--- title: nginx type: docs --- [![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.nginx) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.nginx?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.nginx) [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.nginx/src/branch/main/LICENSE) Setup [nginx](https://docs.nginx.com/) webserver. Nginx is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server. The nginx project started with a strong focus on high concurrency, high performance and low memory usage. - [Default Variables](#default-variables) - [nginx_access_log](#nginx_access_log) - [nginx_client_body_buffer_size](#nginx_client_body_buffer_size) - [nginx_client_body_timeout](#nginx_client_body_timeout) - [nginx_client_header_buffer_size](#nginx_client_header_buffer_size) - [nginx_client_header_timeout](#nginx_client_header_timeout) - [nginx_client_max_body_size](#nginx_client_max_body_size) - [nginx_csp_enabled](#nginx_csp_enabled) - [nginx_csp_options](#nginx_csp_options) - [nginx_error_location](#nginx_error_location) - [nginx_error_log](#nginx_error_log) - [nginx_error_page](#nginx_error_page) - [nginx_group](#nginx_group) - [nginx_gzip_comp_level](#nginx_gzip_comp_level) - [nginx_gzip_enabled](#nginx_gzip_enabled) - [nginx_gzip_min_length](#nginx_gzip_min_length) - [nginx_gzip_proxied](#nginx_gzip_proxied) - [nginx_gzip_types](#nginx_gzip_types) - [nginx_hsts_options](#nginx_hsts_options) - [nginx_keepalive_timeout](#nginx_keepalive_timeout) - [nginx_maps](#nginx_maps) - [nginx_maps_extra](#nginx_maps_extra) - [nginx_official_repo_enabled](#nginx_official_repo_enabled) - [nginx_reset_timedout_connection](#nginx_reset_timedout_connection) - [nginx_rp_enabled](#nginx_rp_enabled) - [nginx_rp_option](#nginx_rp_option) - [nginx_send_timeout](#nginx_send_timeout) - [nginx_server_names_hash_bucket_size](#nginx_server_names_hash_bucket_size) - [nginx_tls_certificates](#nginx_tls_certificates) - [nginx_tls_certificates_extra](#nginx_tls_certificates_extra) - [nginx_tls_ciphers](#nginx_tls_ciphers) - [nginx_tls_dhparam_file](#nginx_tls_dhparam_file) - [nginx_tls_dhparam_size](#nginx_tls_dhparam_size) - [nginx_tls_ecdh_curve](#nginx_tls_ecdh_curve) - [nginx_tls_enabled](#nginx_tls_enabled) - [nginx_tls_hsts_enabled](#nginx_tls_hsts_enabled) - [nginx_tls_ocsp_enabled](#nginx_tls_ocsp_enabled) - [nginx_tls_ocsp_trusted_certificate](#nginx_tls_ocsp_trusted_certificate) - [nginx_tls_versions](#nginx_tls_versions) - [nginx_user](#nginx_user) - [nginx_vhosts_default](#nginx_vhosts_default) - [nginx_vhosts_dir](#nginx_vhosts_dir) - [nginx_vhosts_extra](#nginx_vhosts_extra) - [nginx_worker_connections](#nginx_worker_connections) - [nginx_worker_processes](#nginx_worker_processes) - [nginx_xcto_enabled](#nginx_xcto_enabled) - [nginx_xfo_enabled](#nginx_xfo_enabled) - [nginx_xfo_policy](#nginx_xfo_policy) - [nginx_xxxsp_enabled](#nginx_xxxsp_enabled) - [nginx_xxxsp_parameters](#nginx_xxxsp_parameters) - [Discovered Tags](#discovered-tags) - [Dependencies](#dependencies) --- ## Default Variables ### nginx_access_log #### Default value ```YAML nginx_access_log: enabled: true file: /var/log/nginx/access.log format: main ``` ### nginx_client_body_buffer_size #### Default value ```YAML nginx_client_body_buffer_size: 10k ``` ### nginx_client_body_timeout #### Default value ```YAML nginx_client_body_timeout: 60 ``` ### nginx_client_header_buffer_size #### Default value ```YAML nginx_client_header_buffer_size: 1k ``` ### nginx_client_header_timeout #### Default value ```YAML nginx_client_header_timeout: 60 ``` ### nginx_client_max_body_size #### Default value ```YAML nginx_client_max_body_size: 8m ``` ### nginx_csp_enabled #### Default value ```YAML nginx_csp_enabled: false ``` ### nginx_csp_options #### Example usage ```YAML nginx_csp_options: - directive: frame-ancestors parameters: - https://example.com - https://mypage.com ``` ### nginx_error_location Default error location. If set, the defined location will be automatically added once to every server block to handle custom error sites. #### Default value ```YAML nginx_error_location: [] ``` #### Example usage ```YAML nginx_error_location: - match: / root: /var/www/vhosts/default index: index.html custom_options: ``` ### nginx_error_log #### Default value ```YAML nginx_error_log: enabled: true file: /var/log/nginx/error.log level: error ``` ### nginx_error_page #### Default value ```YAML nginx_error_page: [] ``` #### Example usage ```YAML ``` ### nginx_group #### Default value ```YAML nginx_group: nginx ``` ### nginx_gzip_comp_level #### Default value ```YAML nginx_gzip_comp_level: 2 ``` ### nginx_gzip_enabled #### Default value ```YAML nginx_gzip_enabled: true ``` ### nginx_gzip_min_length #### Default value ```YAML nginx_gzip_min_length: 1000 ``` ### nginx_gzip_proxied #### Default value ```YAML nginx_gzip_proxied: - expired - no-cache - no-store - private - auth ``` ### nginx_gzip_types #### Default value ```YAML nginx_gzip_types: - text/plain - application/x-javascript - text/xml - text/css - application/xml ``` ### nginx_hsts_options #### Default value ```YAML nginx_hsts_options: - max-age=63072000 - includeSubDomains - preload ``` ### nginx_keepalive_timeout #### Default value ```YAML nginx_keepalive_timeout: 65 ``` ### nginx_maps #### Default value ```YAML nginx_maps: [] ``` #### Example usage ```YAML nginx_maps: - input: $input output: $output parameters: - "default 0" - "/old/path /new_path" ``` ### nginx_maps_extra #### Default value ```YAML nginx_maps_extra: [] ``` ### nginx_official_repo_enabled #### Default value ```YAML nginx_official_repo_enabled: true ``` ### nginx_reset_timedout_connection #### Default value ```YAML nginx_reset_timedout_connection: true ``` ### nginx_rp_enabled #### Default value ```YAML nginx_rp_enabled: true ``` ### nginx_rp_option #### Default value ```YAML nginx_rp_option: strict-origin ``` ### nginx_send_timeout #### Default value ```YAML nginx_send_timeout: 60 ``` ### nginx_server_names_hash_bucket_size #### Default value ```YAML nginx_server_names_hash_bucket_size: 32 ``` ### nginx_tls_certificates #### Default value ```YAML nginx_tls_certificates: [] ``` #### Example usage ```YAML nginx_tls_certificates: - source: "{{ ansible_user_dir }}/files/mycert.pem" dest: /etc/pki/tls/certs/mycert.pem mode: 0644 - source: "{{ ansible_user_dir }}/files/mykey.pem" dest: /etc/pki/tls/private/mykey.pem mode: 0600 ``` ### nginx_tls_certificates_extra #### Default value ```YAML nginx_tls_certificates_extra: [] ``` ### nginx_tls_ciphers #### Default value ```YAML nginx_tls_ciphers: - ECDHE-RSA-AES256-GCM-SHA512 - DHE-RSA-AES256-GCM-SHA512 - ECDHE-RSA-AES256-GCM-SHA384 - DHE-RSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-SHA384 ``` ### nginx_tls_dhparam_file #### Default value ```YAML nginx_tls_dhparam_file: _unset_ ``` ### nginx_tls_dhparam_size #### Default value ```YAML nginx_tls_dhparam_size: 2048 ``` ### nginx_tls_ecdh_curve #### Default value ```YAML nginx_tls_ecdh_curve: _unset_ ``` ### nginx_tls_enabled #### Default value ```YAML nginx_tls_enabled: false ``` ### nginx_tls_hsts_enabled #### Default value ```YAML nginx_tls_hsts_enabled: false ``` ### nginx_tls_ocsp_enabled #### Default value ```YAML nginx_tls_ocsp_enabled: false ``` ### nginx_tls_ocsp_trusted_certificate #### Default value ```YAML nginx_tls_ocsp_trusted_certificate: _unset_ ``` ### nginx_tls_versions #### Default value ```YAML nginx_tls_versions: - TLSv1.2 ``` ### nginx_user #### Default value ```YAML nginx_user: nginx ``` ### nginx_vhosts_default #### Default value ```YAML nginx_vhosts_default: - file: default servers: - port: 80 server_name: '{{ ansible_fqdn }}' locations: - match: / root: /var/www/vhosts/default index: index.html - match: /50x.html root: /usr/share/nginx/html custom_options: - error_page 500 502 503 504 /50x.html ``` #### Example usage ```YAML nginx_vhosts_default: - file: default upstreams: - name: my_pool servers: [] servers: - port: 80 server_name: demo.example.com tls_redirect: False # skips locations if enabled tls_redirect_url: tls: cert: /etc/pki/tls/certs/mycert.pem key: /etc/pki/tls/private/mykey.pem dhparam: client_max_body_size: send_timeout: add_headers: - name: value: always: True locations: - match: / root: /var/www/vhosts/default index: index.html add_headers: [] proxy_pass: proxy_pass_request_body: proxy_next_upstream: proxy_redirect: proxy_http_version: "1.1" proxy_buffering: "off" proxy_connect_timeout: 3600s proxy_read_timeout: 3600s proxy_send_timeout: 3600s proxy_set_headers: [] proxy_hide_headers: [] proxy_ignore_headers: [] proxy_intercept_errors: "off" proxy_cache_bypass: proxy_no_cache: proxy_buffers: custom_options: custom_options: - 'deny: all' ``` ### nginx_vhosts_dir #### Default value ```YAML nginx_vhosts_dir: /var/www/vhosts ``` ### nginx_vhosts_extra #### Default value ```YAML nginx_vhosts_extra: [] ``` ### nginx_worker_connections #### Default value ```YAML nginx_worker_connections: 1024 ``` ### nginx_worker_processes #### Default value ```YAML nginx_worker_processes: 1 ``` ### nginx_xcto_enabled #### Default value ```YAML nginx_xcto_enabled: true ``` ### nginx_xfo_enabled #### Default value ```YAML nginx_xfo_enabled: true ``` ### nginx_xfo_policy #### Default value ```YAML nginx_xfo_policy: deny ``` ### nginx_xxxsp_enabled #### Default value ```YAML nginx_xxxsp_enabled: true ``` ### nginx_xxxsp_parameters #### Default value ```YAML nginx_xxxsp_parameters: - 1 - mode=block ``` ## Discovered Tags tls_renewal :   ## Dependencies None.