From 11752f5e2ed83983b0ab55861b60e15d625c0bdc Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Fri, 31 Jan 2025 13:14:07 +0100 Subject: [PATCH] Nginx variable refactoring and general bug solving. Got interupted commit not tested --- group_vars/all/05_nginx.yml | 18 +++++++++++------- roles/docker-attendize/tasks/main.yml | 2 +- roles/docker-bigbluebutton/tasks/main.yml | 4 ++-- roles/docker-compose/tasks/main.yml | 5 +++-- roles/docker-ldap/tasks/main.yml | 4 ++-- roles/docker-mastodon/tasks/create-domains.yml | 2 +- roles/docker-matrix-compose/tasks/main.yml | 8 ++++---- .../templates/docker-compose.yml.j2 | 4 ++-- roles/docker-matrix-compose/vars/main.yml | 2 +- roles/docker-mybb/vars/main.yml | 2 +- roles/docker-nextcloud/tasks/main.yml | 2 +- roles/docker-peertube/tasks/create-domains.yml | 2 +- .../health-nginx/templates/health-nginx.py.j2 | 2 +- roles/letsencrypt/tasks/main.yml | 4 +++- roles/nginx-domain-redirect/tasks/main.yml | 2 +- roles/nginx-static-repository/README.md | 2 +- roles/nginx-static-repository/tasks/main.yml | 4 ++-- .../templates/static.nginx.conf.j2 | 4 ++-- roles/nginx-www-redirect/README.md | 8 ++++---- roles/nginx-www-redirect/tasks/main.yml | 6 +++--- roles/nginx/tasks/main.yml | 12 ++++++++---- roles/nginx/templates/nginx.conf.j2 | 6 +++--- tasks/create-domain-conf.yml | 2 +- 23 files changed, 59 insertions(+), 48 deletions(-) diff --git a/group_vars/all/05_nginx.yml b/group_vars/all/05_nginx.yml index 70e3a98b..2af93573 100644 --- a/group_vars/all/05_nginx.yml +++ b/group_vars/all/05_nginx.yml @@ -1,12 +1,16 @@ # Webserver Configuration ## Nginx-Specific Path Configurations -nginx_configuration_directory: "/etc/nginx/conf.d/" # General configuration dir -nginx_servers_directory: "{{nginx_configuration_directory}}servers/" # Contains server blogs -nginx_maps_directory: "{{nginx_configuration_directory}}maps/" # Contains mappins -nginx_streams_directory: "{{nginx_configuration_directory}}streams/" # Contains streams configuration e.g. for ldaps -nginx_well_known_root: "/usr/share/nginx/well-known/" # Path where well-known files are stored -nginx_homepage_root: "/usr/share/nginx/homepage/" # Path where the static homepage files are stored +nginx: + directories: + configuration: "/etc/nginx/conf.d/" # Configuration directory + http: + global: "/etc/nginx/conf.d/http/global" # Contains global configurations which will be loaded into the http block + servers: "/etc/nginx/conf.d/http/servers" # Contains one configuration per domain + maps: "/etc/nginx/conf.d/http/maps/" # Contains mappings + streams: "/etc/nginx/conf.d/streams/" # Contains streams configuration e.g. for ldaps + well_known: "/usr/share/nginx/well-known/" # Path where well-known files are stored + homepage: "/usr/share/nginx/homepage/" # Path where the static homepage files are stored. @todo Move this variable to the role ## Nginx static repository -nginx_static_repository_address: NULL #This should contain the url to an git repository which has a static homepage included and an index.html file \ No newline at end of file +nginx_static_repository_address: NULL #This should contain the url to an git repository which has a static homepage included and an index.html file. @todo move this variable to the role \ No newline at end of file diff --git a/roles/docker-attendize/tasks/main.yml b/roles/docker-attendize/tasks/main.yml index a6650a39..94dd5612 100644 --- a/roles/docker-attendize/tasks/main.yml +++ b/roles/docker-attendize/tasks/main.yml @@ -13,7 +13,7 @@ - name: configure {{domain}}.conf template: src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 - dest: "{{nginx_servers_directory}}{{domain}}.conf" + dest: "{{nginx.directories.http.servers}}{{domain}}.conf" notify: restart nginx - name: "include tasks update-repository-with-docker-compose.yml" diff --git a/roles/docker-bigbluebutton/tasks/main.yml b/roles/docker-bigbluebutton/tasks/main.yml index f743287b..446afb8d 100644 --- a/roles/docker-bigbluebutton/tasks/main.yml +++ b/roles/docker-bigbluebutton/tasks/main.yml @@ -12,7 +12,7 @@ #- name: configure {{domain}}.conf # template: # src: "nginx-proxy.conf.j2" -# dest: "{{nginx_servers_directory}}{{domain}}.conf" +# dest: "{{nginx.directories.http.servers}}{{domain}}.conf" # notify: restart nginx - name: "include tasks nginx-docker-proxy-domain.yml" @@ -21,7 +21,7 @@ - name: configure websocket_upgrade.conf copy: src: "websocket_upgrade.conf" - dest: "{{nginx_maps_directory}}websocket_upgrade.conf" + dest: "{{nginx.directories.http.maps}}websocket_upgrade.conf" notify: restart nginx - name: pull docker repository diff --git a/roles/docker-compose/tasks/main.yml b/roles/docker-compose/tasks/main.yml index 96f4ce23..8f598c51 100644 --- a/roles/docker-compose/tasks/main.yml +++ b/roles/docker-compose/tasks/main.yml @@ -2,9 +2,10 @@ set_fact: docker_compose_instance_directory: "{{ path_docker_compose_instances }}{{ application_id }}/" -- name: "Set global domain to {{ domains[application_id] }}" +- name: "Set global domain based on application_id" set_fact: - domain: "{{ domains[application_id] }}" + domain: "{{ domains[application_id] if application_id in domains else None }}" + # Default case: One Domain exists. Some applications like matrix don't have an default key - name: "Set global http_port to {{ ports.localhost.http_ports[application_id] }}" set_fact: diff --git a/roles/docker-ldap/tasks/main.yml b/roles/docker-ldap/tasks/main.yml index 89a0fdbc..55b5dc9a 100644 --- a/roles/docker-ldap/tasks/main.yml +++ b/roles/docker-ldap/tasks/main.yml @@ -9,13 +9,13 @@ - name: Create {{domain}}.conf if LDAP is exposed to internet template: src: "nginx.stream.conf.j2" - dest: "{{nginx_streams_directory}}{{domain}}.conf" + dest: "{{nginx.directories.streams}}{{domain}}.conf" notify: restart nginx when: ldap_expose_to_internet | bool - name: Remove {{domain}}.conf if LDAP is not exposed to internet file: - path: "{{ nginx_streams_directory }}{{ domain }}.conf" + path: "{{ nginx.directories.streams }}{{ domain }}.conf" state: absent when: not ldap_expose_to_internet | bool diff --git a/roles/docker-mastodon/tasks/create-domains.yml b/roles/docker-mastodon/tasks/create-domains.yml index a7cf979c..9a370ded 100644 --- a/roles/docker-mastodon/tasks/create-domains.yml +++ b/roles/docker-mastodon/tasks/create-domains.yml @@ -4,5 +4,5 @@ - name: configure {{domain}}.conf template: src: "mastodon.conf.j2" - dest: "{{nginx_servers_directory}}{{domain}}.conf" + dest: "{{nginx.directories.http.servers}}{{domain}}.conf" notify: restart nginx \ No newline at end of file diff --git a/roles/docker-matrix-compose/tasks/main.yml b/roles/docker-matrix-compose/tasks/main.yml index 57cd7f23..64285cba 100644 --- a/roles/docker-matrix-compose/tasks/main.yml +++ b/roles/docker-matrix-compose/tasks/main.yml @@ -6,7 +6,7 @@ include_tasks: certbot-matomo.yml vars: domain: "{{domains.matrix_synapse}}" - http_port: "{{ports.localhost.http_port[matrix_synapse]}}" + http_port: "{{ports.localhost.http_ports.matrix_synapse}}" - name: create {{well_known_directory}} file: @@ -22,17 +22,17 @@ - name: create {{domains.matrix_synapse}}.conf template: src: "templates/nginx.conf.j2" - dest: "{{nginx_servers_directory}}{{domains.matrix_synapse}}.conf" + dest: "{{nginx.directories.http.servers}}{{domains.matrix_synapse}}.conf" vars: domain: "{{domains.matrix_synapse}}" - http_port: "{{ports.localhost.http_port[matrix_synapse]}}" + http_port: "{{ports.localhost.http_ports.matrix_synapse}}" notify: restart nginx - name: "include tasks nginx-docker-proxy-domain.yml for element" include_tasks: nginx-docker-proxy-domain.yml vars: domain: "{{domains.matrix_element}}" - http_port: "{{ports.localhost.http_port[matrix_element]}}" + http_port: "{{ports.localhost.http_ports.matrix_element}}" - name: include create-and-seed-database.yml for multiple bridges include_tasks: create-and-seed-database.yml diff --git a/roles/docker-matrix-compose/templates/docker-compose.yml.j2 b/roles/docker-matrix-compose/templates/docker-compose.yml.j2 index 0acfe603..bcf0b23e 100644 --- a/roles/docker-matrix-compose/templates/docker-compose.yml.j2 +++ b/roles/docker-matrix-compose/templates/docker-compose.yml.j2 @@ -19,7 +19,7 @@ services: - SYNAPSE_SERVER_NAME={{domains.matrix_synapse}} - SYNAPSE_REPORT_STATS=no ports: - - "127.0.0.1:{{ports.localhost.http_port[matrix_synapse]}}:8008" + - "127.0.0.1:{{ports.localhost.http_ports.matrix_synapse}}:8008" healthcheck: test: ["CMD", "curl", "-f", "http://localhost:8008/"] interval: 1m @@ -39,7 +39,7 @@ services: volumes: - ./element-config.json:/app/config.json ports: - - "127.0.0.1:{{ports.localhost.http_port[matrix_element]}}:80" + - "127.0.0.1:{{ports.localhost.http_ports.matrix_element}}:80" healthcheck: test: ["CMD", "wget", "--spider", "-q", "http://localhost:80/"] interval: 1m diff --git a/roles/docker-matrix-compose/vars/main.yml b/roles/docker-matrix-compose/vars/main.yml index 33c767e6..c6eee40d 100644 --- a/roles/docker-matrix-compose/vars/main.yml +++ b/roles/docker-matrix-compose/vars/main.yml @@ -3,7 +3,7 @@ application_id: "matrix" database_password: "{{matrix_database_password}}" database_type: "postgres" registration_file_folder: "/data/" -well_known_directory: "{{nginx_well_known_root}}/matrix/" +well_known_directory: "{{nginx.directories.well_known}}/matrix/" bridges: - database_password: "{{ mautrix_whatsapp_bridge_database_password }}" diff --git a/roles/docker-mybb/vars/main.yml b/roles/docker-mybb/vars/main.yml index 09f48d03..ff6d678a 100644 --- a/roles/docker-mybb/vars/main.yml +++ b/roles/docker-mybb/vars/main.yml @@ -2,7 +2,7 @@ application_id: "mybb" docker_compose_instance_confd_directory: "{{docker_compose_instance_directory}}conf.d/" docker_compose_instance_confd_defaultconf_file: "{{docker_compose_instance_confd_directory}}default.conf" -target_mount_conf_d_directory: "{{nginx_servers_directory}}" +target_mount_conf_d_directory: "{{nginx.directories.http.servers}}" source_domain: "mybb.{{primary_domain}}" database_password: "{{mybb_database_password}}" database_type: "mariadb" \ No newline at end of file diff --git a/roles/docker-nextcloud/tasks/main.yml b/roles/docker-nextcloud/tasks/main.yml index cbb721f9..61e5b78f 100644 --- a/roles/docker-nextcloud/tasks/main.yml +++ b/roles/docker-nextcloud/tasks/main.yml @@ -8,7 +8,7 @@ - name: configure {{domain}}.conf template: src: "templates/nextcloud.conf.j2" - dest: "{{nginx_servers_directory}}{{domain}}.conf" + dest: "{{nginx.directories.http.servers}}{{domain}}.conf" notify: restart nginx - name: create nginx.conf diff --git a/roles/docker-peertube/tasks/create-domains.yml b/roles/docker-peertube/tasks/create-domains.yml index 7f9ad971..b96f2043 100644 --- a/roles/docker-peertube/tasks/create-domains.yml +++ b/roles/docker-peertube/tasks/create-domains.yml @@ -4,5 +4,5 @@ - name: configure {{domain}}.conf template: src: "templates/peertube.conf.j2" - dest: "{{nginx_servers_directory}}{{domain}}.conf" + dest: "{{nginx.directories.http.servers}}{{domain}}.conf" notify: restart nginx \ No newline at end of file diff --git a/roles/health-nginx/templates/health-nginx.py.j2 b/roles/health-nginx/templates/health-nginx.py.j2 index da68dfa0..48e82d11 100644 --- a/roles/health-nginx/templates/health-nginx.py.j2 +++ b/roles/health-nginx/templates/health-nginx.py.j2 @@ -4,7 +4,7 @@ import sys import re # file in which fqdn server configs are deposit -config_path = '{{nginx_servers_directory}}' +config_path = '{{nginx.directories.http.servers}}' # Initialize the error counter error_counter = 0 diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml index 28aa6b71..131dff61 100644 --- a/roles/letsencrypt/tasks/main.yml +++ b/roles/letsencrypt/tasks/main.yml @@ -1,5 +1,7 @@ - name: create nginx letsencrypt config file - template: src=letsencrypt.conf.j2 dest={{nginx_servers_directory}}letsencrypt.conf + template: + src: "letsencrypt.conf.j2" + dest: "{{nginx.directories.http.global}}letsencrypt.conf" notify: restart nginx when: run_once_letsencrypt is not defined diff --git a/roles/nginx-domain-redirect/tasks/main.yml b/roles/nginx-domain-redirect/tasks/main.yml index 616bfa8a..15666757 100644 --- a/roles/nginx-domain-redirect/tasks/main.yml +++ b/roles/nginx-domain-redirect/tasks/main.yml @@ -11,6 +11,6 @@ target_domain: "{{item.target}}" template: src: redirect.domain.nginx.conf.j2 - dest: "{{nginx_servers_directory}}{{ domain }}.conf" + dest: "{{nginx.directories.http.servers}}{{ domain }}.conf" loop: "{{domain_mappings}}" notify: restart nginx diff --git a/roles/nginx-static-repository/README.md b/roles/nginx-static-repository/README.md index 3da38c0d..64944dc6 100644 --- a/roles/nginx-static-repository/README.md +++ b/roles/nginx-static-repository/README.md @@ -11,7 +11,7 @@ This Ansible role configures an Nginx server to serve a static homepage. It hand ## Role Variables -- `nginx_homepage_root`: The directory where the homepage content will be stored (default: `/usr/share/nginx/homepage`) +- `nginx.directories.homepage`: The directory where the homepage content will be stored (default: `/usr/share/nginx/homepage`) - `domain`: The domain name for the Nginx server configuration - `administrator_email`: The email used for SSL certificate registration with Let's Encrypt - `nginx_static_repository_address`: The Git repository address containing the homepage content diff --git a/roles/nginx-static-repository/tasks/main.yml b/roles/nginx-static-repository/tasks/main.yml index 60022fe0..babeaab1 100644 --- a/roles/nginx-static-repository/tasks/main.yml +++ b/roles/nginx-static-repository/tasks/main.yml @@ -2,14 +2,14 @@ - name: "pull homepage from {{nginx_static_repository_address}}" git: repo: "{{nginx_static_repository_address}}" - dest: "{{nginx_homepage_root}}" + dest: "{{nginx.directories.homepage}}" update: yes ignore_errors: true - name: configure {{primary_domain}}.conf template: src: "static.nginx.conf.j2" - dest: "{{nginx_servers_directory}}{{primary_domain}}.conf" + dest: "{{nginx.directories.http.servers}}{{primary_domain}}.conf" vars: domain: "{{primary_domain}}" notify: restart nginx diff --git a/roles/nginx-static-repository/templates/static.nginx.conf.j2 b/roles/nginx-static-repository/templates/static.nginx.conf.j2 index 5cd10809..4f5ed8a9 100644 --- a/roles/nginx-static-repository/templates/static.nginx.conf.j2 +++ b/roles/nginx-static-repository/templates/static.nginx.conf.j2 @@ -13,12 +13,12 @@ server location / { - root {{nginx_homepage_root}}; + root {{nginx.directories.homepage}}; index index.html index.htm; } location /.well-known/ { - alias {{nginx_well_known_root}}; + alias {{nginx.directories.well_known}}; allow all; default_type "text/plain"; autoindex on; diff --git a/roles/nginx-www-redirect/README.md b/roles/nginx-www-redirect/README.md index 3d7f2b91..ab2bf92b 100644 --- a/roles/nginx-www-redirect/README.md +++ b/roles/nginx-www-redirect/README.md @@ -1,13 +1,13 @@ # README.md for nginx-www-redirect Role ## Overview -The `nginx-www-redirect` role is designed to automate the process of setting up redirects from `www.domain.tld` to `domain.tld` for all domains and subdomains configured within the `{{nginx_servers_directory}}` directory. This role dynamically identifies configuration files following the pattern `*domain.tld.conf` and creates corresponding redirection rules. +The `nginx-www-redirect` role is designed to automate the process of setting up redirects from `www.domain.tld` to `domain.tld` for all domains and subdomains configured within the `{{nginx.directories.http.servers}}` directory. This role dynamically identifies configuration files following the pattern `*domain.tld.conf` and creates corresponding redirection rules. ## Role Description This role performs several key tasks: -1. **Find Configuration Files**: Locates all `.conf` files in the `{{nginx_servers_directory}}` directory that match the `*.*.conf` pattern, ensuring that only domain and subdomain configurations are selected. +1. **Find Configuration Files**: Locates all `.conf` files in the `{{nginx.directories.http.servers}}` directory that match the `*.*.conf` pattern, ensuring that only domain and subdomain configurations are selected. -2. **Filter Domain Names**: Processes each configuration file, extracting the domain names and removing both the `.conf` extension and the `{{nginx_servers_directory}}` path. +2. **Filter Domain Names**: Processes each configuration file, extracting the domain names and removing both the `.conf` extension and the `{{nginx.directories.http.servers}}` path. 3. **Prepare Redirect Domain Mappings**: Transforms the filtered domain names into a source-target mapping format, where `source` is `www.domain.tld` and `target` is `domain.tld`. @@ -25,7 +25,7 @@ Example playbook: ## Requirements - Ansible environment set up and configured to run roles. -- Access to the `{{nginx_servers_directory}}` directory on the target hosts. +- Access to the `{{nginx.directories.http.servers}}` directory on the target hosts. - The `nginx-domain-redirect` role must be present and properly configured to handle the redirection mappings. ## Notes diff --git a/roles/nginx-www-redirect/tasks/main.yml b/roles/nginx-www-redirect/tasks/main.yml index fa788cf1..7338f99e 100644 --- a/roles/nginx-www-redirect/tasks/main.yml +++ b/roles/nginx-www-redirect/tasks/main.yml @@ -1,7 +1,7 @@ --- - name: Find all .conf ansible.builtin.find: - paths: "{{nginx_servers_directory}}" + paths: "{{nginx.directories.http.servers}}" patterns: '*.*.conf' register: conf_files @@ -9,8 +9,8 @@ set_fact: filtered_domains: "{{ conf_files.files | map(attribute='path') | map('regex_search', domain_regex) | select('string') | map('regex_replace', path_regex, '') | map('regex_replace', '.conf$', '') | list }}" vars: - domain_regex: "^{{ nginx_servers_directory }}(?!www\\.)[^/]+\\.conf$" - path_regex: "^{{ nginx_servers_directory }}" + domain_regex: "^{{nginx.directories.http.servers}}(?!www\\.)[^/]+\\.conf$" + path_regex: "^{{nginx.directories.http.servers}}" - name: The domains for which a www. redirect will be implemented debug: diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index a91a122a..eb19c372 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -11,15 +11,19 @@ notify: restart nginx when: run_once_nginx is not defined and nginx_matomo_tracking | bool +- name: "Delete {{nginx.directories.configuration}} directory, when mode_reset" + file: + path: "{{ nginx.directories.configuration }}" + state: absent + when: mode_reset and run_once_nginx is not defined + - name: Ensure nginx configuration directories are present file: path: "{{ item }}" state: directory mode: '0755' - loop: - - "{{nginx_servers_directory}}" - - "{{nginx_maps_directory}}" - - "{{nginx_streams_directory}}" + recurse: yes + loop: "{{ nginx.directories.http + nginx.directories.streams }}" when: run_once_nginx is not defined - name: create nginx config file diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2 index 9564df3e..046a224a 100644 --- a/roles/nginx/templates/nginx.conf.j2 +++ b/roles/nginx/templates/nginx.conf.j2 @@ -34,11 +34,11 @@ http gzip_types application/atom+xml application/javascript application/xml+rss application/x-javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/javascript text/xml; types_hash_max_size 4096; - include {{nginx_maps_directory}}*.conf; - include {{nginx_servers_directory}}*.conf; + include {{nginx.directories.http.maps}}*.conf; + include {{nginx.directories.http.servers}}*.conf; } # For port proxies stream{ - include {{nginx_streams_directory}}*.conf; + include {{nginx.directories.streams}}*.conf; } diff --git a/tasks/create-domain-conf.yml b/tasks/create-domain-conf.yml index 9dfe4658..ccea771b 100644 --- a/tasks/create-domain-conf.yml +++ b/tasks/create-domain-conf.yml @@ -1,5 +1,5 @@ - name: configure {{domain}}.conf template: src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2" - dest: "{{nginx_servers_directory}}{{domain}}.conf" + dest: "{{nginx.directories.http.servers}}{{domain}}.conf" notify: restart nginx \ No newline at end of file