Update dependency nginxinc.nginx_config to v0.7.1 #144
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.3.3
->0.7.1
Release Notes
nginxinc/ansible-role-nginx-config (nginxinc.nginx_config)
v0.7.1
Compare Source
ENHANCEMENTS:
http_v3
module.BUG FIXES:
CI/CD:
ansible-compat
version from the CI/CD pipeline.v0.7.0
Compare Source
BREAKING CHANGES:
listen
dictionary:spdy
-> This parameter is no longer supported.http2
-> This parameter has been replaced by thehttp2
directive. To enable HTTP2, use theenable
parameter in the newly implementedhttp2
module/dictionary:ENHANCEMENTS:
http2
(officially namedhttp_v2
) module.community.general
collection to7.1.0
,ansible.posix
collection to1.5.4
,community.crypto
collection to2.14.0
, andcommunity.docker
collection to3.4.7
.BUG FIXES:
map.mappings
directive.CI/CD:
stable_push
Molecule scenario since installing the NGINX stable branch is already tested by the core NGINX Ansible role.molecule[docker]
withmolecule
andmolecule-plugins[docker]
.ansible-compat
version (commented out for the time being whilst waiting for a new release of Molecule).v0.6.0
Compare Source
ENHANCEMENTS:
2.12
(2.11
is no longer supported by Ansible).include
directive in the main NGINX context.community.general
collection to6.2.0
andcommunity.docker
collection to3.4.0
.BUG FIXES:
ignore-tags
GitHub Actions key does not exist. Replace it with the correct key,tags-ignore
.TESTS:
cgroups
v2).amd64
as the platform used in NGINX Plus Molecule tests. This will ensure that tests involving NGINX App Protect will work as expected when run on different host architectures (e.g. newer Macbooks witharm
processors).v0.5.2
Compare Source
ENHANCEMENTS:
community.general
collection to5.5.0
,ansible.posix
collection to1.4.0
andcommunity.docker
collection to3.1.0
.auth_jwt_require
now allows you to optionally set theerror
code you wish to return.health_check
now lets you set akeepalive_time
.app_protect_dos_arb_fqdn
,app_protect_dos_api
, andapp_protect_dos_accelerated_mitigation
).BUG FIXES:
Improve the NGINX main config defaults to bring them closer to the standard NGINX defaults on a fresh NGINX install.
TESTS:
v0.5.1
Compare Source
FEATURES:
Rename all modules to use the fully qualified collection name (FQCN) per Ansible guidelines.
ENHANCEMENTS:
community.general
collection to4.7.0
andcommunity.docker
collection to2.3.0
.tasks/config/template-config.yml
to reduce amount of output data.gunzip
,map
,mirror
,realip
andsplit_clients
modules intohttp
templates.BUG FIXES:
Ansible check mode runs will no longer fail if NGINX has not yet been installed.
v0.5.0
Compare Source
BREAKING CHANGES:
0.4.0
. To recap, these arenginx_config_main_upload_*
,nginx_config_upload_html_*
, andnginx_config_stream_upload_*
. Usenginx_config_upload
instead.stream
Jinja2 templates!:Each NGINX module is now contained within its own templating file. Macros are then used, in turn, to import each respective module template into a top level template file.
This avoids confusing and unnecessary code duplication, as well as hard to maintain code.
You will notice that the overall structure of your NGINX config now follows a very simple dictionary structure where each top level key corresponds to an NGINX module. Top level lists are used when dealing with
servers
:Check
defaults/main/template.yml
andmolecule/default/converge.yml
for examples!These changes follow in the footsteps of the
http
Jinja2 refactor introduced in the0.4.0
release. If you want more information on how to port yourstream
configurations, the release notes/changelog for0.4.0
are a good place to start.conf_file_name
andconf_file_location
withdeployment_location
insidenginx_config_stream_template
.html_file_name
andhtml_file_location
withdeployment_location
insidenginx_config_html_demo_template
.FEATURES:
backup
variable to template and upload parameters. Set tofalse
if you don't want to keep backups of your previous NGINX config files.client_body_temp_path
directory if your NGINX config uses the directive.ENHANCEMENTS:
Bump the Ansible
community.general
collection to4.4.0
andcommunity.docker
collection to2.1.1
.BUG FIXES:
custom_directives
entry and the http template.defaults/main/template.yml
.http/ssl.j2
Jinja2 template.v0.4.2
Compare Source
BUG FIXES:
so_keepalive
parameter was not working as intended when setting specific values.v0.4.1
Compare Source
BUG FIXES:
deployment_location
directory would not be properly created due to an outdated variable.http/auth.j2
.v0.4.0
Compare Source
This is a very big release which fundamentally refactors the whole NGINX configuration templating engine. Almost all of the templates have undergone some breaking changes. Please take extra caution when upgrading your environment to this release and make sure you test any required changes before using the role in any potential production environments.
Efforts have been made to thoroughly test all these changes and make sure they work as intended, but due to the magnitude of the refactoring work, there will be some bugs that have escaped our tests. If you find any, please open an issue or PR through the usual channels.
DEPRECATION WARNINGS:
The
nginx_config_main_upload_*
,nginx_config_upload_html_*
, andnginx_config_stream_upload_*
parameters have been deprecated in favor of a newly introduced parameter,nginx_config_upload
(previouslynginx_config_snippet_upload_*
). The new parameter provides greater flexibility in configuring your upload settings in addition to simplifying the upload Ansible tasks. The deprecated parameters will be removed in the next major release (0.5.0), due December 2021.BREAKING CHANGES:
General updates:
nginx_config_snippet_upload_*
parameters tonginx_config_upload_*
(checkdefaults/main/upload.yml
for an example).nginx_config_html_upload_*
parameters tonginx_config_upload_html_*
.nginx_config_ssl_upload_*
parameters tonginx_config_upload_ssl_*
.nginx_config_html_upload
andnginx_config_ssl_upload
parameters to use a list instead of a singlesrc
anddest
value (checkdefaults/main/upload.yml
for an example).Template engine updates:
Refactor all the
http
Jinja2 templates!:Each NGINX module is now contained within its own templating file. Macros are then used, in turn, to import each respective module template into a top level template file.
This avoids confusing and unnecessary code duplication, as well as hard to maintain code.
You will notice that the overall structure of your NGINX config now follows a very simple dictionary structure where each top level key corresponds to an NGINX module. Top level lists are used when dealing with
servers
andlocations
:Check
defaults/main/template.yml
andmolecule/default/converge.yml
for examples!Refactor the base config templates to simplify the creation of templates as well as development and maintenance moving forward:
servers
,servers.listen
,server.locations
,upstream
andupstream.servers
from nested dictionaries in thehttp
andstream
configuration templates to lists.web_server
andreverse_proxy
nested dictionary keys from the HTTP templates. These often lead to confusing and unnecessary code duplication and hard to maintain code. To update your templates, remove both keys and adjust your spacing accordingly.conf_file_name
andconf_file_location
with a single variable,deployment_location
.config
key in both the core/main and HTTP templates.nginx_config_html_demo_template
variable from a nested dictionary to a list.Refactor the
nginx_config_main_template
to now include all the respectivecore
andevents
directives. The following variables have changed:http_enable
no longer exists, neither doeshttp_settings
. You can still usehttp.include
to include files within thehttp
context.stream_enable
no longer exists, neither doesstream_settings
. You can still usestream.include
to include files within thestream
context.Refactor the
upstream
HTTP config template into its own separate file. All theupstream
module directives are now included. The following variables have changed:port
is no longer supported. Instead, include the port as part of youraddress
.lb_method
is no longer supported. Instead, you will have to specifically set the method you want to use.zone_name
andzone_size
have been modified into a dictionary.sticky_cookie
is no longer supported as is. You will now have to configure the respectivesticky_cookie
values.health_check
parameter within theserver
dictionary is no longer supported. Instead, manually setmax_fails
andfail_timeout
.Refactor various individual variables into the
core
HTTP config template. All thecore
module directives are now included. The following variables are now included in thecore
dictionary:alias
,client_max_body_size
,error_log
,error_page
,include
,index
,keepalive_timeout
,listen
,root
,send_file
,server_name
,server_names_hash_bucket_size
,server_names_hash_max_size
,server_tokens
,tcp_nodelay
,tcp_nopush
,try_files
listen.port
is nowlisten.address
, andlisten.opts
no longer exists (there are now individual keys for eachlisten
parameter).Refactor the
ssl
HTTP config template into its own separate file. All thessl
module directives are now included. Almost all variables have changed:ssl
variables still live within anssl
dictionary, but the names have changed to reflect the official NGINX directive names.ssl
configs are now supported within both thehttp
andserver
contexts.Refactor both the
app_protect_waf
andapp_protect_dos
modules into a single file:app_protect
dictionary now has theapp_protect_waf
key.app_protect_global
directives are now found inside theapp_protect_waf
dictionary too.Refactor the
proxy
HTTP config template into its own separate file. All theproxy
module directives are now included. All variables have changed:All
proxy_*
related variables now live under theproxy
dictionary key. You can specify theproxy
dictionary key inside thehttp
,server
, andlocation
contexts.Removed the
nginx_config_main_template.http_settings.cache
dictionary variable. Usenginx_config_http_template.*.proxy.cache_path
instead.Removed the
location.websocket
variable. Uselocation.proxy.set_header
instead:Combine the
grpc_global
directives with thegrpc
directives.Refactor the
auth
HTTP config template into its own separateauth
modules file. All the variousauth
related module directives including allauth_jwt
directives are now available. All variables have changed:auth
variables now live within their respectiveauth
dictionaries.auth
configs are now supported within thehttp
,server
, andlocation
contexts.Refactor the
autoindex
HTTP config template into its own separate filemodules
file and added missingautoindex
module directives. All variables have changed:autoindex
directives now live within theautoindex
dictionary.autoindex
dictionary now lives in the HTTP template config instead of the Main template config.Refactor the
add_headers
dictionary into aheaders
dictionary that now includes all theheaders
HTTP config directives:add_headers
directive now lives within theheaders
dictionary.Refactor the
keyval
directives into its own template config that now includes all thekeyval
HTTP module directives:keyval
directives now live within thekeyval
dictionary.keyval
dictionary now lives in the HTTP template config instead of the Main template config.Refactor
server.health_check_plus
into its own dictionary that now includes all thehealth_check
module directives (checkdefaults/main/template.yml
for examples).Refactor the
limit_req
directive into its own dictionary:limit_req
directives now live within thelimit_req
dictionary.limit_req
dictionary now lives in the HTTP template config instead of the Main template config.Refactor the
access_log
andlog_format
directives into alog
dictionary that now includes all thelog
module directives:access
andformat
directive now lives within thelog
dictionary.log
dictionary HTTP context now lives in the HTTP template config instead of the Main template config.Refactor the
return
andrewrite
directives into their own dictionary that now includes all therewrite
HTTP module directives:The
rewrites
directive has transitioned from a list of one linersto
The
return
directive has transitioned from a slightly complex dictionary structure (wherein thelocation
variable didn't necessarily have any effect)to a slightly less complicated structure
Refactor the
sub_filter
directives into their ownsub_filter
dictionary that includes all thesub_filter
HTTP module directives:The only major difference is that one liners under the
sub_filters
dictionary key have changed fromto
Removed the
server.http_demo_conf
dictionary. Useserver.sub_filters
instead:The
sub_filter
dictionary HTTP context now lives in the HTTP template config instead of the Main template config.Rename some NGINX template config parameters to align with NGINX directive names:
html_file_location
toroot
.html_file_name
toindex
.NGINX App Protect 3.2 supports multiple log destinations per scope. Changing the
security_log
variable from a dictionary to a list of objects in order to support this.NGINX App Protect 3.5 supports a new timeout directive which allows the user to configure the period of time between reconnect retries of the module to the web application firewall (WAF) engine. Added this as a supported directive.
FEATURES:
Replace Ansible community distribution with Ansible base and add the necessary extra collections as a dependency requirement. For reference, these are:
Explicitly list Jinja2
2.11.3
as a requirement, as well as detail the minimum supported version (2.11.x
).Implement Release Drafter.
Add support for configuring NGINX App Protect DoS (Denial of Service) module and directives.
Add support for configuring the NGINX Rest API module and the NGINX stub status module.
ENHANCEMENTS:
gzip
HTTP config template into themodules
file. It's a small module and did not warrant being in its own individual file.5.1.3
, Molecule to3.4.0
, Yamllint to1.26.3
and Docker Python SDK to5.0.2
.5.*
.2.11
.if
conditionals to use thecontains
function instead of checking for exact names.plus
Molecule scenario since it often fails in the GitHub Actions CI/CD pipeline.1.2
.nginx.conf
template match the default values found on a fresh NGINX installation.BUG FIXES:
state
parameter to package module in Molecule verification tests.nginx -t
handler fails when run from a directory that the NGINX process' user does not have access to.nginx_config_cleanup_paths
not working as intended.app_protect.j2
template that was causing the default values fornginx.conf
to fail.Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.