nginx Basis-Setup

2015-11-14 18:48:41 +01:00 · 2015-11-14 18:48:41 +01:00 · 3c917ce4b2
parent bc297acd18
commit 3c917ce4b2
8 changed files with 117 additions and 69 deletions
--- a/roles/web-server/base/files/etc/nginx/conf.d/gzip.conf
+++ b/roles/web-server/base/files/etc/nginx/conf.d/gzip.conf
@ -0,0 +1,18 @@
 #
 # ACTHUNG:
 #
 # Wird via Ansible konfiguriert. Bitte nicht manuell ändern!
 #
 # Gzip settings
 gzip                    on;
 gzip_disable            "msie6";
 gzip_static             on;
 gzip_vary               on;
 gzip_proxied            any;
 gzip_comp_level         9;
 gzip_buffers            256 8k;
 gzip_http_version       1.1;
 gzip_min_length         0;
 gzip_types              text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
--- a/roles/web-server/base/files/etc/nginx/conf.d/logging.conf
+++ b/roles/web-server/base/files/etc/nginx/conf.d/logging.conf
@ -0,0 +1,11 @@
 #
 # ACTHUNG:
 #
 # Wird via Ansible konfiguriert. Bitte nicht manuell ändern!
 #
 ##
 # Logging Settings
 ##
 include /etc/nginx/include/no_logging.conf;
--- a/roles/web-server/base/files/etc/nginx/conf.d/optimizations.conf
+++ b/roles/web-server/base/files/etc/nginx/conf.d/optimizations.conf
@ -0,0 +1,9 @@
 #
 # ACTHUNG:
 #
 # Wird via Ansible konfiguriert. Bitte nicht manuell ändern!
 #
 # Server optimizations
 server_names_hash_bucket_size 128;
--- a/roles/web-server/base/files/etc/nginx/conf.d/security.conf
+++ b/roles/web-server/base/files/etc/nginx/conf.d/security.conf
@ -0,0 +1,12 @@
 #
 # ACTHUNG:
 #
 # Wird via Ansible konfiguriert. Bitte nicht manuell ändern!
 #
 # Global security settings for nginx
 ignore_invalid_headers on;
 sendfile on;
 server_name_in_redirect off;
 server_tokens off;
--- a/roles/web-server/base/files/etc/nginx/include/ssl.rewrite
+++ b/roles/web-server/base/files/etc/nginx/include/ssl.rewrite
@ -5,4 +5,4 @@
 #
 # Generischer Rewrite von HTTP nach HTTPS
-rewrite	^ https://$server_name$request_uri? permanent;
+rewrite ^ https://$server_name$request_uri? permanent;
--- a/roles/web-server/base/files/etc/nginx/nginx.conf
+++ b/roles/web-server/base/files/etc/nginx/nginx.conf
@ -38,26 +38,6 @@ http {
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;
    ##
    # Logging Settings
    ##
    include /etc/nginx/include/no_logging.conf;
    ##
    # Gzip Settings
    ##
    gzip on;
    gzip_disable "msie6";
    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
    ##
    # Virtual Host Configs
    ##
--- a/roles/web-server/base/tasks/main.yml
+++ b/roles/web-server/base/tasks/main.yml
@ -1,7 +1,7 @@
 ---
-#- name: be sure nginx is installed
+- name: be sure nginx is installed
-#  apt: name=nginx state=latest
+  apt: name=nginx state=latest
-#  tags: nginx
+  tags: nginx
 - name: check ssl directories exist an have correct permissions
  file: >
@ -37,48 +37,66 @@
    - nginx
    - ssl
-#- name: copy includes
+- name: copy includes
-#  copy: >
+  copy: >
-#    src=etc/nginx/include
+    backup=yes
-#    dest=/etc/nginx
+    src=etc/nginx/include
-#    mode=0644
+    dest=/etc/nginx
-#    owner=root
+    mode=0644
-#    group=root
+    owner=root
-#  notify:
+    group=root
-#    - restart nginx
+  notify:
-#  tags: nginx
+    - restart nginx
-#
+  tags: nginx
-#- name: apply templates
+
-#  template: >
+- name: copy configs
-#    src="etc/nginx/{{ item }}.j2"
+  copy: >
-#    dest="/etc/nginx/{{ item }}"
+    backup=yes
-#    mode=0644
+    src=etc/nginx/conf.d
-#    owner=root
+    dest=/etc/nginx
-#    group=root
+    mode=0644
-#  items:
+    owner=root
-#    - include/ssl_wildcard.conf
+    group=root
-#    - include/ssl_hamburg.freifunk.net.conf
+  notify:
-#  notify:
+    - restart nginx
-#    - restart nginx
+  tags: nginx
-#  tags: nginx
+
-#
+- name: apply templates
-#- name: remove default site
+  template: >
-#  file: path={{ item }} state=absent
+    backup=yes
-#  with_items:
+    src="etc/nginx/{{ item }}.j2"
-#    - /etc/nginx/sites-available/default
+    dest="/etc/nginx/{{ item }}"
-#    - /etc/nginx/sites-enabled/default
+    mode=0644
-#    - /var/www/html
+    owner=root
-#  notify:
+    group=root
-#    - restart nginx
+  with_items:
-#  tags: nginx
+    - include/ssl_wildcard.conf
-#
+    - include/ssl_hamburg_freifunk_net.conf
-#- name: configure nginx
+  notify:
-#  copy: >
+    - restart nginx
-#    src=etc/nginx/nginx.conf
+  tags: nginx
-#    dest=/etc/nginx/nginx.conf
+
-#    mode=0644
+- name: remove default sites / configs
-#    owner=root
+  file: path={{ item }} state=absent
-#    group=root
+  with_items:
-#  notify:
+    - /etc/nginx/conf.d/default.conf_disabled
-#    - restart nginx
+    - /etc/nginx/conf.d/example_ssl.conf_disabled
-#  tags: nginx
+    - /etc/nginx/conf.d/mail.conf
    - /etc/nginx/sites-available/default
    - /etc/nginx/sites-enabled/default
    - /var/www/html
  notify:
    - restart nginx
  tags: nginx
 - name: configure nginx
  copy: >
    backup=yes
    src=etc/nginx/nginx.conf
    dest=/etc/nginx/nginx.conf
    mode=0644
    owner=root
    group=root
  notify:
    - restart nginx
  tags: nginx
--- a/roles/web-server/base/templates/etc/nginx/include/ssl_hamburg_freifunk_net.conf.j2
+++ b/roles/web-server/base/templates/etc/nginx/include/ssl_hamburg_freifunk_net.conf.j2