| defaults | ||
| handlers | ||
| meta | ||
| molecule | ||
| tasks | ||
| templates | ||
| .drone.jsonnet | ||
| .drone.yml | ||
| .gitignore | ||
| HEADER.md | ||
| LICENSE | ||
| README.md | ||
xoxys.nginx
Role to setup nginx
Table of content
- Default Variables
- nginx_official_repo_enabled
- nginx_user
- nginx_group
- nginx_worker_processes
- nginx_worker_connections
- nginx_error_log
- nginx_access_log
- nginx_client_body_buffer_size
- nginx_client_header_buffer_size
- nginx_client_max_body_size
- nginx_client_body_timeout
- nginx_client_header_timeout
- nginx_keepalive_timeout
- nginx_send_timeout
- nginx_reset_timedout_connection
- nginx_gzip_enabled
- nginx_gzip_comp_level
- nginx_gzip_min_length
- nginx_gzip_proxied
- nginx_gzip_types
- nginx_tls_enabled
- nginx_tls_versions
- nginx_tls_cert_file
- nginx_tls_key_file
- nginx_tls_dhparam_size
- nginx_tls_ciphers
- nginx_tls_ocsp_enabled
- nginx_tls_hsts_enabled
- nginx_hsts_options
- nginx_xfo_enabled
- nginx_xfo_policy
- nginx_xcto_enabled
- nginx_csp_enabled
- nginx_xxxsp_enabled
- nginx_xxxsp_parameters
- nginx_vhosts_dir
- nginx_vhosts_default
- nginx_vhosts_extra
- nginx_server_names_hash_bucket_size
- nginx_tls_cert_source
- nginx_tls_key_source
- nginx_tls_dhparam_file
- nginx_tls_ecdh_curve
- nginx_tls_ocsp_trusted_certificate
- nginx_csp_options
- Dependencies
- License
- Author
Default Variables
nginx_official_repo_enabled
Default value
nginx_official_repo_enabled: true
nginx_user
Default value
nginx_user: nginx
nginx_group
Default value
nginx_group: nginx
nginx_worker_processes
Default value
nginx_worker_processes: 1
nginx_worker_connections
Default value
nginx_worker_connections: 1024
nginx_error_log
Default value
nginx_error_log:
enabled: true
file: /var/log/nginx/error.log
level: error
nginx_access_log
Default value
nginx_access_log:
enabled: true
file: /var/log/nginx/access.log
format: main
nginx_client_body_buffer_size
Default value
nginx_client_body_buffer_size: 10k
nginx_client_header_buffer_size
Default value
nginx_client_header_buffer_size: 1k
nginx_client_max_body_size
Default value
nginx_client_max_body_size: 8m
nginx_client_body_timeout
Default value
nginx_client_body_timeout: 60
nginx_client_header_timeout
Default value
nginx_client_header_timeout: 60
nginx_keepalive_timeout
Default value
nginx_keepalive_timeout: 65
nginx_send_timeout
Default value
nginx_send_timeout: 60
nginx_reset_timedout_connection
Default value
nginx_reset_timedout_connection: true
nginx_gzip_enabled
Default value
nginx_gzip_enabled: true
nginx_gzip_comp_level
Default value
nginx_gzip_comp_level: 2
nginx_gzip_min_length
Default value
nginx_gzip_min_length: 1000
nginx_gzip_proxied
Default value
nginx_gzip_proxied:
- expired
- no-cache
- no-store
- private
- auth
nginx_gzip_types
Default value
nginx_gzip_types:
- text/plain
- application/x-javascript
- text/xml
- text/css
- application/xml
nginx_tls_enabled
Default value
nginx_tls_enabled: false
nginx_tls_versions
Default value
nginx_tls_versions:
- TLSv1.2
nginx_tls_cert_file
Set the destination filename.
Default value
nginx_tls_cert_file: mycert.pem
nginx_tls_key_file
Set the destination filename.
Default value
nginx_tls_key_file: mykey.pem
nginx_tls_dhparam_size
Default value
nginx_tls_dhparam_size: 2048
nginx_tls_ciphers
Default value
nginx_tls_ciphers:
- ECDHE-RSA-AES256-GCM-SHA512
- DHE-RSA-AES256-GCM-SHA512
- ECDHE-RSA-AES256-GCM-SHA384
- DHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-SHA384
nginx_tls_ocsp_enabled
Default value
nginx_tls_ocsp_enabled: false
nginx_tls_hsts_enabled
Default value
nginx_tls_hsts_enabled: false
nginx_hsts_options
Default value
nginx_hsts_options:
- max-age=63072000
- includeSubDomains
nginx_xfo_enabled
Default value
nginx_xfo_enabled: true
nginx_xfo_policy
Default value
nginx_xfo_policy: deny
nginx_xcto_enabled
Default value
nginx_xcto_enabled: true
nginx_csp_enabled
Default value
nginx_csp_enabled: false
nginx_xxxsp_enabled
Default value
nginx_xxxsp_enabled: true
nginx_xxxsp_parameters
Default value
nginx_xxxsp_parameters:
- mode=block
nginx_vhosts_dir
Default value
nginx_vhosts_dir: /var/www/vhosts
nginx_vhosts_default
Default value
nginx_vhosts_default:
- file: default
servers:
- port: 80
server_name: '{{ ansible_fqdn }}'
locations:
- match: /
root: /var/www/vhosts/default
index: index.html
Example usage
nginx_vhosts_default:
- file: default
upstream:
name: my_pool
servers: []
servers:
- port: 80
server_name: demo.example.com
tls_redirect: False skips locations if enabled
tls_redirect_url:
tls:
cert: /etc/pki/tls/..
key: /etc/pki/tls/..
dhparam:
client_max_body_size:
send_timeout:
locations:
- match: /
root: /var/www/vhosts/default
index: index.html
proxy_pass:
proxy_http_version: "1.1"
proxy_buffering: "off"
proxy_connect_timeout: 3600s
proxy_read_timeout: 3600s
proxy_send_timeout: 3600s
proxy_headers: []
error_page: /usr/share/nginx/html
nginx_vhosts_extra
Default value
nginx_vhosts_extra: []
nginx_server_names_hash_bucket_size
Default value
nginx_server_names_hash_bucket_size: 32
nginx_tls_cert_source
Source has to be a file.
Default value
nginx_tls_cert_source: _unset_
nginx_tls_key_source
Source has to be a file.
Default value
nginx_tls_key_source: _unset_
nginx_tls_dhparam_file
Default value
nginx_tls_dhparam_file: _unset_
nginx_tls_ecdh_curve
Default value
nginx_tls_ecdh_curve: _unset_
nginx_tls_ocsp_trusted_certificate
Default value
nginx_tls_ocsp_trusted_certificate: _unset_
nginx_csp_options
Example usage
nginx_csp_options:
- directive: frame-ancestors
parameters:
- https://example.com
- https://mypage.com
Dependencies
None.
License
MIT
Author
xoxys mail@geeklabor.de