|
|
---
# https://docs.debops.org/en/stable-3.2/ansible/roles/nginx/defaults/main.html
- name: Manage nginx webserver
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'debian10' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
vars_files:
- ./../../vars/site.yml
- ./../../vars/php.yml
- ./../../vars/nginx.yml
vars:
nginx_acme: False
nginx_http_extra_options: |
client_max_body_size 100M;
nginx_real_ip_from: ['172.16.30.0/24']
nginx_default_keepalive_timeout: 65
# nginx_webroot_create: False
nginx_ocsp: False
nginx_worker_processes: auto
nginx_manage_ipv6only: False
nginx_default_name: 'welcome'
nginx_default_ssl_name: 'welcome'
# TODO: Replace [::]:443 to 443 and [::]:80 to 80 in site nginx config
nginx_server_localhost:
enabled: False
nginx_listen_port: [ '80' ]
nginx_listen_ssl_port: [ '443' ]
nginx__servers:
- name: '{{ domain_name }}'
type: php
root: '/var/www/{{ site_name }}'
public_dir_name: ''
include_files_begin: '{{ nginx_includes_begin }}'
options: 'set $upstream unix:/run/{{ php__version_preference[0] }}-fpm-www-data.sock;'
location_list:
- pattern: '/'
locations:
- pattern: '~ ^/.*-backend/'
options: |
try_files /index.html @october;
set $upstream unix:/run/{{ php__version_preference[0] }}-fpm-backend.sock;
client_max_body_size 1000M;
options: try_files /index.html @october;
- pattern: '@october'
options: rewrite ^/.*$ /index.php last;
- pattern: '~* ^(?!/index).*\.php$'
options: return 403;
php_options: |
fastcgi_read_timeout 3000;
php_upstream: $upstream
#location ~ ^(?!.+\.php/)(?<script_name>.+\.php)$ {
php_location_script_name: ~ ^(?<script_name>/index\.php)
#location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {
php_location_path_info: ~ ^(?<script_name>/index\.php)(?<path_info>/.*)?
pre_tasks:
- name: Set filtered includes
set_fact:
nginx_includes_begin: "{{ (nginx_includes_begin | default([])) | union([item]) }}"
when: item != omit
loop:
- "{{ (nginx_www_domain and nginx_www_redirect == 'www') | ternary('includes.d/www.conf', omit) }}"
- "{{ (nginx_www_domain and nginx_www_redirect == 'non-www') | ternary('includes.d/non-www.conf', omit) }}"
- includes.d/octobercms.conf
- includes.d/staticfiles.conf
- name: Copy OctoberCMS nginx conf includes and www redirect
copy:
src: etc/nginx/includes.d
dest: /etc/nginx/
mode: 0644
- name: Copy map config for www/non-www redirects
copy:
src: etc/nginx/conf.d/map_tld_domain.conf
dest: /etc/nginx/conf.d/
mode: 0644
post_tasks:
- name: Default index.html
template:
src: var/www/site_name/index.html.j2
dest: '/var/www/{{ site_name }}/index.html'
mode: 0644
owner: '{{ site_name }}'
- name: Copy normalized.css
template:
src: var/www/site_name/normalize.css
dest: '/var/www/{{ site_name }}/'
mode: 0644
owner: '{{ site_name }}'
roles:
# - role: keyring
# tags: [ 'role::keyring', 'skip::keyring', 'role::nginx' ]
# keyring__dependent_apt_keys:
# - '{{ nginx__keyring__dependent_apt_keys }}'
#
# - role: apt_preferences
# tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
# apt_preferences__dependent_list:
# - '{{ nginx__apt_preferences__dependent_list }}'
#
# - role: python
# tags: [ 'role::python', 'skip::python' ]
# python__dependent_packages3:
# - '{{ nginx__python__dependent_packages3 }}'
# python__dependent_packages2:
# - '{{ nginx__python__dependent_packages2 }}'
- role: nginx
tags: [ 'role::nginx', 'skip::nginx' ]
|
