From eed7317b0cddc9b05bbedfaf3a1d3a7e0b5babd6 Mon Sep 17 00:00:00 2001 From: Alexander Dietrich Date: Sun, 5 Feb 2017 16:12:39 +0100 Subject: [PATCH] Update nginx role - Switch "worker_processes" to "auto" - Disable "server_tokens" globally - Change formatting for readability --- roles/nginx/files/etc/nginx/nginx.conf | 10 ++-- roles/nginx/handlers/main.yml | 10 +++- roles/nginx/tasks/main.yml | 56 +++++++++---------- .../includes/base-static/tasks/main.yml | 4 +- 4 files changed, 41 insertions(+), 39 deletions(-) diff --git a/roles/nginx/files/etc/nginx/nginx.conf b/roles/nginx/files/etc/nginx/nginx.conf index c24c023..b5a0174 100644 --- a/roles/nginx/files/etc/nginx/nginx.conf +++ b/roles/nginx/files/etc/nginx/nginx.conf @@ -1,5 +1,5 @@ user www-data; -worker_processes 4; +worker_processes auto; pid /run/nginx.pid; events { @@ -18,7 +18,7 @@ http { tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; - # server_tokens off; + server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; @@ -65,17 +65,17 @@ http { #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript -# +# # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; -# +# # server { # listen localhost:110; # protocol pop3; # proxy on; # } -# +# # server { # listen localhost:143; # protocol imap; diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml index 0a08d0a..9b55c2a 100644 --- a/roles/nginx/handlers/main.yml +++ b/roles/nginx/handlers/main.yml @@ -1,6 +1,10 @@ --- - name: restart nginx - service: name=nginx state=restarted + service: + name: nginx + state: restarted -- name: reload nginx config - service: name=nginx state=reloaded +- name: reload nginx + service: + name: nginx + state: reloaded diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 290e42c..7dbb2c7 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -1,36 +1,34 @@ --- -- name: be sure nginx is installed - apt: name=nginx state=latest +- name: install nginx + apt: + name: nginx + state: present + tags: nginx + +- name: disable default site + file: + path: /etc/nginx/sites-enabled/default + state: absent + notify: restart nginx tags: nginx - name: copy includes - copy: > - src=etc/nginx/include - dest=/etc/nginx - mode=0644 - owner=root - group=root - notify: - - restart nginx + copy: + src: etc/nginx/include + dest: /etc/nginx + mode: 0644 + owner: root + group: root + notify: restart nginx tags: nginx -- name: remove default site - file: path={{ item }} state=absent - with_items: - - /etc/nginx/sites-available/default - - /etc/nginx/sites-enabled/default - - /var/www/html - notify: - - restart nginx - tags: nginx - -- name: configure nginx - copy: > - src=etc/nginx/nginx.conf - dest=/etc/nginx/nginx.conf - mode=0644 - owner=root - group=root - notify: - - restart nginx +- name: copy nginx.conf + copy: + src: etc/nginx/nginx.conf + dest: /etc/nginx + mode: 0644 + owner: root + group: root + backup: yes + notify: restart nginx tags: nginx diff --git a/roles/website/includes/base-static/tasks/main.yml b/roles/website/includes/base-static/tasks/main.yml index 9f98f5c..4d07e46 100644 --- a/roles/website/includes/base-static/tasks/main.yml +++ b/roles/website/includes/base-static/tasks/main.yml @@ -6,7 +6,7 @@ owner=root group=root mode=0644 - notify: reload nginx config + notify: reload nginx tags: - nginx - website @@ -28,7 +28,7 @@ group=root mode=0644 state=link - notify: reload nginx config + notify: reload nginx tags: - nginx - website