[nginx] Fix default configuration

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>

[nginx] Fix default configuration
Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
c3d58d9c · ynerant · ynerant · a16208b1 · c3d58d9c · c3d58d9c
Commit c3d58d9c authored 4 years ago by ynerant Committed by ynerant 4 years ago
--- a/group_vars/mailman.yml
+++ b/group_vars/mailman.yml
 ---
 loc_nginx:
+  service_name: mailman
  default_server: lists.crans.org
  default_ssl_server: lists.crans.org
  auth_passwd:

--- a/group_vars/nginx.yml
+++ b/group_vars/nginx.yml
@@ -2,18 +2,23 @@
 glob_nginx:
  contact: contact@crans.org
  who: "L'équipe technique du Cr@ns"
+  service_name: service
  ssl:
    cert: /etc/letsencrypt/live/crans.org/fullchain.pem
    cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
    trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
-  default_server:
-  default_ssl_server:
  servers:
-    ssl: false
-    server_name:
-      - "default"
-      - "_"
-    root: "/var/www/html"
-    locations:
-      - filter: "/"
+    - ssl: false
+      server_name:
+        - "default"
+        - "_"
+      root: "/var/www/html"
+      locations:
+        - filter: "/"
+          params: []
  upstreams: []
+
+  auth_passwd: []
+  default_server:
+  default_ssl_server:
+  deploy_robots_file: false
--- a/host_vars/charybde.adm.crans.org.yml
+++ b/host_vars/charybde.adm.crans.org.yml
@@ -35,6 +35,7 @@ to_backup:
  }

 loc_nginx:
+  service_name: ftp
  servers:
    server_name:
      - "ftp"

--- a/hosts
+++ b/hosts
@@ -23,6 +23,7 @@ belenios.adm.crans.org
 [certbot:children]
 dovecot
 git
+irc
 radius  # We use certbot to manage LE certificates
 reverseproxy

@@ -87,6 +88,7 @@ monitoring.adm.crans.org
 charybde.adm.crans.org

 [nginx:children]
+irc
 mailman
 reverseproxy


--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -64,17 +64,17 @@
  when: nginx.servers is defined and nginx.servers|length > 0
  template:
    src: "nginx/sites-available/service.j2"
-    dest: "/etc/nginx/sites-available/service"
+    dest: "/etc/nginx/sites-available/{{ nginx.service_name }}"
    owner: root
    group: root
    mode: 0644
  notify: Reload nginx

 - name: Activate local nginx service site
-  when: nginx.servers|bool
+  when: nginx.servers is defined and nginx.servers|length > 0
  file:
-    src: "/etc/nginx/sites-available/service"
-    dest: "/etc/nginx/sites-enabled/service"
+    src: "/etc/nginx/sites-available/{{ nginx.service_name }}"
+    dest: "/etc/nginx/sites-enabled/{{ nginx.service_name }}"
    owner: root
    group: root
    state: link

--- a/roles/nginx/templates/nginx/sites-available/service.j2
+++ b/roles/nginx/templates/nginx/sites-available/service.j2
 {{ ansible_header | comment }}

+# Automatic Connection header for WebSocket support
+# See http://nginx.org/en/docs/http/websocket.html
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+}
+
 {% for upstream in nginx.upstreams -%}
 upstream {{ upstream.name }} {
    # Path of the server
@@ -45,7 +52,7 @@ server {
 {% endif -%}

 {% for server in nginx.servers %}
-{% if server.ssl -%}
+{% if server.ssl is defined and server.ssl -%}
 # Redirect HTTP to HTTPS
 server {
    listen 80 default;