Nginx variable refactoring and general bug solving. Got interupted commit not tested

2025-02-22 12:29:39 +01:00 · 2025-01-31 13:14:07 +01:00 · 2025-01-31 13:14:07 +01:00 · 11752f5e2e
commit 11752f5e2e
parent b96d95f3e4
23 changed files with 59 additions and 48 deletions
--- a/group_vars/all/05_nginx.yml
+++ b/group_vars/all/05_nginx.yml
@ -1,12 +1,16 @@
 # Webserver Configuration
 ## Nginx-Specific Path Configurations
-nginx_configuration_directory:  "/etc/nginx/conf.d/"                            # General configuration dir
+nginx:
-nginx_servers_directory:        "{{nginx_configuration_directory}}servers/"     # Contains server blogs
+  directories:
-nginx_maps_directory:           "{{nginx_configuration_directory}}maps/"        # Contains mappins
+    configuration:  "/etc/nginx/conf.d/"              # Configuration directory
-nginx_streams_directory:        "{{nginx_configuration_directory}}streams/"     # Contains streams configuration e.g. for ldaps
+    http:
-nginx_well_known_root:          "/usr/share/nginx/well-known/"                  # Path where well-known files are stored
+      global:       "/etc/nginx/conf.d/http/global"   # Contains global configurations which will be loaded into the http block
-nginx_homepage_root:            "/usr/share/nginx/homepage/"                    # Path where the static homepage files are stored
+      servers:      "/etc/nginx/conf.d/http/servers"  # Contains one configuration per domain
      maps:         "/etc/nginx/conf.d/http/maps/"    # Contains mappings
    streams:        "/etc/nginx/conf.d/streams/"      # Contains streams configuration e.g. for ldaps
    well_known:     "/usr/share/nginx/well-known/"    # Path where well-known files are stored
    homepage:       "/usr/share/nginx/homepage/"      # Path where the static homepage files are stored. @todo Move this variable to the role
 ## Nginx static repository
-nginx_static_repository_address: NULL #This should contain the url to an git repository which has a static homepage included and an index.html file
+nginx_static_repository_address: NULL #This should contain the url to an git repository which has a static homepage included and an index.html file. @todo move this variable to the role
--- a/roles/docker-attendize/tasks/main.yml
+++ b/roles/docker-attendize/tasks/main.yml
@ -13,7 +13,7 @@
 - name: configure {{domain}}.conf
  template: 
    src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 
-    dest: "{{nginx_servers_directory}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
  notify: restart nginx
 - name: "include tasks update-repository-with-docker-compose.yml"
--- a/roles/docker-bigbluebutton/tasks/main.yml
+++ b/roles/docker-bigbluebutton/tasks/main.yml
@ -12,7 +12,7 @@
 #- name: configure {{domain}}.conf
 #  template: 
 #    src:  "nginx-proxy.conf.j2"
-#    dest: "{{nginx_servers_directory}}{{domain}}.conf"
+#    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
 #  notify: restart nginx
 - name: "include tasks nginx-docker-proxy-domain.yml"
@ -21,7 +21,7 @@
 - name: configure websocket_upgrade.conf
  copy: 
    src:  "websocket_upgrade.conf"
-    dest: "{{nginx_maps_directory}}websocket_upgrade.conf"
+    dest: "{{nginx.directories.http.maps}}websocket_upgrade.conf"
  notify: restart nginx
 - name: pull docker repository
--- a/roles/docker-compose/tasks/main.yml
+++ b/roles/docker-compose/tasks/main.yml
@ -2,9 +2,10 @@
  set_fact:
    docker_compose_instance_directory: "{{ path_docker_compose_instances }}{{ application_id }}/"
- name: "Set global domain to {{ domains[application_id] }}"
+- name: "Set global domain based on application_id"
  set_fact:
-    domain: "{{ domains[application_id] }}"
+    domain: "{{ domains[application_id] if application_id in domains else None }}"
  # Default case: One Domain exists. Some applications like matrix don't have an default key
 - name: "Set global http_port to {{ ports.localhost.http_ports[application_id] }}"
  set_fact:
--- a/roles/docker-ldap/tasks/main.yml
+++ b/roles/docker-ldap/tasks/main.yml
@ -9,13 +9,13 @@
 - name: Create {{domain}}.conf if LDAP is exposed to internet
  template: 
    src:  "nginx.stream.conf.j2" 
-    dest: "{{nginx_streams_directory}}{{domain}}.conf"
+    dest: "{{nginx.directories.streams}}{{domain}}.conf"
  notify: restart nginx
  when: ldap_expose_to_internet | bool
 - name: Remove {{domain}}.conf if LDAP is not exposed to internet
  file:
-    path: "{{ nginx_streams_directory }}{{ domain }}.conf"
+    path: "{{ nginx.directories.streams }}{{ domain }}.conf"
    state: absent
  when: not ldap_expose_to_internet | bool
--- a/roles/docker-mastodon/tasks/create-domains.yml
+++ b/roles/docker-mastodon/tasks/create-domains.yml
@ -4,5 +4,5 @@
 - name: configure {{domain}}.conf
  template: 
    src:  "mastodon.conf.j2" 
-    dest: "{{nginx_servers_directory}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
  notify: restart nginx
--- a/roles/docker-matrix-compose/tasks/main.yml
+++ b/roles/docker-matrix-compose/tasks/main.yml
@ -6,7 +6,7 @@
  include_tasks: certbot-matomo.yml
  vars:
    domain:     "{{domains.matrix_synapse}}"
-    http_port:  "{{ports.localhost.http_port[matrix_synapse]}}"
+    http_port:  "{{ports.localhost.http_ports.matrix_synapse}}"
 - name: create {{well_known_directory}}
  file:
@ -22,17 +22,17 @@
 - name: create {{domains.matrix_synapse}}.conf
  template: 
    src:  "templates/nginx.conf.j2" 
-    dest: "{{nginx_servers_directory}}{{domains.matrix_synapse}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domains.matrix_synapse}}.conf"
  vars:
    domain:     "{{domains.matrix_synapse}}"
-    http_port:  "{{ports.localhost.http_port[matrix_synapse]}}"
+    http_port:  "{{ports.localhost.http_ports.matrix_synapse}}"
  notify: restart nginx
 - name: "include tasks nginx-docker-proxy-domain.yml for element"
  include_tasks: nginx-docker-proxy-domain.yml
  vars:        
    domain:     "{{domains.matrix_element}}"
-    http_port:  "{{ports.localhost.http_port[matrix_element]}}"
+    http_port:  "{{ports.localhost.http_ports.matrix_element}}"
 - name: include create-and-seed-database.yml for multiple bridges
  include_tasks: create-and-seed-database.yml
--- a/roles/docker-matrix-compose/templates/docker-compose.yml.j2
+++ b/roles/docker-matrix-compose/templates/docker-compose.yml.j2
@ -19,7 +19,7 @@ services:
      - SYNAPSE_SERVER_NAME={{domains.matrix_synapse}}
      - SYNAPSE_REPORT_STATS=no
    ports:
-      - "127.0.0.1:{{ports.localhost.http_port[matrix_synapse]}}:8008"
+      - "127.0.0.1:{{ports.localhost.http_ports.matrix_synapse}}:8008"
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:8008/"]
      interval: 1m
@ -39,7 +39,7 @@ services:
    volumes:
      - ./element-config.json:/app/config.json
    ports:
-      - "127.0.0.1:{{ports.localhost.http_port[matrix_element]}}:80"
+      - "127.0.0.1:{{ports.localhost.http_ports.matrix_element}}:80"
    healthcheck:
      test: ["CMD", "wget", "--spider", "-q", "http://localhost:80/"]
      interval: 1m
--- a/roles/docker-matrix-compose/vars/main.yml
+++ b/roles/docker-matrix-compose/vars/main.yml
@ -3,7 +3,7 @@ application_id:  	        "matrix"
 database_password:  	    "{{matrix_database_password}}"
 database_type:            "postgres"
 registration_file_folder: "/data/"
-well_known_directory:     "{{nginx_well_known_root}}/matrix/"
+well_known_directory:     "{{nginx.directories.well_known}}/matrix/"
 bridges:
  - database_password: "{{ mautrix_whatsapp_bridge_database_password }}"
--- a/roles/docker-mybb/vars/main.yml
+++ b/roles/docker-mybb/vars/main.yml
@ -2,7 +2,7 @@
 application_id:  	                              "mybb"
 docker_compose_instance_confd_directory:        "{{docker_compose_instance_directory}}conf.d/"
 docker_compose_instance_confd_defaultconf_file: "{{docker_compose_instance_confd_directory}}default.conf"
-target_mount_conf_d_directory:                  "{{nginx_servers_directory}}"
+target_mount_conf_d_directory:                  "{{nginx.directories.http.servers}}"
 source_domain:                                  "mybb.{{primary_domain}}"
 database_password:                              "{{mybb_database_password}}"
 database_type:                                  "mariadb"
--- a/roles/docker-nextcloud/tasks/main.yml
+++ b/roles/docker-nextcloud/tasks/main.yml
@ -8,7 +8,7 @@
 - name: configure {{domain}}.conf
  template: 
    src:  "templates/nextcloud.conf.j2" 
-    dest: "{{nginx_servers_directory}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
  notify: restart nginx
 - name: create nginx.conf
--- a/roles/docker-peertube/tasks/create-domains.yml
+++ b/roles/docker-peertube/tasks/create-domains.yml
@ -4,5 +4,5 @@
 - name: configure {{domain}}.conf
  template: 
    src:  "templates/peertube.conf.j2"
-    dest: "{{nginx_servers_directory}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
  notify: restart nginx
--- a/roles/health-nginx/templates/health-nginx.py.j2
+++ b/roles/health-nginx/templates/health-nginx.py.j2
@ -4,7 +4,7 @@ import sys
 import re
 # file in which fqdn server configs are deposit
-config_path = '{{nginx_servers_directory}}'
+config_path = '{{nginx.directories.http.servers}}'
 # Initialize the error counter
 error_counter = 0
--- a/roles/letsencrypt/tasks/main.yml
+++ b/roles/letsencrypt/tasks/main.yml
@ -1,5 +1,7 @@
 - name: create nginx letsencrypt config file
-  template: src=letsencrypt.conf.j2 dest={{nginx_servers_directory}}letsencrypt.conf
+  template: 
    src:  "letsencrypt.conf.j2"
    dest: "{{nginx.directories.http.global}}letsencrypt.conf"
  notify: restart nginx
  when: run_once_letsencrypt is not defined
--- a/roles/nginx-domain-redirect/tasks/main.yml
+++ b/roles/nginx-domain-redirect/tasks/main.yml
@ -11,6 +11,6 @@
    target_domain: "{{item.target}}"
  template: 
    src:  redirect.domain.nginx.conf.j2
-    dest: "{{nginx_servers_directory}}{{ domain }}.conf"
+    dest: "{{nginx.directories.http.servers}}{{ domain }}.conf"
  loop: "{{domain_mappings}}"
  notify: restart nginx
--- a/roles/nginx-static-repository/README.md
+++ b/roles/nginx-static-repository/README.md
@ -11,7 +11,7 @@ This Ansible role configures an Nginx server to serve a static homepage. It hand
 ## Role Variables
- `nginx_homepage_root`: The directory where the homepage content will be stored (default: `/usr/share/nginx/homepage`)
+- `nginx.directories.homepage`: The directory where the homepage content will be stored (default: `/usr/share/nginx/homepage`)
 - `domain`: The domain name for the Nginx server configuration
 - `administrator_email`: The email used for SSL certificate registration with Let's Encrypt
 - `nginx_static_repository_address`: The Git repository address containing the homepage content
--- a/roles/nginx-static-repository/tasks/main.yml
+++ b/roles/nginx-static-repository/tasks/main.yml
@ -2,14 +2,14 @@
 - name: "pull homepage from {{nginx_static_repository_address}}"
  git:
    repo: "{{nginx_static_repository_address}}"
-    dest: "{{nginx_homepage_root}}"
+    dest: "{{nginx.directories.homepage}}"
    update: yes
  ignore_errors: true
 - name: configure {{primary_domain}}.conf
  template: 
    src:  "static.nginx.conf.j2" 
-    dest: "{{nginx_servers_directory}}{{primary_domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{primary_domain}}.conf"
  vars:
    domain: "{{primary_domain}}"
  notify: restart nginx
--- a/roles/nginx-static-repository/templates/static.nginx.conf.j2
+++ b/roles/nginx-static-repository/templates/static.nginx.conf.j2
@ -13,12 +13,12 @@ server
  location /
  {
-    root {{nginx_homepage_root}};
+    root {{nginx.directories.homepage}};
    index index.html index.htm;
  }
  location /.well-known/ {
-    alias {{nginx_well_known_root}};
+    alias {{nginx.directories.well_known}};
    allow all;
    default_type "text/plain";
    autoindex on;
--- a/roles/nginx-www-redirect/README.md
+++ b/roles/nginx-www-redirect/README.md
@ -1,13 +1,13 @@
 # README.md for nginx-www-redirect Role
 ## Overview
-The `nginx-www-redirect` role is designed to automate the process of setting up redirects from `www.domain.tld` to `domain.tld` for all domains and subdomains configured within the `{{nginx_servers_directory}}` directory. This role dynamically identifies configuration files following the pattern `*domain.tld.conf` and creates corresponding redirection rules.
+The `nginx-www-redirect` role is designed to automate the process of setting up redirects from `www.domain.tld` to `domain.tld` for all domains and subdomains configured within the `{{nginx.directories.http.servers}}` directory. This role dynamically identifies configuration files following the pattern `*domain.tld.conf` and creates corresponding redirection rules.
 ## Role Description
 This role performs several key tasks:
-1. **Find Configuration Files**: Locates all `.conf` files in the `{{nginx_servers_directory}}` directory that match the `*.*.conf` pattern, ensuring that only domain and subdomain configurations are selected.
+1. **Find Configuration Files**: Locates all `.conf` files in the `{{nginx.directories.http.servers}}` directory that match the `*.*.conf` pattern, ensuring that only domain and subdomain configurations are selected.
-2. **Filter Domain Names**: Processes each configuration file, extracting the domain names and removing both the `.conf` extension and the `{{nginx_servers_directory}}` path.
+2. **Filter Domain Names**: Processes each configuration file, extracting the domain names and removing both the `.conf` extension and the `{{nginx.directories.http.servers}}` path.
 3. **Prepare Redirect Domain Mappings**: Transforms the filtered domain names into a source-target mapping format, where `source` is `www.domain.tld` and `target` is `domain.tld`.
@ -25,7 +25,7 @@ Example playbook:
 ## Requirements
 - Ansible environment set up and configured to run roles.
- Access to the `{{nginx_servers_directory}}` directory on the target hosts.
+- Access to the `{{nginx.directories.http.servers}}` directory on the target hosts.
 - The `nginx-domain-redirect` role must be present and properly configured to handle the redirection mappings.
 ## Notes
--- a/roles/nginx-www-redirect/tasks/main.yml
+++ b/roles/nginx-www-redirect/tasks/main.yml
@ -1,7 +1,7 @@
 ---
 - name: Find all .conf
  ansible.builtin.find:
-    paths: "{{nginx_servers_directory}}"
+    paths: "{{nginx.directories.http.servers}}"
    patterns: '*.*.conf'
  register: conf_files
@ -9,8 +9,8 @@
  set_fact:
    filtered_domains: "{{ conf_files.files | map(attribute='path') | map('regex_search', domain_regex) | select('string') | map('regex_replace', path_regex, '') | map('regex_replace', '.conf$', '') | list }}"
  vars:
-    domain_regex: "^{{ nginx_servers_directory }}(?!www\\.)[^/]+\\.conf$"
+    domain_regex: "^{{nginx.directories.http.servers}}(?!www\\.)[^/]+\\.conf$"
-    path_regex: "^{{ nginx_servers_directory }}"
+    path_regex: "^{{nginx.directories.http.servers}}"
 - name: The domains for which a www. redirect will be implemented
  debug:
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -11,15 +11,19 @@
  notify: restart nginx
  when: run_once_nginx is not defined and nginx_matomo_tracking | bool
 - name: "Delete {{nginx.directories.configuration}} directory, when mode_reset"
  file:
    path: "{{ nginx.directories.configuration }}"
    state: absent
  when: mode_reset and run_once_nginx is not defined
 - name: Ensure nginx configuration directories are present
  file:
    path: "{{ item }}"
    state: directory
    mode: '0755'
-  loop:
+    recurse: yes
-    - "{{nginx_servers_directory}}"
+  loop: "{{ nginx.directories.http + nginx.directories.streams }}"
    - "{{nginx_maps_directory}}"
    - "{{nginx_streams_directory}}"
  when: run_once_nginx is not defined
 - name: create nginx config file
--- a/roles/nginx/templates/nginx.conf.j2
+++ b/roles/nginx/templates/nginx.conf.j2
@ -34,11 +34,11 @@ http
  gzip_types application/atom+xml application/javascript application/xml+rss application/x-javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/javascript text/xml;
  types_hash_max_size 4096;  
-  include {{nginx_maps_directory}}*.conf;
+  include {{nginx.directories.http.maps}}*.conf;
-  include {{nginx_servers_directory}}*.conf;
+  include {{nginx.directories.http.servers}}*.conf;
 }
 # For port proxies
 stream{
-  include {{nginx_streams_directory}}*.conf;
+  include {{nginx.directories.streams}}*.conf;
 }
--- a/tasks/create-domain-conf.yml
+++ b/tasks/create-domain-conf.yml
@ -1,5 +1,5 @@
 - name: configure {{domain}}.conf
  template: 
    src:  "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2" 
-    dest: "{{nginx_servers_directory}}{{domain}}.conf"
+    dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
  notify: restart nginx