From 6de385021dbdc2c017a2dc11d39a90ab88e5223d Mon Sep 17 00:00:00 2001 From: Alan Orth Date: Mon, 30 Jan 2017 15:43:03 +0200 Subject: [PATCH] roles/nginx: Updates to accomodate Debian 9 (stretch) There are currently no nginx.org builds for Debian 9, so we need to use the package from Debian's repository. This package provides a www-data user and group instead of an nginx one. We can revert some of this after Debian 9 is released and official builds come from nginx.org (though it might be useful to keep the main nginx.conf as a template). --- roles/nginx/tasks/main.yml | 24 +++++++++++++++++-- roles/nginx/tasks/vhosts.yml | 14 ++++++++++- .../nginx.conf => templates/nginx.conf.j2} | 0 3 files changed, 35 insertions(+), 3 deletions(-) rename roles/nginx/{files/nginx.conf => templates/nginx.conf.j2} (100%) diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 790e35d..8500c3e 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -1,9 +1,18 @@ --- +# There is no nginx.org build for Debian 9 (stretch) yet, so we will use the +# builds in Debian's own repositories for now. This creates a few problems +# in this playbook, and we need to remember to undo these workarounds when +# the Debian stretch builds become available. +# +# See: https://nginx.org/packages/mainline/debian/dists/ + - name: Add nginx.org apt signing key + when: ansible_distribution_major_version | version_compare('9', '!=') apt_key: id=0x573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 url=https://nginx.org/keys/nginx_signing.key state=present tags: nginx, packages - name: Add nginx.org repo + when: ansible_distribution_major_version | version_compare('9', '!=') template: src=nginx_org_sources.list.j2 dest=/etc/apt/sources.list.d/nginx_org_sources.list owner=root group=root mode=0644 tags: nginx, packages @@ -11,12 +20,17 @@ apt: pkg=nginx update_cache=yes state=latest tags: nginx, packages -- name: Copy nginx configs +- name: Copy nginx.conf + template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf mode=0644 owner=root group=root + notify: + - reload nginx + tags: nginx + +- name: Copy extra nginx configs copy: src={{ item }} dest=/etc/nginx/{{ item }} mode=0644 owner=root group=root with_items: - extra-security.conf - fastcgi_cache - - nginx.conf notify: - reload nginx tags: nginx @@ -26,9 +40,15 @@ tags: nginx - name: Create fastcgi cache dir + when: ansible_distribution_major_version | version_compare('9', '!=') file: path=/var/cache/nginx/cached/fastcgi state=directory owner=nginx group=nginx mode=0755 tags: nginx +- name: Create fastcgi cache dir + when: ansible_distribution_major_version | version_compare('9', '==') + file: path=/var/cache/nginx/cached/fastcgi state=directory owner=www-data group=www-data mode=0755 + tags: nginx + - include: vhosts.yml when: nginx_vhosts is defined tags: nginx diff --git a/roles/nginx/tasks/vhosts.yml b/roles/nginx/tasks/vhosts.yml index 77a5511..a892f14 100644 --- a/roles/nginx/tasks/vhosts.yml +++ b/roles/nginx/tasks/vhosts.yml @@ -17,9 +17,15 @@ - reload nginx - name: Create vhost document roots + when: ansible_distribution_major_version | version_compare('9', '!=') file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory mode=0755 owner=nginx group=nginx with_items: "{{ nginx_vhosts }}" +- name: Create vhost document roots + when: ansible_distribution_major_version | version_compare('9', '==') + file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory mode=0755 owner=www-data group=www-data + with_items: "{{ nginx_vhosts }}" + - name: Install WordPress git: repo=https://github.com/WordPress/WordPress.git dest={{ nginx_root_prefix }}/{{ item.domain_name }}/wordpress version={{ item.wordpress_version }} depth=1 force=yes when: item.has_wordpress is defined and item.has_wordpress == True @@ -28,7 +34,13 @@ - name: Fix WordPress directory permissions file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory owner=nginx group=nginx recurse=yes - when: item.has_wordpress is defined and item.has_wordpress == True + when: item.has_wordpress is defined and item.has_wordpress == True and ansible_distribution_major_version | version_compare('9', '!=') + with_items: "{{ nginx_vhosts }}" + tags: wordpress + +- name: Fix WordPress directory permissions + file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory owner=www-data group=www-data recurse=yes + when: item.has_wordpress is defined and item.has_wordpress == True and ansible_distribution_major_version | version_compare('9', '==') with_items: "{{ nginx_vhosts }}" tags: wordpress diff --git a/roles/nginx/files/nginx.conf b/roles/nginx/templates/nginx.conf.j2 similarity index 100% rename from roles/nginx/files/nginx.conf rename to roles/nginx/templates/nginx.conf.j2