nginx: remove unused stuff and proxy requests to containers

playbooks/roadhouse.yml

@@ -23,6 +23,11 @@
 
     - role: nginx
 
+      proxy:
+        code.ubuntu-it.org: spock.lxd:80
+        wwwtest.ubuntu-it.org: bromuro.lxd:80
+        votantonio.ubuntu-it.org: bromuro.lxd:80
+
 
     - role: lxd
       subnet4: 10.0.0

roles/nginx/defaults/main.yml

+---
+
+proxy: {}

roles/nginx/handlers/main.yml

 ---
 
-- name: web-server.reload-nginx
+- name: nginx.reload
   service:
     name: nginx
     state: reloaded

roles/nginx/tasks/main.yml

 ---
 
-- name: setup
-  include: setup.yml
+- include_tasks: setup.yml
+
+- include_tasks: proxy.yml
+  when: proxy

roles/nginx/tasks/proxy.yml

+---
+
+- name: Upload configuration for proxied sites
+  template:
+    src: sites/proxied.conf
+    dest: "/etc/nginx/sites-enabled/{{ item.key }}"
+
+  with_dict: "{{ proxy }}"
+  notify:
+    - nginx.reload

roles/nginx/tasks/setup.yml

 ---
 
-- name: install nginx
+- name: Install nginx
   apt:
     name: "{{ item }}"
     state: present
@@ -9,47 +9,33 @@
     - nginx
 
 
-- name: create directories for nginx
-  file:
-    path: "/etc/nginx/{{ item }}"
-    state: directory
-    mode: 0755
-
-  with_items:
-    - sites
-
+- name: Upload nginx configuration files
+  template:
+    src: "conf.d/{{ item }}"
+    dest: "/etc/nginx/conf.d/{{ item }}"
 
-- name: remove unused nginx directories
-  file:
-    path: "{{ item }}"
-    state: absent
+    mode: 0644
 
   with_items:
-    - /var/www/html
-    - /etc/nginx/sites-available
-    - /etc/nginx/sites-enabled
-
+    - optimize.conf
 
-- name: upload nginx configuration files
-  template:
-    src: "config/{{ item }}"
-    dest: "/etc/nginx/{{ item }}"
+  notify:
+    - nginx.reload
 
-    mode: 0644
 
-  with_items:
-    - nginx.conf
-    - conf.d/default-site.conf
-    - conf.d/optimize.conf
+- name: Upload default site
+  template:
+    src: sites/default.conf
+    dest: /etc/nginx/sites-enabled/default
 
   notify:
-    - web-server.reload-nginx
+    - nginx.reload
 
 
-- name: allow http through the firewall
+- name: Allow http through the firewall
   template:
     src: firewall.sh
-    dest: /usr/local/share/firewall.d/web-server.sh
+    dest: /usr/local/share/firewall.d/nginx.sh
     mode: 0700
 
   notify:

roles/nginx/templates/config/conf.d/optimize.conf → roles/nginx/templates/conf.d/optimize.conf

+#
+# {{ ansible_managed }}
+#
+
 ######################
 #  gzip compression  #
 ######################
 
-gzip on;
-gzip_disable "msie6";
 gzip_vary on;
 
 gzip_comp_level 6;

roles/nginx/templates/config/nginx.conf

-user www-data;
-worker_processes auto;
-pid /run/nginx.pid;
-
-events {
-    worker_connections 768;
-}
-
-http {
-
-    ####################
-    #  Basic Settings  #
-    ####################
-
-    sendfile on;
-    tcp_nopush on;
-    tcp_nodelay on;
-    keepalive_timeout 65;
-    types_hash_max_size 2048;
-    server_tokens off;
-
-    include /etc/nginx/mime.types;
-    default_type application/octet-stream;
-
-    #######################
-    #  SSL configuration  #
-    #######################
-
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_prefer_server_ciphers on;
-
-    ########################
-    #  Logs configuration  #
-    ########################
-
-    access_log /var/log/nginx/access.log;
-    error_log /var/log/nginx/error.log;
-
-    #########################
-    #  Extra configuration  #
-    #########################
-
-    include /etc/nginx/conf.d/*.conf;
-    include /etc/nginx/sites/*;
-}

roles/nginx/templates/firewall.sh

+#!/bin/bash
+#
+# {{ ansible_managed }}
+#
+
 # Allow incoming requests on port 80
 command -A public_input_tcp -p tcp --dport 80 -j ACCEPT

roles/nginx/templates/config/conf.d/default-site.conf → roles/nginx/templates/sites/default.conf

+#
+# {{ ansible_managed }}
+#
+
 server {
     listen 80 default;
     listen [::]:80 default;

roles/nginx/templates/sites/proxied.conf

+#
+# {{ ansible_managed }}
+#
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name {{ item.key }};
+
+    location / {
+        proxy_pass http://{{ item.value }}/;
+    }
+}