Update nginx role

- Switch "worker_processes" to "auto"
- Disable "server_tokens" globally
- Change formatting for readability
This commit is contained in:
Alexander Dietrich 2017-02-05 16:12:39 +01:00
parent 9ff6b69b82
commit eed7317b0c
4 changed files with 41 additions and 39 deletions

View file

@ -1,5 +1,5 @@
user www-data; user www-data;
worker_processes 4; worker_processes auto;
pid /run/nginx.pid; pid /run/nginx.pid;
events { events {
@ -18,7 +18,7 @@ http {
tcp_nodelay on; tcp_nodelay on;
keepalive_timeout 65; keepalive_timeout 65;
types_hash_max_size 2048; types_hash_max_size 2048;
# server_tokens off; server_tokens off;
# server_names_hash_bucket_size 64; # server_names_hash_bucket_size 64;
# server_name_in_redirect off; # server_name_in_redirect off;
@ -65,17 +65,17 @@ http {
#mail { #mail {
# # See sample authentication script at: # # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# #
# # auth_http localhost/auth.php; # # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER"; # # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # imap_capabilities "IMAP4rev1" "UIDPLUS";
# #
# server { # server {
# listen localhost:110; # listen localhost:110;
# protocol pop3; # protocol pop3;
# proxy on; # proxy on;
# } # }
# #
# server { # server {
# listen localhost:143; # listen localhost:143;
# protocol imap; # protocol imap;

View file

@ -1,6 +1,10 @@
--- ---
- name: restart nginx - name: restart nginx
service: name=nginx state=restarted service:
name: nginx
state: restarted
- name: reload nginx config - name: reload nginx
service: name=nginx state=reloaded service:
name: nginx
state: reloaded

View file

@ -1,36 +1,34 @@
--- ---
- name: be sure nginx is installed - name: install nginx
apt: name=nginx state=latest apt:
name: nginx
state: present
tags: nginx
- name: disable default site
file:
path: /etc/nginx/sites-enabled/default
state: absent
notify: restart nginx
tags: nginx tags: nginx
- name: copy includes - name: copy includes
copy: > copy:
src=etc/nginx/include src: etc/nginx/include
dest=/etc/nginx dest: /etc/nginx
mode=0644 mode: 0644
owner=root owner: root
group=root group: root
notify: notify: restart nginx
- restart nginx
tags: nginx tags: nginx
- name: remove default site - name: copy nginx.conf
file: path={{ item }} state=absent copy:
with_items: src: etc/nginx/nginx.conf
- /etc/nginx/sites-available/default dest: /etc/nginx
- /etc/nginx/sites-enabled/default mode: 0644
- /var/www/html owner: root
notify: group: root
- restart nginx backup: yes
tags: nginx notify: restart nginx
- name: configure nginx
copy: >
src=etc/nginx/nginx.conf
dest=/etc/nginx/nginx.conf
mode=0644
owner=root
group=root
notify:
- restart nginx
tags: nginx tags: nginx

View file

@ -6,7 +6,7 @@
owner=root owner=root
group=root group=root
mode=0644 mode=0644
notify: reload nginx config notify: reload nginx
tags: tags:
- nginx - nginx
- website - website
@ -28,7 +28,7 @@
group=root group=root
mode=0644 mode=0644
state=link state=link
notify: reload nginx config notify: reload nginx
tags: tags:
- nginx - nginx
- website - website