小桀
学习Ansible发现的Nginx配置问题

学习Ansible发现的Nginx配置问题

《奔跑吧,Ansible》有个小小的问题,它在写下载软件的脚本中没有指定下载的软件的版本,所以我们阅读并执行这些脚本时,往往下载的是最新的版本,最后导致现象不一致。

如下脚本下载并启动一个Nginx,该Nginx支持tls。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37


- name: Config Webservers With Nginx And TLS
  hosts: webservers
  sudo: True
  vars:
    key_file: /etc/nginx/ssl/nginx.key
    cert_file: /etc/nginx/ssl/nginx.crt
    conf_file: /etc/nginx/sites-available/default/nginx.conf
    server_name: localhost
  tasks:
    - name: Install Nginx
      yum: name=nginx
    
    - name: Create Directories For TLS Certificates
      file: path=/etc/nginx/ssl state=directory
    
    - name: Copy TLS Key
      copy: src=files/nginx.key dest={{ key_file }} owner=root mode=0600
      notify: restart nginx

    - name: Copyt TLS Certificate
      copy: src=files/nginx.crt dest={{ cert_file }}
    
    - name: Generate Nginx Config File
      template: src=templates/nginx.conf.j2 dest={{ conf_file }}

    - name: Enable Configuration
      file: dest=/etc/nginx/sites-enabled/default src={{ conf_file }} state=link
      notify: restart nginx

    - name: Generate Index.html
      template: src=templates/index.html.j2 dest=/usr/share/nginx/html/index.html mode=0644

  handlers:
    - name: restart nginx
      service: name=nginx state=restarted

该脚本执行后,并不能Nginx并不能如愿的监听在443端口。观察/etc/nginx/nginx.conf文件后发现,我们的nginx.conf不应该放在/etc/nginx/sites-available/default/nginx.conf,而应该放置在conf.d目录下。

下面为nginx的配置文件,注意查看几个include配置。


# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80;
        listen       [::]:80;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2;
#        listen       [::]:443 ssl http2;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}

参考资料

  1. nginx 配置根目录不生效问题