:
src: "fragment_05_cache.j2"
dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_05_cache"
dest: "{{nginx_conf_dir}}/vhost_fragments_v2/{{hostname}}/http_05_cache"
when: vhost_required and nginx_cache
tags:
- nginx_vhost
Expand All @@ -164,26 +190,26 @@
- name: add connection upgrade fragment
template:
src: "fragment_06_connection.j2"
dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_06_connection"
dest: "{{nginx_conf_dir}}/vhost_fragments_v2/{{hostname}}/http_06_connection"
when: vhost_required and nginx_load_balancing | bool == false and item.is_websocket is defined and item.is_websocket | bool == true
with_items:
- "{{ nginx_paths}} "
tags:
- nginx_vhost

# copy 10, 20, 90 as http (e.g. dest file might be /etc/nginx/vhost_fragments/bie-test.ala.org.au/http_10_start)
# copy 10, 20, 90 as http (e.g. dest file might be /etc/nginx/vhost_fragments_v2/bie-test.ala.org.au/http_10_start)
- name: add start http fragment
template:
src: "fragment_10_start_http.j2"
dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_10_start"
dest: "{{nginx_conf_dir}}/vhost_fragments_v2/{{hostname}}/http_10_start"
when: vhost_required
tags:
- nginx_vhost

- name: add basic http fragments
template:
src: "fragment_{{ item }}.j2"
dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_{{ item }}"
dest: "{{nginx_conf_dir}}/vhost_fragments_v2/{{hostname}}/http_{{ item }}"
with_items:
- "20_servername"
- "90_end"
Expand All @@ -201,12 +227,6 @@
tags:
- nginx_vhost

- name: create root directory
file: path="{{ nginx_root }}" state=directory mode=0755 force=yes follow=yes
when: (not ssl) and vhost_required
tags:
- nginx_vhost

# if not ssl or (ssl and not force_https): copy 50 http
- name: if not using force_https, add root http fragment
template:
Expand Down Expand Up @@ -234,7 +254,7 @@
- name: if not using force_https, add location http fragments
template:
src: "fragment_70_location_start.j2"
dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_70_location_{{ item.sort_label | default(item.path | basename) }}_70_start"
dest: "{{ vhost_fragments_dir }}/http_70_location_{{ item.sort_label | default(item.path | basename) }}_70_start"
with_items:
- "{{ nginx_paths}} "
when: (not ssl or (ssl and not force_https)) and vhost_required
Expand All @@ -246,7 +266,7 @@
- name: if not using force_https, add location http fragments
template:
src: "fragment_73_location.j2"
dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_70_location_{{ item.sort_label | default(item.path | basename) }}_73_content"
dest: "{{ vhost_fragments_dir }}/http_70_location_{{ item.sort_label | default(item.path | basename) }}_73_content"
with_items:
- "{{ nginx_paths}} "
when: (not ssl or (ssl and not force_https)) and vhost_required
Expand All @@ -258,7 +278,7 @@
- name: if not using force_https, add location http fragments
template:
src: "fragment_75_location_end.j2"
dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/http_70_location_{{ item.sort_label | default(item.path | basename) }}_75_end"
dest: "{{ vhost_fragments_dir }}/http_70_location_{{ item.sort_label | default(item.path | basename) }}_75_end"
with_items:
- "{{ nginx_paths}} "
when: (not ssl or (ssl and not force_https)) and vhost_required
Expand Down Expand Up @@ -314,7 +334,7 @@
- name: add location https fragments
template:
src: "fragment_70_location_start.j2"
dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/https_70_location_{{ item.sort_label | default(item.path | basename) }}_70_start"
dest: "{{ vhost_fragments_dir }}/https_70_location_{{ item.sort_label | default(item.path | basename) }}_70_start"
with_items:
- "{{ nginx_paths }}"
when: ssl and vhost_required
Expand All @@ -327,7 +347,7 @@
- name: add location https fragments
template:
src: "fragment_73_location.j2"
dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/https_70_location_{{ item.sort_label | default(item.path | basename) }}_73_content"
dest: "{{ vhost_fragments_dir }}/https_70_location_{{ item.sort_label | default(item.path | basename) }}_73_content"
with_items:
- "{{ nginx_paths }}"
when: ssl and vhost_required
Expand All @@ -340,7 +360,7 @@
- name: add location https fragments
template:
src: "fragment_75_location_end.j2"
dest: "{{nginx_conf_dir}}/vhost_fragments/{{hostname}}/https_70_location_{{ item.sort_label | default(item.path | basename) }}_75_end"
dest: "{{ vhost_fragments_dir }}/https_70_location_{{ item.sort_label | default(item.path | basename) }}_75_end"
with_items:
- "{{ nginx_paths }}"
when: ssl and vhost_required
Expand All @@ -357,7 +377,7 @@
- reload nginx
tags:
- nginx_vhost

# symlink servername.conf to sites-enabled
- name: symlink vhost to sites-enabled
file:
Expand All @@ -372,6 +392,7 @@

- name: check whether we need a default vhost for Amazon load balancer health checks
set_fact: aws_elb_healthcheck_default={{ aws_elb_healthcheck_default | default(false) }}
when: vhost_required
tags:
- nginx_vhost

Expand All @@ -390,3 +411,9 @@
tags:
- nginx_vhost

- name: unset vhost_fragments_dir
set_fact:
vhost_fragments_dir: ''
tags:
- nginx_vhost

0 comments on commit d0e7dbc

Please sign in to comment.