Initial commit

2023-03-26 12:33:14 +02:00 · 2023-03-26 12:33:14 +02:00 · 8c23da5bf5
commit 8c23da5bf5
4 changed files with 74 additions and 0 deletions
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,5 @@
 ---
 - name: reload nginx
  service:
    name: nginx
    state: restarted
--- a/meta/main.yml
+++ b/meta/main.yml
@ -0,0 +1,18 @@
 ---
 dependencies: []
 galaxy_info:
  role_name: nginx-stream
  author: 'Pierre-Olivier Mercier <nemunaire+iac@nemunai.re>'
  description: Initial configuration for nginx-stream
  license: GPL-3.0-or-later
  min_ansible_version: 2.9
  platforms:
    - name: Alpine
      versions:
        - all
    - name: Debian
      versions:
        - all
  galaxy_tags: []
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,21 @@
 ---
 - name: ensure conf.d directory exists
  ansible.builtin.file:
    path: "/etc/nginx/conf.d/"
    state: directory
 - name: install nginx-stream module
  apk:
    name:
      - nginx-mod-stream
    state: present
  tags:
    - packages
 - name: configure nginx with stream module
  template:
    src: nginx.conf.j2
    dest: "/etc/nginx/conf.d/stream.conf"
    mode: 0644
  notify:
    - reload nginx
--- a/templates/nginx.conf.j2
+++ b/templates/nginx.conf.j2
@ -0,0 +1,30 @@
 stream {
  log_format main
            '$ssl_preread_server_name > $remote_addr [$time_local] ';
  {% if nginx_stream_access_log is defined %}
  access_log {{ nginx_stream_access_log}} main;
  {% endif %}
  map_hash_bucket_size 48;
  map $ssl_preread_server_name $targetSslBackend {
      default            {{ nginx_stream_default_endpoint}};
  }
  server {
    listen 443;
    proxy_connect_timeout 1s;
    {% if nginx_resolvers is defined %}
    resolver {% for r in nginx_resolvers %}{% if ":" in r %}[{{ r }}]{% else %}{{ r }}{% endif %} {% endfor %};
    {% endif %}
    proxy_pass $targetSslBackend;
    {% if no_proxy_protocol is not defined %}
    proxy_protocol on;
    {% endif %}
    ssl_preread on;
  }
 }