nginx: add vhost support to role

roles/nginx/defaults/main.yaml

@@ -9,6 +9,7 @@ nginx_service_enabled: yes
 nginx_etc_path: /etc/nginx
 nginx_conf_d_path: "{{ nginx_etc_path }}/conf.d"
 nginx_mime_types_path: "{{ nginx_etc_path }}/mime.types"
+nginx_var_log_path: /var/log/nginx
 
 nginx_user: nginx
 nginx_worker_processes: auto
@@ -31,3 +32,4 @@ nginx_acme_challenge_enabled: yes
 nginx_acme_challenge_path: /var/www/.acme-challenge
 
 nginx_conf_d: {}
+nginx_vhosts: []

roles/nginx/tasks/main.yml

@@ -45,6 +45,10 @@
     mode: 0644
   notify: reload nginx
 
+- name: configure virtual hosts
+  include_tasks: vhost.yaml
+  loop: "{{ nginx_vhosts | dict2items }}"
+
 - name: manage service
   service:
     name: "{{ nginx_service_name }}"

roles/nginx/tasks/vhost.yaml

@@ -0,0 +1,20 @@
+---
+- name: configure virtual hosts
+  block:
+  - name: create webroot
+    file:
+      path: "{{ vhost.root }}"
+      state: directory
+    loop: "{{ item.value }}"
+    loop_control:
+      loop_var: vhost
+
+  - name: configure virtual host
+    template:
+      src: vhost.conf.j2
+      dest: "{{ nginx_conf_d_path }}/{{ item.key }}.conf"
+      owner: root
+      group: root
+      mode: 0444
+    notify: reload nginx
+    loop: "{{ nginx_vhosts | dict2items }}"

roles/nginx/templates/nginx.conf.j2

@@ -16,8 +16,8 @@ http {
     include {{ nginx_mime_types_path }};
     default_type {{ nginx_default_type }};
 
-    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+    log_format main '$server_name $remote_addr - $remote_user [$time_local] "$request" '
-                    '$status $body_bytes_sent "$http_referer" '
+                    '$status $body_bytes_sent $request_time "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for"';
 
     access_log {{ nginx_access_log }};

roles/nginx/templates/vhost.conf.j2

@@ -0,0 +1,42 @@
+# {{ ansible_managed }}
+
+{% for vhost in item.value %}
+server {
+{% if vhost.listen is defined %}
+{% for listen in vhost.listen %}
+    listen {{ listen }};
+{% endfor %}
+
+{% if vhost.server_name is defined %}
+    server_name {{ vhost.server_name }};
+{% endif %}
+{% endif %}
+    access_log {{ vhost.access_log | default(nginx_var_log_path + '/' + vhost.server_name + '.access.log main') }};
+    error_log {{ vhost.error_log | default(nginx_var_log_path + '/' + vhost.server_name + '.error.log warn') }};
+
+{% if vhost.root is defined %}
+    root {{ vhost.root }};
+{% endif %}
+
+    index {{ vhost.index | default('index.html index.htm') }};
+
+{% if vhost.ssl_certificate is defined %}
+    ssl_certificate {{ vhost.ssl_certificate }};
+{% endif %}
+{% if vhost.ssl_certificate_key is defined %}
+    ssl_certificate_key {{ vhost.ssl_certificate_key }};
+{% endif %}
+{% if vhost.ssl_dhparam is defined %}
+    ssl_dhparam {{ vhost.ssl_dhparam }};
+{% endif %}
+
+    location /.well-known/acme-challenge/ {
+        root {{ nginx_root }};
+        try_files $uri =404;
+    }
+
+{% if vhost.raw is defined %}
+    {{ vhost.raw | indent(4) }}
+{% endif %}
+}
+{% endfor %}