diff --git a/tasks/repository.yml b/tasks/repository.yml index 7937df1..7613f65 100644 --- a/tasks/repository.yml +++ b/tasks/repository.yml @@ -13,6 +13,16 @@ name: "{{ repopool_http_packages }}" state: present +- name: Turn off built-in nginx server configs + ansible.builtin.template: + src: "etc/nginx/nginx.conf" + dest: "/etc/nginx/nginx.conf" + owner: root + group: root + mode: '0644' + backup: true + notify: restart_nginx + - name: Deploy nginx config ansible.builtin.template: src: "etc/nginx/conf.d/repopool-http-production.conf.j2" diff --git a/templates/etc/nginx/conf.d/repopool-http-production.conf.j2 b/templates/etc/nginx/conf.d/repopool-http-production.conf.j2 index 763c203..0aa36e2 100644 --- a/templates/etc/nginx/conf.d/repopool-http-production.conf.j2 +++ b/templates/etc/nginx/conf.d/repopool-http-production.conf.j2 @@ -1,4 +1,5 @@ # Managed by Ansible + tcp_nodelay on; server { listen 80 default_server backlog=4096; listen [::]:80 default_server backlog=4096; diff --git a/templates/etc/nginx/nginx.conf b/templates/etc/nginx/nginx.conf new file mode 100644 index 0000000..9bfbd58 --- /dev/null +++ b/templates/etc/nginx/nginx.conf @@ -0,0 +1,84 @@ +# For more information on configuration, see: +# * Official English Documentation: http://nginx.org/en/docs/ +# * Official Russian Documentation: http://nginx.org/ru/docs/ + +# Managed by ansible +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log notice; +pid /run/nginx.pid; + +# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + keepalive_timeout 65; + types_hash_max_size 4096; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include /etc/nginx/conf.d/*.conf; + + #server { + # listen 80; + # listen [::]:80; + # server_name _; + # root /usr/share/nginx/html; + + # # Load configuration files for the default server block. + # include /etc/nginx/default.d/*.conf; + + # error_page 404 /404.html; + # location = /404.html { + # } + + # error_page 500 502 503 504 /50x.html; + # location = /50x.html { + # } + #} + +# Settings for a TLS enabled server. +# +# server { +# listen 443 ssl http2; +# listen [::]:443 ssl http2; +# server_name _; +# root /usr/share/nginx/html; +# +# ssl_certificate "/etc/pki/nginx/server.crt"; +# ssl_certificate_key "/etc/pki/nginx/private/server.key"; +# ssl_session_cache shared:SSL:1m; +# ssl_session_timeout 10m; +# ssl_ciphers PROFILE=SYSTEM; +# ssl_prefer_server_ciphers on; +# +# # Load configuration files for the default server block. +# include /etc/nginx/default.d/*.conf; +# +# error_page 404 /404.html; +# location = /404.html { +# } +# +# error_page 500 502 503 504 /50x.html; +# location = /50x.html { +# } +# } + +} +