nginx ansible actionhero

handlers_main.yml

# handlers/main.yml

- name: restart nginx
  service: name=nginx state=restarted

- name: reload nginx
  service: name=nginx state=reloaded

production.conf.j2

# templates/production.conf.j2

#user  nobody;
worker_processes  2;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
  worker_connections 1024; # increase if you have lots of clients
  accept_mutex on; # "on" if nginx worker_processes > 1
}

http {
  include       mime.types;
  default_type  application/octet-stream;
  server_tokens off;
  sendfile        on;
  keepalive_timeout  65;
  server_names_hash_bucket_size 64;
  types_hash_max_size 2048;

  gzip on;
  gzip_http_version 1.0;
  gzip_comp_level 9;
  gzip_proxied any;
  gzip_types text/plain text/xml text/css text/comma-separated-values text/javascript application/javascript application/x-javascript font/ttf font/otf image/svg+xml application/atom+xml;

  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for" $request_time';

  server {
      listen 80;
      server_name _;

      location /nginx_status {
          stub_status on;
          access_log on;
          allow 127.0.0.1;
          deny all;
      }

      location / {
          rewrite ^(.*) https://www.switchboard.chat$1 permanent;
      }
  }

  server {
      listen       443;
      server_name switchboard.chat;

      ssl     on;
      ssl_certificate      /etc/letsencrypt/live/switchboard.chat/fullchain.pem;
      ssl_certificate_key  /etc/letsencrypt/live/switchboard.chat/privkey.pem;
      ssl_prefer_server_ciphers On;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_session_cache shared:SSL:10m;

      return 301 https://www.switchboard.chat$request_uri;
  }

  server {
      proxy_redirect off;

      listen       443 default_server;
      server_name  _;

      ssl     on;
      ssl_certificate      /etc/letsencrypt/live/switchboard.chat/fullchain.pem;
      ssl_certificate_key  /etc/letsencrypt/live/switchboard.chat/privkey.pem;
      ssl_prefer_server_ciphers On;
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
      ssl_session_cache shared:SSL:10m;

      access_log  /var/log/nginx/access.switchboard_chat.log  main;
      error_log   /var/log/nginx/error.switchboard_chat.log;

      client_max_body_size 10M;

      location /primus {
          proxy_http_version 1.1;
          proxy_buffering off;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "Upgrade";
          proxy_set_header Host $host;

          proxy_pass http://unix:/home/{{ deploy_user }}/www/switchboard.chat/shared/sockets/actionhero.sock;
      }

      location / {
          root        /home/{{ deploy_user }}/www/switchboard.chat/current/public/;
          expires 1m;
          try_files /$uri/index.html
                    /$uri.html
                    /$uri
                    @app;
      }

      location @app {
          proxy_pass http://unix:/home/{{ deploy_user }}/www/switchboard.chat/shared/sockets/actionhero.sock;
      }

  }
}

tasks_main.yml

# tasks/main.yml

- name: ensure the nginx dir
  file: path=/etc/nginx state=directory owner=root

- name: ensure the nginx log dir
  file: path=/var/log/nginx state=directory owner=nobody group=nogroup

- name: ensure the default site is removed
  file: path=/etc/nginx/sites-{{ item }}/default state=absent
  with_items:
    - enabled
    - available
  notify:
    - restart nginx

- name: nginx.conf
  template: src=production.conf.j2 dest=/etc/nginx/nginx.conf
  notify:
    - reload nginx

- name: install nginx
  apt: pkg=nginx state=present
  notify:
    - restart nginx

- meta: flush_handlers