Add support for NGINX GZIP directives (#58)

* Add support for NGINX GZIP directives (resolves #42)
* Fix GRPC directives placement within `defaults/main/template.yml`

Author: alessfg

CHANGELOG.md

@@ -5,6 +5,7 @@
 ENHANCEMENTS:
 
 *   Add support for NGINX GRPC directives.
+*   Add support for NGINX GZIP directives.
 *   Added support for upstream server `backup` parameter in http and stream template.
 *   Only run GitHub actions Galaxy CI/CD workflow when a new release is published.
 *   Update list of supported platforms.

defaults/main/template.yml

@@ -78,6 +78,18 @@ nginx_config_main_template:
     #   ssl_trusted_certificate: fileLocation  # Optional
     #   ssl_verify: false  # Optional
     #   ssl_verify_depth: 1  # Optional
+    # gzip:  # Optional -- Configure GZIP
+    #   enable: true  # Optional
+    #   buffers:  # Optional
+    #     number: 32  # Required
+    #     size: 4k  # Required
+    #   comp_level: 1  # Optional
+    #   disable: []  # Optional list
+    #   http_version: 1.1  # Optional -- One of '1.0' or '1.1'
+    #   min_length: 20  # Optional
+    #   proxied: []  # Optional list
+    #   types: []  # Optional list
+    #   vary: false  # Optional
     access_log_format:
       - name: main
         format: |-
@@ -167,6 +179,18 @@ nginx_config_http_template:
         #   ssl_trusted_certificate: fileLocation  # Optional
         #   ssl_verify: false  # Optional
         #   ssl_verify_depth: 1  # Optional
+        # gzip:  # Optional -- Configure GZIP
+        #   enable: true  # Optional
+        #   buffers:  # Optional
+        #     number: 32  # Required
+        #     size: 4k  # Required
+        #   comp_level: 1  # Optional
+        #   disable: []  # Optional list
+        #   http_version: 1.1  # Optional -- One of '1.0' or '1.1'
+        #   min_length: 20  # Optional
+        #   proxied: []  # Optional list
+        #   types: []  # Optional list
+        #   vary: false  # Optional
         ssl:
           cert: /etc/ssl/certs/default.crt
           key: /etc/ssl/private/default.key
@@ -232,40 +256,18 @@ nginx_config_http_template:
               #   security_log:  # Optional
               #     path: path  # Required
               #     destination: dest  # Required
-              # grpc_global:  # Optional -- Configure GRPC
-              #   bind:  # Optional -- Set to 'false' and remove/comment nested variables to disable grpc_bind
-              #     address: $remote_addr  # Required
-              #     transparent: true  # Optional
-              #   buffer_size: 4k  # Optional
-              #   connect_timeout: 60s  # Optional
-              #   hide_header: []  # Optional list
-              #   ignore_headers: []  # Optional list -- 'X-Accel-Redirect' or 'X-Accel-Charset'
-              #   intercept_errors: false  # Optional
-              #   next_upstream: []  # Optional list
-              #   next_upstream_timeout: 0  # Optional
-              #   next_upstream_tries: 0  # Optional
-              #   pass_header: []  # Optional list
-              #   read_timeout: 60s  # Optional
-              #   send_timeout: 60s  # Optional
-              #   set_header:  # Optional
-              #     - field: Accept-Encoding  # Required
-              #       value: '""'  # Required
-              #   socket_keepalive: false  # Optional
-              #   ssl_certificate: fileLocation  # Optional
-              #   ssl_certificate_key: fileLocation  # Optional
-              #   ssl_ciphers: DEFAULT  # Optional
-              #   ssl_conf_command: command  # Optional
-              #   ssl_crl: fileLocation  # Optional
-              #   ssl_name: serverName  # Optional
-              #   ssl_password_file: fileLocation  # Optional
-              #   ssl_protocols: []  # Optional list
-              #   ssl_server_name: false  # Optional
-              #   ssl_session_reuse: true  # Optional
-              #   ssl_trusted_certificate: fileLocation  # Optional
-              #   ssl_verify: false  # Optional
-              #   ssl_verify_depth: 1  # Optional
-              # grpc:  # Optional -- Configure GRPC
-              #   pass: localhost:9000  # Optional
+              # gzip:  # Optional -- Configure GZIP
+              #   enable: true  # Optional
+              #   buffers:  # Optional
+              #     number: 32  # Required
+              #     size: 4k  # Required
+              #   comp_level: 1  # Optional
+              #   disable: []  # Optional list
+              #   http_version: 1.1  # Optional -- One of '1.0' or '1.1'
+              #   min_length: 20  # Optional
+              #   proxied: []  # Optional list
+              #   types: []  # Optional list
+              #   vary: false  # Optional
               include_files: []
               proxy_hide_headers: []  # A list of headers which shouldn't be passed to the application
               add_headers:
@@ -314,6 +316,52 @@ nginx_config_http_template:
               #   security_log:  # Optional
               #     path: path  # Required
               #     destination: dest  # Required
+              # grpc_global:  # Optional -- Configure GRPC
+              #   bind:  # Optional -- Set to 'false' and remove/comment nested variables to disable grpc_bind
+              #     address: $remote_addr  # Required
+              #     transparent: true  # Optional
+              #   buffer_size: 4k  # Optional
+              #   connect_timeout: 60s  # Optional
+              #   hide_header: []  # Optional list
+              #   ignore_headers: []  # Optional list -- 'X-Accel-Redirect' or 'X-Accel-Charset'
+              #   intercept_errors: false  # Optional
+              #   next_upstream: []  # Optional list
+              #   next_upstream_timeout: 0  # Optional
+              #   next_upstream_tries: 0  # Optional
+              #   pass_header: []  # Optional list
+              #   read_timeout: 60s  # Optional
+              #   send_timeout: 60s  # Optional
+              #   set_header:  # Optional
+              #     - field: Accept-Encoding  # Required
+              #       value: '""'  # Required
+              #   socket_keepalive: false  # Optional
+              #   ssl_certificate: fileLocation  # Optional
+              #   ssl_certificate_key: fileLocation  # Optional
+              #   ssl_ciphers: DEFAULT  # Optional
+              #   ssl_conf_command: command  # Optional
+              #   ssl_crl: fileLocation  # Optional
+              #   ssl_name: serverName  # Optional
+              #   ssl_password_file: fileLocation  # Optional
+              #   ssl_protocols: []  # Optional list
+              #   ssl_server_name: false  # Optional
+              #   ssl_session_reuse: true  # Optional
+              #   ssl_trusted_certificate: fileLocation  # Optional
+              #   ssl_verify: false  # Optional
+              #   ssl_verify_depth: 1  # Optional
+              # grpc:  # Optional -- Configure GRPC
+              #   pass: localhost:9000  # Optional
+              # gzip:  # Optional -- Configure GZIP
+              #   enable: true  # Optional
+              #   buffers:  # Optional
+              #     number: 32  # Required
+              #     size: 4k  # Required
+              #   comp_level: 1  # Optional
+              #   disable: []  # Optional list
+              #   http_version: 1.1  # Optional -- One of '1.0' or '1.1'
+              #   min_length: 20  # Optional
+              #   proxied: []  # Optional list
+              #   types: []  # Optional list
+              #   vary: false  # Optional
               include_files: []
               proxy_hide_headers: []  # A list of headers which shouldn't be passed to the application
               add_headers:

molecule/default/converge.yml

@@ -51,6 +51,21 @@
                 - field: Accept-Encoding
                   value: '""'
               socket_keepalive: false
+            gzip:
+              enable: true
+              buffers:
+                number: 32
+                size: 4k
+              comp_level: 1
+              disable:
+                - '"msie6"'
+              http_version: 1.1
+              min_length: 20
+              proxied:
+                - expired
+              types:
+                - text/html
+              vary: false
             default_type: application/octet-stream
             access_log_format:
               - name: main

templates/http/default.conf.j2

@@ -95,6 +95,12 @@ server {
     {{ grpc_global(item.value.servers[server].grpc_global) }}
 {% endfilter %}
 {% endif %}
+{% if item.value.servers[server].gzip is defined %}
+{% from 'http/gzip.j2' import gzip with context %}
+{% filter indent(4) %}
+    {{ gzip(item.value.servers[server].gzip) }}
+{% endfilter %}
+{% endif %}
 {% if item.value.servers[server].ssl is defined and item.value.servers[server].ssl %}
     ssl_certificate {{ item.value.servers[server].ssl.cert }};
     ssl_certificate_key {{ item.value.servers[server].ssl.key }};
@@ -221,6 +227,12 @@ server {
         {{ grpc_local(item.value.servers[server].reverse_proxy.locations[location].grpc) }}
 {% endfilter %}
 {% endif %}
+{% if item.value.servers[server].reverse_proxy.locations[location].gzip is defined %}
+{% from 'http/gzip.j2' import gzip with context %}
+{% filter indent(8) %}
+        {{ gzip(item.value.servers[server].reverse_proxy.locations[location].gzip) }}
+{% endfilter %}
+{% endif %}
 {% if item.value.servers[server].reverse_proxy.locations[location].include_files is defined and item.value.servers[server].reverse_proxy.locations[location].include_files | length %}
 {% for file in item.value.servers[server].reverse_proxy.locations[location].include_files %}
         include "{{ file }}";
@@ -426,8 +438,14 @@ server {
     location {{ item.value.servers[server].web_server.locations[location].location }} {
 {% if item.value.servers[server].web_server.locations[location].app_protect is defined %}
 {% from 'app_protect.j2' import app_protect_local with context %}
-{% filter indent(12) %}
-    {{ app_protect_local(item.value.servers[server].web_server.locations[location].app_protect) }}
+{% filter indent(8) %}
+       {{ app_protect_local(item.value.servers[server].web_server.locations[location].app_protect) }}
+{% endfilter %}
+{% endif %}
+{% if item.value.servers[server].web_server.locations[location].gzip is defined %}
+{% from 'http/gzip.j2' import gzip with context %}
+{% filter indent(8) %}
+        {{ gzip(item.value.servers[server].web_server.locations[location].gzip) }}
 {% endfilter %}
 {% endif %}
 {% if item.value.servers[server].web_server.locations[location].html_file_location is defined %}
@@ -497,7 +515,6 @@ server {
 {% if item.value.servers[server].web_server.locations[location].sub_filter.types is defined and item.value.servers[server].web_server.locations[location].sub_filter.types %}
         sub_filter_types {{ item.value.servers[server].web_server.locations[location].sub_filter.types }};
 {% endif %}
-
     }
 {% endfor %}
 {% if item.value.servers[server].web_server.http_demo_conf is defined and item.value.servers[server].web_server.http_demo_conf %}
@@ -548,7 +565,6 @@ server {
 {% if item.value.servers[server].error_log is defined %}
     error_log {{ item.value.servers[server].error_log.location }} {{ item.value.servers[server].error_log.level }};
 {% endif %}
-
 }
 {% endfor %}
 {% endif %}

templates/http/gzip.j2

@@ -0,0 +1,35 @@
+{{ ansible_managed | comment }}
+{# NGINX GZIP template -- Add directives under its corresponding block #}
+{# Format is as follows #}
+{# Left side (context module_name) -- Right side (module name) #}
+{# HTTP NGINX GZIP -- ngx_http_gzip_module #}
+
+{% macro gzip(gzip) %}
+{% if gzip['enable'] is defined %}
+gzip {{ gzip['enable'] | ternary('on', 'off') }};
+{% endif %}
+{% if gzip['buffers'] is defined %}
+gzip_buffers {{ gzip['buffers']['number'] }} {{ gzip['buffers']['size'] }};
+{% endif %}
+{% if gzip['comp_level'] is defined %}
+gzip_comp_level {{ gzip['comp_level'] }};
+{% endif %}
+{% if gzip['disable'] is defined %}
+gzip_disable {{ gzip['disable'] | join(' ') }};
+{% endif %}
+{% if gzip['http_version'] is defined %}
+gzip_http_version {{ gzip['http_version'] }};
+{% endif %}
+{% if gzip['min_length'] is defined %}
+gzip_min_length {{ gzip['min_length'] }};
+{% endif %}
+{% if gzip['proxied'] is defined %}
+gzip_proxied {{ 'off' if not gzip['proxied'] }}{{ gzip['proxied'] | join(' ') if gzip['proxied'] | type_debug == 'list' }};
+{% endif %}
+{% if gzip['types'] is defined %}
+gzip_types {{ gzip['types'] | join(' ') }};
+{% endif %}
+{% if gzip['vary'] is defined %}
+gzip_vary {{ gzip['vary'] | ternary('on', 'off') }};
+{% endif %}
+{% endmacro %}

templates/nginx.conf.j2

@@ -67,23 +67,23 @@ http {
 {% endfor %}
 {% endif %}
 {% endif %}
-
     sendfile        on;
-
 {% if nginx_config_main_template.http_settings.tcp_nopush is defined and nginx_config_main_template.http_settings.tcp_nopush %}
     tcp_nopush      on;
 {% endif %}
 {% if nginx_config_main_template.http_settings.tcp_nodelay is defined and nginx_config_main_template.http_settings.tcp_nodelay %}
     tcp_nodelay     on;
 {% endif %}
-
 {% if nginx_config_main_template.http_settings.server_tokens is defined and nginx_config_main_template.http_settings.server_tokens | length %}
     server_tokens {{ nginx_config_main_template.http_settings.server_tokens }};
 {% endif %}
-
     keepalive_timeout  {{ nginx_config_main_template.http_settings.keepalive_timeout }};
-
-    #gzip  on;
+{% if nginx_config_main_template.http_settings.gzip is defined %}
+{% from 'http/gzip.j2' import gzip with context %}
+{% filter indent(4) %}
+    {{ gzip(nginx_config_main_template.http_settings.gzip) }}
+{% endfilter %}
+{% endif %}
 {% if nginx_config_main_template.http_settings.cache %}
     proxy_cache_path /tmp/cache keys_zone=one:10m;
 {% endif %}