xoxys.nginx/README.md

513 lines
8.2 KiB
Markdown
Raw Normal View History

2019-10-18 08:57:34 +00:00
# xoxys.nginx
[![Build Status](https://drone.rknet.org/api/badges/ansible/xoxys.nginx/status.svg)](https://drone.rknet.org/ansible/xoxys.nginx)
2017-07-15 13:24:44 +00:00
2019-10-18 08:57:34 +00:00
Role to setup nginx
## Table of content
* [Default Variables](#default-variables)
* [nginx_access_log](#nginx_access_log)
* [nginx_client_body_buffer_size](#nginx_client_body_buffer_size)
* [nginx_client_body_timeout](#nginx_client_body_timeout)
2019-11-22 23:04:52 +00:00
* [nginx_client_header_buffer_size](#nginx_client_header_buffer_size)
2019-10-18 08:57:34 +00:00
* [nginx_client_header_timeout](#nginx_client_header_timeout)
2019-11-22 23:04:52 +00:00
* [nginx_client_max_body_size](#nginx_client_max_body_size)
* [nginx_csp_enabled](#nginx_csp_enabled)
* [nginx_csp_options](#nginx_csp_options)
* [nginx_error_log](#nginx_error_log)
* [nginx_group](#nginx_group)
2019-10-18 08:57:34 +00:00
* [nginx_gzip_comp_level](#nginx_gzip_comp_level)
2019-11-22 23:04:52 +00:00
* [nginx_gzip_enabled](#nginx_gzip_enabled)
2019-10-18 08:57:34 +00:00
* [nginx_gzip_min_length](#nginx_gzip_min_length)
* [nginx_gzip_proxied](#nginx_gzip_proxied)
* [nginx_gzip_types](#nginx_gzip_types)
2019-11-22 23:04:52 +00:00
* [nginx_hsts_options](#nginx_hsts_options)
* [nginx_keepalive_timeout](#nginx_keepalive_timeout)
* [nginx_official_repo_enabled](#nginx_official_repo_enabled)
* [nginx_reset_timedout_connection](#nginx_reset_timedout_connection)
* [nginx_send_timeout](#nginx_send_timeout)
* [nginx_server_names_hash_bucket_size](#nginx_server_names_hash_bucket_size)
2019-10-18 08:57:34 +00:00
* [nginx_tls_cert_file](#nginx_tls_cert_file)
2019-11-22 23:04:52 +00:00
* [nginx_tls_cert_source](#nginx_tls_cert_source)
2019-10-18 08:57:34 +00:00
* [nginx_tls_ciphers](#nginx_tls_ciphers)
2019-11-22 23:04:52 +00:00
* [nginx_tls_dhparam_file](#nginx_tls_dhparam_file)
* [nginx_tls_dhparam_size](#nginx_tls_dhparam_size)
* [nginx_tls_ecdh_curve](#nginx_tls_ecdh_curve)
* [nginx_tls_enabled](#nginx_tls_enabled)
2019-10-18 08:57:34 +00:00
* [nginx_tls_hsts_enabled](#nginx_tls_hsts_enabled)
2019-11-22 23:04:52 +00:00
* [nginx_tls_key_file](#nginx_tls_key_file)
* [nginx_tls_key_source](#nginx_tls_key_source)
* [nginx_tls_ocsp_enabled](#nginx_tls_ocsp_enabled)
* [nginx_tls_ocsp_trusted_certificate](#nginx_tls_ocsp_trusted_certificate)
* [nginx_tls_versions](#nginx_tls_versions)
* [nginx_user](#nginx_user)
* [nginx_vhosts_default](#nginx_vhosts_default)
* [nginx_vhosts_dir](#nginx_vhosts_dir)
* [nginx_vhosts_extra](#nginx_vhosts_extra)
* [nginx_worker_connections](#nginx_worker_connections)
* [nginx_worker_processes](#nginx_worker_processes)
* [nginx_xcto_enabled](#nginx_xcto_enabled)
2019-10-18 08:57:34 +00:00
* [nginx_xfo_enabled](#nginx_xfo_enabled)
* [nginx_xfo_policy](#nginx_xfo_policy)
* [nginx_xxxsp_enabled](#nginx_xxxsp_enabled)
* [nginx_xxxsp_parameters](#nginx_xxxsp_parameters)
* [Dependencies](#dependencies)
* [License](#license)
* [Author](#author)
---
## Default Variables
2019-11-22 23:04:52 +00:00
### nginx_access_log
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_access_log:
enabled: true
file: /var/log/nginx/access.log
format: main
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_client_body_buffer_size
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_client_body_buffer_size: 10k
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_client_body_timeout
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_client_body_timeout: 60
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_client_header_buffer_size
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_client_header_buffer_size: 1k
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_client_header_timeout
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_client_header_timeout: 60
2019-10-18 08:57:34 +00:00
```
### nginx_client_max_body_size
#### Default value
```YAML
nginx_client_max_body_size: 8m
```
2019-11-22 23:04:52 +00:00
### nginx_csp_enabled
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_csp_enabled: false
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_csp_options
2019-10-18 08:57:34 +00:00
2019-11-22 23:04:52 +00:00
#### Example usage
2019-10-18 08:57:34 +00:00
```YAML
2019-11-22 23:04:52 +00:00
nginx_csp_options:
- directive: frame-ancestors
parameters:
- https://example.com
- https://mypage.com
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_error_log
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_error_log:
enabled: true
file: /var/log/nginx/error.log
level: error
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_group
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_group: nginx
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_gzip_comp_level
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_gzip_comp_level: 2
2019-10-18 08:57:34 +00:00
```
### nginx_gzip_enabled
#### Default value
```YAML
nginx_gzip_enabled: true
```
### nginx_gzip_min_length
#### Default value
```YAML
nginx_gzip_min_length: 1000
```
### nginx_gzip_proxied
#### Default value
```YAML
nginx_gzip_proxied:
- expired
- no-cache
- no-store
- private
- auth
```
### nginx_gzip_types
#### Default value
```YAML
nginx_gzip_types:
- text/plain
- application/x-javascript
- text/xml
- text/css
- application/xml
```
2019-11-22 23:04:52 +00:00
### nginx_hsts_options
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_hsts_options:
- max-age=63072000
- includeSubDomains
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_keepalive_timeout
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_keepalive_timeout: 65
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_official_repo_enabled
2019-10-18 08:57:34 +00:00
2019-11-22 23:04:52 +00:00
#### Default value
```YAML
nginx_official_repo_enabled: true
```
### nginx_reset_timedout_connection
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_reset_timedout_connection: true
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_send_timeout
#### Default value
```YAML
nginx_send_timeout: 60
```
### nginx_server_names_hash_bucket_size
#### Default value
```YAML
nginx_server_names_hash_bucket_size: 32
```
### nginx_tls_cert_file
2019-10-18 08:57:34 +00:00
Set the destination filename.
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_tls_cert_file: mycert.pem
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_tls_cert_source
Source has to be a file.
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_tls_cert_source: _unset_
2019-10-18 08:57:34 +00:00
```
### nginx_tls_ciphers
#### Default value
```YAML
nginx_tls_ciphers:
- ECDHE-RSA-AES256-GCM-SHA512
- DHE-RSA-AES256-GCM-SHA512
- ECDHE-RSA-AES256-GCM-SHA384
- DHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-SHA384
```
2019-11-22 23:04:52 +00:00
### nginx_tls_dhparam_file
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_tls_dhparam_file: _unset_
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_tls_dhparam_size
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_tls_dhparam_size: 2048
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_tls_ecdh_curve
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_tls_ecdh_curve: _unset_
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_tls_enabled
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_tls_enabled: false
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_tls_hsts_enabled
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_tls_hsts_enabled: false
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_tls_key_file
Set the destination filename.
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_tls_key_file: mykey.pem
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_tls_key_source
Source has to be a file.
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_tls_key_source: _unset_
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_tls_ocsp_enabled
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_tls_ocsp_enabled: false
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_tls_ocsp_trusted_certificate
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_tls_ocsp_trusted_certificate: _unset_
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_tls_versions
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_tls_versions:
- TLSv1.2
```
### nginx_user
#### Default value
```YAML
nginx_user: nginx
2019-10-18 08:57:34 +00:00
```
### nginx_vhosts_default
#### Default value
```YAML
nginx_vhosts_default:
- file: default
servers:
- port: 80
server_name: '{{ ansible_fqdn }}'
locations:
- match: /
root: /var/www/vhosts/default
index: index.html
```
#### Example usage
```YAML
nginx_vhosts_default:
- file: default
upstream:
name: my_pool
servers: []
servers:
- port: 80
server_name: demo.example.com
tls_redirect: False skips locations if enabled
tls_redirect_url:
tls:
cert: /etc/pki/tls/..
key: /etc/pki/tls/..
dhparam:
client_max_body_size:
send_timeout:
locations:
- match: /
root: /var/www/vhosts/default
index: index.html
proxy_pass:
proxy_http_version: "1.1"
proxy_buffering: "off"
proxy_connect_timeout: 3600s
proxy_read_timeout: 3600s
proxy_send_timeout: 3600s
proxy_headers: []
error_page: /usr/share/nginx/html
```
2019-11-22 23:04:52 +00:00
### nginx_vhosts_dir
#### Default value
```YAML
nginx_vhosts_dir: /var/www/vhosts
```
2019-10-18 08:57:34 +00:00
### nginx_vhosts_extra
#### Default value
```YAML
nginx_vhosts_extra: []
```
2019-11-22 23:04:52 +00:00
### nginx_worker_connections
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_worker_connections: 1024
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_worker_processes
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_worker_processes: 1
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_xcto_enabled
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_xcto_enabled: true
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_xfo_enabled
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_xfo_enabled: true
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_xfo_policy
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_xfo_policy: deny
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_xxxsp_enabled
2019-10-18 08:57:34 +00:00
#### Default value
```YAML
2019-11-22 23:04:52 +00:00
nginx_xxxsp_enabled: true
2019-10-18 08:57:34 +00:00
```
2019-11-22 23:04:52 +00:00
### nginx_xxxsp_parameters
2019-10-18 08:57:34 +00:00
2019-11-22 23:04:52 +00:00
#### Default value
2019-10-18 08:57:34 +00:00
```YAML
2019-11-22 23:04:52 +00:00
nginx_xxxsp_parameters:
- mode=block
2019-10-18 08:57:34 +00:00
```
## Dependencies
None.
## License
MIT
## Author
2019-11-07 08:29:35 +00:00
[xoxys](https://gitea.rknet.org/xoxys)