nginx
diff --git a/‎.travis.yml
Lines changed: 8 additions & 21 deletions b/‎.travis.yml
Lines changed: 8 additions & 21 deletions
diff --git a/‎CHANGELOG.md
Lines changed: 7 additions & 3 deletions b/‎CHANGELOG.md
Lines changed: 7 additions & 3 deletions
diff --git a/‎README.md
Lines changed: 5 additions & 3 deletions b/‎README.md
Lines changed: 5 additions & 3 deletions
diff --git a/‎defaults/main/template.yml
Lines changed: 33 additions & 0 deletions b/‎defaults/main/template.yml
Lines changed: 33 additions & 0 deletions
diff --git a/‎defaults/main/upload.yml
Lines changed: 3 additions & 3 deletions b/‎defaults/main/upload.yml
Lines changed: 3 additions & 3 deletions
diff --git a/‎files/conf/http/.gitkeep renamed to ‎files/config/http/.gitkeep b/‎files/conf/http/.gitkeep renamed to ‎files/config/http/.gitkeep
diff --git a/‎files/conf/stream/.gitkeep renamed to ‎files/config/stream/.gitkeep b/‎files/conf/stream/.gitkeep renamed to ‎files/config/stream/.gitkeep
diff --git a/‎handlers/main.yml
Lines changed: 18 additions & 16 deletions b/‎handlers/main.yml
Lines changed: 18 additions & 16 deletions
diff --git a/‎molecule/common/playbooks/cleanup_module_converge.yml renamed to ‎molecule/cleanup_module/converge.yml b/‎molecule/common/playbooks/cleanup_module_converge.yml renamed to ‎molecule/cleanup_module/converge.yml
diff --git a/‎molecule/cleanup_module/molecule.yml
Lines changed: 9 additions & 18 deletions b/‎molecule/cleanup_module/molecule.yml
Lines changed: 9 additions & 18 deletions
@@ -1,43 +1,30 @@
 ---
 language: python
 services: docker
+branches:
+  only: main
 jobs:
   include:
-    - name: "(Debian/Ubuntu) Cleanup config and try to install modules"
+    - name: (Alpine Linux/CentOS/Debian/Ubuntu) Cleanup config and try to install modules
       env:
         scenario: cleanup_module
-    - name: "(Alpine Linux) Cleanup config and try to install modules"
-      env:
-        scenario: cleanup_module_alpine
-    - name: "(CentOS) Cleanup config and try to install modules"
-      env:
-        scenario: cleanup_module_centos
-    - name: "(Debian/Ubuntu) Test config templates"
+    - name: (Alpine Linux/CentOS/Debian/Ubuntu) Test config generation
       env:
         scenario: default
-    - name: "(Alpine Linux) Test config templates"
-      env:
-        scenario: default_alpine
-    - name: "(CentOS) Test config templates"
+    - name: (CentOS/Debian/Ubuntu) Test config generation with NGINX Plus directives
       env:
-        scenario: default_centos
-    - name: "(Debian/Ubuntu) Install stable branch and push a config"
+        scenario: plus
+    - name: (Alpine Linux/CentOS/Debian/Ubuntu) Install stable branch and push a config
       env:
         scenario: stable_push
-    - name: "(Alpine Linux) Install stable branch and push a config"
-      env:
-        scenario: stable_push_alpine
-    - name: "(CentOS) Install stable branch and push a config"
-      env:
-        scenario: stable_push_centos
 before_install:
   - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
   - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
   - sudo apt-get update
   - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
 install:
   - pip install ansible==2.9.13
-  - pip install ansible-lint==4.3.4
+  - pip install ansible-lint==4.3.5
   - pip install yamllint==1.24.2
   - pip install molecule==3.0.8
   - pip install docker==4.3.1
 
@@ -1,6 +1,6 @@
 # Changelog
 
-## 0.2.0 (September 13, 2020)
+## 0.2.0 (September 22, 2020)
 
 BREAKING CHANGES:
 
@@ -12,15 +12,19 @@ Make sure you only use one variable or the other, since they will overwrite each
 
 FEATURES:
 
+*   Support for all NGINX App Protect directives has been added. You can find details on the supported directives on `defaults/main/template.yml`. This is the first module to be included using J2 macros. Expect to slowly see a refactor of various modules to use macros where possible.
 *   A new variable has been introduced:
     *   `nginx_debug_tasks` -- Print task related information to give you a better insight into the current progress of the role.
-*   Improved tasks naming conventions.
 *   Add Alpine `3.12` to the list of supported platforms.
 *   Remove Alpine `3.8` from the list of supported platforms .
+*   Add NGINX Plus tests to TravisCI
 
 ENHANCEMENTS:
 
-*   Update Ansible to `2.9.13` and Ansible Lint to `4.3.4`.
+*   Added handlers to check for NGINX syntax validity and fail if any errors are detected.
+*   Switch to using `ansible_facts` wherever possible.
+*   Improved tasks naming conventions.
+*   Update Ansible to `2.9.13` and Ansible Lint to `4.3.5`.
 *   Explicitly defined `mode` in relevant tasks.
 *   Improve configuration templating capabilities:
     *   Allow setting `access_log`/`access_log_location` to `off`.
 
@@ -108,6 +108,7 @@ Role Variables
 This role has multiple variables. The descriptions and defaults for all these variables can be found in the **`defaults/main/`** directory in the following files:
 
 -   **[defaults/main/main.yml](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/defaults/main/main.yml):** NGINX simple config variables
+-   **[defaults/main/selinux.yml](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/defaults/main/selinux.yml):** Set up SELinux to allow the necessary connections to your NGINX setup
 -   **[defaults/main/template.yml](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/defaults/main/template.yml):** NGINX config template variables
 -   **[defaults/main/upload.yml](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/defaults/main/upload.yml):** NGINX config/HTML/SSL upload variables
 
@@ -116,9 +117,10 @@ Example Playbooks
 
 Working functional playbook examples can be found in the **`molecule/common/`** directory in the following files:
 
--   **[molecule/common/playbooks/cleanup_module_converge.yml](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/molecule/common/playbooks/cleanup_module_converge.yml):** Cleanup an NGINX config and configure NGINX supported modules
--   **[molecule/common/playbooks/default_converge.yml](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/molecule/common/playbooks/default_converge.yml):** Use the NGINX config templating variables to create an NGINX config
--   **[molecule/common/playbooks/stable_push_converge.yml](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/molecule/common/playbooks/stable_push_converge.yml):** Install NGINX using the stable branch and push a preexisting config from your system to your NGINX instance
+-   **[molecule/cleanup_module/converge.yml](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/molecule/cleanup_module/converge.yml):** Cleanup an NGINX config and configure NGINX supported modules
+-   **[molecule/default/converge.yml](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/molecule/default/converge.yml):** Use the NGINX config templating variables to create an NGINX config
+-   **[molecule/plus/converge.yml](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/molecule/plus/converge.yml):** Use the NGINX config templating variables to create an NGINX Plus config
+-   **[molecule/stable_push/converge.yml](https://github.com/nginxinc/ansible-role-nginx-config/blob/main/molecule/stable_push/converge.yml):** Install NGINX using the stable branch and push a preexisting config from your system to your NGINX instance
 
 Do note that if you install this repository via Ansible Galaxy, you will have to replace the role variable in the sample playbooks from `ansible-role-nginx-config` to `nginxinc.nginx_config`.
 
 
@@ -27,6 +27,18 @@ nginx_config_main_template:
   worker_connections: 1024
   http_enable: true
   http_settings:
+    # app_protect_global:  # Optional -- Configure NGINX App Protect
+    #   physical_memory_util_thresholds:  # Optional
+    #     high: 100  # Required
+    #     low: 100  # Required
+    #   cpu_thresholds:  # Optional
+    #     high: 100  # Required
+    #     low: 100  # Required
+    #   failure_mode_action: pass  # Optional -- `pass` or `drop`
+    #   cookie_seed: encryptionseed  # Optional
+    #   compressed_requests_action: drop  # Optional -- `pass` or `drop`
+    #   request_buffer_overflow_action: pass  # Optional -- `pass` or `drop`
+    #   user_defined_signatures: []  # Optional list
     access_log_format:
       - name: main
         format: |-
@@ -77,6 +89,13 @@ nginx_config_http_template:
             port: 8081
             ssl: true
             opts: []  # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
+        # app_protect:  # Optional -- Configure NGINX App Protect
+        #   enable: false  # Optional
+        #   policy_file: path  # Optional
+        #   security_log_enable: false  # Optional
+        #   security_log:  # Optional
+        #     path: path  # Required
+        #     destination: dest  # Required
         ssl:
           cert: /etc/ssl/certs/default.crt
           key: /etc/ssl/private/default.key
@@ -135,6 +154,13 @@ nginx_config_http_template:
           locations:
             default:
               location: /
+              # app_protect:  # Optional -- Configure NGINX App Protect
+              #   enable: false  # Optional
+              #   policy_file: path  # Optional
+              #   security_log_enable: false  # Optional
+              #   security_log:  # Optional
+              #     path: path  # Required
+              #     destination: dest  # Required
               include_files: []
               proxy_hide_headers: []  # A list of headers which shouldn't be passed to the application
               add_headers:
@@ -176,6 +202,13 @@ nginx_config_http_template:
           locations:
             backend:
               location: /
+              # app_protect:  # Optional -- Configure NGINX App Protect
+              #   enable: false  # Optional
+              #   policy_file: path  # Optional
+              #   security_log_enable: false  # Optional
+              #   security_log:  # Optional
+              #     path: path  # Required
+              #     destination: dest  # Required
               include_files: []
               proxy_hide_headers: []  # A list of headers which shouldn't be passed to the application
               add_headers:
 
@@ -4,15 +4,15 @@
 # Default location of files is the files folder within the NGINX Config Ansible role.
 # Upload the main NGINX configuration file.
 nginx_config_main_upload_enable: false
-nginx_config_main_upload_src: conf/nginx.conf
+nginx_config_main_upload_src: config/nginx.conf
 nginx_config_main_upload_dest: /etc/nginx/
 # Upload HTTP NGINX configuration files.
 nginx_config_http_upload_enable: false
-nginx_config_http_upload_src: conf/http/*.conf
+nginx_config_http_upload_src: config/http/*.conf
 nginx_config_http_upload_dest: /etc/nginx/conf.d/
 # Upload Stream NGINX configuration files.
 nginx_config_stream_upload_enable: false
-nginx_config_stream_upload_src: conf/stream/*.conf
+nginx_config_stream_upload_src: config/stream/*.conf
 nginx_config_stream_upload_dest: /etc/nginx/conf.d/
 # Upload HTML files.
 nginx_config_html_upload_enable: false
 
@@ -1,21 +1,23 @@
 ---
-- name: "(Handler) Run NGINX"
-  block:
-    - name: "(Handler) Start NGINX"
-      service:
-        name: nginx
-        state: started
-        enabled: yes
-      notify: "(Handler) Check NGINX"
+- name: (Handler - NGINX Config) Check NGINX
+  command: nginx -t
+  register: config
+  ignore_errors: yes
+  changed_when: false
+  listen: (Handler - NGINX Config) Run NGINX
 
-    - name: "(Handler) Check NGINX"
-      command: "nginx -t"
-      notify: "(Handler) Start NGINX"
-      changed_when: false
+- name: (Handler - NGINX Config) Print NGINX error if syntax check fails
+  debug:
+    var: config.stderr_lines
+  failed_when: config.rc != 0
+  when: config.rc != 0
+  listen: (Handler - NGINX Config) Run NGINX
 
-    - name: "(Handler) Reload NGINX"
-      command: "nginx -s reload"
-      changed_when: false
+- name: (Handler - NGINX Config) Start/reload NGINX
+  service:
+    name: nginx
+    state: reloaded
   when:
     - nginx_config_start | bool
-    - not ansible_check_mode
+    - not ansible_check_mode | bool
+  listen: (Handler - NGINX Config) Run NGINX
@@ -2,30 +2,30 @@
 dependency:
   name: galaxy
   options:
-    role-file: molecule/common/requirements.yml
+    role-file: molecule/common/playbooks/oss_requirements.yml
 driver:
   name: docker
 lint: |
   set -e
   yamllint .
   ansible-lint --force-color
 platforms:
-  - name: debian-stretch
-    image: debian:stretch-slim
+  - name: alpine-3.11
+    image: alpine:3.11
     dockerfile: ../common/Dockerfile.j2
     privileged: true
     volumes:
       - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
     command: "/sbin/init"
-  - name: debian-buster
-    image: debian:buster-slim
+  - name: centos-7
+    image: centos:7
     dockerfile: ../common/Dockerfile.j2
     privileged: true
     volumes:
       - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
-    command: "/sbin/init"
-  - name: ubuntu-xenial
-    image: ubuntu:xenial
+    command: "/usr/sbin/init"
+  - name: debian-stretch
+    image: debian:stretch-slim
     dockerfile: ../common/Dockerfile.j2
     privileged: true
     volumes:
@@ -38,16 +38,7 @@ platforms:
     volumes:
       - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
     command: "/sbin/init"
-  - name: ubuntu-focal
-    image: ubuntu:focal
-    dockerfile: ../common/Dockerfile.j2
-    privileged: true
-    volumes:
-      - "/sys/fs/cgroup:/sys/fs/cgroup:rw"
-    command: "/sbin/init"
 provisioner:
   name: ansible
   playbooks:
-    prepare: ../common/playbooks/prepare.yml
-    converge: ../common/playbooks/cleanup_module_converge.yml
-    verify: ../common/playbooks/cleanup_module_verify.yml
+    prepare: ../common/playbooks/oss_prepare.yml