--- nginx_official_repo_enabled: True nginx_user: nginx nginx_group: nginx nginx_worker_processes: 1 nginx_worker_connections: 1024 nginx_error_log: enabled: True file: /var/log/nginx/error.log level: error nginx_access_log: enabled: True file: /var/log/nginx/access.log format: main ## nginx buffer sizes nginx_client_body_buffer_size: 10k nginx_client_header_buffer_size: 1k nginx_client_max_body_size: 8m ## nginx timeout settings nginx_client_body_timeout: 60 nginx_client_header_timeout: 60 nginx_keepalive_timeout: 65 nginx_send_timeout: 60 nginx_reset_timedout_connection: True ## nginx compression nginx_gzip_enabled: True nginx_gzip_comp_level: 2 nginx_gzip_min_length: 1000 nginx_gzip_proxied: - expired - no-cache - no-store - private - auth nginx_gzip_types: - text/plain - application/x-javascript - text/xml - text/css - application/xml nginx_iptables_enabled: False nginx_open_ports: - 80 - 443 nginx_tls_enabled: False # You can deploy your certificates from a file or from content. # If you enable nginx_tls_source_use_content you have to put the content of your cert files into # nginx_tls_cert_file and nginx_tls_cert_file. nginx_tls_source_use_content: False # If you enable nginx_tls_source_use_files theses variables have to contain the path to your # certificate files located on the ansible "master" host nginx_tls_source_use_files: True nginx_tls_cert_file: mycert.pem nginx_tls_key_file: mykey.pem nginx_tls_ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-SHA nginx_tls_ocsp_enabled: False # nginx_tls_ocsp_trusted_certificate: # defaults to not set nginx_tls_hsts_enabled: False nginx_hsts_options: - nginx_hsts_max_age=63072000 - includeSubDomains nginx_xfo_enabled: True nginx_xfo_policy: deny nginx_xcto_enabled: True nginx_xxxsp_enabled: True nginx_xxxsp_parameters: - mode=block nginx_vhosts_dir: /var/www/vhosts nginx_default_page_enabled: False nginx_server_names_hash_bucket_size: 32