Comments (1)
I'm making progress on the PR for this, actually, it is pretty much done, I'm just testing it further currently.
It isn't quite as clean as may have been hoped, simply due to the variation in different operating systems and package repositories.
I figured I would record a some detail of this so if anyone goes looking there is some rationale behind it.
There are 4 configurations I'll look to cater for.
- Centos/RHEL with EPEL repo
- Centos/RHEL with official Nginx repo
- Debian/Ubuntu with APT repo
- Debian/Ubuntu with official Nginx repo
Config 1 - Centos/RHEL with EPEL repo
With the default setting for installing only the package "nginx", the installation task should bring down Nginx, a bunch of modules, and a nicely configured filesystem all ready for use with SELinux. Module .so files live in /usr/lib64/nginx/modules
and Module.conf files live in /usr/share/nginx/modules/
with a short-name file naming convention e.g mod-http-geoip.conf
.
The nginx_module_configs
role variable will need to be specified as a list of configuration file names, minus the .conf file name extension. e.g mod-http-geoip
n.b this will allow backward compatibility, as anyone already managing modules will only be using EPEL and will be specifying config files and not module files.
Config 2 - Centos/RHEL with official Nginx repo
Any modules needed should be added to and specified in the nginx_pkgs
role variable and named something like nginx-module-geoip
as the installation task will only install Nginx, not any modules. Also, currently only some SELinux settings are set and I've found it necessary to also set the SELinux boolean of httpd_can_network_connect
when acting as a reverse proxy. Module .so files live in /usr/lib64/nginx/modules/
and there are no Module.conf files provided. The role will use a template to create these files as needed.
The nginx_module_configs
role variable will need to be specified as a list of module file names, minus the .so file name extension. e.g ngx_http_geoip_module
Config 3 - Debian/Ubuntu with APT repo
With the default setting for installing only the package "nginx", the installation task should bring down Nginx and a bunch of modules. Module .so files live in /usr/lib/nginx/modules
and Module.conf files live in /usr/share/nginx/modules-available/
. with a short-name naming convention e.g mod-http-geoip.conf
. Additional Module.conf files are created, perhaps by a post-install script, in /etc/nginx/modules-enabled
with filenames starting with 50-
. Presumably, these are to allow /usr/share files to remain as a reference and then people can add/remove the 50- files. Worth noting also there are lots more modules available if nginx-extras
or nginx-full
is set in nginx_pkgs
role variable or manually installed later.
These 50- files are in the way for us, so I've added tasks to rename these files out of way if they exist for any particular module which we choose to manage. The file is renamed to something like mod-name.conf.renamedasmanagednow
. With this extension they won't be loaded. Perhaps one case not yet considered is if you wish to manage the disabling of a specific module before ever enabling it via the role. Either set the role to enable this module once, then disable it, or manually move the 50- file out of the way.
n.b the functionality to disable modules via the role is not working yet, the code doing the enabling however is aware to not enable anything if it is specified in the do not enable section, even if it is also in the enable section.
The nginx_module_configs
role variable will need to be specified as a list of configuration file names, minus the .conf file name extension. e.g mod-http-geoip
Config 4 - Debian/Ubuntu with official Nginx repo
Fairly similar to Config 2. Any modules needed should be added to and specified in the nginx_pkgs
role variable and named something like nginx-module-geoip
as the installation task will only install Nginx, not any modules. Module .so files live in /usr/lib/nginx/modules/
and there are no Module.conf files provided. The role will use a template to create these files as needed.
The nginx_module_configs
role variable will need to be specified as a list of module file names, minus the .so file name extension. e.g ngx_http_geoip_module
Other considerations
The 2 options for what is needed in nginx_module_configs
variables is listed in each section above however worth noting.
The general idea is to have files in /etc/nginx/modules-available
(even if just links to elsewhere) and then links to those in /etc/nginx/modules-enabled
. This is kept in all cases.
The 2 options for where the actual module .so files live is catered for with a new variable nginx_modules_location
, so this shouldn't need to be specified unless someone wants to override for use with a different distribution.
All in all, it isn't too bad, perhaps seeing the code will explain it all anyway. Hopefully, just another day or so and I'll send in a PR.
Cheers.
from ansible-role-nginx.
Related Issues (20)
- Add installation from sources HOT 1
- remove a site is not taken in consideration HOT 2
- Ansible error HOT 1
- Change nginx user HOT 4
- disable default config HOT 5
- Error in handlers/main.yml HOT 1
- issue when adding header parameter with ";" HOT 1
- Does this role need run as root? HOT 1
- amplify.api_key variable does not exist HOT 1
- add_header X-XSS-Protection is causing problems HOT 2
- Nginx didn't start on install
- v2.16 missing on https://galaxy.ansible.com/jdauphant/nginx HOT 1
- Warning, Duplicate When Key HOT 5
- Allow for no default config to be generated HOT 3
- Missing mime.types file plus /etc/mime.types idea HOT 2
- Adhere to ansible-lint rules HOT 2
- Travis job is still on python 2.7 HOT 2
- Debian 12 (python3) support
- version > v2.21.2 are not avaiable via ansible-galaxy install command
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ansible-role-nginx.