blob: 73469a124dfa80ed6fd5c708fa5706b86f1ff346 (
plain) (
tree)
|
|
---
- name: emerge, nginx with extra modules!
apt:
pkg: nginx-extras
state: latest
# Keep 32 logs
- name: adjust nginx logrotate keep files
lineinfile:
state: present
path: /etc/logrotate.d/nginx
regexp: "^(\\s+)rotate "
line: "\\1rotate 32"
backrefs: yes
# And only rotate when they grow larger than 1 GB
- name: adjust nginx logrotate trigger rolls
lineinfile:
state: present
path: /etc/logrotate.d/nginx
regexp: "minsize"
line: "minsize 1G"
insertafter: "rotate \\d+"
- name: verify nginx isn't serving default pages
file:
path: /etc/nginx/sites-enabled/default
state: absent
notify:
- reload nginx
- name: verify nginx proxy cache dir exists
file:
path: /var/nginx/proxy-cache
owner: www-data
state: directory
- name: verify nginx cpu affinity
lineinfile:
state: present
path: /etc/nginx/nginx.conf
regexp: "^worker_cpu_affinity "
line: "worker_cpu_affinity auto;"
insertafter: '^worker_processes '
notify:
- reload nginx
- name: drop keepalive from nginx conf because we set it custom
lineinfile:
state: absent
path: /etc/nginx/nginx.conf
regexp: "^\\s+keepalive_timeout"
notify:
- reload nginx
- name: copy config extensions
copy:
src: conf.d
dest: /etc/nginx/
notify:
- reload nginx
- name: copy shared tls settings
copy:
src: tls/
dest: /etc/nginx/
notify:
- reload nginx
- name: generate our templated basic sites
template:
src: basic-site.conf.j2
dest: "/etc/nginx/sites-available/{{ item.domain }}"
loop: "{{ nginx.basic }}"
notify:
- reload nginx
- name: copy our more complex sites we don't want templated
copy:
src: "servers/{{ item }}"
dest: /etc/nginx/sites-available/
loop: "{{ nginx.complex }}"
notify:
- reload nginx
- name: activate our nginx site configs
file:
src: "/etc/nginx/sites-available/{{ item }}"
dest: "/etc/nginx/sites-enabled/{{ item }}"
state: link
loop: "{{ nginx.complex }}"
notify:
- reload nginx
- name: activate our nginx site templates
file:
src: "/etc/nginx/sites-available/{{ item.domain }}"
dest: "/etc/nginx/sites-enabled/{{ item.domain }}"
state: link
loop: "{{ nginx.basic }}"
notify:
- reload nginx
- name: remove disabled sites
file:
src: "/etc/nginx/sites-enabled/{{ item }}"
state: absent
loop: "{{ nginx.disabled | default([]) }}"
notify:
- reload nginx
- name: reload if certs newish
include_role:
name: certreload
vars:
certreload:
notifiers:
- reload nginx
|
