From c3d58d9ca91955ecb91e5ad438d445e476500795 Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Wed, 13 Jan 2021 22:13:15 +0100
Subject: [PATCH] [nginx] Fix default configuration
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
group_vars/mailman.yml | 1 +
group_vars/nginx.yml | 23 +++++++++++--------
host_vars/charybde.adm.crans.org.yml | 1 +
hosts | 2 ++
roles/nginx/tasks/main.yml | 8 +++----
.../nginx/sites-available/service.j2 | 9 +++++++-
6 files changed, 30 insertions(+), 14 deletions(-)
diff --git a/group_vars/mailman.yml b/group_vars/mailman.yml
index cd7d754b..9be951c7 100644
--- a/group_vars/mailman.yml
+++ b/group_vars/mailman.yml
@@ -1,5 +1,6 @@
---
loc_nginx:
+ service_name: mailman
default_server: lists.crans.org
default_ssl_server: lists.crans.org
auth_passwd:
diff --git a/group_vars/nginx.yml b/group_vars/nginx.yml
index 1d97f621..4f8d5101 100644
--- a/group_vars/nginx.yml
+++ b/group_vars/nginx.yml
@@ -2,18 +2,23 @@
glob_nginx:
contact: contact@crans.org
who: "L'équipe technique du Cr@ns"
+ service_name: service
ssl:
cert: /etc/letsencrypt/live/crans.org/fullchain.pem
cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
- default_server:
- default_ssl_server:
servers:
- ssl: false
- server_name:
- - "default"
- - "_"
- root: "/var/www/html"
- locations:
- - filter: "/"
+ - ssl: false
+ server_name:
+ - "default"
+ - "_"
+ root: "/var/www/html"
+ locations:
+ - filter: "/"
+ params: []
upstreams: []
+
+ auth_passwd: []
+ default_server:
+ default_ssl_server:
+ deploy_robots_file: false
diff --git a/host_vars/charybde.adm.crans.org.yml b/host_vars/charybde.adm.crans.org.yml
index 0bda434f..625d329e 100644
--- a/host_vars/charybde.adm.crans.org.yml
+++ b/host_vars/charybde.adm.crans.org.yml
@@ -35,6 +35,7 @@ to_backup:
}
loc_nginx:
+ service_name: ftp
servers:
server_name:
- "ftp"
diff --git a/hosts b/hosts
index ce350a71..13bbcb8b 100644
--- a/hosts
+++ b/hosts
@@ -23,6 +23,7 @@ belenios.adm.crans.org
[certbot:children]
dovecot
git
+irc
radius # We use certbot to manage LE certificates
reverseproxy
@@ -87,6 +88,7 @@ monitoring.adm.crans.org
charybde.adm.crans.org
[nginx:children]
+irc
mailman
reverseproxy
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 87721eae..4d4179c8 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -64,17 +64,17 @@
when: nginx.servers is defined and nginx.servers|length > 0
template:
src: "nginx/sites-available/service.j2"
- dest: "/etc/nginx/sites-available/service"
+ dest: "/etc/nginx/sites-available/{{ nginx.service_name }}"
owner: root
group: root
mode: 0644
notify: Reload nginx
- name: Activate local nginx service site
- when: nginx.servers|bool
+ when: nginx.servers is defined and nginx.servers|length > 0
file:
- src: "/etc/nginx/sites-available/service"
- dest: "/etc/nginx/sites-enabled/service"
+ src: "/etc/nginx/sites-available/{{ nginx.service_name }}"
+ dest: "/etc/nginx/sites-enabled/{{ nginx.service_name }}"
owner: root
group: root
state: link
diff --git a/roles/nginx/templates/nginx/sites-available/service.j2 b/roles/nginx/templates/nginx/sites-available/service.j2
index 11afc9d5..bf529e50 100644
--- a/roles/nginx/templates/nginx/sites-available/service.j2
+++ b/roles/nginx/templates/nginx/sites-available/service.j2
@@ -1,5 +1,12 @@
{{ ansible_header | comment }}
+# Automatic Connection header for WebSocket support
+# See http://nginx.org/en/docs/http/websocket.html
+map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+}
+
{% for upstream in nginx.upstreams -%}
upstream {{ upstream.name }} {
# Path of the server
@@ -45,7 +52,7 @@ server {
{% endif -%}
{% for server in nginx.servers %}
-{% if server.ssl -%}
+{% if server.ssl is defined and server.ssl -%}
# Redirect HTTP to HTTPS
server {
listen 80 default;
--
GitLab