This role installs nginx web server on linux machine
None
web_user: www-data
web_group: www-data
Unix user and group for nginx service.
web_domain: example.com
This is used to configure server name for default nginx site.
web_ports: [80, 443]
These ports will be opened in the firewall.
nginx_http_port: 80
nginx_ssl_port: 443
These ports are used in configuration snippets.
nginx_conf_dir: /etc/nginx/conf.d
Extra configuration will be put here.
nginx_site_dir: /etc/nginx/sites-enabled
The default nginx site configuration will be put here.
nginx_stream_dir: /etc/nginx/streams.d
Stream module snippets will be put here.
nginx_def_site_dir: /var/www/default
The default nginx site files will be put here.
nginx_ssl_cert: <derived from letsencrypt setting>
nginx_ssl_key: <derived from letsencrypt setting>
nginx_letsencrypt_cert: ""
Setting one of these will activate HTTPS for default nginx site.
nginx_base_domain: "{{ web_domain }}"
nginx_main_site: ""
If this setting is non-empty, accessing nginx at an unconfigured server name will redirect to this URL.
nginx_xframe_uri: nginx_main_site uri or 'same' or 'none'
This setting will trigger SAMEORIGIN frame security policy.
nginx_cache_enable: true
This settings triggers creationg and configuration of nginx cache directories.
nginx_local_resolver: false
If this is set to true, nginx will use to localhost dns resolver,
usually dnsmasq.
nginx_behind_vpn: true
This setting affects how nginx reports its web port to upstream services
such as uwsgi.
nginx_upload_progress: false
This setting activates the upload_progress nginx module.
nginx_max_logs: ~
If set, this limits maximum number of rotated nginx logs by given number.
nginx_cloudflare_ips: []
A list of IP subnets. Nginx will correctly expose its IP address when run behind the cloudflare web proxy. See:
- https://www.cloudflare.com/ips-v4
- https://www.cloudflare.com/ips-v6
- https://www.cloudflare.com/ips
- https://www.babaei.net/blog/getting-real-ip-addresses-using-nginx-and-cloudflare
- https://stackoverflow.com/q/26983893
nginx_own_default_server: true
Set this to false if you provide your own default server.
nginx_sni_mux_port: 3443
nginx_sni_servers: []
These optional settings control stream module multiplexing TLS ports
behind nginx. The incoming TLS traffic will be accepted on port
nginx_sni_mux_port and multiplexed based on the records in the
nginx_sni_servers list. Every record has the following fields:
comment-- comment for the recordhostname-- SNI hostname to pick onport-- target port on localhost
All traffic that is not captured by listed host names will be redirected
to default port nginx_ssl_port, which is normally served by the Nginx
core http module.
lin_nginx_install-- install nginx package from nginx.org repositorylin_nginx_dirs-- activate nginx cache and create directories under /etc/nginxlin_nginx_config-- create main configuration and uwsgi parameters and add extra mime typeslin_nginx_tls-- configure security settings and generate diffie-helman parameters for tlslin_nginx_site-- configure default site and upload www fileslin_nginx_run-- enable service and open ports in firewalllin_nginx_logs-- fine-tune nginx logslin_nginx_all-- all of the above
- ivansible.lin_base
- common ansible handlers, default parameters and custom modules
- global flag
lin_compress_logs, which enables or disables compression of rotated logs
- ivansible.nginx_base
- common nginx-related handlers and default parameters
- hosts: mysite
roles:
- role: ivansible.lin_nginx
web_domain: mysite.com
nginx_letsencrypt_cert: mysite.com
nginx_main_site: www.mysite.com
MIT
Created in 2018-2021 by IvanSible