initial commit

.travis.yml

+---
+language: python
+python: "2.7"
+
+# Use the new container infrastructure
+sudo: false
+
+# Install ansible
+addons:
+  apt:
+    packages:
+    - python-pip
+
+install:
+  # Install ansible
+  - pip install ansible
+
+  # Check ansible version
+  - ansible --version
+
+  # Create ansible.cfg with correct roles_path
+  - printf '[defaults]\nroles_path=../' >ansible.cfg
+
+script:
+  # Basic role syntax check
+  - ansible-playbook tests/test.yml -i tests/inventory --syntax-check
+
+notifications:
+  webhooks: https://galaxy.ansible.com/api/v1/notifications/
\ No newline at end of file

defaults/main.yml

+fetch_directory: fetch/
+nginx_conf_template: nginx.conf.j2
+nginx_user: nginx
+nginx_worker_processes: auto
+nginx_worker_connections: 1024
+nginx_error_log_location: /var/log/nginx/error.log
+nginx_access_log_location: /var/log/nginx/access.log
+nginx_includes:
+close_http_port: false
+close_https_port: false
+
+# SELinux
+selinux_booleans_enable:       
+ - httpd_can_network_connect 
+ - httpd_can_sendmail
+                             

handlers/main.yml

+---
+- name: restart nginx
+  service: name=nginx state=restarted

meta/main.yml

+galaxy_info:
+  author: Eino Tuominen
+  description: nginx server with no default site
+  company: University of Turku

tasks/main.yml

+---
+- name: set OS dependent mysql-server variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - "{{ ansible_distribution }}-{{ ansible_distribution_major_version | int}}.yml"
+    - "{{ ansible_distribution }}.yml"
+    - "{{ ansible_os_family }}.yml"
+    - "default.yml"
+
+- name: install nginx
+  package: name=nginx state=installed
+
+- name: disable default site
+  file: path=/etc/nginx/sites-enabled/default state=absent
+  notify: restart nginx
+
+- name: enable nginx
+  service:
+    name: nginx
+    enabled: yes
+
+- name: configure nginx
+  template:
+    src: "{{ nginx_conf_template }}"
+    dest: /etc/nginx/nginx.conf
+    mode: 0644
+    owner: root
+    group: root
+    backup: yes
+  notify: restart nginx
+
+- name: Open https port                                                    
+  firewalld: service=https permanent=true immediate=true state=enabled     
+  when: not close_https_port                                               
+
+- name: Open http port                                                    
+  firewalld: service=http permanent=true immediate=true state=enabled     
+  when: not close_http_port                                               
+
+- name: set SElinux flags on                                     
+  seboolean: name={{ item }} state=yes persistent=yes            
+  with_items: "{{ selinux_booleans_enable }}"
+  when: ansible_distribution == "RedHat"

templates/nginx.conf-ubuntu.j2

+user www-data;
+worker_processes 4;
+pid /run/nginx.pid;
+
+events {
+	worker_connections 768;
+	# multi_accept on;
+}
+
+http {
+
+	##
+	# Basic Settings
+	##
+
+	sendfile on;
+	tcp_nopush on;
+	tcp_nodelay on;
+	keepalive_timeout 65;
+	types_hash_max_size 2048;
+	# server_tokens off;
+
+	# server_names_hash_bucket_size 64;
+	# server_name_in_redirect off;
+
+	include /etc/nginx/mime.types;
+	default_type application/octet-stream;
+
+	##
+	# Logging Settings
+	##
+
+	access_log /var/log/nginx/access.log;
+	error_log /var/log/nginx/error.log;
+
+	##
+	# Gzip Settings
+	##
+
+	gzip on;
+	gzip_disable "msie6";
+
+	# gzip_vary on;
+	# gzip_proxied any;
+	# gzip_comp_level 6;
+	# gzip_buffers 16 8k;
+	# gzip_http_version 1.1;
+	# gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+	##
+	# nginx-naxsi config
+	##
+	# Uncomment it if you installed nginx-naxsi
+	##
+
+	#include /etc/nginx/naxsi_core.rules;
+
+	##
+	# nginx-passenger config
+	##
+	# Uncomment it if you installed nginx-passenger
+	##
+	
+	#passenger_root /usr;
+	#passenger_ruby /usr/bin/ruby;
+
+	##
+	# Virtual Host Configs
+	##
+
+	include /etc/nginx/conf.d/*.conf;
+	include /etc/nginx/sites-enabled/*;
+}
+
+
+#mail {
+#	# See sample authentication script at:
+#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
+# 
+#	# auth_http localhost/auth.php;
+#	# pop3_capabilities "TOP" "USER";
+#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
+# 
+#	server {
+#		listen     localhost:110;
+#		protocol   pop3;
+#		proxy      on;
+#	}
+# 
+#	server {
+#		listen     localhost:143;
+#		protocol   imap;
+#		proxy      on;
+#	}
+#}

templates/nginx.conf.j2

+# {{ ansible_managed }}
+
+user {{ nginx_user }};
+worker_processes {{ nginx_worker_processes }};
+error_log {{ nginx_error_log_location }};
+pid /run/nginx.pid;
+
+events {
+    worker_connections {{ nginx_worker_connections }};
+}
+
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  {{ nginx_access_log_location }}  main;
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+
+    {% if nginx_includes %}
+    {% for include in nginx_includes %}
+    include {{ include }};
+    {% endfor %}
+    {% endif %}
+}
+

vars/Ubuntu.yml

+nginx_conf_template: nginx.conf-ubuntu.j2

vars/default.yml

+---