From 51132fd193a6d939021e8248b43b107c1eea4e25 Mon Sep 17 00:00:00 2001 From: Alex Kotov Date: Sun, 19 Sep 2021 01:02:37 +0500 Subject: [PATCH] Remove Nginx --- defaults/main.yml | 9 +--- files/nginx/syslog.conf | 2 - handlers/main.yml | 6 --- tasks/main.yml | 14 ------ tasks/nginx/install.yml | 81 ----------------------------------- tasks/nginx/purge.yml | 14 ------ tasks/nginx/remove.yml | 9 ---- templates/nginx/listing.conf | 27 ------------ templates/nginx/origin.conf | 53 ----------------------- templates/nginx/proxy.conf | 59 ------------------------- templates/nginx/raw.conf | 1 - templates/nginx/redirect.conf | 22 ---------- templates/nginx/upstream.conf | 5 --- vars/main.yml | 6 --- 14 files changed, 2 insertions(+), 306 deletions(-) delete mode 100644 files/nginx/syslog.conf delete mode 100644 tasks/nginx/install.yml delete mode 100644 tasks/nginx/purge.yml delete mode 100644 tasks/nginx/remove.yml delete mode 100644 templates/nginx/listing.conf delete mode 100644 templates/nginx/origin.conf delete mode 100644 templates/nginx/proxy.conf delete mode 100644 templates/nginx/raw.conf delete mode 100644 templates/nginx/redirect.conf delete mode 100644 templates/nginx/upstream.conf diff --git a/defaults/main.yml b/defaults/main.yml index f3d9f1a..46b3cf8 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -6,10 +6,5 @@ common__certbot__run: true common__certbot__email: 'user@example.com' common__certbot__cert_name: 'example.com' common__certbot__cert_domains: ['example.com', 'www.example.com'] -common__certbot__post_hook: 'systemctl is-active nginx.service || systemctl start nginx.service' -common__certbot__pre_hook: 'systemctl is-active nginx.service && systemctl stop nginx.service || true' - -common__nginx__state: null -common__nginx__remove_default: true -common__nginx__upstreams: [] -common__nginx__sites: [] +common__certbot__post_hook: null +common__certbot__pre_hook: null diff --git a/files/nginx/syslog.conf b/files/nginx/syslog.conf deleted file mode 100644 index 4ac957e..0000000 --- a/files/nginx/syslog.conf +++ /dev/null @@ -1,2 +0,0 @@ -access_log syslog:server=unix:/dev/log,facility=local7,severity=info,tag=nginx; -error_log syslog:server=unix:/dev/log,facility=local7,severity=error,tag=nginx; diff --git a/handlers/main.yml b/handlers/main.yml index e8e0f63..93b81d4 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -4,9 +4,3 @@ daemon_reload: true name: sshd state: restarted - -- name: common | Restart Nginx - systemd: - daemon_reload: true - name: nginx - state: restarted diff --git a/tasks/main.yml b/tasks/main.yml index dc0674e..c92827b 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -17,17 +17,3 @@ - include_tasks: certbot/install.yml when: common__certbot__state == 'install' - meta: flush_handlers - -- fail: - msg: 'Invalid `common__nginx__state`: {{ common__nginx__state }}' - when: (common__nginx__state != None) and - (common__nginx__state != 'purge') and - (common__nginx__state != 'remove') and - (common__nginx__state != 'install') -- include_tasks: nginx/purge.yml - when: common__nginx__state == 'purge' -- include_tasks: nginx/remove.yml - when: common__nginx__state == 'remove' -- include_tasks: nginx/install.yml - when: common__nginx__state == 'install' -- meta: flush_handlers diff --git a/tasks/nginx/install.yml b/tasks/nginx/install.yml deleted file mode 100644 index d190d5a..0000000 --- a/tasks/nginx/install.yml +++ /dev/null @@ -1,81 +0,0 @@ ---- -- name: Install Nginx - apt: - name: nginx - -- name: Create directories for Nginx configuration - file: - state: directory - path: '{{ item }}' - mode: 'u=rwx,go=rx' - owner: root - group: root - with_items: - - '{{ common__nginx__conf_dir }}' - - '{{ common__nginx__confd_dir }}' - - '{{ common__nginx__available_dir }}' - - '{{ common__nginx__enabled_dir }}' - - '{{ common__nginx__snippets_dir }}' - notify: common | Restart Nginx - -- name: Disable Nginx access log - lineinfile: - path: '{{ common__nginx__conf_dir }}/nginx.conf' - regexp: '^(\s*)#?\s*access_log\s+\S+\s*;\s*$' - line: '\1#access_log /var/log/nginx/access.log;' - backrefs: true - notify: common | Restart Nginx - -- name: Disable Nginx error log - lineinfile: - path: '{{ common__nginx__conf_dir }}/nginx.conf' - regexp: '^(\s*)#?\s*error_log\s+\S+\s*;\s*$' - line: '\1#error_log /var/log/nginx/error.log;' - backrefs: true - notify: common | Restart Nginx - -- name: Install Nginx log config - copy: - src: 'files/nginx/syslog.conf' - dest: '{{ common__nginx__confd_dir }}/syslog.conf' - mode: 'u=rw,go=r' - owner: root - group: root - notify: common | Restart Nginx - -- name: Remove Nginx default site - file: - state: absent - path: '{{ common__nginx__enabled_dir }}/default' - when: common__nginx__remove_default|bool - notify: common | Restart Nginx - -- name: Add Nginx upstreams - template: - src: 'templates/nginx/upstream.conf' - dest: '{{ common__nginx__confd_dir }}/upstream-{{ item.name }}.conf' - mode: 'u=rw,go=r' - owner: root - group: root - with_items: '{{ common__nginx__upstreams }}' - notify: common | Restart Nginx - -- name: Add Nginx sites - template: - src: 'templates/nginx/{{ item.type }}.conf' - dest: '{{ common__nginx__available_dir }}/{{ item.domain }}.conf' - mode: 'u=rw,go=r' - owner: root - group: root - with_items: '{{ common__nginx__sites }}' - notify: common | Restart Nginx - -- name: Enable Nginx sites - file: - state: link - src: '{{ common__nginx__available_dir }}/{{ item.domain }}.conf' - dest: '{{ common__nginx__enabled_dir }}/{{ item.domain }}.conf' - owner: root - group: root - with_items: '{{ common__nginx__sites }}' - notify: common | Restart Nginx diff --git a/tasks/nginx/purge.yml b/tasks/nginx/purge.yml deleted file mode 100644 index 61f3c7c..0000000 --- a/tasks/nginx/purge.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Purge Nginx - apt: - state: absent - purge: true - name: - - nginx - - nginx-common - - nginx-core - -- name: Delete Nginx configuration - file: - state: absent - path: '{{ common__nginx__conf_dir }}' diff --git a/tasks/nginx/remove.yml b/tasks/nginx/remove.yml deleted file mode 100644 index 5b59471..0000000 --- a/tasks/nginx/remove.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -- name: Uninstall Nginx - apt: - state: absent - purge: false - name: - - nginx - - nginx-common - - nginx-core diff --git a/templates/nginx/listing.conf b/templates/nginx/listing.conf deleted file mode 100644 index ec93030..0000000 --- a/templates/nginx/listing.conf +++ /dev/null @@ -1,27 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name {{ item.domain }}; - - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name {{ item.domain }}; - - ssl_certificate {{ item.cert }}; - ssl_certificate_key {{ item.key }}; - - include {{ item.ssl_conf }}; - - root {{ item.root }}; - - try_files $uri $uri/ =404; - - charset utf-8; - autoindex on; -} diff --git a/templates/nginx/origin.conf b/templates/nginx/origin.conf deleted file mode 100644 index f891d7e..0000000 --- a/templates/nginx/origin.conf +++ /dev/null @@ -1,53 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name {{ item.domain }}; - - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name {{ item.domain }}; - - ssl_certificate {{ item.cert }}; - ssl_certificate_key {{ item.key }}; - - include {{ item.ssl_conf }}; - - root {{ item.root }}; - - try_files $uri/index.html $uri @origin; - - location @origin { - proxy_cache_bypass $http_upgrade; - proxy_http_version 1.1; - proxy_redirect off; - -{% if item.external %} - proxy_set_header Connection "upgrade"; - proxy_set_header HOST $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; -{% else %} - proxy_set_header Connection "upgrade"; - proxy_set_header HOST $http_host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Forwarded-For $http_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; -{% endif %} - - proxy_pass http://{{ item.upstream }}; - } - - error_page 500 502 503 504 /500.html; - client_max_body_size 4G; - keepalive_timeout 10; -} diff --git a/templates/nginx/proxy.conf b/templates/nginx/proxy.conf deleted file mode 100644 index 1071fef..0000000 --- a/templates/nginx/proxy.conf +++ /dev/null @@ -1,59 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name {{ item.domain }}; - - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name {{ item.domain }}; - - ssl_certificate {{ item.cert }}; - ssl_certificate_key {{ item.key }}; - - include {{ item.ssl_conf }}; - - ssl_verify_client optional; - ssl_client_certificate {{ item.clnt_ca }}; - - proxy_cache_bypass $http_upgrade; - proxy_http_version 1.1; - proxy_redirect off; - - proxy_set_header Connection "upgrade"; - proxy_set_header HOST $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Port $server_port; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - - location / { - recursive_error_pages on; - - error_page 418 = @no_crt; - error_page 419 = @with_crt; - - if ($ssl_client_verify != SUCCESS) { - return 418; - } - - if ($ssl_client_verify = SUCCESS) { - return 419; - } - } - - location @no_crt { - proxy_pass https://{{ item.no_crt }}; - } - - location @with_crt { - proxy_pass https://{{ item.with_crt }}; - } -} diff --git a/templates/nginx/raw.conf b/templates/nginx/raw.conf deleted file mode 100644 index 37774b9..0000000 --- a/templates/nginx/raw.conf +++ /dev/null @@ -1 +0,0 @@ -{{ item.content }} diff --git a/templates/nginx/redirect.conf b/templates/nginx/redirect.conf deleted file mode 100644 index 52d0a69..0000000 --- a/templates/nginx/redirect.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen 80; - listen [::]:80; - - server_name {{ item.domain }}; - - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl; - listen [::]:443 ssl; - - server_name {{ item.domain }}; - - ssl_certificate {{ item.cert }}; - ssl_certificate_key {{ item.key }}; - - include {{ item.ssl_conf }}; - - return 301 https://{{ item.redir_to }}$request_uri; -} diff --git a/templates/nginx/upstream.conf b/templates/nginx/upstream.conf deleted file mode 100644 index bc6e504..0000000 --- a/templates/nginx/upstream.conf +++ /dev/null @@ -1,5 +0,0 @@ -upstream {{ item.name }} { -{% for server in item.servers %} - server {{ server }}; -{% endfor %} -} diff --git a/vars/main.yml b/vars/main.yml index 61bf36e..efc5813 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -6,12 +6,6 @@ common__certbot__conf_nginx: '{{ common__certbot__conf_dir }}/options-ssl-nginx. common__certbot__archive_dir: '{{ common__certbot__conf_dir }}/archive' common__certbot__live_dir: '{{ common__certbot__conf_dir }}/live' -common__nginx__conf_dir: '/etc/nginx' -common__nginx__confd_dir: '{{ common__nginx__conf_dir }}/conf.d' -common__nginx__available_dir: '{{ common__nginx__conf_dir }}/sites-available' -common__nginx__enabled_dir: '{{ common__nginx__conf_dir }}/sites-enabled' -common__nginx__snippets_dir: '{{ common__nginx__conf_dir }}/snippets' - common__certbot__nginx_ssl_ciphers: - 'ECDHE-ECDSA-AES128-GCM-SHA256' - 'ECDHE-RSA-AES128-GCM-SHA256'