├── tests ├── inventory ├── ansible.cfg ├── build.sh ├── test.yml └── build.yml ├── vars └── main.yml ├── handlers └── main.yml ├── files └── nginx.repo ├── pre-commit ├── defaults └── main.yml ├── .gitignore ├── meta ├── container.yml └── main.yml ├── AUTHORS ├── .mailmap ├── update-authors.py ├── templates └── nginx.conf.j2 ├── .travis.yml ├── README.md └── tasks └── main.yml /tests/inventory: -------------------------------------------------------------------------------- 1 | localhost 2 | 3 | 4 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # vars file for nginx-container 3 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # handlers file for nginx-container 3 | -------------------------------------------------------------------------------- /files/nginx.repo: -------------------------------------------------------------------------------- 1 | [nginx] 2 | name=nginx repo 3 | baseurl=http://nginx.org/packages/centos/7/x86_64/ 4 | gpgcheck=0 5 | enabled=1 6 | -------------------------------------------------------------------------------- /pre-commit: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copy this script to .git/hooks/pre-commit 4 | # 5 | 6 | python update-authors.py > AUTHORS 7 | git add AUTHORS 8 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | STATIC_ROOT: /static 3 | PIDFILE_DIR: /run/nginx 4 | ASSET_PATHS: [] 5 | PROXY: no 6 | PROXY_PASS: "" 7 | PROXY_LOCATION: "" 8 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea/ 2 | *.out 3 | *.retry 4 | ansible/ 5 | tests/ansible-requirements.txt 6 | tests/container.yml 7 | tests/meta.yml 8 | tests/requirements.yml 9 | -------------------------------------------------------------------------------- /meta/container.yml: -------------------------------------------------------------------------------- 1 | from: 'centos:7' 2 | ports: 3 | - 8000:8000 4 | user: 'nginx' 5 | command: ['/usr/bin/dumb-init', 'nginx', '-c', '/etc/nginx/nginx.conf'] 6 | -------------------------------------------------------------------------------- /tests/ansible.cfg: -------------------------------------------------------------------------------- 1 | # Set any ansible.cfg overrides in this file. 2 | # See: https://docs.ansible.com/ansible/intro_configuration.html#explanation-of-values-by-section 3 | -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | This project has been contribued to by the following authors: 2 | This list is automatically generated - please file an issue for corrections) 3 | 4 | Chris Houseknecht 5 | Joshua "jag" Ginsberg 6 | -------------------------------------------------------------------------------- /.mailmap: -------------------------------------------------------------------------------- 1 | Chris Houseknecht 2 | Chris Houseknecht chouseknecht 3 | Chris Houseknecht chouseknecht 4 | Joshua "jag" Ginsberg 5 | -------------------------------------------------------------------------------- /tests/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ansible-playbook build.yml 4 | grep failed=0 build.out | grep unreachable=0 >/dev/null 5 | 6 | if [ "$?" == "0" ]; then 7 | # if all looks good, give it a go 8 | echo "Build completed successfully. Starting the project..." 9 | ansible-container run -d --production 10 | else 11 | cat build.out 12 | fi 13 | -------------------------------------------------------------------------------- /tests/test.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - hosts: localhost 3 | gather_facts: no 4 | connection: local 5 | vars: 6 | docker_host: 0.0.0.0 7 | tasks: 8 | 9 | - name: Wait for nginx to be ready 10 | wait_for: 11 | host: "{{ docker_host }}" 12 | port: 8000 13 | delay: 5 14 | timeout: 20 15 | 16 | - name: Query the home page 17 | uri: 18 | url: "http://{{ docker_host }}:8000" 19 | return_content: yes 20 | register: output 21 | 22 | - name: Show output 23 | debug: 24 | var: output 25 | 26 | - name: Should see server name 27 | assert: 28 | that: "'nginx' in output.content" 29 | 30 | -------------------------------------------------------------------------------- /tests/build.yml: -------------------------------------------------------------------------------- 1 | - name: Build the project 2 | hosts: localhost 3 | connection: local 4 | gather_facts: no 5 | tasks: 6 | 7 | - name: Remove output file 8 | file: 9 | path: "{{ item }}" 10 | state: absent 11 | with_items: 12 | - build.out 13 | - container.yml 14 | - requirements.yml 15 | - meta.yml 16 | - ansible-requirements.txt 17 | 18 | - name: Init the ansible directory 19 | command: ansible-container init 20 | 21 | - name: Build the conductor 22 | command: ansible-container build 23 | 24 | - name: Install this role with latest commit 25 | shell: "ansible-container install git+https://github.com/ansible/nginx-container.git,$(git rev-parse HEAD)" 26 | 27 | #- name: Build the project 28 | # shell: ansible-container --debug build 2>&1 | tee -a build.out 29 | # ignore_errors: yes 30 | 31 | -------------------------------------------------------------------------------- /update-authors.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # -*- coding: utf-8 -*- 3 | 4 | from __future__ import absolute_import, print_function 5 | 6 | import logging 7 | 8 | logger = logging.getLogger(__name__) 9 | 10 | import subprocess 11 | from collections import defaultdict 12 | 13 | user_scores = defaultdict(int) 14 | 15 | git_log = subprocess.check_output("git log --shortstat --no-merges --pretty='%aN <%aE>'", 16 | shell=True) 17 | log_entries = git_log.strip().split('\n') 18 | while log_entries: 19 | author = log_entries.pop(0) 20 | _ = log_entries.pop(0) 21 | commit_line = log_entries.pop(0) 22 | commit_parts = [s.strip() for s in commit_line.split(', ')] 23 | commit_data = {'files': 0, 'insertions': 0, 'deletions': 0} 24 | for clause in commit_parts: 25 | count, action = clause.split(' ', 1) 26 | if action.endswith('(+)'): 27 | user_scores[author] += int(count) 28 | elif action.endswith('(-)'): 29 | user_scores[author] += int(count) 30 | else: 31 | user_scores[author] += int(count) 32 | 33 | sorted_user_scores = sorted(user_scores.items(), key=lambda tpl: tpl[1], reverse=True) 34 | 35 | print("This project has been contribued to by the following authors:\n" 36 | "This list is automatically generated - please file an issue for corrections)\n") 37 | for author, _ in sorted_user_scores: 38 | print(author) 39 | -------------------------------------------------------------------------------- /templates/nginx.conf.j2: -------------------------------------------------------------------------------- 1 | daemon off; 2 | worker_processes auto; 3 | pid {{ PIDFILE_DIR }}/nginx.pid; 4 | 5 | events { 6 | worker_connections 1024; 7 | } 8 | 9 | http { 10 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 11 | '$status $body_bytes_sent "$http_referer" ' 12 | '"$http_user_agent" "$http_x_forwarded_for"'; 13 | 14 | sendfile on; 15 | tcp_nopush on; 16 | tcp_nodelay on; 17 | keepalive_timeout 65; 18 | types_hash_max_size 2048; 19 | 20 | include /etc/nginx/mime.types; 21 | default_type application/octet-stream; 22 | 23 | # Load modular configuration files from the /etc/nginx/conf.d directory. 24 | # See http://nginx.org/en/docs/ngx_core_module.html#include 25 | # for more information. 26 | include /etc/nginx/conf.d/*.conf; 27 | 28 | server { 29 | listen 8000 default_server; 30 | listen [::]:8000 default_server; 31 | server_name _; 32 | root {{ STATIC_ROOT }}; 33 | 34 | # Load configuration files for the default server block. 35 | include /etc/nginx/default.d/*.conf; 36 | 37 | location /static/ { 38 | root /; 39 | } 40 | 41 | {% if PROXY %} 42 | location {{ PROXY_LOCATION }} { 43 | proxy_pass_header Server; 44 | proxy_set_header Host $http_host; 45 | proxy_redirect off; 46 | proxy_set_header X-Real-IP $remote_addr; 47 | proxy_set_header X-Scheme $scheme; 48 | proxy_connect_timeout 10; 49 | proxy_read_timeout 10; 50 | proxy_pass {{ PROXY_PASS }}; 51 | } 52 | {% endif %} 53 | 54 | error_page 404 /40x.html; 55 | error_page 500 502 503 504 /50x.html; 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: python 2 | dist: trusty 3 | sudo: required 4 | group: edge 5 | 6 | services: 7 | - docker 8 | before_install: 9 | - sudo apt-add-repository 'deb http://archive.ubuntu.com/ubuntu trusty-backports universe' 10 | - sudo apt-get update -qq 11 | install: 12 | - pip install -e git+https://github.com/ansible/ansible-container.git@develop#egg=ansible_container[docker] 13 | - pip install ansible 14 | script: 15 | - docker version 16 | - docker-compose version 17 | - docker info 18 | - mkdir -p tests 19 | - cd tests 20 | 21 | # Init the project 22 | - ansible-container init 23 | 24 | # Build the conductor image 25 | - ansible-container build 26 | 27 | - echo "Installing and testing git+https://github.com/${TRAVIS_REPO_SLUG},${TRAVIS_COMMIT}" 28 | - ansible-container install git+https://github.com/${TRAVIS_REPO_SLUG},${TRAVIS_COMMIT} 29 | 30 | # Build the service 31 | - ansible-container build 32 | 33 | # Run the service and test it 34 | - ansible-container run --production 35 | - docker ps 36 | - docker logs tests_nginx-container_1 37 | - ansible-playbook -i inventory test.yml 38 | 39 | notifications: 40 | email: false 41 | webhooks: https://galaxy.ansible.com/api/v1/notifications/ 42 | slack: 43 | rooms: 44 | secure: ladYz8T4gLynD8rkjomfBR283Kvq1U9DB91HZ95AYd6CnQnRi0xkFZFw8B8VdPic/47vGJVNfHKQ09W22myqxvLcUtz4R5NUI7983VnKouG7rY7Qo/WKCqUyCTmLwZYqkQo1b6aShWGJYZ5BWOKw1s2t+GGuiPaxyey2a4JRb2liFKw54Elhuy4tuLeFIldafWHMeyNtk+r3WfYcQ0KHFbMg0cnEPsOh5jnFbVittL76X29QBgJ6WllK+z+dhX/1bDhKbObf1HglV7TqevRRfwmdmtvswCDBTplQZoZjdglPkMz+1f8VyWTuDSf66Eol1SiInaqZG8ZjBrF/W385nHl4wFoxtpWOFvDbqiTihGUm+2DmzJraqyDJnuE25w02OB3vkNHNXLrj1S3V7s2i7wsQw77vr7nXylLJK3VrPgG2LDm6JWpPZSs7y4NLMHKnvOM2xS1p+BuBol3a5qWaIOP1IBm3BXhYBCgIEvqe26wu8WJZuDs+BCofIDpezignTeOj5R3EncZkY8mfDvbTF7AURdOQm2I9CVpvpgMik3loBLUDOEnWBd/wcF2MUBKwzOfbCTK3sjFHLe2JJ0bWFaYEE29cS527tzrYEWDePKtdYyGtdqUYau9J4AC/V3/KdABppyTdU1nx9Mh3iN0YvnqTBVS+SMf+3rLQOZL6pwY= 45 | on_success: change 46 | on_failure: always 47 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | [![Build Status](https://travis-ci.org/ansible/nginx-container.svg?branch=master)](https://travis-ci.org/ansible/nginx-container) 2 | 3 | # nginx-container 4 | 5 | Adds an nginx service to your [Ansible Container](https://github.com/ansible/ansible-container) project. Run the following commands 6 | to install the service: 7 | 8 | ``` 9 | # Set the working directory to your Ansible Container project root 10 | $ cd myproject 11 | 12 | # Install the service 13 | $ ansible-container install ansible.nginx-container 14 | ``` 15 | 16 | ## Requirements 17 | 18 | - [Ansible Container](https://github.com/ansible/ansible-container) 19 | - An existing Ansible Container project. To create a project, simply run the following: 20 | ``` 21 | # Create an empty project directory 22 | $ mkdir myproject 23 | 24 | # Set the working directory to the new directory 25 | $ cd myproject 26 | 27 | # Initialize the project 28 | $ ansible-contiainer init 29 | ``` 30 | 31 | ## Role Variables 32 | 33 | STATIC_ROOT: /static 34 | > Path to static content to be served by nginx. 35 | 36 | PIDFILE_DIR: /run/nginx 37 | > Path where nginx will store the current PID value. 38 | 39 | ASSET_PATHS: [] 40 | > List of paths from which static content will be copied. Content will be copied to {{ STATIC_ROOT }}. 41 | 42 | > *NOTE* paths must be valid within the Ansible build container. If you're copying source files, mount the source 43 | directory to the build container using --with-volumes. 44 | 45 | PROXY: no 46 | > When using this role as part of the demo app, nginx needs to proxy the django service, in which case set this to 'yes'. 47 | 48 | PROXY_PASS: "" 49 | > The address of the backend server accepting the proxied requests. For example: `http://django:8080` 50 | 51 | PROXY_LOCATION: "" 52 | > A string containing an optional modifier and a matching pattern. Requests that contain the matching pattern are forwarded to the PROXY_PASS address. For example,`~* /(api|static)` will forward requests that start with `/api` ro `/static`. 53 | 54 | ## Dependencies 55 | 56 | None. 57 | 58 | ## Contributing 59 | 60 | For convenience, as you're working on changes to this role, you can test by using the following workflow: 61 | 62 | ``` 63 | # Commit your changes 64 | $ git commit -m 65 | 66 | # Push your changes 67 | $ git push 68 | 69 | # Set the working directory to tests 70 | $ cd tests 71 | 72 | # Run a build that installs the role at the most recent commit 73 | $ ./build.sh 74 | ``` 75 | 76 | A couple of notes: 77 | 78 | - You must `git push` your changes in order for the build to pick them up. 79 | - Modify build.sh to point to your fork of this role. 80 | - If all goes well, and the build succeeds, the container built from your latest commit will be running in the background. 81 | - The running container will publish port 8000:8000, so if you point a browser to [http://localhost:8000](http://localhost:8000), you should see the dfault nginx page . 82 | 83 | ## License 84 | 85 | Apache v2 86 | 87 | ## Author Information 88 | 89 | See [AUTHORS](./AUTHORS) for a list of contributors. Thanks everyone! 90 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Install epel-release 4 | yum: 5 | name: epel-release 6 | state: present 7 | 8 | - name: Install nginx 9 | yum: 10 | name: "{{ item }}" 11 | state: latest 12 | with_items: 13 | - nginx 14 | - rsync 15 | 16 | - name: Install dumb init 17 | get_url: 18 | url: https://github.com/Yelp/dumb-init/releases/download/v1.2.0/dumb-init_1.2.0_amd64 19 | dest: /usr/bin/dumb-init 20 | owner: root 21 | group: root 22 | mode: 0775 23 | 24 | - name: Update nginx user 25 | user: 26 | name: nginx 27 | uid: 1000 28 | group: root 29 | createhome: no 30 | 31 | - name: Put nginx config 32 | template: 33 | src: nginx.conf.j2 34 | dest: /etc/nginx/nginx.conf 35 | owner: root 36 | group: root 37 | mode: 0664 38 | 39 | - name: Create directories, if they don't exist 40 | file: 41 | path: "{{ item }}" 42 | state: directory 43 | owner: root 44 | group: root 45 | mode: 0775 46 | with_items: 47 | - "{{ STATIC_ROOT }}" 48 | - "{{ PIDFILE_DIR }}" 49 | - /var/log/nginx 50 | - /var/lib/nginx 51 | 52 | - name: Clear log files 53 | file: 54 | path: "/var/log/nginx/{{ item }}" 55 | state: absent 56 | with_items: 57 | - access.log 58 | - error.log 59 | 60 | - name: Make directories owned by nginx:root 61 | command: chown nginx:root {{ item }} 62 | with_items: 63 | - "{{ STATIC_ROOT }}" 64 | - "{{ PIDFILE_DIR }}" 65 | - /var/log/nginx 66 | - /var/lib/nginx 67 | 68 | - name: Make directories writable by root group 69 | command: chmod 775 {{ item }} 70 | with_items: 71 | - /var 72 | - /var/log 73 | - /var/lib 74 | 75 | - name: Make directories writable to nginx:root 76 | command: chmod 775 {{ item }} 77 | with_items: 78 | - "{{ STATIC_ROOT }}" 79 | - "{{ PIDFILE_DIR }}" 80 | - /var/log/nginx 81 | - /var/lib/nginx 82 | 83 | - name: Link log files to stdout 84 | command: "ln -sf /dev/stdout /var/log/nginx/{{ item }}" 85 | with_items: 86 | - access.log 87 | - error.log 88 | 89 | - name: Remove /var/cache/nginx, if it exists 90 | file: 91 | path: /var/cache/nginx 92 | state: absent 93 | 94 | - name: Create /var/cache/nginx 95 | file: 96 | path: /var/cache/nginx/client_temp 97 | state: directory 98 | owner: nginx 99 | group: root 100 | mode: 0775 101 | recurse: yes 102 | 103 | - name: Create tmp directories with correct permissions 104 | file: 105 | path: "/var/lib/nginx/{{ item }}" 106 | state: directory 107 | owner: nginx 108 | group: root 109 | mode: 0775 110 | with_items: 111 | - tmp 112 | - tmp/client_body 113 | - tmp/fastcgi 114 | - tmp/proxy 115 | - tmp/scgi 116 | - tmp/uwsgi 117 | 118 | - name: Put static assets 119 | synchronize: 120 | src: "{{ item }}/" 121 | dest: "{{ STATIC_ROOT }}/" 122 | rsync_opts: --checksum 123 | with_items: "{{ ASSET_PATHS }}" 124 | remote_user: nginx 125 | 126 | - name: Itemize default nginx static assets 127 | find: 128 | paths: /usr/share/nginx/html 129 | recurse: yes 130 | register: default_assets 131 | 132 | - name: Copy default content when no static assets 133 | copy: 134 | src: "{{ item.path }}" 135 | dest: "{{ STATIC_ROOT }}" 136 | remote_src: yes 137 | owner: nginx 138 | group: root 139 | mode: 0664 140 | with_items: "{{ default_assets.files }}" 141 | when: "ASSET_PATHS | length == 0" 142 | 143 | - name: Clean yum cache 144 | command: yum clean all 145 | 146 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | galaxy_info: 2 | author: j00bar 3 | description: nginx for Ansible Container 4 | company: Ansible 5 | 6 | # If the issue tracker for your role is not on github, uncomment the 7 | # next line and provide a value 8 | # issue_tracker_url: http://example.com/issue/tracker 9 | 10 | # Some suggested licenses: 11 | # - BSD (default) 12 | # - MIT 13 | # - GPLv2 14 | # - GPLv3 15 | # - Apache 16 | # - CC-BY 17 | license: license (GPLv2, CC-BY, etc) 18 | 19 | min_ansible_version: 2.1 20 | 21 | # Optionally specify the branch Galaxy will use when accessing the GitHub 22 | # repo for this role. During role install, if no tags are available, 23 | # Galaxy will use this branch. During import Galaxy will access files on 24 | # this branch. If travis integration is cofigured, only notification for this 25 | # branch will be accepted. Otherwise, in all cases, the repo's default branch 26 | # (usually master) will be used. 27 | #github_branch: 28 | 29 | # 30 | # Below are all platforms currently available. Just uncomment 31 | # the ones that apply to your role. If you don't see your 32 | # platform on this list, let us know and we'll get it added! 33 | # 34 | platforms: 35 | - name: EL 36 | versions: 37 | - 7 38 | #- name: GenericUNIX 39 | # versions: 40 | # - all 41 | # - any 42 | #- name: OpenBSD 43 | # versions: 44 | # - all 45 | # - 5.6 46 | # - 5.7 47 | # - 5.8 48 | # - 5.9 49 | # - 6.0 50 | #- name: Fedora 51 | # versions: 52 | # - all 53 | # - 16 54 | # - 17 55 | # - 18 56 | # - 19 57 | # - 20 58 | # - 21 59 | # - 22 60 | # - 23 61 | #- name: opensuse 62 | # versions: 63 | # - all 64 | # - 12.1 65 | # - 12.2 66 | # - 12.3 67 | # - 13.1 68 | # - 13.2 69 | #- name: MacOSX 70 | # versions: 71 | # - all 72 | # - 10.10 73 | # - 10.11 74 | # - 10.12 75 | # - 10.7 76 | # - 10.8 77 | # - 10.9 78 | #- name: IOS 79 | # versions: 80 | # - all 81 | # - any 82 | #- name: Solaris 83 | # versions: 84 | # - all 85 | # - 10 86 | # - 11.0 87 | # - 11.1 88 | # - 11.2 89 | # - 11.3 90 | #- name: SmartOS 91 | # versions: 92 | # - all 93 | # - any 94 | #- name: eos 95 | # versions: 96 | # - all 97 | # - Any 98 | #- name: Windows 99 | # versions: 100 | # - all 101 | # - 2012R2 102 | #- name: Amazon 103 | # versions: 104 | # - all 105 | # - 2013.03 106 | # - 2013.09 107 | #- name: GenericBSD 108 | # versions: 109 | # - all 110 | # - any 111 | #- name: Junos 112 | # versions: 113 | # - all 114 | # - any 115 | #- name: FreeBSD 116 | # versions: 117 | # - all 118 | # - 10.0 119 | # - 10.1 120 | # - 10.2 121 | # - 10.3 122 | # - 8.0 123 | # - 8.1 124 | # - 8.2 125 | # - 8.3 126 | # - 8.4 127 | # - 9.0 128 | # - 9.1 129 | # - 9.1 130 | # - 9.2 131 | # - 9.3 132 | #- name: Ubuntu 133 | # versions: 134 | # - all 135 | # - lucid 136 | # - maverick 137 | # - natty 138 | # - oneiric 139 | # - precise 140 | # - quantal 141 | # - raring 142 | # - saucy 143 | # - trusty 144 | # - utopic 145 | # - vivid 146 | # - wily 147 | # - xenial 148 | #- name: SLES 149 | # versions: 150 | # - all 151 | # - 10SP3 152 | # - 10SP4 153 | # - 11 154 | # - 11SP1 155 | # - 11SP2 156 | # - 11SP3 157 | # - 11SP4 158 | # - 12 159 | # - 12SP1 160 | #- name: GenericLinux 161 | # versions: 162 | # - all 163 | # - any 164 | #- name: NXOS 165 | # versions: 166 | # - all 167 | # - any 168 | #- name: Debian 169 | # versions: 170 | # - all 171 | # - etch 172 | # - jessie 173 | # - lenny 174 | # - sid 175 | # - squeeze 176 | # - stretch 177 | # - wheezy 178 | 179 | galaxy_tags: ['container'] 180 | # List tags for your role here, one per line. A tag is 181 | # a keyword that describes and categorizes the role. 182 | # Users find roles by searching for tags. Be sure to 183 | # remove the '[]' above if you add tags to this list. 184 | # 185 | # NOTE: A tag is limited to a single word comprised of 186 | # alphanumeric characters. Maximum 20 tags per role. 187 | 188 | dependencies: [] 189 | # List your role dependencies here, one per line. 190 | # Be sure to remove the '[]' above if you add dependencies 191 | # to this list. 192 | --------------------------------------------------------------------------------