diff options
| author | Milo Casagrande <milo.casagrande@linaro.org> | 2014-12-23 12:26:16 +0100 |
|---|---|---|
| committer | Milo Casagrande <milo.casagrande@linaro.org> | 2014-12-23 12:26:16 +0100 |
| commit | f209ad7c936c9b5aaabcb86b2ac4a9acc94ae490 (patch) | |
| tree | d9b3fec5869c975e180d33bb5b7c0bb3d729674a /ansible/roles | |
| parent | 76edc512ec64c72906369153b40d9fd159c24d7a (diff) | |
ansible: Fix and tweak nginx config.
Change-Id: Iae4ca90f90997f5b824d321fbe0f2c5fa87106a1
Diffstat (limited to 'ansible/roles')
| -rw-r--r-- | ansible/roles/configure-nginx/tasks/main.yml | 10 | ||||
| -rw-r--r-- | ansible/roles/configure-nginx/templates/backend-nginx.conf | 5 | ||||
| -rw-r--r-- | ansible/roles/configure-nginx/templates/nginx-default.conf (renamed from ansible/roles/configure-nginx/files/nginx-default.conf) | 12 |
3 files changed, 20 insertions, 7 deletions
diff --git a/ansible/roles/configure-nginx/tasks/main.yml b/ansible/roles/configure-nginx/tasks/main.yml index 563d88f..1ba3e7e 100644 --- a/ansible/roles/configure-nginx/tasks/main.yml +++ b/ansible/roles/configure-nginx/tasks/main.yml @@ -14,11 +14,11 @@ - web-server - name: Install default nginx configuration - copy: src=nginx-default.conf - dest=/etc/nginx/nginx.conf - owner=root - group=root - mode=0644 + template: src=nginx-default.conf + dest=/etc/nginx/nginx.conf + owner=root + group=root + mode=0644 notify: - reload-nginx tags: diff --git a/ansible/roles/configure-nginx/templates/backend-nginx.conf b/ansible/roles/configure-nginx/templates/backend-nginx.conf index 48156d8..472302e 100644 --- a/ansible/roles/configure-nginx/templates/backend-nginx.conf +++ b/ansible/roles/configure-nginx/templates/backend-nginx.conf @@ -1,5 +1,4 @@ server { - listen 80; server_name {{ hostname }}; root {{ web_root }}/{{ hostname }}; charset utf-8; @@ -7,6 +6,10 @@ server { access_log /var/log/nginx/{{ hostname }}-access.log; error_log /var/log/nginx/{{ hostname }}-error.log; + if ($host != "{{ hostname }}") { + return 403; + } + location / { if (-f $document_root/maintenance.html) { return 503; diff --git a/ansible/roles/configure-nginx/files/nginx-default.conf b/ansible/roles/configure-nginx/templates/nginx-default.conf index b20205e..178cd24 100644 --- a/ansible/roles/configure-nginx/files/nginx-default.conf +++ b/ansible/roles/configure-nginx/templates/nginx-default.conf @@ -1,8 +1,9 @@ # This file is managed via ansible. Do not edit. user www-data; -worker_processes 4; +worker_processes auto; pid /run/nginx.pid; +pcre_jit on; events { worker_connections 4096; @@ -14,6 +15,15 @@ http { include /etc/nginx/mime.types; default_type application/octet-stream; + server { + {% if role == "production" %} + listen 80 backlog=1024 fastopen=7 default_server; + {% else %} + listen 80 backlog=1024 default_server; + {% endif %} + return 404; + } + access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; |