nginxinc / ansible-role-nginx Goto Github PK
View Code? Open in Web Editor NEWAnsible role for installing NGINX
Home Page: https://galaxy.ansible.com/nginxinc/nginx
License: Apache License 2.0
Ansible role for installing NGINX
Home Page: https://galaxy.ansible.com/nginxinc/nginx
License: Apache License 2.0
The SSL upload feature should support uploading content rather than just files. Sensitive data such as SSL keys should be stored in a secure method such as ansible-vault rather than as files.
forgot the following...
The readme defines some modules i may enable on installation. Specifying not all modules triggers an "dict has no attribute X" error as there is no safeguard to default all values not set.
Sample playbook - false shall be default for all other modules as stated in readme.
- hosts: raspi
roles:
- role: nginxinc.nginx
type: opensource
install_from: nginx_repository
modules:
geoip: true
output:
...
TASK [nginxinc.nginx : (Install: All OSs) Install NGINX Open Source JavaScript Module] ******
fatal: [127.0.0.1]: FAILED! => {"msg": "The conditional check 'modules.njs' failed. The error was: error while evaluating conditional (modules.njs): 'dict object' has no attribute 'njs'\n\nThe error appears to have been in '/home/stefan/workspaces/ws_misc/universe-config/ansible/roles/nginxinc.nginx/tasks/modules/install-njs.yml': line 2, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n---\n- name: \"(Install: All OSs) Install NGINX Open Source JavaScript Module\"\n ^ here\nThis one looks easy to fix. It seems that there is a value started\nwith a quote, and the YAML parser is expecting to see the line ended\nwith the same kind of quote. For instance:\n\n when: \"ok\" in result.stdout\n\nCould be written as:\n\n when: '\"ok\" in result.stdout'\n\nOr equivalently:\n\n when: \"'ok' in result.stdout\"\n"}
´´´
Per #14, api.conf.j2
gets deployed if http_template_enable
is set to true. That is not the intended behaviour - api.conf.j2
should only be deployed if rest_api_enable
is set to true.
Please add the current state of the role at the head of your README file
to let people know the development just started and it is not usable right now.
When it is finished and working the warning can be removed, but currently you can save a lot of people a lot of time with a short warning ahead...
Thanks by your job doing this ansible role.
Please, how do I setup more than one virtual server?
As a sample example:
# /etc/nginx/conf.d/www1.example.com.conf
server {
server_name www1.example.com;
root /www/data/www1.example.com;
}
# /etc/nginx/conf.d/www2.example.com.conf
server {
server_name www2.example.com;
root /www/data/www2.example.com;
}
What I tried was (one of them acctualy):
nginx_http_template:
www1:
conf_file_name: www1.example.com.conf
server_name: www1.example.com
#...
www2:
conf_file_name: www2.example.com.conf
server_name: www2.example.com
#...
But this doesn't work.
The following task runs twice, the first time with the variable centos
, the second time with the variable rhel
.
- name: "(Install: CentOS/RedHat) Add Mainline NGINX Repository"
yum_repository:
name: nginx
baseurl: https://nginx.org/packages/mainline/{{ item }}/{{ ansible_distribution_major_version|int }}/$basearch/
description: NGINX Repository
enabled: yes
gpgcheck: yes
with_items:
- centos
- rhel
when: branch == "mainline"
However since the name of the repo is always nginx
, the repo is always overwritten:
TASK [nginxinc.nginx : (Install: CentOS/RedHat) Add Mainline NGINX Repository] ***
--- before: /etc/yum.repos.d/nginx.repo
+++ after: /etc/yum.repos.d/nginx.repo
@@ -1,5 +1,5 @@
[nginx]
-baseurl = https://nginx.org/packages/mainline/rhel/6/$basearch/
+baseurl = https://nginx.org/packages/mainline/centos/6/$basearch/
enabled = 1
gpgcheck = 1
name = NGINX Repository
changed: [localhost] => (item=centos) => {"changed": true, "item": "centos", "repo": "nginx", "state": "present"}
--- before: /etc/yum.repos.d/nginx.repo
+++ after: /etc/yum.repos.d/nginx.repo
@@ -1,5 +1,5 @@
[nginx]
-baseurl = https://nginx.org/packages/mainline/centos/6/$basearch/
+baseurl = https://nginx.org/packages/mainline/rhel/6/$basearch/
enabled = 1
gpgcheck = 1
name = NGINX Repository
I briefly checked both repositories and at least for the rpms they seem to have the same content.
Possible solutions:
During your installation on Debian and Ubuntu you just add the new apt-key for your repository and registers the urls for them. Afterwards the package nginx will be installed.
Because no "apt update" was performed (ansible module "apt" with attribute "update_cache=yes") prior installing the package the installation fails.
I am using this role for managing Ubuntu Bionic machine. When I executed this role for the first time, nginx/1.15.12 was installed by the role. Now, executing the role again (with the new mainline nginx-1.17.0 released), nginx is not being upgraded. Should I upgraded manually, using a pre_task
?
Hi,
I was looking for a role to install nginx and came across yours.
I don't think it's currently usable in a production setup as variables names are too much generic. For example nothing tell me that type
, branch
or module
would not overlap with another variable for another purpose.
I would like to propose a standardisation for all variables used by this role to begin with nginx_
, making it clear that a variables set in a group var of a playbook will explicitly target a role that have something to do with nginx. 🙂
For now, i'm using the role provided by geerlingguy, that have that kind of behavior, but I would love to use the official one once this problem is resolved.
Regards,
The geoip modules is not named "nginx-geoip-perl" as stated in your install-geoip.yml file.
The name is either nginx-module-geoip (using nginx_repository) or libnginx-mod-http-geoip (using os_repository)
Hi there!
I'm trying to run this ansible playbook, copied from the galaxy site:
---
- hosts: servertest
become: true
roles:
- nginxinc.nginx // can I even do this ? using ansible-nginx-role doesn't work
vars:
nginx_http_template_enable: true
nginx_http_template:
default:
port: 80
server_name: <<host ip address>> // or it's not that kind of name ?
error_page: /usr/share/nginx/html
autoindex: false
web_server:
locations:
default:
location: /
html_file_location: /usr/share/nginx/html
html_file_name: index.html
As you can probably tell, I hardly modified anything other than the server name and the host on which I'm running the playbook. I get this error message though:
fatal: [[email protected]]: FAILED! => {"msg": "The task includes an option with an undefined variable. The error was: 'dict object' has no attribute 'conf_file_location'\n\nThe error appears to have been in '/home/md21/.ansible/roles/nginxinc.nginx/tasks/conf/template-config.yml': line 24, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: \"(Setup: All NGINX) Ensure NGINX HTTP Directory Exists\"\n ^ here\nThis one looks easy to fix. It seems that there is a value started\nwith a quote, and the YAML parser is expecting to see the line ended\nwith the same kind of quote. For instance:\n\n when: \"ok\" in result.stdout\n\nCould be written as:\n\n when: '\"ok\" in result.stdout'\n\nOr equivalently:\n\n when: \"'ok' in result.stdout\"\n"}
As far as I can tell there's a problem with the yml syntax, some line not ending with the correct quote type, or something like that.
Can I get some help, I don't fully understand the problem, I checked everywhere and can't seem to find it.
~ Matt
It would be useful to be able to switch the template used for the API configuration, for instance restricting what IPs are allowed to access the API. I have a PR to go along with this issue I wasn't sure exactly where to put the API template, so I threw it in the top level of the templates dir.
Hi,
it is rather common in corporate environments, that servers are not able to connect to the internet. With the current playbook it is not possible to select a different location where one could fetch the rpm signing key.
If the issue is accepted I can provide a PR.
Kind regards,
Henning
Hello,
I cannot seem to find mime.types (referred by main nginx.conf.j2)
when using this role to install on FreeBSD 12.
my role code is:
---
# I have to set nginxconfigdir__root to /usr/local/etc/nginx on FreeBSD (on lnx it is /etc/nginx)
# (also will need to modify default template, because it hardcodes the pass to linux default, and does nto work on freebsd
#
- name: install nginx | restapi
include_role:
name: nginxinc.nginx
apply:
become: yes
vars:
nginx_type: opensource
# this role has a problem installing modules for fbsd or obsd.
# disable for now
# nginx_modules:
# image_filter: true
# geoip: true
# Remove previously existing NGINX configuration files.
nginx_cleanup_config: true
nginx_cleanup_config_path:
- "{{ nginxconfigdir__root }}/config.d"
nginx_main_template_enable: true
nginx_main_template:
template_file: nginx.conf.j2
conf_file_name: nginx.conf
conf_file_location: "{{ nginxconfigdir__root }}" # I have to set it to /usr/local/etc/nginx on FreeBSD (on lnx it is /etc/nginx)
user: nginx
worker_processes: auto
error_level: warn
worker_connections: 1024
http_enable: true
http_settings:
keepalive_timeout: 65
cache: false
rate_limit: false
keyval: false
stream_enable: true
http_global_autoindex: false
nginx_stream_template_enable: true
nginx_stream_template:
default:
template_file: stream/default.conf.j2
conf_file_name: restapi__beX.conf
conf_file_location: "{{ nginxconfigdir__root }}/conf.d/stream"
network_streams:
default:
listen_address: localhost
listen_port: 4998
udp_enable: false
proxy_pass: mybackend
proxy_timeout: 3s
proxy_connect_timeout: 1s
proxy_protocol: false
health_check_plus: false
proxy_ssl:
cert: "{{ currdomainCertDir }}/{{ certfile__fullchain }}"
key: "{{ currdomainCertDir }}/{{ certfile__privkey }}"
password_file: "{{ currdomainCertDir }}/{{ certfile__pass }}"
protocols: TLSv1 TLSv1.1 TLSv1.2 TLSv1.3
ciphers: HIGH:!aNULL:!MD5
verify: false
verify_depth: 1
session_reuse: true
upstreams:
upstream1:
name: mybackend
zone_name: mybackend
lb_method: least_conn
sticky_cookie: false
zone_size: 64k
servers:
server1:
address: 10.0.1.99
port: 77777
weight: 1
healthcheck: max_fails=2 fail_timeout=10s
server2:
address: 10.0.1.999
port: 88888
weight: 1
healthcheck: max_fails=2 fail_timeout=10s
I've gone up and down the configurations and roles, and I don't see a way of enforcing that the service actually be running. Is there a way to configure this without writing a custom systemd
task to enforce that the service be switched on if it's ever switched off?
I recommend replacing
<p><span>Server address:</span> <span> {{ ansible_eth0.ipv4.address }} </span></p>
with
<p><span>Server address:</span> <span> {{ ansible_default_ipv4.address }} </span></p>
in templates/www/index.html.j2
Since the first network interface of a server might not always be called eth0
It would be very useful to have the option to delete all present files in the conf.d directory when deploying. Currently if one creates a config, but then changes it (and changes the name of the config file), the old one remains, making it difficult to remove old configs without being convoluted about it or doing so by hand. This would default to false, clearly, so as to retain backwards compatibility. It would seem that this would make the most sense to do at the same time as ensuring the respective conf directories exist.
When nginx_install_from: os_repository
is used, the nginx signing apt or rpm key is still installed.
It is not needed to install the trust when the nginx
package is installed from the OS package manager.
$ cat playbook.yml
vars:
nginx_install_from: 'os_repository'
$ ansible-playbook playbook.yml
TASK [ansible-role-nginx : (Install: APT OSs) Add APT NGINX Signing Key] ********
changed: [host.tld]
$ gpg /etc/apt/trusted.gpg
gpg: WARNING: no command supplied. Trying to guess what you mean ...
pub rsa2048 2011-08-19 [SC] [expires: 2024-06-14]
uid nginx signing key <[email protected]>
I think it’s possible to add a tag when we add the instance to controller. I plan to submit a pr for this.
If you want to have a catch-all server for http to redirect it to https it's currently not possible to do that because the following config is generated:
#
# Ansible managed
#
server {
listen 80;
server_name _;
return 301 https://_$request_uri;
}
The generated config should look like the following:
#
# Ansible managed
#
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
These are my ansible variables:
nginx_http_template_enable: true
nginx_http_template:
default:
template_file: http/default.conf.j2
conf_file_name: 99-https-rewrite.conf
conf_file_location: /etc/nginx/conf.d/
port: 80
server_name: "_"
https_redirect: true
Hello,
Trying to install Nginx open source on Ubuntu 16.04 with Ansible 2.4.3 gives me the following error :
TASK [nginxinc.nginx : (Install: APT OSs) Add APT NGINX Signing Key] ***********
fatal: [instance]: FAILED! => {"changed": false, "cmd": "/usr/bin/apt-key adv --keyserver ha.pool.sks-keyservers.net --recv 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62", "msg": "Error fetching key 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from keyserver: ha.pool.sks-keyservers.net", "rc": 1, "stderr": "gpg: requesting key 7BD9BF62 from hkp server ha.pool.sks-keyservers.net\ngpg: key 7BD9BF62: public key \"nginx signing key <[email protected]>\" imported\ngpg: Total number processed: 1\ngpg: imported: 1 (RSA: 1)\ngpg: no writable keyring found: eof\ngpg: error reading `[stdin]': general error\ngpg: import from `[stdin]' failed: general error\ngpg: Total number processed: 0\n", "stderr_lines": ["gpg: requesting key 7BD9BF62 from hkp server ha.pool.sks-keyservers.net", "gpg: key 7BD9BF62: public key \"nginx signing key <[email protected]>\" imported", "gpg: Total number processed: 1", "gpg: imported: 1 (RSA: 1)", "gpg: no writable keyring found: eof", "gpg: error reading `[stdin]': general error", "gpg: import from `[stdin]' failed: general error", "gpg: Total number processed: 0"], "stdout": "Executing: /tmp/tmp.s3rZxQblst/gpg.1.sh --keyserver\nha.pool.sks-keyservers.net\n--recv\n573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62\n", "stdout_lines": ["Executing: /tmp/tmp.s3rZxQblst/gpg.1.sh --keyserver", "ha.pool.sks-keyservers.net", "--recv", "573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62"]}
Thanks
I've noticed an issue where if you have any of the *-upload_enable
vars set to true
it skips the files and doesn't upload them when it contains regex.
For example:
nginx_http_upload_enable: true
nginx_http_upload_src: conf/http/*.conf
nginx_http_upload_dest: /etc/nginx/conf.d/
When I run the playbook with -vvv
it shows
TASK [nginxinc.nginx : (Setup: All NGINX) Upload NGINX HTTP Configuration Files] ***********************************************************************************************
task path: /home/user/.ansible/roles/nginxinc.nginx/tasks/conf/upload-config.yml:16
Read vars_file 'vars/nginx.yml'
Even though there is a .conf file in that directory. When I specify the full path rather than the relative path it works. Example:
conf/http/*.conf
vs /home/user/ansible/ansible-nginx/conf/http/*.conf
So it seems there's an issue.. I read in a few places that something like conf/http/*.conf
would actually work if you ran your playbook from the Ansible role's directory, but have not tested it. Any ideas on how to fix this?
I would like to configure basic authorization. It seems that currently I need my own default.conf.j2 template. And this is what I'm using:
{% for location in item.value.reverse_proxy.locations %}
location {{ item.value.reverse_proxy.locations[location].location }} {
{# this part below is an extra configuration #}
{% if item.value.reverse_proxy.locations[location].auth_basic is defined %}
auth_basic "{{ item.value.reverse_proxy.locations[location].auth_basic }}";
{% endif %}
{% if item.value.reverse_proxy.locations[location].auth_basic_file is defined %}
auth_basic_user_file {{ item.value.reverse_proxy.locations[location].auth_basic_file }};
{% endif %}
{# this part above is an extra configuration #}
proxy_pass {{ item.value.reverse_proxy.locations[location].proxy_pass }};
{% if item.value.reverse_proxy.health_check_plus is defined and item.value.reverse_proxy.health_check_plus %}
health_check;
{% endif %}
plus:
locations:
prometheus:
location: /prometheus/
proxy_pass: http://localhost:9090
auth_basic: "Restricted Content"
auth_basic_file: /etc/nginx/.htpasswd.prometheus
I would like to be able to configure basic authorization by one of the following options:
auth_basic
and auth_basic_file
locations:
prometheus:
extra_options: >
auth_basic: "Restricted Content"
auth_basic_user_file: /etc/nginx/.htpasswd.prometheus
What do you think about this feature and suggested solutions?
FAILED! => {"failed": true, "msg": "The conditional check 'default_exists.stat.exists && main_template_enable' failed. The error was: template error while templating string: unexpected char u'&' at 33. String: {% if default_exists.stat.exists && main_template_enable %} True {% else %} False {% endif %}
The error appears to have been in '__skipped__/roles/nginxinc.nginx/tasks/conf/template-config.yml': line 8, column 3, but may be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
- name: \"(Setup: All NGINX) Backup NGINX Default Configuration File\"
^ here
This one looks easy to fix. It seems that there is a value started\nwith a quote, and the YAML parser is expecting to see the line ended with the same kind of quote. For instance:
when: \"ok\" in result.stdout
Could be written as:
when: '\"ok\" in result.stdout'
Or equivalently:
when: \"'ok' in result.stdout\"
"}
Hi there! It seems that &&
is not allowed. And would be better to use and
instead.
Version of ansible is 2.4.4.0
Two different variables, main_push_enable and main_upload_enable, are used throughout the role interchangeably. This leads to an error when trying to run a playbook that uploads an NGINX configuration file.
TASK [nginxinc.nginx : (Setup: All NGINX) Check NGINX Default Configuration File Exists] ***************************************************************
fatal: [localhost]: FAILED! => {"msg": "The conditional check 'main_upload_enable' failed. The error was: error while evaluating conditional (main_upload_enable): 'main_upload_enable' is undefined
The error appears to have been in '/home/ubuntu/.ansible/roles/nginxinc.nginx/tasks/conf/push-config.yml': line 2, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
---
- name: \"(Setup: All NGINX) Check NGINX Default Configuration File Exists\"
^ here
This one looks easy to fix. It seems that there is a value started
with a quote, and the YAML parser is expecting to see the line ended
with the same kind of quote. For instance:
when: \"ok\" in result.stdout
Could be written as:
when: '\"ok\" in result.stdout'
Or equivalently:
when: \"'ok' in result.stdout\"
"}
One debian (tested with minimal debian stretch) this role must enshure the package "apt-transport-https" is installed. You are on the safe side if you require this on every debian and ubuntu version as older ones have not installed this. Without this package fetching files from your nginx_repository will fail.
I have followed this https://www.nginx.com/blog/announcing-unified-ansible-role-nginx-nginx-plus/ to install ngnix on my EC2 instances, but when I want to create my AMI I am getting this error:
This is my YAML file:
- name: "Installs Gatling and other required dependencies for load testing"
hosts: all
remote_user: admin
become: true
roles:
- role: ansible-role-nginx
- role: common
- role: datadog
datadog_agent5: true # 6.x currently does not support graphite
datadog_config:
graphite_listen_port: 17124
log_level: INFO
- role: gatling
amazon-ebs: ERROR! the role 'ansible-role-nginx' was not found in /Users/aaa/xxx/projects/yyy/ansible/roles:/Users/aaa/.ansible/roles:/usr/share/ansible/roles:/etc/ansible/roles:/Users/aaa/xxx/projects/yyy/ansible
amazon-ebs:
amazon-ebs: The error appears to have been in '/Users/aaa/xxx/projects/yyy/ansible/http-load-testing.yml': line 6, column 7, but may
amazon-ebs: be elsewhere in the file depending on the exact syntax problem.
amazon-ebs:
amazon-ebs: The offending line appears to be:
amazon-ebs:
amazon-ebs: roles:
amazon-ebs: - role: ansible-role-nginx
amazon-ebs: ^ here
and if I change ansible-role-nginx
to nginxinc.nginx
which gice me this yaml file
- name: "Installs Gatling and other required dependencies for load testing"
hosts: all
remote_user: admin
become: true
roles:
- role: nginxinc.nginx
- role: common
- role: datadog
datadog_agent5: true # 6.x currently does not support graphite
datadog_config:
graphite_listen_port: 17124
log_level: INFO
- role: gatling
first, it asks me to install nickdtodd.system-limits
with ansible-galaxy (do we really need that? of yes we need to mention in documentation) and after that, I am getting this error
amazon-ebs: fatal: [default]: FAILED! => {"changed": false, "cmd": "/usr/bin/apt-key adv --keyserver ha.pool.sks-keyservers.net --recv XxXxX", "msg": "Error fetching key XxXxX from keyserver: ha.pool.sks-keyservers.net", "rc": 2, "stderr": "Warning: apt-key output should not be parsed (stdout is not a terminal)\ngpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or directory\ngpg: connecting dirmngr at '/tmp/apt-key-gpghome.N1dLTrmHuI/S.dirmngr' failed: No such file or directory\ngpg: keyserver receive failed: No dirmngr\n", "stderr_lines": ["Warning: apt-key output should not be parsed (stdout is not a terminal)", "gpg: failed to start the dirmngr '/usr/bin/dirmngr': No such file or directory", "gpg: connecting dirmngr at '/tmp/apt-key-gpghome.N1dLTrmHuI/S.dirmngr' failed: No such file or directory", "gpg: keyserver receive failed: No dirmngr"], "stdout": "Executing: /tmp/apt-key-gpghome.N1dLTrmHuI/gpg.1.sh --keyserver ha.pool.sks-keyservers.net --recv XxXxX\n", "stdout_lines": ["Executing: /tmp/apt-key-gpghome.N1dLTrmHuI/gpg.1.sh --keyserver ha.pool.sks-keyservers.net --recv XxXxX"]}
If you choose install_from: os_repository, /etc/yum.repos.d/nginx.repo is still deployed.
So next time you do a 'yum update', the native nginx package is replaced by nginx offical RPM.
There is a syntax-error in template-config.yml in the conditions:
when: default_exists.stat.exists && main_template_enable
when running with:
---
- hosts: localhost
become: true
roles:
- role: nginxinc.nginx
vars:
- main_template_enable: true
this bounces with
."msg": "The conditional check 'default_exists.stat.exists && main_template_enable' failed. The error was: template error while templating string: unexpected char u'&' at 33
To fix: replace the '&&' with 'and'
TASK [nginxinc.nginx : (Install: Debian/Ubuntu/CentOS/RedHat) Install NGINX] ***
fatal: [10.10.26.238]: FAILED! => {"changed": false, "msg": "Failure talking to yum: failure: repodata/repomd.xml from nginx: [Errno 256] No more mirrors to try.\nhttps://nginx.org/packages/mainline/centos/0/x86_64/repodata/repomd.xml: [Errno 14] HTTPS Error 404 - Not Found"}
to retry, use: --limit @/home/ec2-user/GIT/vzw-messaging/ansible/aws/playbooks/ratings/buildRatings.retry
If I pass in ansible_distribution_major_version=7 in the command line, it seems to work.
If I pass that variable in either the vars lines or in the role itself, it doesn't work.
Hi!
I'm trying to configure the following nginx directive:
location / {
try_files $uri/index.html $uri @app;
}
But it seems try_files
is not supported? I tried this:
locations:
default:
location: /
try_files: '$uri/index.html $uri @app'
which resulted in an error about undefined variable html_file_location
. Then I tried
locations:
default:
location: /
try_files: '$uri/index.html $uri @app'
html_file_location: /usr/share/nginx/html
html_file_name: index.html
autoindex: false
which simply ignored the try_files
line in the resulting directive.
Any plans to support this? Or am I missing something else?
Hello Colleagues,
I didn't figure out the opportunity to enable nginx service by the role. I can't find it in handlers and tasks, so in my case, I implemented the service enabling with post_tasks directive in my playbook.
Maybe I just miss something?
Is it OK if I will prepare a pull request with this opportunity?
Placeholder for tom @magicalyak to fix the Travis build (or someone else). Travis has errors on stream-template for various distributions.
Python2 is not installed by default on Ubuntu 18.04 and I'm not installing it to run this.
Hi I wan't to configure something like this,
but currently the auth_request module is not supported.
# Any request to this server will first be sent to this URL
auth_request /validate;
location = /validate {
proxy_pass http://127.0.0.1:9090/validate;
proxy_pass_request_body off; # no need to send the POST body
proxy_set_header Content-Length "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
error_page 401 = @error401;
# If the user is not logged in, redirect them to Lasso's login URL
location @error401 {
return 302 https://sso.somehost.local/?url=https://$http_host$request_uri;
}
Do you consider to integrate the support for auth_request?
Other than that, your role is really nice!
It is need to add custom ssl certificate and key path to virtual host configuration
Unfortunately, the official Nginx repository only provides the most common architectures. Armhf, for example, is not supported.
Suggest making it an option (defaults to yes) to add a repository. And if so, use a variable with default value, instead of hardcoded url.
This would also make it easier to use local/inhouse mirrors.
Hi -
Re: main_template_enable, http_template_enable, stream_template_enable
Can you give us some idea what you have in mind for implementing these vars, and whether or not they're on your radar for a near or far timeframe ?
Thanks,
-Rob
In the documentation, the following modules are mentioned: njs,perl, waf, geoip, image_filter, rtmp and xslt
Unfortunately, I need the ngx_http_auth_request_module
.
In the past, I've used the RPM nginx-all-modules.noarch
package.
Could I achieve what I need using this role?
If not, is it in the roadmap to add the extra modules?
This in an enhancement/feature request to add an override customer conf that would handle anything fancy that the current template cannot. These could range from custom module directives to existing ones we haven't implemented yet. A user would create their own conf and drop it in the files directory where the role would detect it and copy instead of creating a template conf file.
Hi,
It would be great to have an opportunity to set autoindex on for locations, servers or http blocks.
Thanks
Hi,
I tried to run nginx role and it got failed on "(Setup: All NGINX) Dynamically Generate NGINX HTTP Configuration Files" task. I use example below from readme.
- hosts: localhost
become: true
roles:
- ansible-role-nginx
vars:
nginx_http_template_enable: true
nginx_http_template:
default:
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
port: 80
server_name: localhost
error_page: /usr/share/nginx/html
web_server:
locations:
default:
location: /
html_file_location: /usr/share/nginx/html
html_file_name: index.html
But got an error AnsibleUndefinedVariable: dict object has no attribute html_file_location.
"changed": false,
"item": {
"key": "default",
"value": {
"conf_file_location": "/etc/nginx/conf.d/",
"conf_file_name": "default.conf",
"error_page": "/usr/share/nginx/html",
"port": 80,
"server_name": "localhost",
"template_file": "http/default.conf.j2",
"web_server": {
"locations": {
"default": {
"html_file_location": "/usr/share/nginx/html",
"html_file_name": "index.html",
"location": "/"
}
}
}
}
},
"msg": "AnsibleUndefinedVariable: 'dict object' has no attribute 'html_file_location'"
}```
Release Tag: 0.7.1
Ansible version: 2.8.0
I see this is fixed in the most recent commit, but I'm receiving this error when I specify this tag for ansible-galaxy.
The error appears to have been in '/etc/ansible/roles/role-under-test/tests/roles/nginxinc.nginx/tasks/prerequisites/setup-debian.yml': line 2, column 3, but may
be elsewhere in the file depending on the exact syntax problem.
Hello @alessfg,
when using the example playbook in a firewalled environment an apt key retrieval error occurs.
This is due to hkp defaulting to port 11371
PR attached in #39
Both, the control machine and managed node run Ubuntu 18.04.
Using ansible 2.6.1 and ansible-role-nginx v0.5
Ansible Playbook:
---
- hosts: localhost
become: true
roles:
- role: nginxinc.nginx
Error:
/ TASK [nginxinc.nginx : (Install: APT OSs) Add APT NGINX \
\ Signing Key] /
---------------------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
fatal: [default]: FAILED! => {"changed": false, "cmd": "/usr/bin/apt-key adv --keyserver ha.pool.sks-keyservers.net --recv 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62", "msg": "Error fetching key 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 from keyserver: ha.pool.sks-keyservers.net", "rc": 2, "stderr": "Warning: apt-key output should not be parsed (stdout is not a terminal)\ngpg: keyserver receive failed: Server indicated a failure\n", "stderr_lines": ["Warning: apt-key output should not be parsed (stdout is not a terminal)", "gpg: keyserver receive failed: Server indicated a failure"], "stdout": "Executing: /tmp/apt-key-gpghome.cSlAEUKx8q/gpg.1.sh --keyserver ha.pool.sks-keyservers.net --recv 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62\n", "stdout_lines": ["Executing: /tmp/apt-key-gpghome.cSlAEUKx8q/gpg.1.sh --keyserver ha.pool.sks-keyservers.net --recv 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62"]}
____________
< PLAY RECAP >
------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
default : ok=1 changed=0 unreachable=0 failed=1
Ansible failed to complete successfully. Any error output should be
visible above. Please fix these errors and try again.
Solution:
Updating the key server allows to bypass the firewall.
Without encryption on port 80 (supported also on older Debian and Ubuntu releases):
hkp://p80.pool.sks-keyservers.net:80
Note using encryption does not work on older Debian and Ubuntu releases:
hkps://hkps.pool.sks-keyservers.net:443
Reference: https://sks-keyservers.net/overview-of-pools.php
Thanks, Georgy
getting below error
Using ansible 2.8, Target host is is: FreeBSD 12.
FAILED! => {"changed": false, "msg": "failed to install nginx-module-geoip: ", │
"stderr": "pkg: No packages available to install matching 'nginx-module-geoip' have been found in the repositories│ custom_var_for_this_host: myblahcustomvar
\n", "stderr_lines": ["pkg: No packages available to install matching 'nginx-module-geoip' have been found in the │ host01 : #this api uses fs_metadata
repositories"]} │ ansible_port: 11022
I also tried to install nginx with same geoip module on OpenBSD 6.5 -- similar problem module is not found.
There are seem to be no way to specify ssl_password_file option in server configuration.
That means that the file containing private key must be un-encrypted.
Is there a workaround (without modifying default templates that come with this role)?
thank you
The changes made in #16 result in an empty api.conf file being created even if rest_api_enable is set to false
Hi!
I'm trying to configure the following nginx directive:
location / {
try_files $uri/index.html $uri @app;
}
But it seems try_files
is not supported? I tried this:
locations:
default:
location: /
try_files: '$uri/index.html $uri @app'
which resulted in an error about undefined variable html_file_location
. Then I tried
locations:
default:
location: /
try_files: '$uri/index.html $uri @app'
html_file_location: /usr/share/nginx/html
html_file_name: index.html
autoindex: false
which simply ignored the try_files
line in the resulting directive.
Any plans to support this? Or am I missing something else?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.