hispanico / ansible-nginx-revproxy Goto Github PK
View Code? Open in Web Editor NEWAnsible role Nginx reverse proxy
License: GNU General Public License v3.0
ansible-nginx-revproxy's Introduction
ansible-nginx-revproxy's People
Contributors
Stargazers
Watchers
Forkers
tadas-subonis jqueuniet themouette vqiu isaac88 mirkomack panxatony arturre earendil06 mattdodge sfuhrm boxrick gentoo9ball j-muller mnopi vzxrs upenderadepu scalzadonna dtourde falconwood-team t2d rodadmin spidersouleater soptai thiagogomesverissimo raptahjezus e-lie lungj seunsmooth pgotsis pumba98 siexp ketsapiwiq armohamm igrybkov aloz1 substrakt-health manjuvarma abhinav1144 antoniomika harshalchaudhari35 tomjohnburton shebpamm czm1k3 ferrantedev ozaryx h2-invent-infra svilenkov petriivanov okryuchenko pkchuyen brandonmcclure asapdotid higidi epitty1023 crasicnyc abdul-jabbar01 snooooooow djureko justindavis mursaun hello-useransible-nginx-revproxy's Issues
Optionally not deactivate others sites
Currently only sites defined in playbook are kept. There are some situations where we could keep others sites.
Certbot-auto depreciated on Ubuntu 20.04
certbot/certbot#7941 (comment)
InRelease\nGet:3 http://us-east-2.ec2.archive.ubuntu.com/ubuntu focal-backports InRelease [98.3 kB]\nGet:4 http://security.ubuntu.com/ubuntu focal-security InRelease [107 kB]\nFetched 205 kB in 1s (312 kB/s)\nReading package lists...\nReading package lists...\nBuilding dependency tree...\nReading state information...\nPackage python-virtualenv is not available, but is referred to by another package.\nThis may mean that the package is missing, has been obsoleted, or\nis only available from another source", "stdout_lines": ["Bootstrapping dependencies for Debian-based OSes... (you can skip this with --no-bootstrap)", "Hit:1 http://us-east-2.ec2.archive.ubuntu.com/ubuntu focal InRelease", "Hit:2 http://us-east-2.ec2.archive.ubuntu.com/ubuntu focal-updates InRelease", "Get:3 http://us-east-2.ec2.archive.ubuntu.com/ubuntu focal-backports InRelease [98.3 kB]", "Get:4 http://security.ubuntu.com/ubuntu focal-security InRelease [107 kB]", "Fetched 205 kB in 1s (312 kB/s)", "Reading package lists...", "Reading package lists...", "Building dependency tree...", "Reading state information...", "Package python-virtualenv is not available, but is referred to by another package.", "This may mean that the package is missing, has been obsoleted, or", "is only available from another source"]}
I did not know how it worked last time. Oh well.
Port 80 does not work with http2
The default port for unencrypted connections (80) should not use http2, since the browser will not know what to do with the answer, resulting in the download of a binary file.
Analogous, the default port in the ssl templates should be 443 instead of 80:
add redirect for correct scheme in location header
Upstream relative redirect are incorrectly rewritten when the domain in https
add the following header rewrite rule:
proxy_redirect http:// $scheme://;
Sometime is necessary increase upstream timeout
proxy_read_timeout
[nginx] Not 443 listening after service reload
Nginx doesn't list on 443 after service reload if was listening on 80 only.
The command "sudo service nginx status" exited with 0.
0.01s$ sudo netstat -ntulp |grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 5328/nginx
tcp6 0 0 :::80 :::* LISTEN 5328/nginx
Ubuntu 20.04
In order to add Ubuntu 20.04 support, do I need to add 20.04 to .travis and meta/main.yml?
https://github.com/hispanico/ansible-nginx-revproxy/blob/master/.travis.yml
https://github.com/hispanico/ansible-nginx-revproxy/blob/master/meta/main.yml
Cut a release
This will allow users to pin to a specific known version of the role in a dependencies file.
hispanico.nginx-revproxy was not found on https://galaxy.ansible.com/api/.
Cannot install the role anymore. Was it delisted from Ansible Galaxy?
Broken - Generate Certs (first time) wont work
Hi, i got the following error.
- hosts: proxy
roles:
- hispanico.nginx_revproxy
vars:
nginx_revproxy_sites:
default:
ssl: true
letsencrypt: true
proxy.reich.dev:
domains:
- proxy.reich.dev
upstreams:
- { backend_address: 10.0.0.2, backend_port: 80 }
ssl: true
letsencrypt: trueTASK [hispanico.nginx_revproxy : Generate certs (first time)] ************************************************************************************
fatal: [157.90.26.241]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'domains'\n\nThe error appears to be in '/home/benjamin/repos/ansible-test/roles.galaxy/hispanico.nginx_revproxy/tasks/letsencrypt.yml': line 74, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: Generate certs (first time)\n ^ here\n"}
Additonal nginx configuration on config
Firstly thanks for your work and the script.
I want to know if you have already thought about adding addional nginx configuration during task execution (e.g. upload size, timeout,...)
SSL config without using letsnecrypt uses same key
Hello,
Thanks for this great role.
Can you please share the sample SSL config when not using letsencrypt?
I am using letsencrypt via DNS for getting certs and trying the best way to generate Nginx config to use those. The server is not exposed publically and hence HTTP based acme-challenge cannot be solved.
Thanks.
[lint] Waring on not valid tag
WARNING [role] 'reverse proxy' is not a valid tag. Tags must container lowercase letters and digits only. Skipping.
move nginx_revproxy_certbot_packages from vras to defaults
nginx_revproxy_certbot_packages cannot be override by calling :
roles:
- hispanico.nginx_revproxy
vars:
nginx_revproxy_certbot_packages:
can we move it to defaults/main.yml ?
certbot cron installed even if letsencrypt flag is: false
There is a missing when statement in tasks/letsencrypt.yml for task:
- name: Insert cert-bot renew in crontab
It is missing when:
when: - item.value.letsencrypt | default(False)
Leads to high CPU usage because the cron job in installed but cannot be used.
Happens when you do not use letsencrypt:
letsencrypt: false
Is there a typo somewhere?
ERROR! couldn't resolve module/action 'htpasswd'. This often indicates a misspelling, missing collection, or incorrect module path.
The error appears to be in '/home/user/.ansible/roles/hispanico.nginx_revproxy/tasks/main.yml': line 63, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: Add authentication
^ here
a/.galaxy_install_info
install_date: 'Sun 30 Jul 2023 04:58:23 AM '
version: v1.7.0
Pretask needed apt update
Hi,
I am learning ansible and I tried to include your role. Is this the desired behavior? You need to run apt-get update as a pretasks.
ansible-playbook -i inventory/hosts deploy.yaml
PLAY [52.44.37.61] *******************************************************************************************************************************
TASK [Gathering Facts] ***************************************************************************************************************************
ok: [52.44.37.61]
TASK [hispanico.nginx-revproxy : Install Nginx] **************************************************************************************************
fatal: [52.44.37.61]: FAILED! => {"cache_update_time": 1578850663, "cache_updated": false, "changed": false, "msg": "'/usr/bin/apt-get -y -o \"Dpkg::Options::=--force-confdef\" -o \"Dpkg::Options::=--force-confold\" install 'nginx'' failed: E: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/nginx-common_1.14.0-0ubuntu1.6_all.deb 404 Not Found [IP: 54.172.25.22 80]\nE: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/libnginx-mod-http-geoip_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]\nE: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/libnginx-mod-http-image-filter_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]\nE: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/libnginx-mod-http-xslt-filter_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]\nE: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/libnginx-mod-mail_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]\nE: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/libnginx-mod-stream_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]\nE: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/nginx-core_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]\nE: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/nginx_1.14.0-0ubuntu1.6_all.deb 404 Not Found [IP: 54.172.25.22 80]\nE: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?\n", "rc": 100, "stderr": "E: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/nginx-common_1.14.0-0ubuntu1.6_all.deb 404 Not Found [IP: 54.172.25.22 80]\nE: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/libnginx-mod-http-geoip_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]\nE: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/libnginx-mod-http-image-filter_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]\nE: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/libnginx-mod-http-xslt-filter_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]\nE: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/libnginx-mod-mail_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]\nE: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/libnginx-mod-stream_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]\nE: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/nginx-core_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]\nE: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/nginx_1.14.0-0ubuntu1.6_all.deb 404 Not Found [IP: 54.172.25.22 80]\nE: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?\n", "stderr_lines": ["E: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/nginx-common_1.14.0-0ubuntu1.6_all.deb 404 Not Found [IP: 54.172.25.22 80]", "E: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/libnginx-mod-http-geoip_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]", "E: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/libnginx-mod-http-image-filter_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]", "E: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/libnginx-mod-http-xslt-filter_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]", "E: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/libnginx-mod-mail_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]", "E: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/libnginx-mod-stream_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]", "E: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/nginx-core_1.14.0-0ubuntu1.6_amd64.deb 404 Not Found [IP: 54.172.25.22 80]", "E: Failed to fetch http://security.ubuntu.com/ubuntu/pool/main/n/nginx/nginx_1.14.0-0ubuntu1.6_all.deb 404 Not Found [IP: 54.172.25.22 80]", "E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?"], "stdout": "Reading package lists...\nBuilding dependency tree...\nReading state information...\nThe following additional packages will be installed:\n fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0\n libjpeg-turbo8 libjpeg8 libnginx-mod-http-geoip\n libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter\n libnginx-mod-mail libnginx-mod-stream libtiff5 libwebp6 libxpm4 nginx-common\n nginx-core\nSuggested packages:\n libgd-tools fcgiwrap nginx-doc ssl-cert\nThe following NEW packages will be installed:\n fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0\n libjpeg-turbo8 libjpeg8 libnginx-mod-http-geoip\n libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter\n libnginx-mod-mail libnginx-mod-stream libtiff5 libwebp6 libxpm4 nginx\n nginx-common nginx-core\n0 upgraded, 18 newly installed, 0 to remove and 0 not upgraded.\nNeed to get 598 kB/2461 kB of archives.\nAfter this operation, 8210 kB of additional disk space will be used.\nIgn:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 nginx-common all 1.14.0-0ubuntu1.6\nIgn:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-http-geoip amd64 1.14.0-0ubuntu1.6\nIgn:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-http-image-filter amd64 1.14.0-0ubuntu1.6\nIgn:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-http-xslt-filter amd64 1.14.0-0ubuntu1.6\nIgn:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-mail amd64 1.14.0-0ubuntu1.6\nIgn:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-stream amd64 1.14.0-0ubuntu1.6\nIgn:7 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 nginx-core amd64 1.14.0-0ubuntu1.6\nIgn:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 nginx all 1.14.0-0ubuntu1.6\nErr:1 http://security.ubuntu.com/ubuntu bionic-updates/main amd64 nginx-common all 1.14.0-0ubuntu1.6\n 404 Not Found [IP: 54.172.25.22 80]\nErr:2 http://security.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-http-geoip amd64 1.14.0-0ubuntu1.6\n 404 Not Found [IP: 54.172.25.22 80]\nErr:3 http://security.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-http-image-filter amd64 1.14.0-0ubuntu1.6\n 404 Not Found [IP: 54.172.25.22 80]\nErr:4 http://security.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-http-xslt-filter amd64 1.14.0-0ubuntu1.6\n 404 Not Found [IP: 54.172.25.22 80]\nErr:5 http://security.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-mail amd64 1.14.0-0ubuntu1.6\n 404 Not Found [IP: 54.172.25.22 80]\nErr:6 http://security.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-stream amd64 1.14.0-0ubuntu1.6\n 404 Not Found [IP: 54.172.25.22 80]\nErr:7 http://security.ubuntu.com/ubuntu bionic-updates/main amd64 nginx-core amd64 1.14.0-0ubuntu1.6\n 404 Not Found [IP: 54.172.25.22 80]\nErr:8 http://security.ubuntu.com/ubuntu bionic-updates/main amd64 nginx all 1.14.0-0ubuntu1.6\n 404 Not Found [IP: 54.172.25.22 80]\n", "stdout_lines": ["Reading package lists...", "Building dependency tree...", "Reading state information...", "The following additional packages will be installed:", " fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0", " libjpeg-turbo8 libjpeg8 libnginx-mod-http-geoip", " libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter", " libnginx-mod-mail libnginx-mod-stream libtiff5 libwebp6 libxpm4 nginx-common", " nginx-core", "Suggested packages:", " libgd-tools fcgiwrap nginx-doc ssl-cert", "The following NEW packages will be installed:", " fontconfig-config fonts-dejavu-core libfontconfig1 libgd3 libjbig0", " libjpeg-turbo8 libjpeg8 libnginx-mod-http-geoip", " libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter", " libnginx-mod-mail libnginx-mod-stream libtiff5 libwebp6 libxpm4 nginx", " nginx-common nginx-core", "0 upgraded, 18 newly installed, 0 to remove and 0 not upgraded.", "Need to get 598 kB/2461 kB of archives.", "After this operation, 8210 kB of additional disk space will be used.", "Ign:1 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 nginx-common all 1.14.0-0ubuntu1.6", "Ign:2 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-http-geoip amd64 1.14.0-0ubuntu1.6", "Ign:3 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-http-image-filter amd64 1.14.0-0ubuntu1.6", "Ign:4 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-http-xslt-filter amd64 1.14.0-0ubuntu1.6", "Ign:5 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-mail amd64 1.14.0-0ubuntu1.6", "Ign:6 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-stream amd64 1.14.0-0ubuntu1.6", "Ign:7 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 nginx-core amd64 1.14.0-0ubuntu1.6", "Ign:8 http://us-east-1.ec2.archive.ubuntu.com/ubuntu bionic-updates/main amd64 nginx all 1.14.0-0ubuntu1.6", "Err:1 http://security.ubuntu.com/ubuntu bionic-updates/main amd64 nginx-common all 1.14.0-0ubuntu1.6", " 404 Not Found [IP: 54.172.25.22 80]", "Err:2 http://security.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-http-geoip amd64 1.14.0-0ubuntu1.6", " 404 Not Found [IP: 54.172.25.22 80]", "Err:3 http://security.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-http-image-filter amd64 1.14.0-0ubuntu1.6", " 404 Not Found [IP: 54.172.25.22 80]", "Err:4 http://security.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-http-xslt-filter amd64 1.14.0-0ubuntu1.6", " 404 Not Found [IP: 54.172.25.22 80]", "Err:5 http://security.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-mail amd64 1.14.0-0ubuntu1.6", " 404 Not Found [IP: 54.172.25.22 80]", "Err:6 http://security.ubuntu.com/ubuntu bionic-updates/main amd64 libnginx-mod-stream amd64 1.14.0-0ubuntu1.6", " 404 Not Found [IP: 54.172.25.22 80]", "Err:7 http://security.ubuntu.com/ubuntu bionic-updates/main amd64 nginx-core amd64 1.14.0-0ubuntu1.6", " 404 Not Found [IP: 54.172.25.22 80]", "Err:8 http://security.ubuntu.com/ubuntu bionic-updates/main amd64 nginx all 1.14.0-0ubuntu1.6", " 404 Not Found [IP: 54.172.25.22 80]"]}
Task "Install certbot-auto" from letsencrypt.yml fails
Hi!
The task "Install certbot-auto" from letsencrypt.yml fails, because url: https://dl.eff.org/certbot-auto returns a 404
TASK [nginx-proxy-role : Install certbot-auto] *******************************************************
fatal: [ssl-web-proxy]: FAILED! => changed=false
dest: /usr/bin/certbot-auto
elapsed: 1
msg: Request failed
response: 'HTTP Error 404: Not Found'
status_code: 404
url: https://dl.eff.org/certbot-auto
certbot-auto has been deprecated
On some platforms the current method based of certbot-auto is not supported any longer. As a fallback you could always purchase certificates as you can provide your own certificates in the template.
DEPRECATION WARNING about tests as filters
TASK [hispanico.nginx-revproxy : Enable Site Config] *****************************************************************************************************************************************
[DEPRECATION WARNING]: Using tests as filters is deprecated. Instead of using `result|success` use `result is success`. This feature will be removed in version 2.9. Deprecation warnings can
be disabled by setting deprecation_warnings=False in ansible.cfg.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.