Nginxinc Ansible Role Nginx Versions Save

BUG FIXES:

• Fix an issue where sometimes the role handlers will fail in distros where NGINX is not started upon installation.

ENHANCEMENTS:

• The role will no longer fail automatically on unsupported platforms, but the error message will still be displayed.
• The Check NGINX handler now always outputs an ok state instead of changed since it's a read-only operation with no traceable changes.

BREAKING CHANGES:

• The process to install modules has changed. You will now have to use a list variable, nginx_modules, instead of manually setting the modules you want to install to true or false. This change will also simplify adding future supported modules to this role. You can find a list of supported modules for NGINX and NGINX Plus in vars/main.yml.
• Modules can no longer be added to your NGINX config using this role. Please use the nginx_config role instead.
• Changed nginx_configure default value from true to false to further promote the adoption of the NGINX config role.

FEATURES:

• A new variable has been introduced:
  • nginx_setup_license -- Determine whether you want to use this role to upload your NGINX license to your target host.
• The role will now fail automatically if you try to deploy NGINX from an official repository in an unsupported distribution. You can find a list of supported distributions for NGINX and NGINX Plus in vars/main.yml
• Three new tags have been introduced -- nginx_setup_license, nginx_install and nginx_check_support.
• Add Alpine 3.12 to the list of supported platforms.
• Remove Alpine 3.8 from the list of supported platforms.
• Add NGINX Plus tests to TravisCI

ENHANCEMENTS:

• Added handlers to check for NGINX syntax validity and fail if any errors are detected.
• Switch to using ansible_facts wherever possible.
• Major backend refactoring to reduce the number of files and tasks.
• You can now specify an nginx_repository for NGINX Plus too.
• Moved "constant" variables to vars/main.yml.
• Included deprecation warnings in task names and files.
• Improved tasks naming conventions.
• Update Ansible to 2.9.13 and Ansible Lint to 4.3.5.

BUG FIXES:

• NGINX Plus repository data for RHEL based distros is now appropriately set.
• Building NGINX from source should now work as expected in CentOS/RHEL 6 systems running Python 2.6 or earlier versions of 2.7.

BREAKING CHANGES:

• The Debian and Ubuntu repositories have slightly changed. You may run into some duplication issues when running the role on a preexisting target that already has had NGINX installed using the role. To fix this, manually remove the old repository source.

ENHANCEMENTS:

• Update Ansible to 2.9.12 and Ansible Lint to 4.3.2.
• Explicitly define mode in relevant tasks.
• Explicitly define the nginx apt_repository filename in Debian based distros.

FEATURES:

• TravisCI now always uses the latest version of Docker.

BUG FIXES:

• Building OpenSSL from source should now work properly in CentOS 8.

DEPRECATION WARNING:

With the advent of Ansible collections and to reduce the overhead of this role, the decision has been made to split this role into three smaller roles:

• The NGINX Ansible role will keep working as is and be used to install and setup NGINX.
• There now is a separate role to manage and create NGINX configurations available here. Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionalities included in this role will be removed in an upcoming release.
• NGINX Unit has a separate role available here. Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release.

BREAKING CHANGES:

• The Debian and Ubuntu repositories have slightly changed. You may run into some duplication issues when running the role on a preexisting target that already has had NGINX installed using the role. To fix this, manually remove the old repository source.

• If you use custom_options you will now need to manually end each directive with a semicolon.

• The status directive is no longer supported in NGINX Plus, and the stub_status directive has been reworked into a template.

• The listen directive structure in the stream template has been updated to the listen directive structure found in the http template. You can now specify multiple listen directives in the same server block as well as include any extra listen options you might need.

  Old configuration example

  listen_address: localhost
  listen_port: 80
  udp_enable: false
  

  New configuration example

  listen:
    listen_localhost:
      ip: 0.0.0.0  # Wrap in square brackets for IPv6 addresses
      port: 80
      ssl: false
      opts: []  # Listen opts like udp which will be added (ssl is automatically added if you specify 'ssl:').
  

  The one major change is that instead of using udp_enable: true you will now need to use opts: [udp] if you wish to enable udp.

FEATURES:

• Add support to configure logrotate.
• Add support for Ubuntu Focal.
• Add support to configure SELinux.
• Two new variables have been introduced -- nginx_install and nginx_configure -- to let you choose whether you want to install NGINX, configure NGINX, or both.

ENHANCEMENTS:

• Molecule tests using Testinfra have been migrated to use Ansible instead.
• The role now uses include_tasks instead of import_tasks when possible to speed up the role's execution time.
• Improve configuration cleanup capabilities. You can now remove all *.conf files in a given directory, or specify a list of files you wish to delete.
• Improve configuration templating capabilities:
  • Add support for unix upstreams.
  • Add PID templating option.
  • Add support for down parameter in upstreams.
  • Add option for custom error pages.
  • Add SSL support to stream contexts.

BUG FIXES:

• nginx_debug_output would sometimes fail if NGINX had not been automatically started by the system upon installation.
• If http_demo_conf was undefined the web server template interpolation would fail.

This is a relatively minor release, but it includes a potential breaking change (hence the version bump). The one major new feature is the ability to install/build NGINX Open Source from source.

Features:

• Install/build NGINX from source options now available
• Implement NGINX http sub module templating
• NGINX config is now correctly validated each run
• SSL Private Key data is hidden when running the role with the --diff flag

Bug fixes:

• The role should no longer sporadically cause apt update to fail in amd64 systems when installing NGINX from an official repository
• Modules should now correctly install when using a specific NGINX Plus version

Breaking changes:

• The NGINX Controller agent can no longer be installed using this role. Please use the Ansible collection linked in the README

Features:

• Improve NGINX http templating:
  • Multiple server support in HTTP contexts
  • Header support
  • OCSP stapling
  • Improved proxy settings
  • Logging settings
  • Improved SSL settings
  • Improved authentication settings
  • Max body size support
  • Improved listen templating
• Switch to Molecule for testing
• Add support for Debian Buster
• Support for specifying which version of NGINX to install
• Split default variables into multiple functional files
• Improve support for Alpine distributions
• Support for updating or removing NGINX from your system
• Implemented tags to support running specific tasks instead of the whole role

Bug fixes:

• Module installation when using NGINX Plus has been fixed
• Websockets templating has been reenabled after being accidentally deleted
• When deleting your NGINX Plus license from the system, the NGINX Plus repository will also be deleted to prevent issues further down the line if you run a repository update since there will not be a license anymore to authenticate into the NGINX Plus repository.

Breaking changes:

• The new listen templating options are not backwards with the previous listen templating options. Check the README or molecule/template_module/playbook.yml for examples on how to use the new listen template.
• BSD and Linux NGINX installation tasks have undergone some major changes. As such, you may have to update your playbooks accordingly.

Features:

• Improve NGINX http templating - following parameters are now supported:
  • Websockets
  • Basic authentication
  • Proxy cache
  • Proxy redirect
  • Proxy timeouts
  • SSL
  • Root (in server context)
• Add basic NGINX stream templating
• Add support for RHEL 8 and Alpine Linux

Bug fixes:

• Fix module installation tasks

Features:

• Allow setting a custom apt and rpm signing key host
• Add support for enabling an http to https redirects
• Add ansible_managed to templates
• Rename html_app_name to web_server_name
• Rename load_balancer block to reverse_proxy
• Allow setting the listen port when using SSL
• Improve SSL defaults
• Allow setting http or https server locations in proxy_pass

Bug fixes:

• Ignore undefined values for autoindex and health check
• Clarify that the redirect variable refers to a http to https redirect

Bug fixes:

• Fix HTML template to use correct variable name