[nginx] Fix default configuration

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>

group_vars/mailman.yml

@@ -1,5 +1,6 @@
 ---
 loc_nginx:
+  service_name: mailman
   default_server: lists.crans.org
   default_ssl_server: lists.crans.org
   auth_passwd:

group_vars/nginx.yml

@@ -2,18 +2,23 @@
 glob_nginx:
   contact: contact@crans.org
   who: "L'équipe technique du Cr@ns"
+  service_name: service
   ssl:
     cert: /etc/letsencrypt/live/crans.org/fullchain.pem
     cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
     trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
+  servers:
+    - ssl: false
+      server_name:
+        - "default"
+        - "_"
+      root: "/var/www/html"
+      locations:
+        - filter: "/"
+          params: []
+  upstreams: []
+
+  auth_passwd: []
   default_server:
   default_ssl_server:
-  servers:
+  deploy_robots_file: false
-    ssl: false
-    server_name:
-      - "default"
-      - "_"
-    root: "/var/www/html"
-    locations:
-      - filter: "/"
-  upstreams: []

host_vars/charybde.adm.crans.org.yml

@@ -35,6 +35,7 @@ to_backup:
   }
 
 loc_nginx:
+  service_name: ftp
   servers:
     server_name:
       - "ftp"

hosts

@@ -23,6 +23,7 @@ belenios.adm.crans.org
 [certbot:children]
 dovecot
 git
+irc
 radius  # We use certbot to manage LE certificates
 reverseproxy
 
@@ -87,6 +88,7 @@ monitoring.adm.crans.org
 charybde.adm.crans.org
 
 [nginx:children]
+irc
 mailman
 reverseproxy
 

roles/nginx/tasks/main.yml

@@ -64,17 +64,17 @@
   when: nginx.servers is defined and nginx.servers|length > 0
   template:
     src: "nginx/sites-available/service.j2"
-    dest: "/etc/nginx/sites-available/service"
+    dest: "/etc/nginx/sites-available/{{ nginx.service_name }}"
     owner: root
     group: root
     mode: 0644
   notify: Reload nginx
 
 - name: Activate local nginx service site
-  when: nginx.servers|bool
+  when: nginx.servers is defined and nginx.servers|length > 0
   file:
-    src: "/etc/nginx/sites-available/service"
+    src: "/etc/nginx/sites-available/{{ nginx.service_name }}"
-    dest: "/etc/nginx/sites-enabled/service"
+    dest: "/etc/nginx/sites-enabled/{{ nginx.service_name }}"
     owner: root
     group: root
     state: link

roles/nginx/templates/nginx/sites-available/service.j2

@@ -1,5 +1,12 @@
 {{ ansible_header | comment }}
 
+# Automatic Connection header for WebSocket support
+# See http://nginx.org/en/docs/http/websocket.html
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+}
+
 {% for upstream in nginx.upstreams -%}
 upstream {{ upstream.name }} {
     # Path of the server
@@ -45,7 +52,7 @@ server {
 {% endif -%}
 
 {% for server in nginx.servers %}
-{% if server.ssl -%}
+{% if server.ssl is defined and server.ssl -%}
 # Redirect HTTP to HTTPS
 server {
     listen 80 default;