Browse Source

vhost definition

master
parent
commit
feb6225207
6 changed files with 85 additions and 3 deletions
  1. +1
    -0
      handlers/main.yml
  2. +20
    -1
      tasks/main.yml
  3. +2
    -1
      tasks/setup_Debian.yml
  4. +8
    -0
      templates/default-vhost.conf.j2
  5. +1
    -1
      templates/nginx.conf.j2
  6. +53
    -0
      templates/vhost.conf.j2

+ 1
- 0
handlers/main.yml View File

@@ -9,3 +9,4 @@
service: service:
name: nginx name: nginx
state: reloaded state: reloaded
listen: certificate changed

+ 20
- 1
tasks/main.yml View File

@@ -10,6 +10,25 @@


- name: default vhost - name: default vhost
template: template:
src: default-vhost.j2
src: default-vhost.conf.j2
dest: /etc/nginx/sites-available/default dest: /etc/nginx/sites-available/default
notify: reload nginx notify: reload nginx

- name: vhosts
template:
src: vhost.conf.j2
dest: /etc/nginx/sites-available/{{vhost.name}}
notify: reload nginx
with_items: "{{ nginx_vhosts }}"
loop_control:
loop_var: vhost

- name: enable vhosts
file:
src: ../sites-available/{{vhost.name}}
dest: /etc/nginx/sites-enabled/{{vhost.name}}
state: link
notify: reload nginx
with_items: "{{ nginx_vhosts }}"
loop_control:
loop_var: vhost

+ 2
- 1
tasks/setup_Debian.yml View File

@@ -6,7 +6,8 @@
state: present state: present
with_items: with_items:
- nginx - nginx
- nginx-full
- nginx-light
- ssl-cert


- name: remove default page - name: remove default page
file: file:


templates/default-vhost.j2 → templates/default-vhost.conf.j2 View File

@@ -1,7 +1,14 @@
server { server {

listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server; listen [::]:80 default_server;


listen 443 ssl default_server;
listen [::]:443 ssl default_server;

ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

server_name _; server_name _;


return 404; return 404;
@@ -10,4 +17,5 @@ server {
default_type "text/plain"; default_type "text/plain";
root /var/www/letsencrypt-auto; root /var/www/letsencrypt-auto;
} }

} }

+ 1
- 1
templates/nginx.conf.j2 View File

@@ -20,7 +20,7 @@ http {
types_hash_max_size 2048; types_hash_max_size 2048;
server_tokens off; server_tokens off;


server_names_hash_bucket_size 64;
server_names_hash_bucket_size 128;
# server_name_in_redirect off; # server_name_in_redirect off;


include /etc/nginx/mime.types; include /etc/nginx/mime.types;


+ 53
- 0
templates/vhost.conf.j2 View File

@@ -0,0 +1,53 @@
server {

server_name {{ vhost.server_names | join(' ') }};

listen 443 ssl;
listen [::]:443 ssl;

ssl_certificate /etc/ssl/certs/{{ vhost.name }}.fullchain.pem;
ssl_certificate_key /etc/ssl/private/{{ vhost.name }}.key.pem;

charset utf-8;

{% if vhost.root is defined %}
root {{ vhost.root }};
{% endif %}

{% if vhost.try_files is defined %}
try_files {{ vhost.try_files }};
{% endif %}

{% if vhost.locations is defined %}
{% for loc in vhost.locations %}
location {{ loc.location }} {
{% if loc.proxy_pass is defined %}
proxy_pass {{ loc.proxy_pass }};
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
{% endif %}
{% if loc.alias is defined %}
alias {{ loc.alias }};
{% endif %}
{% if loc.try_files is defined %}
try_files {{ loc.try_files }};
{% endif %}
{% if loc.redirect is defined %}
return 301 {{ loc.redirect }};
{% endif %}
}
{% endfor %}
{% endif %}

}

server {

listen 80;
listen [::]:80;

server_name {{ vhost.server_names | join(' ') }};

return 301 https://$host$request_uri;

}

Loading…
Cancel
Save