2020-01-22 23:30:32 +01:00
---
title: nginx
type: docs
---
2022-06-20 22:37:47 +02:00
[![Source Code ](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white )](https://gitea.rknet.org/ansible/xoxys.nginx) [![Build Status ](https://img.shields.io/drone/build/ansible/xoxys.nginx?logo=drone&server=https%3A%2F%2Fdrone.rknet.org )](https://drone.rknet.org/ansible/xoxys.nginx) [![License: MIT ](https://img.shields.io/badge/license-MIT-blue.svg )](https://gitea.rknet.org/ansible/xoxys.nginx/src/branch/main/LICENSE)
2020-01-31 11:50:43 +01:00
2022-11-03 22:48:23 +01:00
Setup [nginx ](https://docs.nginx.com/ ) webserver. Nginx is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server. The nginx project started with a strong focus on high concurrency, high performance and low memory usage.
2020-01-22 23:30:32 +01:00
2022-06-20 22:37:47 +02:00
<!-- more -->
2022-03-03 21:31:10 +01:00
- [Default Variables ](#default-variables )
- [nginx_access_log ](#nginx_access_log )
- [nginx_client_body_buffer_size ](#nginx_client_body_buffer_size )
- [nginx_client_body_timeout ](#nginx_client_body_timeout )
- [nginx_client_header_buffer_size ](#nginx_client_header_buffer_size )
- [nginx_client_header_timeout ](#nginx_client_header_timeout )
- [nginx_client_max_body_size ](#nginx_client_max_body_size )
- [nginx_csp_enabled ](#nginx_csp_enabled )
- [nginx_csp_options ](#nginx_csp_options )
- [nginx_error_location ](#nginx_error_location )
- [nginx_error_log ](#nginx_error_log )
- [nginx_error_page ](#nginx_error_page )
- [nginx_group ](#nginx_group )
- [nginx_gzip_comp_level ](#nginx_gzip_comp_level )
- [nginx_gzip_enabled ](#nginx_gzip_enabled )
- [nginx_gzip_min_length ](#nginx_gzip_min_length )
- [nginx_gzip_proxied ](#nginx_gzip_proxied )
- [nginx_gzip_types ](#nginx_gzip_types )
- [nginx_hsts_options ](#nginx_hsts_options )
- [nginx_keepalive_timeout ](#nginx_keepalive_timeout )
- [nginx_maps ](#nginx_maps )
- [nginx_maps_extra ](#nginx_maps_extra )
- [nginx_official_repo_enabled ](#nginx_official_repo_enabled )
- [nginx_reset_timedout_connection ](#nginx_reset_timedout_connection )
- [nginx_rp_enabled ](#nginx_rp_enabled )
- [nginx_rp_option ](#nginx_rp_option )
- [nginx_send_timeout ](#nginx_send_timeout )
- [nginx_server_names_hash_bucket_size ](#nginx_server_names_hash_bucket_size )
- [nginx_tls_certificates ](#nginx_tls_certificates )
- [nginx_tls_certificates_extra ](#nginx_tls_certificates_extra )
- [nginx_tls_ciphers ](#nginx_tls_ciphers )
- [nginx_tls_dhparam_file ](#nginx_tls_dhparam_file )
- [nginx_tls_dhparam_size ](#nginx_tls_dhparam_size )
- [nginx_tls_ecdh_curve ](#nginx_tls_ecdh_curve )
- [nginx_tls_enabled ](#nginx_tls_enabled )
- [nginx_tls_hsts_enabled ](#nginx_tls_hsts_enabled )
- [nginx_tls_ocsp_enabled ](#nginx_tls_ocsp_enabled )
- [nginx_tls_ocsp_trusted_certificate ](#nginx_tls_ocsp_trusted_certificate )
- [nginx_tls_versions ](#nginx_tls_versions )
- [nginx_user ](#nginx_user )
- [nginx_vhosts_default ](#nginx_vhosts_default )
- [nginx_vhosts_dir ](#nginx_vhosts_dir )
- [nginx_vhosts_extra ](#nginx_vhosts_extra )
- [nginx_worker_connections ](#nginx_worker_connections )
- [nginx_worker_processes ](#nginx_worker_processes )
- [nginx_xcto_enabled ](#nginx_xcto_enabled )
- [nginx_xfo_enabled ](#nginx_xfo_enabled )
- [nginx_xfo_policy ](#nginx_xfo_policy )
- [nginx_xxxsp_enabled ](#nginx_xxxsp_enabled )
- [nginx_xxxsp_parameters ](#nginx_xxxsp_parameters )
- [Discovered Tags ](#discovered-tags )
- [Dependencies ](#dependencies )
2020-01-22 23:30:32 +01:00
---
## Default Variables
### nginx_access_log
#### Default value
```YAML
nginx_access_log:
enabled: true
file: /var/log/nginx/access.log
format: main
```
### nginx_client_body_buffer_size
#### Default value
```YAML
nginx_client_body_buffer_size: 10k
```
### nginx_client_body_timeout
#### Default value
```YAML
nginx_client_body_timeout: 60
```
### nginx_client_header_buffer_size
#### Default value
```YAML
nginx_client_header_buffer_size: 1k
```
### nginx_client_header_timeout
#### Default value
```YAML
nginx_client_header_timeout: 60
```
### nginx_client_max_body_size
#### Default value
```YAML
nginx_client_max_body_size: 8m
```
### nginx_csp_enabled
#### Default value
```YAML
nginx_csp_enabled: false
```
### nginx_csp_options
#### Example usage
```YAML
nginx_csp_options:
- directive: frame-ancestors
parameters:
- https://example.com
- https://mypage.com
```
2020-05-25 11:17:35 +02:00
### nginx_error_location
Default error location. If set, the defined location will be automatically added once to every server block to handle custom error sites.
2020-05-25 11:24:57 +02:00
#### Default value
```YAML
nginx_error_location: []
```
2020-05-25 11:17:35 +02:00
#### Example usage
```YAML
nginx_error_location:
2020-05-25 11:24:57 +02:00
- match: /
root: /var/www/vhosts/default
index: index.html
custom_options:
2020-05-25 11:17:35 +02:00
```
2020-01-22 23:30:32 +01:00
### nginx_error_log
#### Default value
```YAML
nginx_error_log:
enabled: true
file: /var/log/nginx/error.log
level: error
```
2020-05-25 10:33:32 +02:00
### nginx_error_page
#### Default value
```YAML
nginx_error_page: []
```
#### Example usage
```YAML
```
2020-01-22 23:30:32 +01:00
### nginx_group
#### Default value
```YAML
nginx_group: nginx
```
### nginx_gzip_comp_level
#### Default value
```YAML
nginx_gzip_comp_level: 2
```
### nginx_gzip_enabled
#### Default value
```YAML
nginx_gzip_enabled: true
```
### nginx_gzip_min_length
#### Default value
```YAML
nginx_gzip_min_length: 1000
```
### nginx_gzip_proxied
#### Default value
```YAML
nginx_gzip_proxied:
- expired
- no-cache
- no-store
- private
- auth
```
### nginx_gzip_types
#### Default value
```YAML
nginx_gzip_types:
- text/plain
- application/x-javascript
- text/xml
- text/css
- application/xml
```
### nginx_hsts_options
#### Default value
```YAML
nginx_hsts_options:
- max-age=63072000
- includeSubDomains
2021-05-21 00:05:55 +02:00
- preload
2020-01-22 23:30:32 +01:00
```
### nginx_keepalive_timeout
#### Default value
```YAML
nginx_keepalive_timeout: 65
```
2020-05-22 21:32:45 +02:00
### nginx_maps
#### Default value
```YAML
nginx_maps: []
```
#### Example usage
```YAML
nginx_maps:
- input: $input
output: $output
parameters:
- "default 0"
- "/old/path /new_path"
```
2020-05-25 14:05:54 +02:00
### nginx_maps_extra
#### Default value
```YAML
nginx_maps_extra: []
```
2020-01-22 23:30:32 +01:00
### nginx_official_repo_enabled
#### Default value
```YAML
nginx_official_repo_enabled: true
```
### nginx_reset_timedout_connection
#### Default value
```YAML
nginx_reset_timedout_connection: true
```
2021-05-21 00:05:55 +02:00
### nginx_rp_enabled
#### Default value
```YAML
nginx_rp_enabled: true
```
### nginx_rp_option
#### Default value
```YAML
nginx_rp_option: strict-origin
```
2020-01-22 23:30:32 +01:00
### nginx_send_timeout
#### Default value
```YAML
nginx_send_timeout: 60
```
### nginx_server_names_hash_bucket_size
#### Default value
```YAML
nginx_server_names_hash_bucket_size: 32
```
2020-06-04 23:11:51 +02:00
### nginx_tls_certificates
2020-01-22 23:30:32 +01:00
#### Default value
```YAML
2020-06-04 23:11:51 +02:00
nginx_tls_certificates: []
2020-01-22 23:30:32 +01:00
```
2020-06-04 23:11:51 +02:00
#### Example usage
2020-01-22 23:30:32 +01:00
```YAML
2020-06-04 23:11:51 +02:00
nginx_tls_certificates:
- source: "{{ ansible_user_dir }}/files/mycert.pem"
dest: /etc/pki/tls/certs/mycert.pem
mode: 0644
- source: "{{ ansible_user_dir }}/files/mykey.pem"
dest: /etc/pki/tls/private/mykey.pem
mode: 0600
2020-01-22 23:30:32 +01:00
```
2020-06-04 23:40:27 +02:00
### nginx_tls_certificates_extra
#### Default value
```YAML
nginx_tls_certificates_extra: []
```
2020-01-22 23:30:32 +01:00
### nginx_tls_ciphers
#### Default value
```YAML
nginx_tls_ciphers:
- ECDHE-RSA-AES256-GCM-SHA512
- DHE-RSA-AES256-GCM-SHA512
- ECDHE-RSA-AES256-GCM-SHA384
- DHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-SHA384
```
### nginx_tls_dhparam_file
#### Default value
```YAML
nginx_tls_dhparam_file: _unset_
```
### nginx_tls_dhparam_size
#### Default value
```YAML
nginx_tls_dhparam_size: 2048
```
### nginx_tls_ecdh_curve
#### Default value
```YAML
nginx_tls_ecdh_curve: _unset_
```
### nginx_tls_enabled
#### Default value
```YAML
nginx_tls_enabled: false
```
### nginx_tls_hsts_enabled
#### Default value
```YAML
nginx_tls_hsts_enabled: false
```
### nginx_tls_ocsp_enabled
#### Default value
```YAML
nginx_tls_ocsp_enabled: false
```
### nginx_tls_ocsp_trusted_certificate
#### Default value
```YAML
nginx_tls_ocsp_trusted_certificate: _unset_
```
### nginx_tls_versions
#### Default value
```YAML
nginx_tls_versions:
- TLSv1.2
```
### nginx_user
#### Default value
```YAML
nginx_user: nginx
```
### nginx_vhosts_default
#### Default value
```YAML
nginx_vhosts_default:
- file: default
servers:
- port: 80
server_name: '{{ ansible_fqdn }}'
locations:
- match: /
root: /var/www/vhosts/default
index: index.html
2020-05-25 10:33:32 +02:00
- match: /50x.html
root: /usr/share/nginx/html
custom_options:
- error_page 500 502 503 504 /50x.html
2020-01-22 23:30:32 +01:00
```
#### Example usage
```YAML
nginx_vhosts_default:
- file: default
upstreams:
- name: my_pool
servers: []
servers:
- port: 80
server_name: demo.example.com
2020-03-21 17:19:50 +01:00
tls_redirect: False # skips locations if enabled
2020-01-22 23:30:32 +01:00
tls_redirect_url:
tls:
2020-06-04 23:11:51 +02:00
cert: /etc/pki/tls/certs/mycert.pem
key: /etc/pki/tls/private/mykey.pem
2020-01-22 23:30:32 +01:00
dhparam:
client_max_body_size:
send_timeout:
2021-05-20 15:13:53 +02:00
add_headers:
- name:
value:
always: True
2020-01-22 23:30:32 +01:00
locations:
- match: /
root: /var/www/vhosts/default
index: index.html
2021-05-20 15:13:53 +02:00
add_headers: []
2020-01-22 23:30:32 +01:00
proxy_pass:
2021-05-31 21:57:50 +02:00
proxy_pass_request_body:
proxy_next_upstream:
proxy_redirect:
2020-01-22 23:30:32 +01:00
proxy_http_version: "1.1"
proxy_buffering: "off"
proxy_connect_timeout: 3600s
proxy_read_timeout: 3600s
proxy_send_timeout: 3600s
2021-05-20 11:05:39 +02:00
proxy_set_headers: []
proxy_hide_headers: []
proxy_ignore_headers: []
2020-05-22 21:42:40 +02:00
proxy_intercept_errors: "off"
2021-05-31 21:57:50 +02:00
proxy_cache_bypass:
proxy_no_cache:
proxy_buffers:
2020-05-25 11:17:35 +02:00
custom_options:
2020-01-22 23:30:32 +01:00
custom_options:
- 'deny: all'
```
### nginx_vhosts_dir
#### Default value
```YAML
nginx_vhosts_dir: /var/www/vhosts
```
### nginx_vhosts_extra
#### Default value
```YAML
nginx_vhosts_extra: []
```
### nginx_worker_connections
#### Default value
```YAML
nginx_worker_connections: 1024
```
### nginx_worker_processes
#### Default value
```YAML
nginx_worker_processes: 1
```
### nginx_xcto_enabled
#### Default value
```YAML
nginx_xcto_enabled: true
```
### nginx_xfo_enabled
#### Default value
```YAML
nginx_xfo_enabled: true
```
### nginx_xfo_policy
#### Default value
```YAML
nginx_xfo_policy: deny
```
### nginx_xxxsp_enabled
#### Default value
```YAML
nginx_xxxsp_enabled: true
```
### nginx_xxxsp_parameters
#### Default value
```YAML
nginx_xxxsp_parameters:
2021-05-20 11:05:39 +02:00
- 1
2020-01-22 23:30:32 +01:00
- mode=block
```
2022-03-03 21:31:10 +01:00
## Discovered Tags
tls_renewal
:
2020-01-22 23:30:32 +01:00
## Dependencies
None.