From 7e08fb66f785d3c291f920e07531150f109b35a0 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Mon, 18 Jul 2022 18:08:21 -0500 Subject: [PATCH] r/nginx: Fix applying on Buildroot systems There are a few minor differences between the way Fedora and Buildroot package *nginx*: * Fedora uses a user named *nginx* while buildroot uses *www-data* * Buildroot uses a Debian-like configuration layout (with `sites-enabled` and `modules-enabled` directories) This commit adjusts the *nginx* Ansible role to compensate for these differences, eschewing Buildroot's configuration layout for the one used by Fedora/Red Hat. --- roles/nginx/tasks/main.yml | 12 ++++++++++++ roles/nginx/templates/nginx.conf.j2 | 2 +- roles/nginx/vars/CentOS-8.yml | 1 + roles/nginx/vars/Fedora.yml | 1 + roles/nginx/vars/defaults.yml | 1 + 5 files changed, 16 insertions(+), 1 deletion(-) diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 02fae83..9005f3a 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -55,6 +55,17 @@ - 'certs/nginx/{{ inventory_hostname }}/ca.crt' notify: reload nginx +- name: ensure nginx configuration directories exist + file: + path: '{{ item }}' + mode: u=rwx,go=rx + owner: root + group: root + state: directory + loop: + - /etc/nginx + - /etc/nginx/conf.d + - /etc/nginx/default.d - name: ensure nginx is configured template: src: nginx.conf.j2 @@ -70,6 +81,7 @@ state: enabled permanent: no immediate: yes + when: host_uses_firewalld|d(true) with_items: - http - https diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2 index d34f3f9..5b3f8b7 100644 --- a/roles/nginx/templates/nginx.conf.j2 +++ b/roles/nginx/templates/nginx.conf.j2 @@ -2,7 +2,7 @@ # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ -user nginx; +user {{ nginx_user }}; worker_processes auto; error_log /var/log/nginx/error.log; {% if nginx_log_syslog|bool %} diff --git a/roles/nginx/vars/CentOS-8.yml b/roles/nginx/vars/CentOS-8.yml index 20e09a9..1cec9dd 100644 --- a/roles/nginx/vars/CentOS-8.yml +++ b/roles/nginx/vars/CentOS-8.yml @@ -1,2 +1,3 @@ +nginx_user: nginx nginx_default_ssl_ciphers: - PROFILE=SYSTEM diff --git a/roles/nginx/vars/Fedora.yml b/roles/nginx/vars/Fedora.yml index 20e09a9..1cec9dd 100644 --- a/roles/nginx/vars/Fedora.yml +++ b/roles/nginx/vars/Fedora.yml @@ -1,2 +1,3 @@ +nginx_user: nginx nginx_default_ssl_ciphers: - PROFILE=SYSTEM diff --git a/roles/nginx/vars/defaults.yml b/roles/nginx/vars/defaults.yml index f2447c7..bff7f43 100644 --- a/roles/nginx/vars/defaults.yml +++ b/roles/nginx/vars/defaults.yml @@ -1,3 +1,4 @@ +nginx_user: www-data nginx_default_ssl_ciphers: - HIGH - '!aNULL'