diff --git a/roles/nginx/defaults/main.yaml b/roles/nginx/defaults/main.yaml index df7f9d4..d3d84b9 100644 --- a/roles/nginx/defaults/main.yaml +++ b/roles/nginx/defaults/main.yaml @@ -9,6 +9,7 @@ nginx_service_enabled: yes nginx_etc_path: /etc/nginx nginx_conf_d_path: "{{ nginx_etc_path }}/conf.d" nginx_mime_types_path: "{{ nginx_etc_path }}/mime.types" +nginx_var_log_path: /var/log/nginx nginx_user: nginx nginx_worker_processes: auto @@ -31,3 +32,4 @@ nginx_acme_challenge_enabled: yes nginx_acme_challenge_path: /var/www/.acme-challenge nginx_conf_d: {} +nginx_vhosts: [] diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 34dd2f5..69cf803 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -45,6 +45,10 @@ mode: 0644 notify: reload nginx +- name: configure virtual hosts + include_tasks: vhost.yaml + loop: "{{ nginx_vhosts | dict2items }}" + - name: manage service service: name: "{{ nginx_service_name }}" diff --git a/roles/nginx/tasks/vhost.yaml b/roles/nginx/tasks/vhost.yaml new file mode 100644 index 0000000..aca1316 --- /dev/null +++ b/roles/nginx/tasks/vhost.yaml @@ -0,0 +1,20 @@ +--- +- name: configure virtual hosts + block: + - name: create webroot + file: + path: "{{ vhost.root }}" + state: directory + loop: "{{ item.value }}" + loop_control: + loop_var: vhost + + - name: configure virtual host + template: + src: vhost.conf.j2 + dest: "{{ nginx_conf_d_path }}/{{ item.key }}.conf" + owner: root + group: root + mode: 0444 + notify: reload nginx + loop: "{{ nginx_vhosts | dict2items }}" diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2 index eb6d71c..719766f 100644 --- a/roles/nginx/templates/nginx.conf.j2 +++ b/roles/nginx/templates/nginx.conf.j2 @@ -16,8 +16,8 @@ http { include {{ nginx_mime_types_path }}; default_type {{ nginx_default_type }}; - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' + log_format main '$server_name $remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent $request_time "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log {{ nginx_access_log }}; diff --git a/roles/nginx/templates/vhost.conf.j2 b/roles/nginx/templates/vhost.conf.j2 new file mode 100644 index 0000000..1e71431 --- /dev/null +++ b/roles/nginx/templates/vhost.conf.j2 @@ -0,0 +1,42 @@ +# {{ ansible_managed }} + +{% for vhost in item.value %} +server { +{% if vhost.listen is defined %} +{% for listen in vhost.listen %} + listen {{ listen }}; +{% endfor %} + +{% if vhost.server_name is defined %} + server_name {{ vhost.server_name }}; +{% endif %} +{% endif %} + access_log {{ vhost.access_log | default(nginx_var_log_path + '/' + vhost.server_name + '.access.log main') }}; + error_log {{ vhost.error_log | default(nginx_var_log_path + '/' + vhost.server_name + '.error.log warn') }}; + +{% if vhost.root is defined %} + root {{ vhost.root }}; +{% endif %} + + index {{ vhost.index | default('index.html index.htm') }}; + +{% if vhost.ssl_certificate is defined %} + ssl_certificate {{ vhost.ssl_certificate }}; +{% endif %} +{% if vhost.ssl_certificate_key is defined %} + ssl_certificate_key {{ vhost.ssl_certificate_key }}; +{% endif %} +{% if vhost.ssl_dhparam is defined %} + ssl_dhparam {{ vhost.ssl_dhparam }}; +{% endif %} + + location /.well-known/acme-challenge/ { + root {{ nginx_root }}; + try_files $uri =404; + } + +{% if vhost.raw is defined %} + {{ vhost.raw | indent(4) }} +{% endif %} +} +{% endfor %}