--- title: nginx type: docs --- [![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.nginx) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.nginx?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.nginx) [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](LICENSE) Setup [nginx](https://www.nginx.com/) webserver. Nginx is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server. The nginx project started with a strong focus on high concurrency, high performance and low memory usage. * [Default Variables](#default-variables) * [nginx_access_log](#nginx-access-log) * [nginx_client_body_buffer_size](#nginx-client-body-buffer-size) * [nginx_client_body_timeout](#nginx-client-body-timeout) * [nginx_client_header_buffer_size](#nginx-client-header-buffer-size) * [nginx_client_header_timeout](#nginx-client-header-timeout) * [nginx_client_max_body_size](#nginx-client-max-body-size) * [nginx_csp_enabled](#nginx-csp-enabled) * [nginx_csp_options](#nginx-csp-options) * [nginx_error_log](#nginx-error-log) * [nginx_group](#nginx-group) * [nginx_gzip_comp_level](#nginx-gzip-comp-level) * [nginx_gzip_enabled](#nginx-gzip-enabled) * [nginx_gzip_min_length](#nginx-gzip-min-length) * [nginx_gzip_proxied](#nginx-gzip-proxied) * [nginx_gzip_types](#nginx-gzip-types) * [nginx_hsts_options](#nginx-hsts-options) * [nginx_keepalive_timeout](#nginx-keepalive-timeout) * [nginx_official_repo_enabled](#nginx-official-repo-enabled) * [nginx_reset_timedout_connection](#nginx-reset-timedout-connection) * [nginx_send_timeout](#nginx-send-timeout) * [nginx_server_names_hash_bucket_size](#nginx-server-names-hash-bucket-size) * [nginx_tls_cert_file](#nginx-tls-cert-file) * [nginx_tls_cert_source](#nginx-tls-cert-source) * [nginx_tls_ciphers](#nginx-tls-ciphers) * [nginx_tls_dhparam_file](#nginx-tls-dhparam-file) * [nginx_tls_dhparam_size](#nginx-tls-dhparam-size) * [nginx_tls_ecdh_curve](#nginx-tls-ecdh-curve) * [nginx_tls_enabled](#nginx-tls-enabled) * [nginx_tls_hsts_enabled](#nginx-tls-hsts-enabled) * [nginx_tls_key_file](#nginx-tls-key-file) * [nginx_tls_key_source](#nginx-tls-key-source) * [nginx_tls_ocsp_enabled](#nginx-tls-ocsp-enabled) * [nginx_tls_ocsp_trusted_certificate](#nginx-tls-ocsp-trusted-certificate) * [nginx_tls_versions](#nginx-tls-versions) * [nginx_user](#nginx-user) * [nginx_vhosts_default](#nginx-vhosts-default) * [nginx_vhosts_dir](#nginx-vhosts-dir) * [nginx_vhosts_extra](#nginx-vhosts-extra) * [nginx_worker_connections](#nginx-worker-connections) * [nginx_worker_processes](#nginx-worker-processes) * [nginx_xcto_enabled](#nginx-xcto-enabled) * [nginx_xfo_enabled](#nginx-xfo-enabled) * [nginx_xfo_policy](#nginx-xfo-policy) * [nginx_xxxsp_enabled](#nginx-xxxsp-enabled) * [nginx_xxxsp_parameters](#nginx-xxxsp-parameters) * [Dependencies](#dependencies) --- ## Default Variables ### nginx_access_log #### Default value ```YAML nginx_access_log: enabled: true file: /var/log/nginx/access.log format: main ``` ### nginx_client_body_buffer_size #### Default value ```YAML nginx_client_body_buffer_size: 10k ``` ### nginx_client_body_timeout #### Default value ```YAML nginx_client_body_timeout: 60 ``` ### nginx_client_header_buffer_size #### Default value ```YAML nginx_client_header_buffer_size: 1k ``` ### nginx_client_header_timeout #### Default value ```YAML nginx_client_header_timeout: 60 ``` ### nginx_client_max_body_size #### Default value ```YAML nginx_client_max_body_size: 8m ``` ### nginx_csp_enabled #### Default value ```YAML nginx_csp_enabled: false ``` ### nginx_csp_options #### Example usage ```YAML nginx_csp_options: - directive: frame-ancestors parameters: - https://example.com - https://mypage.com ``` ### nginx_error_log #### Default value ```YAML nginx_error_log: enabled: true file: /var/log/nginx/error.log level: error ``` ### nginx_group #### Default value ```YAML nginx_group: nginx ``` ### nginx_gzip_comp_level #### Default value ```YAML nginx_gzip_comp_level: 2 ``` ### nginx_gzip_enabled #### Default value ```YAML nginx_gzip_enabled: true ``` ### nginx_gzip_min_length #### Default value ```YAML nginx_gzip_min_length: 1000 ``` ### nginx_gzip_proxied #### Default value ```YAML nginx_gzip_proxied: - expired - no-cache - no-store - private - auth ``` ### nginx_gzip_types #### Default value ```YAML nginx_gzip_types: - text/plain - application/x-javascript - text/xml - text/css - application/xml ``` ### nginx_hsts_options #### Default value ```YAML nginx_hsts_options: - max-age=63072000 - includeSubDomains ``` ### nginx_keepalive_timeout #### Default value ```YAML nginx_keepalive_timeout: 65 ``` ### nginx_official_repo_enabled #### Default value ```YAML nginx_official_repo_enabled: true ``` ### nginx_reset_timedout_connection #### Default value ```YAML nginx_reset_timedout_connection: true ``` ### nginx_send_timeout #### Default value ```YAML nginx_send_timeout: 60 ``` ### nginx_server_names_hash_bucket_size #### Default value ```YAML nginx_server_names_hash_bucket_size: 32 ``` ### nginx_tls_cert_file Set the destination filename. #### Default value ```YAML nginx_tls_cert_file: mycert.pem ``` ### nginx_tls_cert_source Source has to be a file. #### Default value ```YAML nginx_tls_cert_source: _unset_ ``` ### nginx_tls_ciphers #### Default value ```YAML nginx_tls_ciphers: - ECDHE-RSA-AES256-GCM-SHA512 - DHE-RSA-AES256-GCM-SHA512 - ECDHE-RSA-AES256-GCM-SHA384 - DHE-RSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-SHA384 ``` ### nginx_tls_dhparam_file #### Default value ```YAML nginx_tls_dhparam_file: _unset_ ``` ### nginx_tls_dhparam_size #### Default value ```YAML nginx_tls_dhparam_size: 2048 ``` ### nginx_tls_ecdh_curve #### Default value ```YAML nginx_tls_ecdh_curve: _unset_ ``` ### nginx_tls_enabled #### Default value ```YAML nginx_tls_enabled: false ``` ### nginx_tls_hsts_enabled #### Default value ```YAML nginx_tls_hsts_enabled: false ``` ### nginx_tls_key_file Set the destination filename. #### Default value ```YAML nginx_tls_key_file: mykey.pem ``` ### nginx_tls_key_source Source has to be a file. #### Default value ```YAML nginx_tls_key_source: _unset_ ``` ### nginx_tls_ocsp_enabled #### Default value ```YAML nginx_tls_ocsp_enabled: false ``` ### nginx_tls_ocsp_trusted_certificate #### Default value ```YAML nginx_tls_ocsp_trusted_certificate: _unset_ ``` ### nginx_tls_versions #### Default value ```YAML nginx_tls_versions: - TLSv1.2 ``` ### nginx_user #### Default value ```YAML nginx_user: nginx ``` ### nginx_vhosts_default #### Default value ```YAML nginx_vhosts_default: - file: default servers: - port: 80 server_name: '{{ ansible_fqdn }}' locations: - match: / root: /var/www/vhosts/default index: index.html ``` #### Example usage ```YAML nginx_vhosts_default: - file: default upstreams: - name: my_pool servers: [] servers: - port: 80 server_name: demo.example.com tls_redirect: False # skips locations if enabled tls_redirect_url: tls: cert: /etc/pki/tls/.. key: /etc/pki/tls/.. dhparam: client_max_body_size: send_timeout: locations: - match: / root: /var/www/vhosts/default index: index.html proxy_pass: proxy_http_version: "1.1" proxy_buffering: "off" proxy_connect_timeout: 3600s proxy_read_timeout: 3600s proxy_send_timeout: 3600s proxy_headers: [] custom_options: - 'deny: all' error_page: /usr/share/nginx/html ``` ### nginx_vhosts_dir #### Default value ```YAML nginx_vhosts_dir: /var/www/vhosts ``` ### nginx_vhosts_extra #### Default value ```YAML nginx_vhosts_extra: [] ``` ### nginx_worker_connections #### Default value ```YAML nginx_worker_connections: 1024 ``` ### nginx_worker_processes #### Default value ```YAML nginx_worker_processes: 1 ``` ### nginx_xcto_enabled #### Default value ```YAML nginx_xcto_enabled: true ``` ### nginx_xfo_enabled #### Default value ```YAML nginx_xfo_enabled: true ``` ### nginx_xfo_policy #### Default value ```YAML nginx_xfo_policy: deny ``` ### nginx_xxxsp_enabled #### Default value ```YAML nginx_xxxsp_enabled: true ``` ### nginx_xxxsp_parameters #### Default value ```YAML nginx_xxxsp_parameters: - mode=block ``` ## Dependencies None.