--- nginx_official_repo_enabled: True nginx_user: nginx nginx_group: nginx nginx_worker_processes: 1 nginx_worker_connections: 1024 nginx_error_log: enabled: True file: /var/log/nginx/error.log level: error nginx_access_log: enabled: True file: /var/log/nginx/access.log format: main ## nginx buffer sizes nginx_client_body_buffer_size: 10k nginx_client_header_buffer_size: 1k nginx_client_max_body_size: 8m ## nginx timeout settings nginx_client_body_timeout: 60 nginx_client_header_timeout: 60 nginx_keepalive_timeout: 65 nginx_send_timeout: 60 nginx_reset_timedout_connection: True ## nginx compression nginx_gzip_enabled: True nginx_gzip_comp_level: 2 nginx_gzip_min_length: 1000 nginx_gzip_proxied: - expired - no-cache - no-store - private - auth nginx_gzip_types: - text/plain - application/x-javascript - text/xml - text/css - application/xml nginx_iptables_enabled: False nginx_open_ports: - 80 - 443 nginx_tls_enabled: False nginx_tls_versions: - TLSv1.2 # Source has to be a file nginx_tls_cert_source: mycert.pem nginx_tls_key_source: mykey.pem # Set the destination filename nginx_tls_cert_file: mycert.pem nginx_tls_key_file: mykey.pem # nginx_tls_dhparam_file: # defaults to not set # nginx_tls_dhparam_size: # defaults to 2048 nginx_tls_ciphers: - ECDHE-RSA-AES256-GCM-SHA512 - DHE-RSA-AES256-GCM-SHA512 - ECDHE-RSA-AES256-GCM-SHA384 - DHE-RSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-SHA384 nginx_tls_ocsp_enabled: False # nginx_tls_ocsp_trusted_certificate: # defaults to not set nginx_tls_hsts_enabled: False nginx_hsts_options: - max-age=63072000 - includeSubDomains nginx_xfo_enabled: True nginx_xfo_policy: deny nginx_xcto_enabled: True nginx_csp_enabled: False # nginx_csp_options: # - directive: frame-ancestors # parameters: # - https://example.com # - https://mypage.com nginx_xxxsp_enabled: True nginx_xxxsp_parameters: - mode=block nginx_vhosts_dir: /var/www/vhosts nginx_vhosts_default: - file: default server: - port: 80 server_name: "{{ ansible_hostname }}" locations: - match: / root: /var/www/vhosts/default index: index.html # nginx_vhosts_default: # - file: default # upstream: # name: my_pool # servers: [] # servers: # - port: 80 # server_name: demo.example.com # tls_redirect: False # skips locations if enabled # tls_redirect_url: # tls: # cert: /etc/pki/tls/.. # key: /etc/pki/tls/.. # dhparam: # client_max_body_size: # locations: # - match: / # root: /var/www/vhosts/default # index: index.html # proxy_pass: # proxy_headers: [] # error_page: /usr/share/nginx/html nginx_vhosts_extra: [] nginx_server_names_hash_bucket_size: 32