xoxys.nginx/README.md

8.2 KiB

xoxys.nginx

Build Status

Role to setup nginx

Table of content


Default Variables

nginx_official_repo_enabled

Default value

nginx_official_repo_enabled: true

nginx_user

Default value

nginx_user: nginx

nginx_group

Default value

nginx_group: nginx

nginx_worker_processes

Default value

nginx_worker_processes: 1

nginx_worker_connections

Default value

nginx_worker_connections: 1024

nginx_error_log

Default value

nginx_error_log:
  enabled: true
  file: /var/log/nginx/error.log
  level: error

nginx_access_log

Default value

nginx_access_log:
  enabled: true
  file: /var/log/nginx/access.log
  format: main

nginx_client_body_buffer_size

Default value

nginx_client_body_buffer_size: 10k

nginx_client_header_buffer_size

Default value

nginx_client_header_buffer_size: 1k

nginx_client_max_body_size

Default value

nginx_client_max_body_size: 8m

nginx_client_body_timeout

Default value

nginx_client_body_timeout: 60

nginx_client_header_timeout

Default value

nginx_client_header_timeout: 60

nginx_keepalive_timeout

Default value

nginx_keepalive_timeout: 65

nginx_send_timeout

Default value

nginx_send_timeout: 60

nginx_reset_timedout_connection

Default value

nginx_reset_timedout_connection: true

nginx_gzip_enabled

Default value

nginx_gzip_enabled: true

nginx_gzip_comp_level

Default value

nginx_gzip_comp_level: 2

nginx_gzip_min_length

Default value

nginx_gzip_min_length: 1000

nginx_gzip_proxied

Default value

nginx_gzip_proxied:
  - expired
  - no-cache
  - no-store
  - private
  - auth

nginx_gzip_types

Default value

nginx_gzip_types:
  - text/plain
  - application/x-javascript
  - text/xml
  - text/css
  - application/xml

nginx_tls_enabled

Default value

nginx_tls_enabled: false

nginx_tls_versions

Default value

nginx_tls_versions:
  - TLSv1.2

nginx_tls_cert_file

Set the destination filename.

Default value

nginx_tls_cert_file: mycert.pem

nginx_tls_key_file

Set the destination filename.

Default value

nginx_tls_key_file: mykey.pem

nginx_tls_dhparam_size

Default value

nginx_tls_dhparam_size: 2048

nginx_tls_ciphers

Default value

nginx_tls_ciphers:
  - ECDHE-RSA-AES256-GCM-SHA512
  - DHE-RSA-AES256-GCM-SHA512
  - ECDHE-RSA-AES256-GCM-SHA384
  - DHE-RSA-AES256-GCM-SHA384
  - ECDHE-RSA-AES256-SHA384

nginx_tls_ocsp_enabled

Default value

nginx_tls_ocsp_enabled: false

nginx_tls_hsts_enabled

Default value

nginx_tls_hsts_enabled: false

nginx_hsts_options

Default value

nginx_hsts_options:
  - max-age=63072000
  - includeSubDomains

nginx_xfo_enabled

Default value

nginx_xfo_enabled: true

nginx_xfo_policy

Default value

nginx_xfo_policy: deny

nginx_xcto_enabled

Default value

nginx_xcto_enabled: true

nginx_csp_enabled

Default value

nginx_csp_enabled: false

nginx_xxxsp_enabled

Default value

nginx_xxxsp_enabled: true

nginx_xxxsp_parameters

Default value

nginx_xxxsp_parameters:
  - mode=block

nginx_vhosts_dir

Default value

nginx_vhosts_dir: /var/www/vhosts

nginx_vhosts_default

Default value

nginx_vhosts_default:
  - file: default
    servers:
      - port: 80
        server_name: '{{ ansible_fqdn }}'
        locations:
          - match: /
            root: /var/www/vhosts/default
            index: index.html

Example usage

nginx_vhosts_default:
  - file: default
    upstream:
      name: my_pool
      servers: []
    servers:
      - port: 80
        server_name: demo.example.com
        tls_redirect: False  skips locations if enabled
        tls_redirect_url:
        tls:
          cert: /etc/pki/tls/..
          key: /etc/pki/tls/..
          dhparam:
        client_max_body_size:
        send_timeout:
        locations:
          - match: /
            root: /var/www/vhosts/default
            index: index.html
            proxy_pass:
            proxy_http_version: "1.1"
            proxy_buffering: "off"
            proxy_connect_timeout: 3600s
            proxy_read_timeout: 3600s
            proxy_send_timeout: 3600s
            proxy_headers: []
    error_page: /usr/share/nginx/html

nginx_vhosts_extra

Default value

nginx_vhosts_extra: []

nginx_server_names_hash_bucket_size

Default value

nginx_server_names_hash_bucket_size: 32

nginx_tls_cert_source

Source has to be a file.

Default value

nginx_tls_cert_source: _unset_

nginx_tls_key_source

Source has to be a file.

Default value

nginx_tls_key_source: _unset_

nginx_tls_dhparam_file

Default value

nginx_tls_dhparam_file: _unset_

nginx_tls_ecdh_curve

Default value

nginx_tls_ecdh_curve: _unset_

nginx_tls_ocsp_trusted_certificate

Default value

nginx_tls_ocsp_trusted_certificate: _unset_

nginx_csp_options

Example usage

nginx_csp_options:
  - directive: frame-ancestors
    parameters:
      - https://example.com
      - https://mypage.com

Dependencies

None.

License

MIT

Author

xoxys mail@geeklabor.de