From 4e1b5d6c96ddbf0086c429d6e8d29d208fb246b2 Mon Sep 17 00:00:00 2001 From: welcomattic Date: Wed, 1 Jul 2015 18:16:37 +0200 Subject: [PATCH 01/17] Add geoip module support --- defaults/main.yml | 24 +++++++----------------- tasks/modules.yml | 3 +++ templates/nginx.conf.j2 | 5 +++++ 3 files changed, 15 insertions(+), 17 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 6910229..cd1c6e6 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,7 +1,7 @@ # file: nginx/defaults/main.yml nginx_install_method: "source" -nginx_source_version: "1.6.2" +nginx_source_version: "1.8.0" nginx_user: www-data nginx_group: www-data @@ -9,7 +9,7 @@ nginx_uid: 33 nginx_gid: 33 nginx_dir: "/etc/nginx" -nginx_www_dir: "/srv/www" +nginx_www_dir: "/var/www" nginx_log_dir: "/var/log/nginx" nginx_pid: "/var/run/nginx.pid" @@ -68,21 +68,7 @@ nginx_source_sbin_path: "{{nginx_source_prefix}}/sbin/nginx" nginx_source_default_configure_flags: "--prefix={{nginx_source_prefix}} --conf-path={{nginx_source_conf_path}} --sbin-path={{nginx_source_sbin_path}}" nginx_source_modules_included: - http_stub_status_module: "--with-http_stub_status_module" - http_ssl_module: "--with-http_ssl_module" - openssl: "--with-openssl=/tmp/openssl-{{ openssl_version }}" - http_gzip_static_module: "--with-http_gzip_static_module" - upload_progress_module: "--add-module=/tmp/nginx-upload-progress-module-{{nginx_upload_progress_version}}" - headers_more_module: "--add-module=/tmp/headers-more-nginx-module-{{nginx_headers_more_version}}" - http_auth_request_module: "--add-module=/tmp/ngx_http_auth_request_module-{{nginx_auth_request_release}}" - http_echo_module: "--add-module=/tmp/echo-nginx-module-{{nginx_echo_version}}" - google_perftools_module: "--with-google_perftools_module" - ipv6_module: "--with-ipv6" - http_real_ip_module: "--with-http_realip_module" - http_spdy_module: "--with-http_spdy_module" - http_perl_module: "--with-http_perl_module" - naxsi_module: "--add-module=/tmp/naxsi-{{nginx_naxsi_version}}/naxsi_src" - ngx_pagespeed: "--add-module=/tmp/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta" + geoip: "--with-http_geoip_module" nginx_source_modules_excluded: - mail_pop3_module @@ -117,6 +103,10 @@ nginx_gzip_types: - image/svg+xml nginx_gzip_disable: "MSIE [1-6]\\." +# geoip_module +nginx_geoip: 'on' +nginx_geoip_country: /etc/nginx/geoip/GeoIP.dat +nginx_geoip_city: /etc/nginx/geoip/GeoLiteCity.dat # http_stub_status_module configuration nginx_remote_ip_var: "remote_addr" diff --git a/tasks/modules.yml b/tasks/modules.yml index 94f40d9..36b97b7 100644 --- a/tasks/modules.yml +++ b/tasks/modules.yml @@ -38,3 +38,6 @@ - include: modules/ngx_pagespeed.yml when: nginx_source_modules_included.ngx_pagespeed is defined + +- include: modules/http_geoip_module.yml + when: nginx_source_modules_included.geoip is defined diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index c49fd53..0f3d35d 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -72,6 +72,11 @@ http { gzip_disable "{{nginx_gzip_disable}}"; {% endif %} +{% if nginx_geoip == 'on' %} + geoip_country {{nginx_geoip_country}}; + geoip_city {{nginx_geoip_city}}; +{% endif %} + {% if nginx_buffers == 'on' %} client_body_buffer_size {{nginx_client_body_buffer_size}}; client_header_buffer_size {{nginx_client_header_buffer_size}}; From 2e1243361b053276b8001abfeba5078fe4bf299d Mon Sep 17 00:00:00 2001 From: welcomattic Date: Wed, 1 Jul 2015 18:17:16 +0200 Subject: [PATCH 02/17] Add geoip module installation --- tasks/modules/http_geoip_module.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100755 tasks/modules/http_geoip_module.yml diff --git a/tasks/modules/http_geoip_module.yml b/tasks/modules/http_geoip_module.yml new file mode 100755 index 0000000..62cb6e7 --- /dev/null +++ b/tasks/modules/http_geoip_module.yml @@ -0,0 +1,28 @@ +# file: nginx/tasks/modules/http_geoip_module.yml +# configure flag: --with-http_geoip_module + +- name: Nginx | Modules | Install GeoIp lib + apt: pkg={{ item }} state=latest + with_items: + - libgeoip1 + - libgeoip-dev + +- name: Nginx | Modules | Create directory inside nginx + sudo: yes + file: path={{nginx_dir}}/geoip state=directory + +- name: Nginx | Modules | Download GeoIP database files + sudo: yes + get_url: url=http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz dest={{nginx_dir}}/geoip/GeoIP.dat.gz + +- name: Nginx | Modules | Download GeoLiteCity database files + sudo: yes + get_url: url=http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz dest={{nginx_dir}}/geoip/GeoLiteCity.dat.gz + +- name: Nginx | Modules | Unarchive GeoIP files + sudo: yes + shell: gunzip -c {{nginx_dir}}/geoip/GeoIP.dat.gz > {{nginx_dir}}/geoip/GeoIP.dat + +- name: Nginx | Modules | Unarchive GeoLiteCity files + sudo: yes + shell: gunzip -c {{nginx_dir}}/geoip/GeoLiteCity.dat.gz > {{nginx_dir}}/geoip/GeoLiteCity.dat From bdeb64ef16ede5030167a3f89915add7244d9ec0 Mon Sep 17 00:00:00 2001 From: welcomattic Date: Thu, 2 Jul 2015 15:54:05 +0200 Subject: [PATCH 03/17] Re-add other modules (oops) and make geoip path dynamics --- defaults/main.yml | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index cd1c6e6..887b0a4 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -68,6 +68,21 @@ nginx_source_sbin_path: "{{nginx_source_prefix}}/sbin/nginx" nginx_source_default_configure_flags: "--prefix={{nginx_source_prefix}} --conf-path={{nginx_source_conf_path}} --sbin-path={{nginx_source_sbin_path}}" nginx_source_modules_included: + http_stub_status_module: "--with-http_stub_status_module" + http_ssl_module: "--with-http_ssl_module" + openssl: "--with-openssl=/tmp/openssl-{{ openssl_version }}" + http_gzip_static_module: "--with-http_gzip_static_module" + upload_progress_module: "--add-module=/tmp/nginx-upload-progress-module-{{nginx_upload_progress_version}}" + headers_more_module: "--add-module=/tmp/headers-more-nginx-module-{{nginx_headers_more_version}}" + http_auth_request_module: "--add-module=/tmp/ngx_http_auth_request_module-{{nginx_auth_request_release}}" + http_echo_module: "--add-module=/tmp/echo-nginx-module-{{nginx_echo_version}}" + google_perftools_module: "--with-google_perftools_module" + ipv6_module: "--with-ipv6" + http_real_ip_module: "--with-http_realip_module" + http_spdy_module: "--with-http_spdy_module" + http_perl_module: "--with-http_perl_module" + naxsi_module: "--add-module=/tmp/naxsi-{{nginx_naxsi_version}}/naxsi_src" + ngx_pagespeed: "--add-module=/tmp/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta" geoip: "--with-http_geoip_module" nginx_source_modules_excluded: @@ -105,8 +120,8 @@ nginx_gzip_disable: "MSIE [1-6]\\." # geoip_module nginx_geoip: 'on' -nginx_geoip_country: /etc/nginx/geoip/GeoIP.dat -nginx_geoip_city: /etc/nginx/geoip/GeoLiteCity.dat +nginx_geoip_country: "{{nginx_dir}}/geoip/GeoIP.dat" +nginx_geoip_city: "{{nginx_dir}}/geoip/GeoLiteCity.dat" # http_stub_status_module configuration nginx_remote_ip_var: "remote_addr" From 013c1f1237c441e77a99c6af53af506485ac63b3 Mon Sep 17 00:00:00 2001 From: welcomattic Date: Thu, 2 Jul 2015 15:54:35 +0200 Subject: [PATCH 04/17] Allow `ansible-playbook` command in local env --- test.yml | 3 +++ vagrant-inventory | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/test.yml b/test.yml index aecc366..cea8928 100644 --- a/test.yml +++ b/test.yml @@ -1,6 +1,9 @@ - hosts: all vars_files: - 'defaults/main.yml' + + sudo: yes + tasks: - name: install the dependencies apt: diff --git a/vagrant-inventory b/vagrant-inventory index 726d6bb..e2f69ad 100644 --- a/vagrant-inventory +++ b/vagrant-inventory @@ -1,2 +1,2 @@ [anxs] -anxs.local ansible_ssh_host=192.168.88.16 ansible_ssh_port=22 +anxs.local ansible_ssh_host=192.168.88.16 ansible_ssh_port=22 ansible_ssh_user=vagrant ansible_ssh_private_key_file=~/.ssh/id_rsa From 830c9cbcb3205e47ea12ff0a992aee65e64047a3 Mon Sep 17 00:00:00 2001 From: welcomattic Date: Thu, 2 Jul 2015 16:27:30 +0200 Subject: [PATCH 05/17] newline at the EOF --- tasks/configure.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tasks/configure.yml b/tasks/configure.yml index 17f5222..b74c6ab 100644 --- a/tasks/configure.yml +++ b/tasks/configure.yml @@ -28,4 +28,4 @@ name: nginx state: started register: nginx_first_start - when: not nginx_config.stat.exists \ No newline at end of file + when: not nginx_config.stat.exists From 613e7dea13a55ab704b5c80461db0540d6b7fa5d Mon Sep 17 00:00:00 2001 From: welcomattic Date: Thu, 9 Jul 2015 11:22:54 +0200 Subject: [PATCH 06/17] fix on vagrant-inventory to pass build --- defaults/main.yml | 2 +- tasks/modules/http_geoip_module.yml | 11 ++++++----- vagrant-inventory | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 887b0a4..0da33be 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,7 +9,7 @@ nginx_uid: 33 nginx_gid: 33 nginx_dir: "/etc/nginx" -nginx_www_dir: "/var/www" +nginx_www_dir: "/srv/www" nginx_log_dir: "/var/log/nginx" nginx_pid: "/var/run/nginx.pid" diff --git a/tasks/modules/http_geoip_module.yml b/tasks/modules/http_geoip_module.yml index 62cb6e7..1d23236 100755 --- a/tasks/modules/http_geoip_module.yml +++ b/tasks/modules/http_geoip_module.yml @@ -6,23 +6,24 @@ with_items: - libgeoip1 - libgeoip-dev + when: nginx_source_modules_included.geoip is defined - name: Nginx | Modules | Create directory inside nginx - sudo: yes file: path={{nginx_dir}}/geoip state=directory + when: nginx_source_modules_included.geoip is defined - name: Nginx | Modules | Download GeoIP database files - sudo: yes get_url: url=http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz dest={{nginx_dir}}/geoip/GeoIP.dat.gz + when: nginx_source_modules_included.geoip is defined - name: Nginx | Modules | Download GeoLiteCity database files - sudo: yes get_url: url=http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz dest={{nginx_dir}}/geoip/GeoLiteCity.dat.gz + when: nginx_source_modules_included.geoip is defined - name: Nginx | Modules | Unarchive GeoIP files - sudo: yes shell: gunzip -c {{nginx_dir}}/geoip/GeoIP.dat.gz > {{nginx_dir}}/geoip/GeoIP.dat + when: nginx_source_modules_included.geoip is defined - name: Nginx | Modules | Unarchive GeoLiteCity files - sudo: yes shell: gunzip -c {{nginx_dir}}/geoip/GeoLiteCity.dat.gz > {{nginx_dir}}/geoip/GeoLiteCity.dat + when: nginx_source_modules_included.geoip is defined diff --git a/vagrant-inventory b/vagrant-inventory index e2f69ad..726d6bb 100644 --- a/vagrant-inventory +++ b/vagrant-inventory @@ -1,2 +1,2 @@ [anxs] -anxs.local ansible_ssh_host=192.168.88.16 ansible_ssh_port=22 ansible_ssh_user=vagrant ansible_ssh_private_key_file=~/.ssh/id_rsa +anxs.local ansible_ssh_host=192.168.88.16 ansible_ssh_port=22 From 81c9d9f229e427dd75259e2df8be127490a3aabc Mon Sep 17 00:00:00 2001 From: welcomattic Date: Thu, 9 Jul 2015 12:19:13 +0200 Subject: [PATCH 07/17] fix 2 changed items on idempotency test --- Vagrantfile | 18 +++++++++--------- tasks/modules/http_geoip_module.yml | 12 ++++++++++-- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 4a6dd3c..5d9a0fa 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -8,14 +8,14 @@ Vagrant.configure('2') do |config| c.vm.box = 'ubuntu/trusty64' c.vm.network :private_network, ip: '192.168.88.16' c.vm.hostname = 'anxs.local' - c.vm.provision 'ansible' do |ansible| - ansible.playbook = 'test.yml' - ansible.sudo = true - ansible.inventory_path = 'vagrant-inventory' - ansible.host_key_checking = false - ansible.extra_vars = { - nginx_install_method: nginx_install_method - } - end + # c.vm.provision 'ansible' do |ansible| + # ansible.playbook = 'test.yml' + # ansible.sudo = true + # ansible.inventory_path = 'vagrant-inventory' + # ansible.host_key_checking = false + # ansible.extra_vars = { + # nginx_install_method: nginx_install_method + # } + # end end end diff --git a/tasks/modules/http_geoip_module.yml b/tasks/modules/http_geoip_module.yml index 1d23236..f783e4f 100755 --- a/tasks/modules/http_geoip_module.yml +++ b/tasks/modules/http_geoip_module.yml @@ -20,10 +20,18 @@ get_url: url=http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz dest={{nginx_dir}}/geoip/GeoLiteCity.dat.gz when: nginx_source_modules_included.geoip is defined +- name: Nginx | Modules | Check if the GeoIP file exists + stat: path={{nginx_dir}}/geoip/GeoIP.dat + register: geoip_file_exists + - name: Nginx | Modules | Unarchive GeoIP files shell: gunzip -c {{nginx_dir}}/geoip/GeoIP.dat.gz > {{nginx_dir}}/geoip/GeoIP.dat - when: nginx_source_modules_included.geoip is defined + when: not geoip_file_exists is defined + +- name: Nginx | Modules | Check if the GeoLiteCity file exists + stat: path={{nginx_dir}}/geoip/GeoLiteCity.dat + register: geolitecity_file_exists - name: Nginx | Modules | Unarchive GeoLiteCity files shell: gunzip -c {{nginx_dir}}/geoip/GeoLiteCity.dat.gz > {{nginx_dir}}/geoip/GeoLiteCity.dat - when: nginx_source_modules_included.geoip is defined + when: not geolitecity_file_exists is defined From 3e976fed2801bdb8162a84e4d410e1ddc8870acd Mon Sep 17 00:00:00 2001 From: welcomattic Date: Thu, 9 Jul 2015 14:53:33 +0200 Subject: [PATCH 08/17] fix changed states of GeoIP unziping tasks --- tasks/modules/http_geoip_module.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tasks/modules/http_geoip_module.yml b/tasks/modules/http_geoip_module.yml index f783e4f..557f83e 100755 --- a/tasks/modules/http_geoip_module.yml +++ b/tasks/modules/http_geoip_module.yml @@ -22,16 +22,16 @@ - name: Nginx | Modules | Check if the GeoIP file exists stat: path={{nginx_dir}}/geoip/GeoIP.dat - register: geoip_file_exists + register: geoip_file - name: Nginx | Modules | Unarchive GeoIP files shell: gunzip -c {{nginx_dir}}/geoip/GeoIP.dat.gz > {{nginx_dir}}/geoip/GeoIP.dat - when: not geoip_file_exists is defined + when: geoip_file.exists is defined and not geoip_file.exists - name: Nginx | Modules | Check if the GeoLiteCity file exists stat: path={{nginx_dir}}/geoip/GeoLiteCity.dat - register: geolitecity_file_exists + register: geolitecity_file - name: Nginx | Modules | Unarchive GeoLiteCity files shell: gunzip -c {{nginx_dir}}/geoip/GeoLiteCity.dat.gz > {{nginx_dir}}/geoip/GeoLiteCity.dat - when: not geolitecity_file_exists is defined + when: geolitecity_file.exists is defined and not geolitecity_file.exists From adce707ee524289591dc78affbcaedcce72b63a9 Mon Sep 17 00:00:00 2001 From: welcomattic Date: Thu, 9 Jul 2015 15:01:00 +0200 Subject: [PATCH 09/17] fix openssl version --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 0da33be..945cee4 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -169,4 +169,4 @@ nginx_naxsi_url: "https://github.com/nbs-system/naxsi/archive/{{nginx_naxsi_vers nginx_ngx_pagespeed_version: 1.9.32.3 # OpenSSL configuration -openssl_version: "1.0.2c" +openssl_version: "1.0.2d" From eb0ae01eb562b7c289e52ab2153d1cc72120cdac Mon Sep 17 00:00:00 2001 From: welcomattic Date: Thu, 9 Jul 2015 15:49:32 +0200 Subject: [PATCH 10/17] fix Vagrantfile modified for local tests --- Vagrantfile | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 5d9a0fa..4a6dd3c 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -8,14 +8,14 @@ Vagrant.configure('2') do |config| c.vm.box = 'ubuntu/trusty64' c.vm.network :private_network, ip: '192.168.88.16' c.vm.hostname = 'anxs.local' - # c.vm.provision 'ansible' do |ansible| - # ansible.playbook = 'test.yml' - # ansible.sudo = true - # ansible.inventory_path = 'vagrant-inventory' - # ansible.host_key_checking = false - # ansible.extra_vars = { - # nginx_install_method: nginx_install_method - # } - # end + c.vm.provision 'ansible' do |ansible| + ansible.playbook = 'test.yml' + ansible.sudo = true + ansible.inventory_path = 'vagrant-inventory' + ansible.host_key_checking = false + ansible.extra_vars = { + nginx_install_method: nginx_install_method + } + end end end From 216d3483cc7e913ac7b2507c4386e218e3fcd957 Mon Sep 17 00:00:00 2001 From: welcomattic Date: Thu, 9 Jul 2015 15:49:50 +0200 Subject: [PATCH 11/17] add inventory tmp file to .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 5112ae2..8a975c7 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ Icon .Trashes .vagrant test +inventory From de2b5784516fbf359ca36d65f0f9320612f2b052 Mon Sep 17 00:00:00 2001 From: welcomattic Date: Thu, 9 Jul 2015 17:43:13 +0200 Subject: [PATCH 12/17] Remove `sudo: yes` from test.yml. Added early for tests --- test.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/test.yml b/test.yml index cea8928..3a672ed 100644 --- a/test.yml +++ b/test.yml @@ -2,8 +2,6 @@ vars_files: - 'defaults/main.yml' - sudo: yes - tasks: - name: install the dependencies apt: From 9dbe7badfcd448c457e2aece3b49c7b299948397 Mon Sep 17 00:00:00 2001 From: welcomattic Date: Thu, 9 Jul 2015 18:28:05 +0200 Subject: [PATCH 13/17] fix geoip checking file existence --- tasks/modules/http_geoip_module.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tasks/modules/http_geoip_module.yml b/tasks/modules/http_geoip_module.yml index 557f83e..8a174e6 100755 --- a/tasks/modules/http_geoip_module.yml +++ b/tasks/modules/http_geoip_module.yml @@ -20,13 +20,15 @@ get_url: url=http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz dest={{nginx_dir}}/geoip/GeoLiteCity.dat.gz when: nginx_source_modules_included.geoip is defined + - name: Nginx | Modules | Check if the GeoIP file exists stat: path={{nginx_dir}}/geoip/GeoIP.dat register: geoip_file - name: Nginx | Modules | Unarchive GeoIP files shell: gunzip -c {{nginx_dir}}/geoip/GeoIP.dat.gz > {{nginx_dir}}/geoip/GeoIP.dat - when: geoip_file.exists is defined and not geoip_file.exists + when: geoip_file.exists is defined and geoip_file.exists == False + - name: Nginx | Modules | Check if the GeoLiteCity file exists stat: path={{nginx_dir}}/geoip/GeoLiteCity.dat @@ -34,4 +36,4 @@ - name: Nginx | Modules | Unarchive GeoLiteCity files shell: gunzip -c {{nginx_dir}}/geoip/GeoLiteCity.dat.gz > {{nginx_dir}}/geoip/GeoLiteCity.dat - when: geolitecity_file.exists is defined and not geolitecity_file.exists + when: geolitecity_file.exists is defined and geolitecity_file.exists == False From bd35b11ff66a813fd311af2b483668c99aa3bd7b Mon Sep 17 00:00:00 2001 From: welcomattic Date: Fri, 10 Jul 2015 14:04:52 +0200 Subject: [PATCH 14/17] fix file checking with stat module --- tasks/modules/http_geoip_module.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tasks/modules/http_geoip_module.yml b/tasks/modules/http_geoip_module.yml index 8a174e6..04fcf02 100755 --- a/tasks/modules/http_geoip_module.yml +++ b/tasks/modules/http_geoip_module.yml @@ -25,15 +25,19 @@ stat: path={{nginx_dir}}/geoip/GeoIP.dat register: geoip_file +- debug: var=geoip_file + - name: Nginx | Modules | Unarchive GeoIP files shell: gunzip -c {{nginx_dir}}/geoip/GeoIP.dat.gz > {{nginx_dir}}/geoip/GeoIP.dat - when: geoip_file.exists is defined and geoip_file.exists == False + when: not geoip_file.stat.exists - name: Nginx | Modules | Check if the GeoLiteCity file exists stat: path={{nginx_dir}}/geoip/GeoLiteCity.dat register: geolitecity_file +- debug: var=geoip_file + - name: Nginx | Modules | Unarchive GeoLiteCity files shell: gunzip -c {{nginx_dir}}/geoip/GeoLiteCity.dat.gz > {{nginx_dir}}/geoip/GeoLiteCity.dat - when: geolitecity_file.exists is defined and geolitecity_file.exists == False + when: not geolitecity_file.stat.exists From f5f780cd285a4e730acfefa446b3c25a16f13dc3 Mon Sep 17 00:00:00 2001 From: welcomattic Date: Fri, 10 Jul 2015 14:40:20 +0200 Subject: [PATCH 15/17] add source condition in nginx.conf template around geoip config lines --- templates/nginx.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 index 0f3d35d..669f182 100644 --- a/templates/nginx.conf.j2 +++ b/templates/nginx.conf.j2 @@ -72,10 +72,12 @@ http { gzip_disable "{{nginx_gzip_disable}}"; {% endif %} +{% if nginx_install_method == "source" %} {% if nginx_geoip == 'on' %} geoip_country {{nginx_geoip_country}}; geoip_city {{nginx_geoip_city}}; {% endif %} +{% endif %} {% if nginx_buffers == 'on' %} client_body_buffer_size {{nginx_client_body_buffer_size}}; From 99913abf9f43b0da3ed7456149d71c1911190372 Mon Sep 17 00:00:00 2001 From: welcomattic Date: Fri, 10 Jul 2015 15:06:40 +0200 Subject: [PATCH 16/17] delete debug tasks --- tasks/modules/http_geoip_module.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/tasks/modules/http_geoip_module.yml b/tasks/modules/http_geoip_module.yml index 04fcf02..3a8e8d9 100755 --- a/tasks/modules/http_geoip_module.yml +++ b/tasks/modules/http_geoip_module.yml @@ -20,24 +20,18 @@ get_url: url=http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz dest={{nginx_dir}}/geoip/GeoLiteCity.dat.gz when: nginx_source_modules_included.geoip is defined - - name: Nginx | Modules | Check if the GeoIP file exists stat: path={{nginx_dir}}/geoip/GeoIP.dat register: geoip_file -- debug: var=geoip_file - - name: Nginx | Modules | Unarchive GeoIP files shell: gunzip -c {{nginx_dir}}/geoip/GeoIP.dat.gz > {{nginx_dir}}/geoip/GeoIP.dat when: not geoip_file.stat.exists - - name: Nginx | Modules | Check if the GeoLiteCity file exists stat: path={{nginx_dir}}/geoip/GeoLiteCity.dat register: geolitecity_file -- debug: var=geoip_file - - name: Nginx | Modules | Unarchive GeoLiteCity files shell: gunzip -c {{nginx_dir}}/geoip/GeoLiteCity.dat.gz > {{nginx_dir}}/geoip/GeoLiteCity.dat when: not geolitecity_file.stat.exists From 20f75bc1f7160ec91e5f11035fde89f75ca61cb0 Mon Sep 17 00:00:00 2001 From: welcomattic Date: Fri, 10 Jul 2015 15:20:57 +0200 Subject: [PATCH 17/17] Update README with geoip module --- README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ef3c4b5..3eb3871 100644 --- a/README.md +++ b/README.md @@ -100,6 +100,7 @@ nginx_source_modules_included: http_perl_module: "--with-http_perl_module" naxsi_module: "--add-module=/tmp/naxsi-{{nginx_naxsi_version}}/naxsi_src" ngx_pagespeed: "--add-module=/tmp/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta" + geopip: "--with-http_geoip_module" ``` ##### Sites @@ -187,6 +188,11 @@ You can put Nginx under monit monitoring protection, by setting `monit_protectio ###### naxsi module - `nginx_naxsi_version` - version of the naxsi module +###### geoip module +- `nginx_geoip: 'on'` +- `nginx_geoip_country: "{{nginx_dir}}/geoip/GeoIP.dat"` +- `nginx_geoip_city: "{{nginx_dir}}/geoip/GeoLiteCity.dat"` + #### Thanks To the contributors: @@ -194,7 +200,7 @@ To the contributors: #### Testing -This project comes with a VagrantFile, this is a fast and easy way to test changes to the role, fire it up with `vagrant up`. +This project comes with a VagrantFile, this is a fast and easy way to test changes to the role, fire it up with `vagrant up`. See [vagrant docs](https://docs.vagrantup.com/v2/) for getting setup with vagrant