From b3bbef88b37ec222ea8b077aca166d97aee6db10 Mon Sep 17 00:00:00 2001 From: Jonathan Rosser Date: Wed, 20 Nov 2024 10:56:21 +0000 Subject: [PATCH] Replace default nginx config on rh-like systems The default nginx config file on centos/rocky includes a server section listening on port 80 and [::]:80. There is no way to disable this other than to adjust the configuration file. This patch supplies a modified version of the centos nginx config file which does not include a default server section. A systemd drop in is installed to override the nginx service ExecStart which starts the service using the modified configuration file. Change-Id: If7674a750e5316feb4d0fcff8cd0f4df7a67ffbb --- tasks/ironic_conductor_post_install.yml | 28 ++++++++++++++++++ tasks/ironic_inspector_post_install.yml | 28 ++++++++++++++++++ templates/nginx-nodefault.conf.j2 | 39 +++++++++++++++++++++++++ 3 files changed, 95 insertions(+) create mode 100644 templates/nginx-nodefault.conf.j2 diff --git a/tasks/ironic_conductor_post_install.yml b/tasks/ironic_conductor_post_install.yml index 07d8bc95..e90eed7b 100644 --- a/tasks/ironic_conductor_post_install.yml +++ b/tasks/ironic_conductor_post_install.yml @@ -116,6 +116,34 @@ with_items: - "/etc/nginx/{{ ironic_nginx_conf_path }}" +- name: Write alternate nginx.conf for rh like systems + template: + src: nginx-nodefault.conf.j2 + dest: "/etc/nginx/nginx-nodefault.conf" + mode: "0644" + when: + - ansible_facts['pkg_mgr'] == 'dnf' + notify: + - Restart web server + +- name: Create systemd dropin for rh like systems + import_role: + name: systemd_service + when: + - ansible_facts['pkg_mgr'] == 'dnf' + vars: + systemd_services: + - service_name: "nginx" + systemd_overrides_only: true + load: false + systemd_overrides: + Service: + ExecStart: + - '' + - '/usr/sbin/nginx -c /etc/nginx/nginx-nodefault.conf' + notify: + - Restart web server + - name: Configure nginx virtual hosts template: src: ironic-ipxe.conf.j2 diff --git a/tasks/ironic_inspector_post_install.yml b/tasks/ironic_inspector_post_install.yml index 38cd2714..7d67207a 100644 --- a/tasks/ironic_inspector_post_install.yml +++ b/tasks/ironic_inspector_post_install.yml @@ -63,6 +63,34 @@ with_items: - "/etc/nginx/{{ ironic_nginx_conf_path }}" + - name: Write alternate nginx.conf for rh like systems + template: + src: nginx-nodefault.conf.j2 + dest: "/etc/nginx/nginx-nodefault.conf" + mode: "0644" + when: + - ansible_facts['pkg_mgr'] == 'dnf' + notify: + - Restart web server + + - name: Create systemd dropin for rh like systems + import_role: + name: systemd_service + when: + - ansible_facts['pkg_mgr'] == 'dnf' + vars: + systemd_services: + - service_name: "nginx" + systemd_overrides_only: true + load: false + systemd_overrides: + Service: + ExecStart: + - '' + - '/usr/sbin/nginx -c /etc/nginx/nginx-nodefault.conf' + notify: + - Restart web server + - name: Configure nginx virtual hosts template: src: ironic-ipxe.conf.j2 diff --git a/templates/nginx-nodefault.conf.j2 b/templates/nginx-nodefault.conf.j2 new file mode 100644 index 00000000..d87f5475 --- /dev/null +++ b/templates/nginx-nodefault.conf.j2 @@ -0,0 +1,39 @@ +# For more information on configuration, see: +# * Official English Documentation: http://nginx.org/en/docs/ +# * Official Russian Documentation: http://nginx.org/ru/docs/ + +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /run/nginx.pid; + +# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. +include /usr/share/nginx/modules/*.conf; + +events { + worker_connections 1024; +} + +http { + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 4096; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include /etc/nginx/conf.d/*.conf; + +} +