# xoxys.nginx [![Build Status](https://drone.rknet.org/api/badges/ansible/xoxys.nginx/status.svg)](https://drone.rknet.org/ansible/xoxys.nginx) Role to setup nginx ## Table of content * [Default Variables](#default-variables) * [nginx_official_repo_enabled](#nginx_official_repo_enabled) * [nginx_user](#nginx_user) * [nginx_group](#nginx_group) * [nginx_worker_processes](#nginx_worker_processes) * [nginx_worker_connections](#nginx_worker_connections) * [nginx_error_log](#nginx_error_log) * [nginx_access_log](#nginx_access_log) * [nginx_client_body_buffer_size](#nginx_client_body_buffer_size) * [nginx_client_header_buffer_size](#nginx_client_header_buffer_size) * [nginx_client_max_body_size](#nginx_client_max_body_size) * [nginx_client_body_timeout](#nginx_client_body_timeout) * [nginx_client_header_timeout](#nginx_client_header_timeout) * [nginx_keepalive_timeout](#nginx_keepalive_timeout) * [nginx_send_timeout](#nginx_send_timeout) * [nginx_reset_timedout_connection](#nginx_reset_timedout_connection) * [nginx_gzip_enabled](#nginx_gzip_enabled) * [nginx_gzip_comp_level](#nginx_gzip_comp_level) * [nginx_gzip_min_length](#nginx_gzip_min_length) * [nginx_gzip_proxied](#nginx_gzip_proxied) * [nginx_gzip_types](#nginx_gzip_types) * [nginx_tls_enabled](#nginx_tls_enabled) * [nginx_tls_versions](#nginx_tls_versions) * [nginx_tls_cert_file](#nginx_tls_cert_file) * [nginx_tls_key_file](#nginx_tls_key_file) * [nginx_tls_dhparam_size](#nginx_tls_dhparam_size) * [nginx_tls_ciphers](#nginx_tls_ciphers) * [nginx_tls_ocsp_enabled](#nginx_tls_ocsp_enabled) * [nginx_tls_hsts_enabled](#nginx_tls_hsts_enabled) * [nginx_hsts_options](#nginx_hsts_options) * [nginx_xfo_enabled](#nginx_xfo_enabled) * [nginx_xfo_policy](#nginx_xfo_policy) * [nginx_xcto_enabled](#nginx_xcto_enabled) * [nginx_csp_enabled](#nginx_csp_enabled) * [nginx_xxxsp_enabled](#nginx_xxxsp_enabled) * [nginx_xxxsp_parameters](#nginx_xxxsp_parameters) * [nginx_vhosts_dir](#nginx_vhosts_dir) * [nginx_vhosts_default](#nginx_vhosts_default) * [nginx_vhosts_extra](#nginx_vhosts_extra) * [nginx_server_names_hash_bucket_size](#nginx_server_names_hash_bucket_size) * [nginx_tls_cert_source](#nginx_tls_cert_source) * [nginx_tls_key_source](#nginx_tls_key_source) * [nginx_tls_dhparam_file](#nginx_tls_dhparam_file) * [nginx_tls_ecdh_curve](#nginx_tls_ecdh_curve) * [nginx_tls_ocsp_trusted_certificate](#nginx_tls_ocsp_trusted_certificate) * [nginx_csp_options](#nginx_csp_options) * [Dependencies](#dependencies) * [License](#license) * [Author](#author) --- ## Default Variables ### nginx_official_repo_enabled #### Default value ```YAML nginx_official_repo_enabled: true ``` ### nginx_user #### Default value ```YAML nginx_user: nginx ``` ### nginx_group #### Default value ```YAML nginx_group: nginx ``` ### nginx_worker_processes #### Default value ```YAML nginx_worker_processes: 1 ``` ### nginx_worker_connections #### Default value ```YAML nginx_worker_connections: 1024 ``` ### nginx_error_log #### Default value ```YAML nginx_error_log: enabled: true file: /var/log/nginx/error.log level: error ``` ### nginx_access_log #### Default value ```YAML nginx_access_log: enabled: true file: /var/log/nginx/access.log format: main ``` ### nginx_client_body_buffer_size #### Default value ```YAML nginx_client_body_buffer_size: 10k ``` ### nginx_client_header_buffer_size #### Default value ```YAML nginx_client_header_buffer_size: 1k ``` ### nginx_client_max_body_size #### Default value ```YAML nginx_client_max_body_size: 8m ``` ### nginx_client_body_timeout #### Default value ```YAML nginx_client_body_timeout: 60 ``` ### nginx_client_header_timeout #### Default value ```YAML nginx_client_header_timeout: 60 ``` ### nginx_keepalive_timeout #### Default value ```YAML nginx_keepalive_timeout: 65 ``` ### nginx_send_timeout #### Default value ```YAML nginx_send_timeout: 60 ``` ### nginx_reset_timedout_connection #### Default value ```YAML nginx_reset_timedout_connection: true ``` ### nginx_gzip_enabled #### Default value ```YAML nginx_gzip_enabled: true ``` ### nginx_gzip_comp_level #### Default value ```YAML nginx_gzip_comp_level: 2 ``` ### nginx_gzip_min_length #### Default value ```YAML nginx_gzip_min_length: 1000 ``` ### nginx_gzip_proxied #### Default value ```YAML nginx_gzip_proxied: - expired - no-cache - no-store - private - auth ``` ### nginx_gzip_types #### Default value ```YAML nginx_gzip_types: - text/plain - application/x-javascript - text/xml - text/css - application/xml ``` ### nginx_tls_enabled #### Default value ```YAML nginx_tls_enabled: false ``` ### nginx_tls_versions #### Default value ```YAML nginx_tls_versions: - TLSv1.2 ``` ### nginx_tls_cert_file Set the destination filename. #### Default value ```YAML nginx_tls_cert_file: mycert.pem ``` ### nginx_tls_key_file Set the destination filename. #### Default value ```YAML nginx_tls_key_file: mykey.pem ``` ### nginx_tls_dhparam_size #### Default value ```YAML nginx_tls_dhparam_size: 2048 ``` ### nginx_tls_ciphers #### Default value ```YAML nginx_tls_ciphers: - ECDHE-RSA-AES256-GCM-SHA512 - DHE-RSA-AES256-GCM-SHA512 - ECDHE-RSA-AES256-GCM-SHA384 - DHE-RSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-SHA384 ``` ### nginx_tls_ocsp_enabled #### Default value ```YAML nginx_tls_ocsp_enabled: false ``` ### nginx_tls_hsts_enabled #### Default value ```YAML nginx_tls_hsts_enabled: false ``` ### nginx_hsts_options #### Default value ```YAML nginx_hsts_options: - max-age=63072000 - includeSubDomains ``` ### nginx_xfo_enabled #### Default value ```YAML nginx_xfo_enabled: true ``` ### nginx_xfo_policy #### Default value ```YAML nginx_xfo_policy: deny ``` ### nginx_xcto_enabled #### Default value ```YAML nginx_xcto_enabled: true ``` ### nginx_csp_enabled #### Default value ```YAML nginx_csp_enabled: false ``` ### nginx_xxxsp_enabled #### Default value ```YAML nginx_xxxsp_enabled: true ``` ### nginx_xxxsp_parameters #### Default value ```YAML nginx_xxxsp_parameters: - mode=block ``` ### nginx_vhosts_dir #### Default value ```YAML nginx_vhosts_dir: /var/www/vhosts ``` ### nginx_vhosts_default #### Default value ```YAML nginx_vhosts_default: - file: default servers: - port: 80 server_name: '{{ ansible_fqdn }}' locations: - match: / root: /var/www/vhosts/default index: index.html ``` #### Example usage ```YAML nginx_vhosts_default: - file: default upstream: name: my_pool servers: [] servers: - port: 80 server_name: demo.example.com tls_redirect: False skips locations if enabled tls_redirect_url: tls: cert: /etc/pki/tls/.. key: /etc/pki/tls/.. dhparam: client_max_body_size: send_timeout: locations: - match: / root: /var/www/vhosts/default index: index.html proxy_pass: proxy_http_version: "1.1" proxy_buffering: "off" proxy_connect_timeout: 3600s proxy_read_timeout: 3600s proxy_send_timeout: 3600s proxy_headers: [] error_page: /usr/share/nginx/html ``` ### nginx_vhosts_extra #### Default value ```YAML nginx_vhosts_extra: [] ``` ### nginx_server_names_hash_bucket_size #### Default value ```YAML nginx_server_names_hash_bucket_size: 32 ``` ### nginx_tls_cert_source Source has to be a file. #### Default value ```YAML nginx_tls_cert_source: _unset_ ``` ### nginx_tls_key_source Source has to be a file. #### Default value ```YAML nginx_tls_key_source: _unset_ ``` ### nginx_tls_dhparam_file #### Default value ```YAML nginx_tls_dhparam_file: _unset_ ``` ### nginx_tls_ecdh_curve #### Default value ```YAML nginx_tls_ecdh_curve: _unset_ ``` ### nginx_tls_ocsp_trusted_certificate #### Default value ```YAML nginx_tls_ocsp_trusted_certificate: _unset_ ``` ### nginx_csp_options #### Example usage ```YAML nginx_csp_options: - directive: frame-ancestors parameters: - https://example.com - https://mypage.com ``` ## Dependencies None. ## License MIT ## Author xoxys