Giter Club home page Giter Club logo

ansible-role-nginx's Issues

Specifying only some modules defaults shall be used for others

forgot the following...

The readme defines some modules i may enable on installation. Specifying not all modules triggers an "dict has no attribute X" error as there is no safeguard to default all values not set.

Sample playbook - false shall be default for all other modules as stated in readme.

- hosts: raspi
  roles:
    - role: nginxinc.nginx
      type: opensource
      install_from: nginx_repository
      modules:
        geoip: true

output:

...
TASK [nginxinc.nginx : (Install: All OSs) Install NGINX Open Source JavaScript Module] ******
fatal: [127.0.0.1]: FAILED! => {"msg": "The conditional check 'modules.njs' failed. The error was: error while evaluating conditional (modules.njs): 'dict object' has no attribute 'njs'\n\nThe error appears to have been in '/home/stefan/workspaces/ws_misc/universe-config/ansible/roles/nginxinc.nginx/tasks/modules/install-njs.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: \"(Install: All OSs) Install NGINX Open Source JavaScript Module\"\n  ^ here\nThis one looks easy to fix.  It seems that there is a value started\nwith a quote, and the YAML parser is expecting to see the line ended\nwith the same kind of quote.  For instance:\n\n    when: \"ok\" in result.stdout\n\nCould be written as:\n\n   when: '\"ok\" in result.stdout'\n\nOr equivalently:\n\n   when: \"'ok' in result.stdout\"\n"}
´´´

Please state that this role is in alpha state in README

Please add the current state of the role at the head of your README file
to let people know the development just started and it is not usable right now.

When it is finished and working the warning can be removed, but currently you can save a lot of people a lot of time with a short warning ahead...

Create more than one virtual server

Thanks by your job doing this ansible role.

Please, how do I setup more than one virtual server?

As a sample example:

# /etc/nginx/conf.d/www1.example.com.conf
server {
    server_name www1.example.com;
    root /www/data/www1.example.com;
}

# /etc/nginx/conf.d/www2.example.com.conf
server {
    server_name www2.example.com;
    root /www/data/www2.example.com;
}

What I tried was (one of them acctualy):

nginx_http_template:
  www1:
    conf_file_name: www1.example.com.conf
    server_name: www1.example.com
    #...
  www2:
    conf_file_name: www2.example.com.conf
    server_name: www2.example.com
    #...

But this doesn't work.

centos/rhel repository always overwritten

The following task runs twice, the first time with the variable centos, the second time with the variable rhel.

- name: "(Install: CentOS/RedHat) Add Mainline NGINX Repository"
  yum_repository:
    name: nginx
    baseurl: https://nginx.org/packages/mainline/{{ item }}/{{ ansible_distribution_major_version|int }}/$basearch/
    description: NGINX Repository
    enabled: yes
    gpgcheck: yes
  with_items:
    - centos
    - rhel
when: branch == "mainline"

However since the name of the repo is always nginx, the repo is always overwritten:

       TASK [nginxinc.nginx : (Install: CentOS/RedHat) Add Mainline NGINX Repository] ***
       --- before: /etc/yum.repos.d/nginx.repo
       +++ after: /etc/yum.repos.d/nginx.repo
       @@ -1,5 +1,5 @@
        [nginx]
       -baseurl = https://nginx.org/packages/mainline/rhel/6/$basearch/
       +baseurl = https://nginx.org/packages/mainline/centos/6/$basearch/
        enabled = 1
        gpgcheck = 1
        name = NGINX Repository
       
       changed: [localhost] => (item=centos) => {"changed": true, "item": "centos", "repo": "nginx", "state": "present"}
       --- before: /etc/yum.repos.d/nginx.repo
       +++ after: /etc/yum.repos.d/nginx.repo
       @@ -1,5 +1,5 @@
        [nginx]
       -baseurl = https://nginx.org/packages/mainline/centos/6/$basearch/
       +baseurl = https://nginx.org/packages/mainline/rhel/6/$basearch/
        enabled = 1
        gpgcheck = 1
        name = NGINX Repository

I briefly checked both repositories and at least for the rpms they seem to have the same content.
Possible solutions:

  • always use the same url regardless of rhel or centos
  • split the task into two task and check for the operating system.

Adding nginx repository on debian is missing cache refresh

During your installation on Debian and Ubuntu you just add the new apt-key for your repository and registers the urls for them. Afterwards the package nginx will be installed.

Because no "apt update" was performed (ansible module "apt" with attribute "update_cache=yes") prior installing the package the installation fails.

Is it possible to specify the desired version of nginx?

I am using this role for managing Ubuntu Bionic machine. When I executed this role for the first time, nginx/1.15.12 was installed by the role. Now, executing the role again (with the new mainline nginx-1.17.0 released), nginx is not being upgraded. Should I upgraded manually, using a pre_task?

variables names are not explicitly targeting nginx role

Hi,

I was looking for a role to install nginx and came across yours.

I don't think it's currently usable in a production setup as variables names are too much generic. For example nothing tell me that type, branch or module would not overlap with another variable for another purpose.

I would like to propose a standardisation for all variables used by this role to begin with nginx_, making it clear that a variables set in a group var of a playbook will explicitly target a role that have something to do with nginx. 🙂

For now, i'm using the role provided by geerlingguy, that have that kind of behavior, but I would love to use the official one once this problem is resolved.

Regards,

Module names are wrong on Debian/Ubuntu

The geoip modules is not named "nginx-geoip-perl" as stated in your install-geoip.yml file.
The name is either nginx-module-geoip (using nginx_repository) or libnginx-mod-http-geoip (using os_repository)

Nginx can't find directories ?

Hi there!

I'm trying to run this ansible playbook, copied from the galaxy site:

---
- hosts: servertest
  become: true
  roles:
    - nginxinc.nginx // can I even do this ? using ansible-nginx-role doesn't work
  vars:
    nginx_http_template_enable: true
    nginx_http_template:
      default:
        port: 80
        server_name: <<host ip address>> // or it's not that kind of name ? 
        error_page: /usr/share/nginx/html
        autoindex: false
        web_server:
          locations:
            default:
              location: /
              html_file_location: /usr/share/nginx/html
              html_file_name: index.html

As you can probably tell, I hardly modified anything other than the server name and the host on which I'm running the playbook. I get this error message though:

fatal: [[email protected]]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'conf_file_location'\n\nThe error appears to have been in '/home/md21/.ansible/roles/nginxinc.nginx/tasks/conf/template-config.yml': line 24, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: \"(Setup: All NGINX) Ensure NGINX HTTP Directory Exists\"\n ^ here\nThis one looks easy to fix. It seems that there is a value started\nwith a quote, and the YAML parser is expecting to see the line ended\nwith the same kind of quote. For instance:\n\n when: \"ok\" in result.stdout\n\nCould be written as:\n\n when: '\"ok\" in result.stdout'\n\nOr equivalently:\n\n when: \"'ok' in result.stdout\"\n"}

As far as I can tell there's a problem with the yml syntax, some line not ending with the correct quote type, or something like that.

Can I get some help, I don't fully understand the problem, I checked everywhere and can't seem to find it.
~ Matt

Use template for API conf

It would be useful to be able to switch the template used for the API configuration, for instance restricting what IPs are allowed to access the API. I have a PR to go along with this issue I wasn't sure exactly where to put the API template, so I threw it in the top level of the templates dir.

Unable to download rpm signing key in corporate environment

Hi,
it is rather common in corporate environments, that servers are not able to connect to the internet. With the current playbook it is not possible to select a different location where one could fetch the rpm signing key.

If the issue is accepted I can provide a PR.

Kind regards,

Henning

Cannot find mime.types on FreeBSD (cleanup config task removes all files in specified path)

Hello,
I cannot seem to find mime.types (referred by main nginx.conf.j2)
when using this role to install on FreeBSD 12.

my role code is:

---
# I have to set nginxconfigdir__root to /usr/local/etc/nginx on FreeBSD (on lnx it is /etc/nginx)
# (also will need to modify default template, because it hardcodes the pass to linux default, and does nto work on freebsd
# 
- name: install nginx | restapi
  include_role:
    name: nginxinc.nginx
    apply: 
      become: yes
  vars:
    nginx_type: opensource
    # this role has a problem installing modules for fbsd or obsd.
    # disable for now
#    nginx_modules:
#      image_filter: true
#      geoip: true
        
    # Remove previously existing NGINX configuration files.
    nginx_cleanup_config: true
    nginx_cleanup_config_path:
      - "{{ nginxconfigdir__root }}/config.d"  

    nginx_main_template_enable: true
    nginx_main_template:
      template_file: nginx.conf.j2 
      conf_file_name: nginx.conf
      conf_file_location: "{{ nginxconfigdir__root }}"  # I have to set it to /usr/local/etc/nginx on FreeBSD (on lnx it is /etc/nginx)
      user: nginx
      worker_processes: auto
      error_level: warn
      worker_connections: 1024
      http_enable: true
      http_settings:
        keepalive_timeout: 65
        cache: false
        rate_limit: false
        keyval: false
      stream_enable: true
      http_global_autoindex: false


    nginx_stream_template_enable: true
    nginx_stream_template:
      default:  
        template_file:  stream/default.conf.j2
        conf_file_name: restapi__beX.conf
        conf_file_location: "{{ nginxconfigdir__root }}/conf.d/stream"
        network_streams:
          default:
            listen_address: localhost
            listen_port: 4998
            udp_enable: false
            proxy_pass: mybackend
            proxy_timeout: 3s
            proxy_connect_timeout: 1s
            proxy_protocol: false
            health_check_plus: false
            proxy_ssl: 
              cert: "{{ currdomainCertDir }}/{{ certfile__fullchain }}"
              key: "{{ currdomainCertDir }}/{{ certfile__privkey }}"
              password_file: "{{ currdomainCertDir }}/{{ certfile__pass }}"
              protocols: TLSv1 TLSv1.1 TLSv1.2 TLSv1.3
              ciphers: HIGH:!aNULL:!MD5
              verify: false
              verify_depth: 1
              session_reuse: true  
              
        upstreams:
          upstream1: 
            name: mybackend
            zone_name: mybackend
            lb_method: least_conn
            sticky_cookie: false
            zone_size: 64k
            servers:
              server1:
                address: 10.0.1.99
                port: 77777
                weight: 1
                healthcheck: max_fails=2 fail_timeout=10s
              server2:
                address: 10.0.1.999
                port: 88888
                weight: 1
                healthcheck: max_fails=2 fail_timeout=10s

configuring nginx to be state 'running'

I've gone up and down the configurations and roles, and I don't see a way of enforcing that the service actually be running. Is there a way to configure this without writing a custom systemd task to enforce that the service be switched on if it's ever switched off?

The role failes to get the ip address of the server

I recommend replacing

<p><span>Server address:</span> <span> {{ ansible_eth0.ipv4.address }} </span></p>

with

<p><span>Server address:</span> <span> {{ ansible_default_ipv4.address }} </span></p>

in templates/www/index.html.j2

Since the first network interface of a server might not always be called eth0

Clean conf.d before deploying new config

It would be very useful to have the option to delete all present files in the conf.d directory when deploying. Currently if one creates a config, but then changes it (and changes the name of the config file), the old one remains, making it difficult to remove old configs without being convoluted about it or doing so by hand. This would default to false, clearly, so as to retain backwards compatibility. It would seem that this would make the most sense to do at the same time as ensuring the respective conf directories exist.

Only install repo keys when installing from nginx_repository

When nginx_install_from: os_repository is used, the nginx signing apt or rpm key is still installed.
It is not needed to install the trust when the nginx package is installed from the OS package manager.

Reproduce in Debian:

$ cat playbook.yml
  vars:
    nginx_install_from: 'os_repository'
$ ansible-playbook playbook.yml
TASK [ansible-role-nginx : (Install: APT OSs) Add APT NGINX Signing Key] ********
changed: [host.tld]
$ gpg /etc/apt/trusted.gpg
gpg: WARNING: no command supplied.  Trying to guess what you mean ...
pub   rsa2048 2011-08-19 [SC] [expires: 2024-06-14]
uid           nginx signing key <[email protected]>

Add tag option for controller

I think it’s possible to add a tag when we add the instance to controller. I plan to submit a pr for this.

  1. would like an option to add tag(s) to the controller agent

If catch-all ("_") is used as server_name and https_redirect is on nginx redirects to "_"

If you want to have a catch-all server for http to redirect it to https it's currently not possible to do that because the following config is generated:

#
# Ansible managed
#



server {
    listen 80;
    server_name _;
    return 301 https://_$request_uri;


}

The generated config should look like the following:

#
# Ansible managed
#



server {
    listen 80;
    server_name _;
    return 301 https://$host$request_uri;


}

These are my ansible variables:

nginx_http_template_enable: true
nginx_http_template:
  default:
    template_file: http/default.conf.j2
    conf_file_name: 99-https-rewrite.conf
    conf_file_location: /etc/nginx/conf.d/
    port: 80
    server_name: "_"
    https_redirect: true

error on signing key

Hello,

Trying to install Nginx open source on Ubuntu 16.04 with Ansible 2.4.3 gives me the following error :

TASK [nginxinc.nginx : (Install: APT OSs) Add APT NGINX Signing Key] ***********

fatal: [instance]: FAILED! => {"changed": false, "cmd": "/usr/bin/apt-key adv --keyserver ha.pool.sks-keyservers.net --recv 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62", "msg": "Error fetching key 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from keyserver: ha.pool.sks-keyservers.net", "rc": 1, "stderr": "gpg: requesting key 7BD9BF62 from hkp server ha.pool.sks-keyservers.net\ngpg: key 7BD9BF62: public key \"nginx signing key <[email protected]>\" imported\ngpg: Total number processed: 1\ngpg:               imported: 1  (RSA: 1)\ngpg: no writable keyring found: eof\ngpg: error reading `[stdin]': general error\ngpg: import from `[stdin]' failed: general error\ngpg: Total number processed: 0\n", "stderr_lines": ["gpg: requesting key 7BD9BF62 from hkp server ha.pool.sks-keyservers.net", "gpg: key 7BD9BF62: public key \"nginx signing key <[email protected]>\" imported", "gpg: Total number processed: 1", "gpg:               imported: 1  (RSA: 1)", "gpg: no writable keyring found: eof", "gpg: error reading `[stdin]': general error", "gpg: import from `[stdin]' failed: general error", "gpg: Total number processed: 0"], "stdout": "Executing: /tmp/tmp.s3rZxQblst/gpg.1.sh --keyserver\nha.pool.sks-keyservers.net\n--recv\n573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62\n", "stdout_lines": ["Executing: /tmp/tmp.s3rZxQblst/gpg.1.sh --keyserver", "ha.pool.sks-keyservers.net", "--recv", "573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62"]}

Thanks

with_fileglob doesn't work without full path

I've noticed an issue where if you have any of the *-upload_enable vars set to true it skips the files and doesn't upload them when it contains regex.

For example:

nginx_http_upload_enable: true
nginx_http_upload_src: conf/http/*.conf
nginx_http_upload_dest: /etc/nginx/conf.d/

When I run the playbook with -vvv it shows

TASK [nginxinc.nginx : (Setup: All NGINX) Upload NGINX HTTP Configuration Files] ***********************************************************************************************
task path: /home/user/.ansible/roles/nginxinc.nginx/tasks/conf/upload-config.yml:16
Read vars_file 'vars/nginx.yml'

Even though there is a .conf file in that directory. When I specify the full path rather than the relative path it works. Example:

conf/http/*.conf vs /home/user/ansible/ansible-nginx/conf/http/*.conf

So it seems there's an issue.. I read in a few places that something like conf/http/*.conf would actually work if you ran your playbook from the Ansible role's directory, but have not tested it. Any ideas on how to fix this?

Configuring basic authorization (auth_basic)

I would like to configure basic authorization. It seems that currently I need my own default.conf.j2 template. And this is what I'm using:

{% for location in item.value.reverse_proxy.locations %}
    location {{ item.value.reverse_proxy.locations[location].location }} {
{# this part below is an extra configuration #}
{% if item.value.reverse_proxy.locations[location].auth_basic is defined %}
        auth_basic "{{ item.value.reverse_proxy.locations[location].auth_basic }}";
{% endif %}
{% if item.value.reverse_proxy.locations[location].auth_basic_file is defined %}
        auth_basic_user_file {{ item.value.reverse_proxy.locations[location].auth_basic_file }};
{% endif %}
{# this part above is an extra configuration #}
        proxy_pass {{ item.value.reverse_proxy.locations[location].proxy_pass }};
{% if item.value.reverse_proxy.health_check_plus is defined and item.value.reverse_proxy.health_check_plus %}
        health_check;
{% endif %}

plus:

          locations:
            prometheus:
              location: /prometheus/
              proxy_pass: http://localhost:9090
              auth_basic: "Restricted Content"
              auth_basic_file: /etc/nginx/.htpasswd.prometheus

I would like to be able to configure basic authorization by one of the following options:

  1. Using dedicated configuration options like auth_basic and auth_basic_file
  2. By generic configuration option like
          locations:
            prometheus:
                extra_options: >
                  auth_basic: "Restricted Content"
                  auth_basic_user_file: /etc/nginx/.htpasswd.prometheus

What do you think about this feature and suggested solutions?

The conditional check 'default_exists.stat.exists && main_template_enable' failed 

FAILED! => {"failed": true, "msg": "The conditional check 'default_exists.stat.exists && main_template_enable' failed. The error was: template error while templating string: unexpected char u'&' at 33. String: {% if default_exists.stat.exists && main_template_enable %} True {% else %} False {% endif %}

The error appears to have been in '__skipped__/roles/nginxinc.nginx/tasks/conf/template-config.yml': line 8, column 3, but may be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- name: \"(Setup: All NGINX) Backup NGINX Default Configuration File\"
  ^ here
This one looks easy to fix.  It seems that there is a value started\nwith a quote, and the YAML parser is expecting to see the line ended with the same kind of quote.  For instance:

    when: \"ok\" in result.stdout

Could be written as:

   when: '\"ok\" in result.stdout'

Or equivalently:

   when: \"'ok' in result.stdout\"
"}

Hi there! It seems that && is not allowed. And would be better to use and instead.
Version of ansible is 2.4.4.0

Ansible role fails when trying to upload an NGINX configuration file

Two different variables, main_push_enable and main_upload_enable, are used throughout the role interchangeably. This leads to an error when trying to run a playbook that uploads an NGINX configuration file.

TASK [nginxinc.nginx : (Setup: All NGINX) Check NGINX Default Configuration File Exists] ***************************************************************
fatal: [localhost]: FAILED! => {"msg": "The conditional check 'main_upload_enable' failed. The error was: error while evaluating conditional (main_upload_enable): 'main_upload_enable' is undefined

The error appears to have been in '/home/ubuntu/.ansible/roles/nginxinc.nginx/tasks/conf/push-config.yml': line 2, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

---
- name: \"(Setup: All NGINX) Check NGINX Default Configuration File Exists\"
  ^ here
This one looks easy to fix.  It seems that there is a value started
with a quote, and the YAML parser is expecting to see the line ended
with the same kind of quote.  For instance:

    when: \"ok\" in result.stdout

Could be written as:

   when: '\"ok\" in result.stdout'

Or equivalently:

   when: \"'ok' in result.stdout\"
"}

Dependency missing on debian - installation fails

One debian (tested with minimal debian stretch) this role must enshure the package "apt-transport-https" is installed. You are on the safe side if you require this on every debian and ubuntu version as older ones have not installed this. Without this package fetching files from your nginx_repository will fail.

ERROR! the role 'ansible-role-nginx' was not found in

I have followed this https://www.nginx.com/blog/announcing-unified-ansible-role-nginx-nginx-plus/ to install ngnix on my EC2 instances, but when I want to create my AMI I am getting this error:

This is my YAML file:

- name: "Installs Gatling and other required dependencies for load testing"
  hosts: all
  remote_user: admin
  become: true
  roles:
    - role: ansible-role-nginx
    - role: common
    - role: datadog
      datadog_agent5: true # 6.x currently does not support graphite
      datadog_config:
        graphite_listen_port: 17124
        log_level: INFO
    - role: gatling

amazon-ebs: ERROR! the role 'ansible-role-nginx' was not found in /Users/aaa/xxx/projects/yyy/ansible/roles:/Users/aaa/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:/Users/aaa/xxx/projects/yyy/ansible
    amazon-ebs:
    amazon-ebs: The error appears to have been in '/Users/aaa/xxx/projects/yyy/ansible/http-load-testing.yml': line 6, column 7, but may
    amazon-ebs: be elsewhere in the file depending on the exact syntax problem.
    amazon-ebs:
    amazon-ebs: The offending line appears to be:
    amazon-ebs:
    amazon-ebs:   roles:
    amazon-ebs:     - role: ansible-role-nginx
    amazon-ebs:       ^ here

and if I change ansible-role-nginx to nginxinc.nginx which gice me this yaml file

- name: "Installs Gatling and other required dependencies for load testing"
  hosts: all
  remote_user: admin
  become: true
  roles:
    - role: nginxinc.nginx 
    - role: common
    - role: datadog
      datadog_agent5: true # 6.x currently does not support graphite
      datadog_config:
        graphite_listen_port: 17124
        log_level: INFO
    - role: gatling

first, it asks me to install nickdtodd.system-limits with ansible-galaxy (do we really need that? of yes we need to mention in documentation) and after that, I am getting this error

amazon-ebs: fatal: [default]: FAILED! => {"changed": false, "cmd": "/usr/bin/apt-key adv --keyserver ha.pool.sks-keyservers.net --recv XxXxX", "msg": "Error fetching key XxXxX from keyserver: ha.pool.sks-keyservers.net", "rc": 2, "stderr": "Warning: apt-key output should not be parsed (stdout is not a terminal)\ngpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or directory\ngpg: connecting dirmngr at '/tmp/apt-key-gpghome.N1dLTrmHuI/S.dirmngr' failed: No such file or directory\ngpg: keyserver receive failed: No dirmngr\n", "stderr_lines": ["Warning: apt-key output should not be parsed (stdout is not a terminal)", "gpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or directory", "gpg: connecting dirmngr at '/tmp/apt-key-gpghome.N1dLTrmHuI/S.dirmngr' failed: No such file or directory", "gpg: keyserver receive failed: No dirmngr"], "stdout": "Executing: /tmp/apt-key-gpghome.N1dLTrmHuI/gpg.1.sh --keyserver ha.pool.sks-keyservers.net --recv XxXxX\n", "stdout_lines": ["Executing: /tmp/apt-key-gpghome.N1dLTrmHuI/gpg.1.sh --keyserver ha.pool.sks-keyservers.net --recv XxXxX"]}

Syntax error on tasks/conf/template-config.yml

There is a syntax-error in template-config.yml in the conditions:
when: default_exists.stat.exists && main_template_enable

when running with:

---
- hosts: localhost
  become: true
  roles:
    - role: nginxinc.nginx
  vars:
    - main_template_enable: true

this bounces with

."msg": "The conditional check 'default_exists.stat.exists && main_template_enable' failed. The error was: template error while templating string: unexpected char u'&' at 33

To fix: replace the '&&' with 'and'

When installing role on Amazon Linux Server I get an error

TASK [nginxinc.nginx : (Install: Debian/Ubuntu/CentOS/RedHat) Install NGINX] ***
fatal: [10.10.26.238]: FAILED! => {"changed": false, "msg": "Failure talking to yum: failure: repodata/repomd.xml from nginx: [Errno 256] No more mirrors to try.\nhttps://nginx.org/packages/mainline/centos/0/x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found"}
to retry, use: --limit @/home/ec2-user/GIT/vzw-messaging/ansible/aws/playbooks/ratings/buildRatings.retry

If I pass in ansible_distribution_major_version=7 in the command line, it seems to work.
If I pass that variable in either the vars lines or in the role itself, it doesn't work.

Support for try_files

Hi!

I'm trying to configure the following nginx directive:

location / {
    try_files $uri/index.html $uri @app;
  }

But it seems try_files is not supported? I tried this:

      locations:
        default:
          location: /
          try_files: '$uri/index.html $uri @app'

which resulted in an error about undefined variable html_file_location. Then I tried

      locations:
        default:
          location: /
          try_files: '$uri/index.html $uri @app'
          html_file_location: /usr/share/nginx/html
          html_file_name: index.html
          autoindex: false

which simply ignored the try_files line in the resulting directive.

Any plans to support this? Or am I missing something else?

Absence of the handler for service enabling

Hello Colleagues,

I didn't figure out the opportunity to enable nginx service by the role. I can't find it in handlers and tasks, so in my case, I implemented the service enabling with post_tasks directive in my playbook.
Maybe I just miss something?

Is it OK if I will prepare a pull request with this opportunity?

support for ngx_http_auth_request_module

Hi I wan't to configure something like this,

but currently the auth_request module is not supported.

# Any request to this server will first be sent to this URL
auth_request /validate;

location = /validate {
  proxy_pass http://127.0.0.1:9090/validate;
  proxy_pass_request_body off; # no need to send the POST body

  proxy_set_header Content-Length "";
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;

}

error_page 401 = @error401;

# If the user is not logged in, redirect them to Lasso's login URL
location @error401 {
  return 302 https://sso.somehost.local/?url=https://$http_host$request_uri;
}

Do you consider to integrate the support for auth_request?

Other than that, your role is really nice!

Allow selection of apt repository

Unfortunately, the official Nginx repository only provides the most common architectures. Armhf, for example, is not supported.

Suggest making it an option (defaults to yes) to add a repository. And if so, use a variable with default value, instead of hardcoded url.

This would also make it easier to use local/inhouse mirrors.

Installing NGINX with modules

In the documentation, the following modules are mentioned: njs,perl, waf, geoip, image_filter, rtmp and xslt

Unfortunately, I need the ngx_http_auth_request_module.
In the past, I've used the RPM nginx-all-modules.noarch package.

Could I achieve what I need using this role?
If not, is it in the roadmap to add the extra modules?

Custom Config Override

This in an enhancement/feature request to add an override customer conf that would handle anything fancy that the current template cannot. These could range from custom module directives to existing ones we haven't implemented yet. A user would create their own conf and drop it in the files directory where the role would detect it and copy instead of creating a template conf file.

Install NGINX with autoindex

Hi,

It would be great to have an opportunity to set autoindex on for locations, servers or http blocks.

Thanks

AnsibleUndefinedVariable: dict object has no attribute html_file_location

Hi,

I tried to run nginx role and it got failed on "(Setup: All NGINX) Dynamically Generate NGINX HTTP Configuration Files" task. I use example below from readme.

- hosts: localhost
  become: true
  roles:
    - ansible-role-nginx
  vars:
    nginx_http_template_enable: true
    nginx_http_template:
      default:
        template_file: http/default.conf.j2
        conf_file_name: default.conf
        conf_file_location: /etc/nginx/conf.d/
        port: 80
        server_name: localhost
        error_page: /usr/share/nginx/html
        web_server:
          locations:
            default:
              location: /
              html_file_location: /usr/share/nginx/html
              html_file_name: index.html

But got an error AnsibleUndefinedVariable: dict object has no attribute html_file_location.

    "changed": false,
    "item": {
        "key": "default",
        "value": {
            "conf_file_location": "/etc/nginx/conf.d/",
            "conf_file_name": "default.conf",
            "error_page": "/usr/share/nginx/html",
            "port": 80,
            "server_name": "localhost",
            "template_file": "http/default.conf.j2",
            "web_server": {
                "locations": {
                    "default": {
                        "html_file_location": "/usr/share/nginx/html",
                        "html_file_name": "index.html",
                        "location": "/"
                    }
                }
            }
        }
    },
    "msg": "AnsibleUndefinedVariable: 'dict object' has no attribute 'html_file_location'"
}```

ERROR! 'Name' is not a valid attribute for a Task

Release Tag: 0.7.1
Ansible version: 2.8.0

I see this is fixed in the most recent commit, but I'm receiving this error when I specify this tag for ansible-galaxy.

The error appears to have been in '/etc/ansible/roles/role-under-test/tests/roles/nginxinc.nginx/tasks/prerequisites/setup-debian.yml': line 2, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

Apt key retrieval error in firewalled environment - PR attached

Hello @alessfg,

when using the example playbook in a firewalled environment an apt key retrieval error occurs.
This is due to hkp defaulting to port 11371

PR attached in #39

Both, the control machine and managed node run Ubuntu 18.04.
Using ansible 2.6.1 and ansible-role-nginx v0.5

Ansible Playbook:

---
- hosts: localhost
  become: true
  roles:
    - role: nginxinc.nginx

Error:

/ TASK [nginxinc.nginx : (Install: APT OSs) Add APT NGINX \
\ Signing Key]                                            /
 ---------------------------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

fatal: [default]: FAILED! => {"changed": false, "cmd": "/usr/bin/apt-key adv --keyserver ha.pool.sks-keyservers.net --recv 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62", "msg": "Error fetching key 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from keyserver: ha.pool.sks-keyservers.net", "rc": 2, "stderr": "Warning: apt-key output should not be parsed (stdout is not a terminal)\ngpg: keyserver receive failed: Server indicated a failure\n", "stderr_lines": ["Warning: apt-key output should not be parsed (stdout is not a terminal)", "gpg: keyserver receive failed: Server indicated a failure"], "stdout": "Executing: /tmp/apt-key-gpghome.cSlAEUKx8q/gpg.1.sh --keyserver ha.pool.sks-keyservers.net --recv 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62\n", "stdout_lines": ["Executing: /tmp/apt-key-gpghome.cSlAEUKx8q/gpg.1.sh --keyserver ha.pool.sks-keyservers.net --recv 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62"]}
 ____________
< PLAY RECAP >
 ------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||

default                    : ok=1    changed=0    unreachable=0    failed=1   

Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.

Solution:
Updating the key server allows to bypass the firewall.
Without encryption on port 80 (supported also on older Debian and Ubuntu releases):

hkp://p80.pool.sks-keyservers.net:80

Note using encryption does not work on older Debian and Ubuntu releases:
hkps://hkps.pool.sks-keyservers.net:443

Reference: https://sks-keyservers.net/overview-of-pools.php

Thanks, Georgy

Some standard modules are not avialable on all supported Platforms

getting below error
Using ansible 2.8, Target host is is: FreeBSD 12.

 FAILED! => {"changed": false, "msg": "failed to install nginx-module-geoip: ", │
"stderr": "pkg: No packages available to install matching 'nginx-module-geoip' have been found in the repositories│                        custom_var_for_this_host: myblahcustomvar
\n", "stderr_lines": ["pkg: No packages available to install matching 'nginx-module-geoip' have been found in the │                     host01 :  #this api uses fs_metadata 
repositories"]}                                                                                                   │                        ansible_port: 11022

I also tried to install nginx with same geoip module on OpenBSD 6.5 -- similar problem module is not found.

Cannot specify ssl_password_file option

There are seem to be no way to specify ssl_password_file option in server configuration.

That means that the file containing private key must be un-encrypted.

Is there a workaround (without modifying default templates that come with this role)?

thank you

Support for try_files

Hi!

I'm trying to configure the following nginx directive:

location / {
    try_files $uri/index.html $uri @app;
  }

But it seems try_files is not supported? I tried this:

      locations:
        default:
          location: /
          try_files: '$uri/index.html $uri @app'

which resulted in an error about undefined variable html_file_location. Then I tried

      locations:
        default:
          location: /
          try_files: '$uri/index.html $uri @app'
          html_file_location: /usr/share/nginx/html
          html_file_name: index.html
          autoindex: false

which simply ignored the try_files line in the resulting directive.

Any plans to support this? Or am I missing something else?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.