Improve templating

* Rename load_balancer block to reverse_proxy
* Clarify that the redirect variable refers to a http to https redirect
* Allow setting the listen port when using SSL
* Improve SSL defaults
* Allow setting http or https server locations in proxy_pass

Author: alessfg

README.md

@@ -321,7 +321,7 @@ nginx_main_template:
 # Enable creating dynamic templated NGINX HTTP configuration files.
 # Defaults will not produce a valid configuration. Instead they are meant to showcase
 # the options available for templating. Each key represents a new configuration file.
-# Comment out load_balancer or web_server depending on whether you wish to create a web server
+# Comment out reverse_proxy or web_server depending on whether you wish to create a web server
 # or load balancer configuration file.
 nginx_http_template_enable: false
 nginx_http_template:
@@ -332,7 +332,7 @@ nginx_http_template:
     port: 8081
     server_name: localhost
     error_page: /usr/share/nginx/html
-    redirect: false
+    https_redirect: false
     autoindex: false
     ssl:
       cert: ssl/default.crt
@@ -345,11 +345,11 @@ nginx_http_template:
           html_file_name: index.html
           autoindex: false
       http_demo_conf: false
-    load_balancer:
+    reverse_proxy:
       locations:
         backend:
           location: /
-          proxy_pass: backend
+          proxy_pass: http://backend
       health_check_plus: false
     upstreams:
       upstream1:
@@ -410,9 +410,6 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
     nginx_http_template_enable: true
     nginx_http_template:
       default:
-        template_file: http/default.conf.j2
-        conf_file_name: default.conf
-        conf_file_location: /etc/nginx/conf.d/
         port: 80
         server_name: localhost
         error_page: /usr/share/nginx/html
@@ -423,7 +420,6 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
               location: /
               html_file_location: /usr/share/nginx/html
               html_file_name: index.html
-              autoindex: false
 ```
 
 This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a localhost and installing the open source version of NGINX as a reverse proxy.
@@ -437,39 +433,40 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
   vars:
     nginx_http_template_enable: true
     nginx_http_template:
-    load_balancer:
-      locations:
-        frontend:
-          location: /
-          proxy_pass: frontend_servers
-        backend:
-          location: /backend
-          proxy_pass: backend_servers
-    upstreams:
-      upstream_1:
-        name: frontend_servers
-        lb_method: least_conn
-        zone_name: frontend
-        zone_size: 64k
-        sticky_cookie: false
-        servers:
-          frontend_server_1:
-            address: localhost
-            port: 80
-            weight: 1
-            health_check: max_fails=3 fail_timeout=5s
-      upstream_2:
-        name: backend_servers
-        lb_method: least_conn
-        zone_name: backend
-        zone_size: 64k
-        sticky_cookie: false
-        servers:
-          backend_server_1:
-            address: localhost
-            port: 8080
-            weight: 1
-            health_check: max_fails=3 fail_timeout=5s
+      default:
+        reverse_proxy:
+          locations:
+            frontend:
+              location: /
+              proxy_pass: http://frontend_servers
+            backend:
+              location: /backend
+              proxy_pass: http://backend_servers
+        upstreams:
+          upstream_1:
+            name: frontend_servers
+            lb_method: least_conn
+            zone_name: frontend
+            zone_size: 64k
+            sticky_cookie: false
+            servers:
+              frontend_server_1:
+                address: localhost
+                port: 80
+                weight: 1
+                health_check: max_fails=3 fail_timeout=5s
+          upstream_2:
+            name: backend_servers
+            lb_method: least_conn
+            zone_name: backend
+            zone_size: 64k
+            sticky_cookie: false
+            servers:
+              backend_server_1:
+                address: localhost
+                port: 8080
+                weight: 1
+                health_check: max_fails=3 fail_timeout=5s
 ```
 
 

defaults/main.yml

@@ -102,25 +102,25 @@ nginx_rest_api_dashboard: false
 # Upload the main NGINX configuration file.
 nginx_main_upload_enable: false
 nginx_main_upload_src: conf/nginx.conf
-nginx_main_upload_dest: /etc/nginx
+nginx_main_upload_dest: /etc/nginx/nginx.conf
 # Upload HTTP NGINX configuration files.
 nginx_http_upload_enable: false
 nginx_http_upload_src: conf/http/*.conf
-nginx_http_upload_dest: /etc/nginx/conf.d
+nginx_http_upload_dest: /etc/nginx/conf.d/*.conf
 # Upload Stream NGINX configuration files.
 nginx_stream_upload_enable: false
 nginx_stream_upload_src: conf/stream/*.conf
-nginx_stream_upload_dest: /etc/nginx/conf.d
+nginx_stream_upload_dest: /etc/nginx/conf.d/*.conf
 # Upload HTML files.
 nginx_html_upload_enable: false
 nginx_html_upload_src: www/*
 nginx_html_upload_dest: /usr/share/nginx/html
 # Upload SSL certificates and keys.
 nginx_ssl_upload_enable: false
 nginx_ssl_crt_upload_src: ssl/*.crt
-nginx_ssl_crt_upload_dest: /etc/ssl/certs/
+nginx_ssl_crt_upload_dest: /etc/ssl/certs/*.crt
 nginx_ssl_key_upload_src: ssl/*.key
-nginx_ssl_key_upload_dest: /etc/ssl/private/
+nginx_ssl_key_upload_dest: /etc/ssl/private/*.key
 
 # Enable creating dynamic templated NGINX HTML demo websites.
 nginx_html_demo_template_enable: false
@@ -165,11 +165,11 @@ nginx_http_template:
     port: 8081
     server_name: localhost
     error_page: /usr/share/nginx/html
-    redirect: false
+    https_redirect: false
     autoindex: false
     ssl:
-      cert: ssl/default.crt
-      key: ssl/default.key
+      cert: /etc/ssl/certs/default.crt
+      key: /etc/ssl/private/default.key
     web_server:
       locations:
         default:
@@ -178,11 +178,11 @@ nginx_http_template:
           html_file_name: index.html
           autoindex: false
       http_demo_conf: false
-    load_balancer:
+    reverse_proxy:
       locations:
         backend:
           location: /
-          proxy_pass: backend
+          proxy_pass: http://backend
       health_check_plus: false
     upstreams:
       upstream1:

templates/http/default.conf.j2

@@ -18,24 +18,24 @@ upstream {{ item.value.upstreams[upstream].name }} {
 
 server {
 {% if item.value.ssl is defined %}
-    listen 443 ssl;
-    ssl_certificate {{ nginx_ssl_crt_upload_dest }}/{{ item.value.ssl.cert }};
-    ssl_certificate_key {{ nginx_ssl_key_upload_dest }}/{{ item.value.ssl.key }};
+    listen {{ item.value.port }} ssl;
+    ssl_certificate {{ item.value.ssl.cert }};
+    ssl_certificate_key {{ item.value.ssl.key }};
 {% else %}
     listen {{ item.value.port }};
 {% endif %}
     server_name {{ item.value.server_name }};
 {% if item.value.autoindex is defined and item.value.autoindex %}
     autoindex on;
 {% endif %}
-{% if item.value.redirect is defined and item.value.redirect %}
+{% if item.value.https_redirect is defined and item.value.https_redirect %}
     return 301 https://{{ item.value.server_name }}$request_uri;
 {% endif%}
-{% if item.value.load_balancer is defined %}
-{% for location in item.value.load_balancer.locations %}
-    location {{ item.value.load_balancer.locations[location].location }} {
-        proxy_pass http://{{ item.value.load_balancer.locations[location].proxy_pass }};
-{% if item.value.load_balancer.health_check_plus is defined and item.value.load_balancer.health_check_plus %}
+{% if item.value.reverse_proxy is defined %}
+{% for location in item.value.reverse_proxy.locations %}
+    location {{ item.value.reverse_proxy.locations[location].location }} {
+        proxy_pass {{ item.value.reverse_proxy.locations[location].proxy_pass }};
+{% if item.value.reverse_proxy.health_check_plus is defined and item.value.reverse_proxy.health_check_plus %}
         health_check;
 {% endif %}
         proxy_set_header Host $host;