--- nginx_official_repo_enabled: True nginx_user: nginx nginx_group: nginx nginx_worker_processes: 1 nginx_worker_connections: 1024 nginx_error_log: enabled: True file: /var/log/nginx/error.log level: error nginx_access_log: enabled: True file: /var/log/nginx/access.log format: main nginx_client_body_buffer_size: 10k nginx_client_header_buffer_size: 1k nginx_client_max_body_size: 8m nginx_client_body_timeout: 60 nginx_client_header_timeout: 60 nginx_keepalive_timeout: 65 nginx_send_timeout: 60 nginx_reset_timedout_connection: True nginx_gzip_enabled: True nginx_gzip_comp_level: 2 nginx_gzip_min_length: 1000 nginx_gzip_proxied: - expired - no-cache - no-store - private - auth nginx_gzip_types: - text/plain - application/x-javascript - text/xml - text/css - application/xml nginx_tls_enabled: False nginx_tls_versions: - TLSv1.2 nginx_tls_certificates: [] # @var nginx_tls_certificates:example: > # nginx_tls_certificates: # - source: "{{ ansible_user_dir }}/files/mycert.pem" # dest: /etc/pki/tls/certs/mycert.pem # mode: 0644 # - source: "{{ ansible_user_dir }}/files/mykey.pem" # dest: /etc/pki/tls/private/mykey.pem # mode: 0600 # @end nginx_tls_certificates_extra: [] # @var nginx_tls_dhparam_file: $ "_unset_" nginx_tls_dhparam_size: 2048 nginx_tls_ciphers: - ECDHE-RSA-AES256-GCM-SHA512 - DHE-RSA-AES256-GCM-SHA512 - ECDHE-RSA-AES256-GCM-SHA384 - DHE-RSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-SHA384 # @var nginx_tls_ecdh_curve: $ "_unset_" nginx_tls_ocsp_enabled: False # @var nginx_tls_ocsp_trusted_certificate: $ "_unset_" nginx_tls_hsts_enabled: False nginx_hsts_options: - max-age=63072000 - includeSubDomains - preload nginx_xfo_enabled: True nginx_xfo_policy: deny nginx_xcto_enabled: True nginx_csp_enabled: False # @ var nginx_csp_options: $ "_unset_" # @var nginx_csp_options:example: > # nginx_csp_options: # - directive: frame-ancestors # parameters: # - https://example.com # - https://mypage.com nginx_xxxsp_enabled: True nginx_xxxsp_parameters: - 1 - mode=block nginx_rp_enabled: True nginx_rp_option: strict-origin nginx_maps: [] # @var nginx_maps:example: > # nginx_maps: # - input: $input # output: $output # parameters: # - "default 0" # - "/old/path /new_path" # @end nginx_maps_extra: [] nginx_error_page: [] # @var nginx_error_page:example: # nginx_error_page: # - code: # - 404 # - 403 # dest: /4xx.html # @end nginx_error_location: [] # @var nginx_error_location: description: > # Default error location. If set, the defined location will be automatically added once # to every server block to handle custom error sites. # @end # @var nginx_error_location: example: > # nginx_error_location: # - match: / # root: /var/www/vhosts/default # index: index.html # custom_options: # @end nginx_vhosts_dir: /var/www/vhosts nginx_vhosts_default: - file: default servers: - port: 80 server_name: "{{ ansible_fqdn }}" locations: - match: / root: /var/www/vhosts/default index: index.html - match: /50x.html root: "/usr/share/nginx/html" custom_options: - "error_page 500 502 503 504 /50x.html" # @var nginx_vhosts_default:example: > # nginx_vhosts_default: # - file: default # upstreams: # - name: my_pool # servers: [] # servers: # - port: 80 # server_name: demo.example.com # tls_redirect: False # skips locations if enabled # tls_redirect_url: # tls: # cert: /etc/pki/tls/certs/mycert.pem # key: /etc/pki/tls/private/mykey.pem # dhparam: # client_max_body_size: # send_timeout: # add_headers: # - name: # value: # always: True # locations: # - match: / # root: /var/www/vhosts/default # index: index.html # add_headers: [] # proxy_pass: # proxy_pass_request_body: # proxy_next_upstream: # proxy_redirect: # proxy_http_version: "1.1" # proxy_buffering: "off" # proxy_connect_timeout: 3600s # proxy_read_timeout: 3600s # proxy_send_timeout: 3600s # proxy_set_headers: [] # proxy_hide_headers: [] # proxy_ignore_headers: [] # proxy_intercept_errors: "off" # proxy_cache_bypass: # proxy_no_cache: # proxy_buffers: # custom_options: # custom_options: # - 'deny: all' nginx_vhosts_extra: [] nginx_server_names_hash_bucket_size: 32