[nginx] Fix default configuration

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-01-13 22:13:15 +01:00 · 2021-01-13 22:13:15 +01:00 · c3d58d9ca9
parent a16208b1c3
commit c3d58d9ca9
6 changed files with 30 additions and 14 deletions
--- a/group_vars/mailman.yml
+++ b/group_vars/mailman.yml
@ -1,5 +1,6 @@
 ---
 loc_nginx:
+  service_name: mailman
  default_server: lists.crans.org
  default_ssl_server: lists.crans.org
  auth_passwd:
--- a/group_vars/nginx.yml
+++ b/group_vars/nginx.yml
@ -2,18 +2,23 @@
 glob_nginx:
  contact: contact@crans.org
  who: "L'équipe technique du Cr@ns"
+  service_name: service
  ssl:
    cert: /etc/letsencrypt/live/crans.org/fullchain.pem
    cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
    trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
-  default_server:
-  default_ssl_server:
  servers:
-    ssl: false
+    - ssl: false
      server_name:
        - "default"
        - "_"
      root: "/var/www/html"
      locations:
        - filter: "/"
+          params: []
  upstreams: []
+
+  auth_passwd: []
+  default_server:
+  default_ssl_server:
+  deploy_robots_file: false
--- a/host_vars/charybde.adm.crans.org.yml
+++ b/host_vars/charybde.adm.crans.org.yml
@ -35,6 +35,7 @@ to_backup:
  }

 loc_nginx:
+  service_name: ftp
  servers:
    server_name:
      - "ftp"
--- a/2
+++ b/2
@ -23,6 +23,7 @@ belenios.adm.crans.org
 [certbot:children]
 dovecot
 git
+irc
 radius  # We use certbot to manage LE certificates
 reverseproxy

@ -87,6 +88,7 @@ monitoring.adm.crans.org
 charybde.adm.crans.org

 [nginx:children]
+irc
 mailman
 reverseproxy

--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@ -64,17 +64,17 @@
  when: nginx.servers is defined and nginx.servers|length > 0
  template:
    src: "nginx/sites-available/service.j2"
-    dest: "/etc/nginx/sites-available/service"
+    dest: "/etc/nginx/sites-available/{{ nginx.service_name }}"
    owner: root
    group: root
    mode: 0644
  notify: Reload nginx

 - name: Activate local nginx service site
-  when: nginx.servers|bool
+  when: nginx.servers is defined and nginx.servers|length > 0
  file:
-    src: "/etc/nginx/sites-available/service"
-    dest: "/etc/nginx/sites-enabled/service"
+    src: "/etc/nginx/sites-available/{{ nginx.service_name }}"
+    dest: "/etc/nginx/sites-enabled/{{ nginx.service_name }}"
    owner: root
    group: root
    state: link
--- a/roles/nginx/templates/nginx/sites-available/service.j2
+++ b/roles/nginx/templates/nginx/sites-available/service.j2
@ -1,5 +1,12 @@
 {{ ansible_header | comment }}

+# Automatic Connection header for WebSocket support
+# See http://nginx.org/en/docs/http/websocket.html
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+}
+
 {% for upstream in nginx.upstreams -%}
 upstream {{ upstream.name }} {
    # Path of the server
@ -45,7 +52,7 @@ server {
 {% endif -%}

 {% for server in nginx.servers %}
-{% if server.ssl -%}
+{% if server.ssl is defined and server.ssl -%}
 # Redirect HTTP to HTTPS
 server {
    listen 80 default;