Go to file
2020-01-22 23:20:53 +01:00
defaults allow multiple upstream groups from list 2020-01-20 14:37:38 +01:00
handlers fix some standards 2018-10-22 10:56:39 +02:00
meta override meta author for readme 2019-11-07 09:24:51 +01:00
molecule refactor docs 2020-01-22 22:36:03 +01:00
tasks remove iptables integration 2019-10-28 20:09:33 +01:00
templates allow multiple upstream groups from list 2020-01-20 14:37:38 +01:00
.drone.jsonnet [SKIP CI] force run 2020-01-22 23:20:53 +01:00
.drone.yml refactor docs 2020-01-22 22:36:03 +01:00
.gitignore [SKIP CI] remove pyc files 2019-05-26 18:02:18 +02:00
.later.yml cleanup pipeline 2019-11-22 23:59:05 +01:00
LICENSE Initial commit 2017-07-15 15:24:44 +02:00
README.md [SKIP CI] update readme 2020-01-20 13:40:34 +00:00

xoxys.nginx

Build Status

Role to setup nginx

Table of content


Default Variables

nginx_access_log

Default value

nginx_access_log:
  enabled: true
  file: /var/log/nginx/access.log
  format: main

nginx_client_body_buffer_size

Default value

nginx_client_body_buffer_size: 10k

nginx_client_body_timeout

Default value

nginx_client_body_timeout: 60

nginx_client_header_buffer_size

Default value

nginx_client_header_buffer_size: 1k

nginx_client_header_timeout

Default value

nginx_client_header_timeout: 60

nginx_client_max_body_size

Default value

nginx_client_max_body_size: 8m

nginx_csp_enabled

Default value

nginx_csp_enabled: false

nginx_csp_options

Example usage

nginx_csp_options:
  - directive: frame-ancestors
    parameters:
      - https://example.com
      - https://mypage.com

nginx_error_log

Default value

nginx_error_log:
  enabled: true
  file: /var/log/nginx/error.log
  level: error

nginx_group

Default value

nginx_group: nginx

nginx_gzip_comp_level

Default value

nginx_gzip_comp_level: 2

nginx_gzip_enabled

Default value

nginx_gzip_enabled: true

nginx_gzip_min_length

Default value

nginx_gzip_min_length: 1000

nginx_gzip_proxied

Default value

nginx_gzip_proxied:
  - expired
  - no-cache
  - no-store
  - private
  - auth

nginx_gzip_types

Default value

nginx_gzip_types:
  - text/plain
  - application/x-javascript
  - text/xml
  - text/css
  - application/xml

nginx_hsts_options

Default value

nginx_hsts_options:
  - max-age=63072000
  - includeSubDomains

nginx_keepalive_timeout

Default value

nginx_keepalive_timeout: 65

nginx_official_repo_enabled

Default value

nginx_official_repo_enabled: true

nginx_reset_timedout_connection

Default value

nginx_reset_timedout_connection: true

nginx_send_timeout

Default value

nginx_send_timeout: 60

nginx_server_names_hash_bucket_size

Default value

nginx_server_names_hash_bucket_size: 32

nginx_tls_cert_file

Set the destination filename.

Default value

nginx_tls_cert_file: mycert.pem

nginx_tls_cert_source

Source has to be a file.

Default value

nginx_tls_cert_source: _unset_

nginx_tls_ciphers

Default value

nginx_tls_ciphers:
  - ECDHE-RSA-AES256-GCM-SHA512
  - DHE-RSA-AES256-GCM-SHA512
  - ECDHE-RSA-AES256-GCM-SHA384
  - DHE-RSA-AES256-GCM-SHA384
  - ECDHE-RSA-AES256-SHA384

nginx_tls_dhparam_file

Default value

nginx_tls_dhparam_file: _unset_

nginx_tls_dhparam_size

Default value

nginx_tls_dhparam_size: 2048

nginx_tls_ecdh_curve

Default value

nginx_tls_ecdh_curve: _unset_

nginx_tls_enabled

Default value

nginx_tls_enabled: false

nginx_tls_hsts_enabled

Default value

nginx_tls_hsts_enabled: false

nginx_tls_key_file

Set the destination filename.

Default value

nginx_tls_key_file: mykey.pem

nginx_tls_key_source

Source has to be a file.

Default value

nginx_tls_key_source: _unset_

nginx_tls_ocsp_enabled

Default value

nginx_tls_ocsp_enabled: false

nginx_tls_ocsp_trusted_certificate

Default value

nginx_tls_ocsp_trusted_certificate: _unset_

nginx_tls_versions

Default value

nginx_tls_versions:
  - TLSv1.2

nginx_user

Default value

nginx_user: nginx

nginx_vhosts_default

Default value

nginx_vhosts_default:
  - file: default
    servers:
      - port: 80
        server_name: '{{ ansible_fqdn }}'
        locations:
          - match: /
            root: /var/www/vhosts/default
            index: index.html

Example usage

nginx_vhosts_default:
  - file: default
    upstreams:
      - name: my_pool
        servers: []
    servers:
      - port: 80
        server_name: demo.example.com
        tls_redirect: False  skips locations if enabled
        tls_redirect_url:
        tls:
          cert: /etc/pki/tls/..
          key: /etc/pki/tls/..
          dhparam:
        client_max_body_size:
        send_timeout:
        locations:
          - match: /
            root: /var/www/vhosts/default
            index: index.html
            proxy_pass:
            proxy_http_version: "1.1"
            proxy_buffering: "off"
            proxy_connect_timeout: 3600s
            proxy_read_timeout: 3600s
            proxy_send_timeout: 3600s
            proxy_headers: []
        custom_options:
          - 'deny: all'
    error_page: /usr/share/nginx/html

nginx_vhosts_dir

Default value

nginx_vhosts_dir: /var/www/vhosts

nginx_vhosts_extra

Default value

nginx_vhosts_extra: []

nginx_worker_connections

Default value

nginx_worker_connections: 1024

nginx_worker_processes

Default value

nginx_worker_processes: 1

nginx_xcto_enabled

Default value

nginx_xcto_enabled: true

nginx_xfo_enabled

Default value

nginx_xfo_enabled: true

nginx_xfo_policy

Default value

nginx_xfo_policy: deny

nginx_xxxsp_enabled

Default value

nginx_xxxsp_enabled: true

nginx_xxxsp_parameters

Default value

nginx_xxxsp_parameters:
  - mode=block

Dependencies

None.

License

MIT

Author

xoxys