Initial commit

handlers/main.yml

@@ -0,0 +1,5 @@
+---
+- name: reload nginx
+  service:
+    name: nginx
+    state: restarted

meta/main.yml

@@ -0,0 +1,18 @@
+---
+
+dependencies: []
+
+galaxy_info:
+  role_name: nginx-stream
+  author: 'Pierre-Olivier Mercier <nemunaire+iac@nemunai.re>'
+  description: Initial configuration for nginx-stream
+  license: GPL-3.0-or-later
+  min_ansible_version: 2.9
+  platforms:
+    - name: Alpine
+      versions:
+        - all
+    - name: Debian
+      versions:
+        - all
+  galaxy_tags: []

tasks/main.yml

@@ -0,0 +1,21 @@
+---
+- name: ensure conf.d directory exists
+  ansible.builtin.file:
+    path: "/etc/nginx/conf.d/"
+    state: directory
+
+- name: install nginx-stream module
+  apk:
+    name:
+      - nginx-mod-stream
+    state: present
+  tags:
+    - packages
+
+- name: configure nginx with stream module
+  template:
+    src: nginx.conf.j2
+    dest: "/etc/nginx/conf.d/stream.conf"
+    mode: 0644
+  notify:
+    - reload nginx

templates/nginx.conf.j2

@@ -0,0 +1,30 @@
+stream {
+  log_format main
+            '$ssl_preread_server_name > $remote_addr [$time_local] ';
+
+  {% if nginx_stream_access_log is defined %}
+  access_log {{ nginx_stream_access_log}} main;
+  {% endif %}
+
+  map_hash_bucket_size 48;
+
+  map $ssl_preread_server_name $targetSslBackend {
+
+      default            {{ nginx_stream_default_endpoint}};
+  }
+
+  server {
+    listen 443;
+
+    proxy_connect_timeout 1s;
+    {% if nginx_resolvers is defined %}
+    resolver {% for r in nginx_resolvers %}{% if ":" in r %}[{{ r }}]{% else %}{{ r }}{% endif %} {% endfor %};
+    {% endif %}
+
+    proxy_pass $targetSslBackend;
+    {% if no_proxy_protocol is not defined %}
+    proxy_protocol on;
+    {% endif %}
+    ssl_preread on;
+  }
+}