2017-07-15 15:39:52 +00:00
|
|
|
---
|
2018-08-09 19:20:06 +00:00
|
|
|
nginx_official_repo_enabled: True
|
2017-12-24 13:05:27 +00:00
|
|
|
nginx_user: nginx
|
|
|
|
nginx_group: nginx
|
2017-12-24 16:36:43 +00:00
|
|
|
nginx_worker_processes: 1
|
2017-12-24 16:42:23 +00:00
|
|
|
nginx_worker_connections: 1024
|
2018-08-11 12:59:43 +00:00
|
|
|
nginx_error_log:
|
|
|
|
enabled: True
|
|
|
|
file: /var/log/nginx/error.log
|
|
|
|
level: error
|
2018-08-11 13:22:15 +00:00
|
|
|
nginx_access_log:
|
2018-08-11 12:59:43 +00:00
|
|
|
enabled: True
|
|
|
|
file: /var/log/nginx/access.log
|
2018-08-11 13:27:27 +00:00
|
|
|
format: main
|
2018-08-11 12:59:43 +00:00
|
|
|
|
|
|
|
nginx_client_body_buffer_size: 10k
|
|
|
|
nginx_client_header_buffer_size: 1k
|
|
|
|
nginx_client_max_body_size: 8m
|
|
|
|
|
|
|
|
nginx_client_body_timeout: 60
|
|
|
|
nginx_client_header_timeout: 60
|
|
|
|
nginx_keepalive_timeout: 65
|
|
|
|
nginx_send_timeout: 60
|
|
|
|
nginx_reset_timedout_connection: True
|
|
|
|
|
|
|
|
nginx_gzip_enabled: True
|
|
|
|
nginx_gzip_comp_level: 2
|
|
|
|
nginx_gzip_min_length: 1000
|
|
|
|
nginx_gzip_proxied:
|
|
|
|
- expired
|
|
|
|
- no-cache
|
|
|
|
- no-store
|
|
|
|
- private
|
|
|
|
- auth
|
|
|
|
nginx_gzip_types:
|
|
|
|
- text/plain
|
|
|
|
- application/x-javascript
|
|
|
|
- text/xml
|
|
|
|
- text/css
|
|
|
|
- application/xml
|
|
|
|
|
2017-12-23 11:25:55 +00:00
|
|
|
nginx_tls_enabled: False
|
2019-06-11 21:10:16 +00:00
|
|
|
nginx_tls_versions:
|
2019-06-11 20:58:53 +00:00
|
|
|
- TLSv1.2
|
2019-10-18 08:54:26 +00:00
|
|
|
|
2020-06-04 21:09:15 +00:00
|
|
|
nginx_tls_certificates: []
|
|
|
|
# @var nginx_tls_certificates:example: >
|
|
|
|
# nginx_tls_certificates:
|
|
|
|
# - source: "{{ ansible_user_dir }}/files/mycert.pem"
|
|
|
|
# dest: /etc/pki/tls/certs/mycert.pem
|
|
|
|
# mode: 0644
|
|
|
|
# - source: "{{ ansible_user_dir }}/files/mykey.pem"
|
|
|
|
# dest: /etc/pki/tls/private/mykey.pem
|
|
|
|
# mode: 0600
|
|
|
|
# @end
|
|
|
|
|
2020-06-04 21:37:44 +00:00
|
|
|
nginx_tls_certificates_extra: []
|
|
|
|
|
2019-10-18 08:54:26 +00:00
|
|
|
# @var nginx_tls_dhparam_file: $ "_unset_"
|
2019-07-18 06:59:41 +00:00
|
|
|
nginx_tls_dhparam_size: 2048
|
2018-08-12 09:31:12 +00:00
|
|
|
|
2018-10-22 08:56:39 +00:00
|
|
|
nginx_tls_ciphers:
|
2019-06-11 21:00:13 +00:00
|
|
|
- ECDHE-RSA-AES256-GCM-SHA512
|
|
|
|
- DHE-RSA-AES256-GCM-SHA512
|
|
|
|
- ECDHE-RSA-AES256-GCM-SHA384
|
|
|
|
- DHE-RSA-AES256-GCM-SHA384
|
|
|
|
- ECDHE-RSA-AES256-SHA384
|
2019-10-18 08:54:26 +00:00
|
|
|
# @var nginx_tls_ecdh_curve: $ "_unset_"
|
2018-10-22 08:56:39 +00:00
|
|
|
|
2018-08-14 20:35:00 +00:00
|
|
|
nginx_tls_ocsp_enabled: False
|
2019-10-18 08:54:26 +00:00
|
|
|
# @var nginx_tls_ocsp_trusted_certificate: $ "_unset_"
|
2018-08-14 20:35:00 +00:00
|
|
|
|
|
|
|
nginx_tls_hsts_enabled: False
|
2018-08-11 23:14:47 +00:00
|
|
|
nginx_hsts_options:
|
2018-12-09 22:12:54 +00:00
|
|
|
- max-age=63072000
|
2018-08-11 23:14:47 +00:00
|
|
|
- includeSubDomains
|
2021-05-20 21:58:24 +00:00
|
|
|
- preload
|
2018-08-11 23:14:47 +00:00
|
|
|
|
2018-10-22 08:11:35 +00:00
|
|
|
nginx_xfo_enabled: True
|
|
|
|
nginx_xfo_policy: deny
|
|
|
|
|
|
|
|
nginx_xcto_enabled: True
|
2019-06-11 15:01:38 +00:00
|
|
|
nginx_csp_enabled: False
|
2019-10-18 08:54:26 +00:00
|
|
|
# @ var nginx_csp_options: $ "_unset_"
|
|
|
|
# @var nginx_csp_options:example: >
|
2019-06-11 15:01:38 +00:00
|
|
|
# nginx_csp_options:
|
|
|
|
# - directive: frame-ancestors
|
|
|
|
# parameters:
|
|
|
|
# - https://example.com
|
|
|
|
# - https://mypage.com
|
2018-10-22 08:11:35 +00:00
|
|
|
|
|
|
|
nginx_xxxsp_enabled: True
|
|
|
|
nginx_xxxsp_parameters:
|
2021-05-20 09:00:24 +00:00
|
|
|
- 1
|
2018-10-22 08:11:35 +00:00
|
|
|
- mode=block
|
|
|
|
|
2021-05-20 21:58:24 +00:00
|
|
|
nginx_rp_enabled: True
|
|
|
|
nginx_rp_option: strict-origin
|
|
|
|
|
2020-05-22 19:30:03 +00:00
|
|
|
nginx_maps: []
|
|
|
|
# @var nginx_maps:example: >
|
|
|
|
# nginx_maps:
|
|
|
|
# - input: $input
|
|
|
|
# output: $output
|
|
|
|
# parameters:
|
|
|
|
# - "default 0"
|
|
|
|
# - "/old/path /new_path"
|
|
|
|
# @end
|
2020-05-25 12:03:18 +00:00
|
|
|
nginx_maps_extra: []
|
2020-05-22 19:30:03 +00:00
|
|
|
|
2020-05-25 08:15:42 +00:00
|
|
|
nginx_error_page: []
|
|
|
|
# @var nginx_error_page:example:
|
|
|
|
# nginx_error_page:
|
|
|
|
# - code:
|
|
|
|
# - 404
|
|
|
|
# - 403
|
|
|
|
# dest: /4xx.html
|
|
|
|
# @end
|
|
|
|
|
2020-05-25 09:22:18 +00:00
|
|
|
nginx_error_location: []
|
2020-05-25 09:10:03 +00:00
|
|
|
# @var nginx_error_location: description: >
|
|
|
|
# Default error location. If set, the defined location will be automatically added once
|
|
|
|
# to every server block to handle custom error sites.
|
|
|
|
# @end
|
|
|
|
# @var nginx_error_location: example: >
|
|
|
|
# nginx_error_location:
|
2020-05-25 09:22:18 +00:00
|
|
|
# - match: /
|
|
|
|
# root: /var/www/vhosts/default
|
|
|
|
# index: index.html
|
|
|
|
# custom_options:
|
2020-05-25 09:10:03 +00:00
|
|
|
# @end
|
|
|
|
|
2018-08-11 12:59:43 +00:00
|
|
|
nginx_vhosts_dir: /var/www/vhosts
|
|
|
|
|
2019-07-17 21:32:11 +00:00
|
|
|
nginx_vhosts_default:
|
|
|
|
- file: default
|
2019-07-17 22:16:24 +00:00
|
|
|
servers:
|
2019-07-17 21:32:11 +00:00
|
|
|
- port: 80
|
2019-07-17 22:16:24 +00:00
|
|
|
server_name: "{{ ansible_fqdn }}"
|
2019-07-17 21:32:11 +00:00
|
|
|
locations:
|
|
|
|
- match: /
|
|
|
|
root: /var/www/vhosts/default
|
|
|
|
index: index.html
|
2020-05-25 08:15:42 +00:00
|
|
|
- match: /50x.html
|
|
|
|
root: "/usr/share/nginx/html"
|
|
|
|
custom_options:
|
|
|
|
- "error_page 500 502 503 504 /50x.html"
|
2019-07-17 21:32:11 +00:00
|
|
|
|
2019-10-18 08:54:26 +00:00
|
|
|
# @var nginx_vhosts_default:example: >
|
2019-07-17 21:32:11 +00:00
|
|
|
# nginx_vhosts_default:
|
|
|
|
# - file: default
|
2020-01-20 13:37:38 +00:00
|
|
|
# upstreams:
|
|
|
|
# - name: my_pool
|
|
|
|
# servers: []
|
2019-07-17 21:32:11 +00:00
|
|
|
# servers:
|
|
|
|
# - port: 80
|
|
|
|
# server_name: demo.example.com
|
|
|
|
# tls_redirect: False # skips locations if enabled
|
|
|
|
# tls_redirect_url:
|
|
|
|
# tls:
|
2020-06-04 21:09:15 +00:00
|
|
|
# cert: /etc/pki/tls/certs/mycert.pem
|
|
|
|
# key: /etc/pki/tls/private/mykey.pem
|
2019-07-17 21:32:11 +00:00
|
|
|
# dhparam:
|
|
|
|
# client_max_body_size:
|
2019-08-28 16:34:01 +00:00
|
|
|
# send_timeout:
|
2021-05-20 13:10:01 +00:00
|
|
|
# add_headers:
|
|
|
|
# - name:
|
|
|
|
# value:
|
|
|
|
# always: True
|
2019-07-17 21:32:11 +00:00
|
|
|
# locations:
|
|
|
|
# - match: /
|
|
|
|
# root: /var/www/vhosts/default
|
|
|
|
# index: index.html
|
2021-05-20 13:10:01 +00:00
|
|
|
# add_headers: []
|
2019-07-17 21:32:11 +00:00
|
|
|
# proxy_pass:
|
2019-08-28 16:34:01 +00:00
|
|
|
# proxy_http_version: "1.1"
|
|
|
|
# proxy_buffering: "off"
|
|
|
|
# proxy_connect_timeout: 3600s
|
|
|
|
# proxy_read_timeout: 3600s
|
|
|
|
# proxy_send_timeout: 3600s
|
2021-05-20 09:00:24 +00:00
|
|
|
# proxy_set_headers: []
|
|
|
|
# proxy_hide_headers: []
|
|
|
|
# proxy_ignore_headers: []
|
2020-05-22 19:40:03 +00:00
|
|
|
# proxy_intercept_errors: "off"
|
2020-05-25 09:10:03 +00:00
|
|
|
# custom_options:
|
2020-01-18 14:50:29 +00:00
|
|
|
# custom_options:
|
|
|
|
# - 'deny: all'
|
2020-05-25 08:15:42 +00:00
|
|
|
|
2019-07-17 21:32:11 +00:00
|
|
|
nginx_vhosts_extra: []
|
2018-08-11 12:59:43 +00:00
|
|
|
|
|
|
|
nginx_server_names_hash_bucket_size: 32
|