603 lines
10 KiB
Markdown
603 lines
10 KiB
Markdown
---
|
|
title: nginx
|
|
type: docs
|
|
---
|
|
|
|
[![Source Code](https://img.shields.io/badge/gitea-source%20code-blue?logo=gitea&logoColor=white)](https://gitea.rknet.org/ansible/xoxys.nginx) [![Build Status](https://img.shields.io/drone/build/ansible/xoxys.nginx?logo=drone&server=https%3A%2F%2Fdrone.rknet.org)](https://drone.rknet.org/ansible/xoxys.nginx) [![License: MIT](https://img.shields.io/badge/license-MIT-blue.svg)](https://gitea.rknet.org/ansible/xoxys.nginx/src/branch/main/LICENSE)
|
|
|
|
Setup [nginx](https://docs.nginx.com/) webserver. Nginx is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server. The nginx project started with a strong focus on high concurrency, high performance and low memory usage.
|
|
|
|
<!--more-->
|
|
|
|
- [Default Variables](#default-variables)
|
|
- [nginx_access_log](#nginx_access_log)
|
|
- [nginx_client_body_buffer_size](#nginx_client_body_buffer_size)
|
|
- [nginx_client_body_timeout](#nginx_client_body_timeout)
|
|
- [nginx_client_header_buffer_size](#nginx_client_header_buffer_size)
|
|
- [nginx_client_header_timeout](#nginx_client_header_timeout)
|
|
- [nginx_client_max_body_size](#nginx_client_max_body_size)
|
|
- [nginx_csp_enabled](#nginx_csp_enabled)
|
|
- [nginx_csp_options](#nginx_csp_options)
|
|
- [nginx_error_location](#nginx_error_location)
|
|
- [nginx_error_log](#nginx_error_log)
|
|
- [nginx_error_page](#nginx_error_page)
|
|
- [nginx_group](#nginx_group)
|
|
- [nginx_gzip_comp_level](#nginx_gzip_comp_level)
|
|
- [nginx_gzip_enabled](#nginx_gzip_enabled)
|
|
- [nginx_gzip_min_length](#nginx_gzip_min_length)
|
|
- [nginx_gzip_proxied](#nginx_gzip_proxied)
|
|
- [nginx_gzip_types](#nginx_gzip_types)
|
|
- [nginx_hsts_options](#nginx_hsts_options)
|
|
- [nginx_keepalive_timeout](#nginx_keepalive_timeout)
|
|
- [nginx_maps](#nginx_maps)
|
|
- [nginx_maps_extra](#nginx_maps_extra)
|
|
- [nginx_official_repo_enabled](#nginx_official_repo_enabled)
|
|
- [nginx_reset_timedout_connection](#nginx_reset_timedout_connection)
|
|
- [nginx_rp_enabled](#nginx_rp_enabled)
|
|
- [nginx_rp_option](#nginx_rp_option)
|
|
- [nginx_send_timeout](#nginx_send_timeout)
|
|
- [nginx_server_names_hash_bucket_size](#nginx_server_names_hash_bucket_size)
|
|
- [nginx_tls_certificates](#nginx_tls_certificates)
|
|
- [nginx_tls_certificates_extra](#nginx_tls_certificates_extra)
|
|
- [nginx_tls_ciphers](#nginx_tls_ciphers)
|
|
- [nginx_tls_dhparam_file](#nginx_tls_dhparam_file)
|
|
- [nginx_tls_dhparam_size](#nginx_tls_dhparam_size)
|
|
- [nginx_tls_ecdh_curve](#nginx_tls_ecdh_curve)
|
|
- [nginx_tls_enabled](#nginx_tls_enabled)
|
|
- [nginx_tls_hsts_enabled](#nginx_tls_hsts_enabled)
|
|
- [nginx_tls_ocsp_enabled](#nginx_tls_ocsp_enabled)
|
|
- [nginx_tls_ocsp_trusted_certificate](#nginx_tls_ocsp_trusted_certificate)
|
|
- [nginx_tls_versions](#nginx_tls_versions)
|
|
- [nginx_user](#nginx_user)
|
|
- [nginx_vhosts_default](#nginx_vhosts_default)
|
|
- [nginx_vhosts_dir](#nginx_vhosts_dir)
|
|
- [nginx_vhosts_extra](#nginx_vhosts_extra)
|
|
- [nginx_worker_connections](#nginx_worker_connections)
|
|
- [nginx_worker_processes](#nginx_worker_processes)
|
|
- [nginx_xcto_enabled](#nginx_xcto_enabled)
|
|
- [nginx_xfo_enabled](#nginx_xfo_enabled)
|
|
- [nginx_xfo_policy](#nginx_xfo_policy)
|
|
- [nginx_xxxsp_enabled](#nginx_xxxsp_enabled)
|
|
- [nginx_xxxsp_parameters](#nginx_xxxsp_parameters)
|
|
- [Discovered Tags](#discovered-tags)
|
|
- [Dependencies](#dependencies)
|
|
|
|
---
|
|
|
|
## Default Variables
|
|
|
|
### nginx_access_log
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_access_log:
|
|
enabled: true
|
|
file: /var/log/nginx/access.log
|
|
format: main
|
|
```
|
|
|
|
### nginx_client_body_buffer_size
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_client_body_buffer_size: 10k
|
|
```
|
|
|
|
### nginx_client_body_timeout
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_client_body_timeout: 60
|
|
```
|
|
|
|
### nginx_client_header_buffer_size
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_client_header_buffer_size: 1k
|
|
```
|
|
|
|
### nginx_client_header_timeout
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_client_header_timeout: 60
|
|
```
|
|
|
|
### nginx_client_max_body_size
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_client_max_body_size: 8m
|
|
```
|
|
|
|
### nginx_csp_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_csp_enabled: false
|
|
```
|
|
|
|
### nginx_csp_options
|
|
|
|
#### Example usage
|
|
|
|
```YAML
|
|
nginx_csp_options:
|
|
- directive: frame-ancestors
|
|
parameters:
|
|
- https://example.com
|
|
- https://mypage.com
|
|
```
|
|
|
|
### nginx_error_location
|
|
|
|
Default error location. If set, the defined location will be automatically added once to every server block to handle custom error sites.
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_error_location: []
|
|
```
|
|
|
|
#### Example usage
|
|
|
|
```YAML
|
|
nginx_error_location:
|
|
- match: /
|
|
root: /var/www/vhosts/default
|
|
index: index.html
|
|
custom_options:
|
|
```
|
|
|
|
### nginx_error_log
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_error_log:
|
|
enabled: true
|
|
file: /var/log/nginx/error.log
|
|
level: error
|
|
```
|
|
|
|
### nginx_error_page
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_error_page: []
|
|
```
|
|
|
|
#### Example usage
|
|
|
|
```YAML
|
|
|
|
```
|
|
|
|
### nginx_group
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_group: nginx
|
|
```
|
|
|
|
### nginx_gzip_comp_level
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_gzip_comp_level: 2
|
|
```
|
|
|
|
### nginx_gzip_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_gzip_enabled: true
|
|
```
|
|
|
|
### nginx_gzip_min_length
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_gzip_min_length: 1000
|
|
```
|
|
|
|
### nginx_gzip_proxied
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_gzip_proxied:
|
|
- expired
|
|
- no-cache
|
|
- no-store
|
|
- private
|
|
- auth
|
|
```
|
|
|
|
### nginx_gzip_types
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_gzip_types:
|
|
- text/plain
|
|
- application/x-javascript
|
|
- text/xml
|
|
- text/css
|
|
- application/xml
|
|
```
|
|
|
|
### nginx_hsts_options
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_hsts_options:
|
|
- max-age=63072000
|
|
- includeSubDomains
|
|
- preload
|
|
```
|
|
|
|
### nginx_keepalive_timeout
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_keepalive_timeout: 65
|
|
```
|
|
|
|
### nginx_maps
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_maps: []
|
|
```
|
|
|
|
#### Example usage
|
|
|
|
```YAML
|
|
nginx_maps:
|
|
- input: $input
|
|
output: $output
|
|
parameters:
|
|
- "default 0"
|
|
- "/old/path /new_path"
|
|
```
|
|
|
|
### nginx_maps_extra
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_maps_extra: []
|
|
```
|
|
|
|
### nginx_official_repo_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_official_repo_enabled: true
|
|
```
|
|
|
|
### nginx_reset_timedout_connection
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_reset_timedout_connection: true
|
|
```
|
|
|
|
### nginx_rp_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_rp_enabled: true
|
|
```
|
|
|
|
### nginx_rp_option
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_rp_option: strict-origin
|
|
```
|
|
|
|
### nginx_send_timeout
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_send_timeout: 60
|
|
```
|
|
|
|
### nginx_server_names_hash_bucket_size
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_server_names_hash_bucket_size: 32
|
|
```
|
|
|
|
### nginx_tls_certificates
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_tls_certificates: []
|
|
```
|
|
|
|
#### Example usage
|
|
|
|
```YAML
|
|
nginx_tls_certificates:
|
|
- source: "{{ ansible_user_dir }}/files/mycert.pem"
|
|
dest: /etc/pki/tls/certs/mycert.pem
|
|
mode: 0644
|
|
- source: "{{ ansible_user_dir }}/files/mykey.pem"
|
|
dest: /etc/pki/tls/private/mykey.pem
|
|
mode: 0600
|
|
```
|
|
|
|
### nginx_tls_certificates_extra
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_tls_certificates_extra: []
|
|
```
|
|
|
|
### nginx_tls_ciphers
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_tls_ciphers:
|
|
- ECDHE-RSA-AES256-GCM-SHA512
|
|
- DHE-RSA-AES256-GCM-SHA512
|
|
- ECDHE-RSA-AES256-GCM-SHA384
|
|
- DHE-RSA-AES256-GCM-SHA384
|
|
- ECDHE-RSA-AES256-SHA384
|
|
```
|
|
|
|
### nginx_tls_dhparam_file
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_tls_dhparam_file: _unset_
|
|
```
|
|
|
|
### nginx_tls_dhparam_size
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_tls_dhparam_size: 2048
|
|
```
|
|
|
|
### nginx_tls_ecdh_curve
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_tls_ecdh_curve: _unset_
|
|
```
|
|
|
|
### nginx_tls_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_tls_enabled: false
|
|
```
|
|
|
|
### nginx_tls_hsts_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_tls_hsts_enabled: false
|
|
```
|
|
|
|
### nginx_tls_ocsp_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_tls_ocsp_enabled: false
|
|
```
|
|
|
|
### nginx_tls_ocsp_trusted_certificate
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_tls_ocsp_trusted_certificate: _unset_
|
|
```
|
|
|
|
### nginx_tls_versions
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_tls_versions:
|
|
- TLSv1.2
|
|
```
|
|
|
|
### nginx_user
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_user: nginx
|
|
```
|
|
|
|
### nginx_vhosts_default
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_vhosts_default:
|
|
- file: default
|
|
servers:
|
|
- port: 80
|
|
server_name: '{{ ansible_fqdn }}'
|
|
locations:
|
|
- match: /
|
|
root: /var/www/vhosts/default
|
|
index: index.html
|
|
- match: /50x.html
|
|
root: /usr/share/nginx/html
|
|
custom_options:
|
|
- error_page 500 502 503 504 /50x.html
|
|
```
|
|
|
|
#### Example usage
|
|
|
|
```YAML
|
|
nginx_vhosts_default:
|
|
- file: default
|
|
upstreams:
|
|
- name: my_pool
|
|
servers: []
|
|
servers:
|
|
- port: 80
|
|
server_name: demo.example.com
|
|
tls_redirect: False # skips locations if enabled
|
|
tls_redirect_url:
|
|
tls:
|
|
cert: /etc/pki/tls/certs/mycert.pem
|
|
key: /etc/pki/tls/private/mykey.pem
|
|
dhparam:
|
|
client_max_body_size:
|
|
send_timeout:
|
|
add_headers:
|
|
- name:
|
|
value:
|
|
always: True
|
|
locations:
|
|
- match: /
|
|
root: /var/www/vhosts/default
|
|
index: index.html
|
|
add_headers: []
|
|
proxy_pass:
|
|
proxy_pass_request_body:
|
|
proxy_next_upstream:
|
|
proxy_redirect:
|
|
proxy_http_version: "1.1"
|
|
proxy_buffering: "off"
|
|
proxy_connect_timeout: 3600s
|
|
proxy_read_timeout: 3600s
|
|
proxy_send_timeout: 3600s
|
|
proxy_set_headers: []
|
|
proxy_hide_headers: []
|
|
proxy_ignore_headers: []
|
|
proxy_intercept_errors: "off"
|
|
proxy_cache_bypass:
|
|
proxy_no_cache:
|
|
proxy_buffers:
|
|
custom_options:
|
|
custom_options:
|
|
- 'deny: all'
|
|
```
|
|
|
|
### nginx_vhosts_dir
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_vhosts_dir: /var/www/vhosts
|
|
```
|
|
|
|
### nginx_vhosts_extra
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_vhosts_extra: []
|
|
```
|
|
|
|
### nginx_worker_connections
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_worker_connections: 1024
|
|
```
|
|
|
|
### nginx_worker_processes
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_worker_processes: 1
|
|
```
|
|
|
|
### nginx_xcto_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_xcto_enabled: true
|
|
```
|
|
|
|
### nginx_xfo_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_xfo_enabled: true
|
|
```
|
|
|
|
### nginx_xfo_policy
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_xfo_policy: deny
|
|
```
|
|
|
|
### nginx_xxxsp_enabled
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_xxxsp_enabled: true
|
|
```
|
|
|
|
### nginx_xxxsp_parameters
|
|
|
|
#### Default value
|
|
|
|
```YAML
|
|
nginx_xxxsp_parameters:
|
|
- 1
|
|
- mode=block
|
|
```
|
|
|
|
## Discovered Tags
|
|
|
|
tls_renewal
|
|
:
|
|
|
|
|
|
## Dependencies
|
|
|
|
None.
|