diff --git a/index.md b/index.md new file mode 100644 index 0000000..ac2ee47 --- /dev/null +++ b/index.md @@ -0,0 +1,502 @@ +--- +title: nginx +type: docs +--- + +Role to setup nginx + +* [Default Variables](#default-variables) + * [nginx_access_log](#nginx-access-log) + * [nginx_client_body_buffer_size](#nginx-client-body-buffer-size) + * [nginx_client_body_timeout](#nginx-client-body-timeout) + * [nginx_client_header_buffer_size](#nginx-client-header-buffer-size) + * [nginx_client_header_timeout](#nginx-client-header-timeout) + * [nginx_client_max_body_size](#nginx-client-max-body-size) + * [nginx_csp_enabled](#nginx-csp-enabled) + * [nginx_csp_options](#nginx-csp-options) + * [nginx_error_log](#nginx-error-log) + * [nginx_group](#nginx-group) + * [nginx_gzip_comp_level](#nginx-gzip-comp-level) + * [nginx_gzip_enabled](#nginx-gzip-enabled) + * [nginx_gzip_min_length](#nginx-gzip-min-length) + * [nginx_gzip_proxied](#nginx-gzip-proxied) + * [nginx_gzip_types](#nginx-gzip-types) + * [nginx_hsts_options](#nginx-hsts-options) + * [nginx_keepalive_timeout](#nginx-keepalive-timeout) + * [nginx_official_repo_enabled](#nginx-official-repo-enabled) + * [nginx_reset_timedout_connection](#nginx-reset-timedout-connection) + * [nginx_send_timeout](#nginx-send-timeout) + * [nginx_server_names_hash_bucket_size](#nginx-server-names-hash-bucket-size) + * [nginx_tls_cert_file](#nginx-tls-cert-file) + * [nginx_tls_cert_source](#nginx-tls-cert-source) + * [nginx_tls_ciphers](#nginx-tls-ciphers) + * [nginx_tls_dhparam_file](#nginx-tls-dhparam-file) + * [nginx_tls_dhparam_size](#nginx-tls-dhparam-size) + * [nginx_tls_ecdh_curve](#nginx-tls-ecdh-curve) + * [nginx_tls_enabled](#nginx-tls-enabled) + * [nginx_tls_hsts_enabled](#nginx-tls-hsts-enabled) + * [nginx_tls_key_file](#nginx-tls-key-file) + * [nginx_tls_key_source](#nginx-tls-key-source) + * [nginx_tls_ocsp_enabled](#nginx-tls-ocsp-enabled) + * [nginx_tls_ocsp_trusted_certificate](#nginx-tls-ocsp-trusted-certificate) + * [nginx_tls_versions](#nginx-tls-versions) + * [nginx_user](#nginx-user) + * [nginx_vhosts_default](#nginx-vhosts-default) + * [nginx_vhosts_dir](#nginx-vhosts-dir) + * [nginx_vhosts_extra](#nginx-vhosts-extra) + * [nginx_worker_connections](#nginx-worker-connections) + * [nginx_worker_processes](#nginx-worker-processes) + * [nginx_xcto_enabled](#nginx-xcto-enabled) + * [nginx_xfo_enabled](#nginx-xfo-enabled) + * [nginx_xfo_policy](#nginx-xfo-policy) + * [nginx_xxxsp_enabled](#nginx-xxxsp-enabled) + * [nginx_xxxsp_parameters](#nginx-xxxsp-parameters) +* [Dependencies](#dependencies) + +--- + +## Default Variables + +### nginx_access_log + +#### Default value + +```YAML +nginx_access_log: + enabled: true + file: /var/log/nginx/access.log + format: main +``` + +### nginx_client_body_buffer_size + +#### Default value + +```YAML +nginx_client_body_buffer_size: 10k +``` + +### nginx_client_body_timeout + +#### Default value + +```YAML +nginx_client_body_timeout: 60 +``` + +### nginx_client_header_buffer_size + +#### Default value + +```YAML +nginx_client_header_buffer_size: 1k +``` + +### nginx_client_header_timeout + +#### Default value + +```YAML +nginx_client_header_timeout: 60 +``` + +### nginx_client_max_body_size + +#### Default value + +```YAML +nginx_client_max_body_size: 8m +``` + +### nginx_csp_enabled + +#### Default value + +```YAML +nginx_csp_enabled: false +``` + +### nginx_csp_options + +#### Example usage + +```YAML +nginx_csp_options: + - directive: frame-ancestors + parameters: + - https://example.com + - https://mypage.com +``` + +### nginx_error_log + +#### Default value + +```YAML +nginx_error_log: + enabled: true + file: /var/log/nginx/error.log + level: error +``` + +### nginx_group + +#### Default value + +```YAML +nginx_group: nginx +``` + +### nginx_gzip_comp_level + +#### Default value + +```YAML +nginx_gzip_comp_level: 2 +``` + +### nginx_gzip_enabled + +#### Default value + +```YAML +nginx_gzip_enabled: true +``` + +### nginx_gzip_min_length + +#### Default value + +```YAML +nginx_gzip_min_length: 1000 +``` + +### nginx_gzip_proxied + +#### Default value + +```YAML +nginx_gzip_proxied: + - expired + - no-cache + - no-store + - private + - auth +``` + +### nginx_gzip_types + +#### Default value + +```YAML +nginx_gzip_types: + - text/plain + - application/x-javascript + - text/xml + - text/css + - application/xml +``` + +### nginx_hsts_options + +#### Default value + +```YAML +nginx_hsts_options: + - max-age=63072000 + - includeSubDomains +``` + +### nginx_keepalive_timeout + +#### Default value + +```YAML +nginx_keepalive_timeout: 65 +``` + +### nginx_official_repo_enabled + +#### Default value + +```YAML +nginx_official_repo_enabled: true +``` + +### nginx_reset_timedout_connection + +#### Default value + +```YAML +nginx_reset_timedout_connection: true +``` + +### nginx_send_timeout + +#### Default value + +```YAML +nginx_send_timeout: 60 +``` + +### nginx_server_names_hash_bucket_size + +#### Default value + +```YAML +nginx_server_names_hash_bucket_size: 32 +``` + +### nginx_tls_cert_file + +Set the destination filename. + +#### Default value + +```YAML +nginx_tls_cert_file: mycert.pem +``` + +### nginx_tls_cert_source + +Source has to be a file. + +#### Default value + +```YAML +nginx_tls_cert_source: _unset_ +``` + +### nginx_tls_ciphers + +#### Default value + +```YAML +nginx_tls_ciphers: + - ECDHE-RSA-AES256-GCM-SHA512 + - DHE-RSA-AES256-GCM-SHA512 + - ECDHE-RSA-AES256-GCM-SHA384 + - DHE-RSA-AES256-GCM-SHA384 + - ECDHE-RSA-AES256-SHA384 +``` + +### nginx_tls_dhparam_file + +#### Default value + +```YAML +nginx_tls_dhparam_file: _unset_ +``` + +### nginx_tls_dhparam_size + +#### Default value + +```YAML +nginx_tls_dhparam_size: 2048 +``` + +### nginx_tls_ecdh_curve + +#### Default value + +```YAML +nginx_tls_ecdh_curve: _unset_ +``` + +### nginx_tls_enabled + +#### Default value + +```YAML +nginx_tls_enabled: false +``` + +### nginx_tls_hsts_enabled + +#### Default value + +```YAML +nginx_tls_hsts_enabled: false +``` + +### nginx_tls_key_file + +Set the destination filename. + +#### Default value + +```YAML +nginx_tls_key_file: mykey.pem +``` + +### nginx_tls_key_source + +Source has to be a file. + +#### Default value + +```YAML +nginx_tls_key_source: _unset_ +``` + +### nginx_tls_ocsp_enabled + +#### Default value + +```YAML +nginx_tls_ocsp_enabled: false +``` + +### nginx_tls_ocsp_trusted_certificate + +#### Default value + +```YAML +nginx_tls_ocsp_trusted_certificate: _unset_ +``` + +### nginx_tls_versions + +#### Default value + +```YAML +nginx_tls_versions: + - TLSv1.2 +``` + +### nginx_user + +#### Default value + +```YAML +nginx_user: nginx +``` + +### nginx_vhosts_default + +#### Default value + +```YAML +nginx_vhosts_default: + - file: default + servers: + - port: 80 + server_name: '{{ ansible_fqdn }}' + locations: + - match: / + root: /var/www/vhosts/default + index: index.html +``` + +#### Example usage + +```YAML +nginx_vhosts_default: + - file: default + upstreams: + - name: my_pool + servers: [] + servers: + - port: 80 + server_name: demo.example.com + tls_redirect: False skips locations if enabled + tls_redirect_url: + tls: + cert: /etc/pki/tls/.. + key: /etc/pki/tls/.. + dhparam: + client_max_body_size: + send_timeout: + locations: + - match: / + root: /var/www/vhosts/default + index: index.html + proxy_pass: + proxy_http_version: "1.1" + proxy_buffering: "off" + proxy_connect_timeout: 3600s + proxy_read_timeout: 3600s + proxy_send_timeout: 3600s + proxy_headers: [] + custom_options: + - 'deny: all' + error_page: /usr/share/nginx/html +``` + +### nginx_vhosts_dir + +#### Default value + +```YAML +nginx_vhosts_dir: /var/www/vhosts +``` + +### nginx_vhosts_extra + +#### Default value + +```YAML +nginx_vhosts_extra: [] +``` + +### nginx_worker_connections + +#### Default value + +```YAML +nginx_worker_connections: 1024 +``` + +### nginx_worker_processes + +#### Default value + +```YAML +nginx_worker_processes: 1 +``` + +### nginx_xcto_enabled + +#### Default value + +```YAML +nginx_xcto_enabled: true +``` + +### nginx_xfo_enabled + +#### Default value + +```YAML +nginx_xfo_enabled: true +``` + +### nginx_xfo_policy + +#### Default value + +```YAML +nginx_xfo_policy: deny +``` + +### nginx_xxxsp_enabled + +#### Default value + +```YAML +nginx_xxxsp_enabled: true +``` + +### nginx_xxxsp_parameters + +#### Default value + +```YAML +nginx_xxxsp_parameters: + - mode=block +``` + +## Dependencies + +None.