2018-01-10 23:40:01 +01:00
|
|
|
---
|
2018-07-12 00:41:10 +02:00
|
|
|
# Install NGINX.
|
|
|
|
# Default is true.
|
|
|
|
nginx_enable: true
|
|
|
|
|
2019-03-21 13:32:27 +01:00
|
|
|
# Start NGINX service.
|
2019-05-21 17:23:06 +02:00
|
|
|
# Default is true.
|
2019-03-21 13:32:27 +01:00
|
|
|
nginx_start: true
|
|
|
|
|
2018-10-16 20:52:04 +02:00
|
|
|
# Print NGINX configuration file to terminal after executing playbook.
|
|
|
|
nginx_debug_output: false
|
|
|
|
|
2018-01-10 23:40:01 +01:00
|
|
|
# Specify which version of NGINX you want to install.
|
|
|
|
# Options are 'opensource' or 'plus'.
|
|
|
|
# Default is 'opensource'.
|
2018-09-15 01:28:20 +02:00
|
|
|
nginx_type: opensource
|
2018-03-02 02:12:28 +01:00
|
|
|
|
2018-05-12 00:12:06 +02:00
|
|
|
# Specify repository origin for NGINX Open Source.
|
2018-05-11 22:31:31 +02:00
|
|
|
# Options are 'nginx_repository' or 'os_repository'.
|
2018-09-15 01:28:20 +02:00
|
|
|
# Only works if 'nginx_type' is set to 'opensource'.
|
2018-05-11 22:31:31 +02:00
|
|
|
# Default is nginx_repository.
|
2018-09-15 01:28:20 +02:00
|
|
|
nginx_install_from: nginx_repository
|
2018-05-11 22:31:31 +02:00
|
|
|
|
2019-01-09 00:26:14 +01:00
|
|
|
# Choose where to fetch the NGINX signing key from.
|
|
|
|
# Default is the official NGINX signing key host.
|
2019-02-19 17:15:04 +01:00
|
|
|
# nginx_signing_key: http://nginx.org/keys/nginx_signing.key
|
2019-01-09 00:26:14 +01:00
|
|
|
|
2018-05-12 00:12:06 +02:00
|
|
|
# Specify source repository for NGINX Open Source.
|
|
|
|
# Only works if 'install_from' is set to 'nginx_repository'.
|
|
|
|
# Defaults are the official NGINX repositories.
|
|
|
|
nginx_repository:
|
2019-05-20 18:32:08 +02:00
|
|
|
alpine: >-
|
|
|
|
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
|
|
|
| ternary('mainline/', '') }}alpine/v{{ ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') }}/main
|
2018-05-12 00:12:06 +02:00
|
|
|
debian:
|
2019-02-19 17:15:04 +01:00
|
|
|
- >-
|
|
|
|
deb https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
2019-05-20 18:32:08 +02:00
|
|
|
| ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
|
2019-02-19 17:15:04 +01:00
|
|
|
- >-
|
|
|
|
deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
2019-05-20 18:32:08 +02:00
|
|
|
| ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
|
|
|
|
redhat: >-
|
2019-02-19 17:15:04 +01:00
|
|
|
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
|
|
|
| ternary('mainline/', '') }}{{ (ansible_distribution == "RedHat")
|
2019-05-20 18:32:08 +02:00
|
|
|
| ternary('rhel', 'centos') }}/{{ ansible_distribution_major_version }}/$basearch/
|
|
|
|
suse: >-
|
2019-02-19 17:15:04 +01:00
|
|
|
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
2019-05-20 18:32:08 +02:00
|
|
|
| ternary('mainline/', '') }}sles/{{ ansible_distribution_major_version }}
|
2018-05-12 00:12:06 +02:00
|
|
|
|
2018-04-12 19:20:39 +02:00
|
|
|
# Specify which branch of NGINX Open Source you want to install.
|
2018-01-10 23:40:01 +01:00
|
|
|
# Options are 'mainline' or 'stable'.
|
2018-05-11 22:31:31 +02:00
|
|
|
# Only works if 'install_from' is set to 'nginx_repository'.
|
2018-02-20 21:28:14 +01:00
|
|
|
# Default is mainline.
|
2018-09-15 01:28:20 +02:00
|
|
|
nginx_branch: mainline
|
2018-03-02 02:12:28 +01:00
|
|
|
|
2018-09-11 20:26:56 +02:00
|
|
|
# Location of your NGINX Plus license in your local machine.
|
|
|
|
# Default is the files folder within the NGINX Ansible role.
|
2018-09-15 01:28:20 +02:00
|
|
|
nginx_license:
|
2018-09-11 20:26:56 +02:00
|
|
|
certificate: license/nginx-repo.crt
|
|
|
|
key: license/nginx-repo.key
|
|
|
|
|
|
|
|
# Delete NGINX Plus license after installation for security purposes.
|
|
|
|
# Default is true.
|
2018-09-15 01:28:20 +02:00
|
|
|
nginx_delete_license: true
|
2018-09-11 20:26:56 +02:00
|
|
|
|
2018-04-12 19:20:39 +02:00
|
|
|
# Install NGINX JavaScript, Perl, ModSecurity WAF (NGINX Plus only), GeoIP, Image-Filter, RTMP Media Streaming, and/or XSLT modules.
|
2018-01-10 23:40:01 +01:00
|
|
|
# Default is false.
|
2018-09-15 01:28:20 +02:00
|
|
|
nginx_modules:
|
2018-01-19 19:27:47 +01:00
|
|
|
njs: false
|
|
|
|
perl: false
|
|
|
|
waf: false
|
2018-02-09 21:00:58 +01:00
|
|
|
geoip: false
|
2018-02-09 21:14:18 +01:00
|
|
|
image_filter: false
|
2018-02-09 21:00:58 +01:00
|
|
|
rtmp: false
|
|
|
|
xslt: false
|
2018-03-02 02:12:28 +01:00
|
|
|
|
2018-01-10 23:40:01 +01:00
|
|
|
# Install NGINX Amplify.
|
|
|
|
# Use your NGINX Amplify API key.
|
2018-09-11 22:08:15 +02:00
|
|
|
# Requires access to either the NGINX stub status or the NGINX Plus REST API.
|
2018-01-10 23:40:01 +01:00
|
|
|
# Default is null.
|
2018-09-15 01:28:20 +02:00
|
|
|
nginx_amplify_enable: false
|
|
|
|
nginx_amplify_api_key: null
|
2018-03-02 02:12:28 +01:00
|
|
|
|
2018-09-11 01:05:25 +02:00
|
|
|
# Install NGINX Controller.
|
2018-09-11 20:26:56 +02:00
|
|
|
# Use your NGINX Controller API key and NGINX Controller API endpoint.
|
2018-09-11 22:08:15 +02:00
|
|
|
# Requires NGINX Plus and write access to the NGINX Plus REST API.
|
2018-09-11 01:05:25 +02:00
|
|
|
# Default is null.
|
2018-09-15 01:28:20 +02:00
|
|
|
nginx_controller_enable: false
|
|
|
|
nginx_controller_api_key: null
|
|
|
|
nginx_controller_api_endpoint: null
|
2018-09-11 20:26:56 +02:00
|
|
|
|
|
|
|
# Install NGINX Unit and NGINX Unit modules.
|
|
|
|
# Use a list of supported NGINX Unit modules.
|
|
|
|
# Default is false.
|
2018-09-15 01:28:20 +02:00
|
|
|
nginx_unit_enable: false
|
|
|
|
nginx_unit_modules: null
|
2018-09-11 01:05:25 +02:00
|
|
|
|
2019-02-15 15:51:09 +01:00
|
|
|
# Remove previously existing NGINX configuration files.
|
|
|
|
# Use a list of paths you wish to remove.
|
2018-02-20 21:28:14 +01:00
|
|
|
# Default is false.
|
2019-02-15 15:51:09 +01:00
|
|
|
nginx_cleanup_config: false
|
|
|
|
nginx_cleanup_config_path:
|
|
|
|
- /etc/nginx/conf.d
|
2018-03-02 02:12:28 +01:00
|
|
|
|
2018-02-20 21:28:14 +01:00
|
|
|
# Enable uploading NGINX configuration files to your system.
|
|
|
|
# Default for uploading files is false.
|
|
|
|
# Default location of files is the files folder within the NGINX Ansible role.
|
2018-10-16 20:52:04 +02:00
|
|
|
# Upload the main NGINX configuration file.
|
|
|
|
nginx_main_upload_enable: false
|
|
|
|
nginx_main_upload_src: conf/nginx.conf
|
2019-01-14 17:37:49 +01:00
|
|
|
nginx_main_upload_dest: /etc/nginx/
|
2018-10-16 20:52:04 +02:00
|
|
|
# Upload HTTP NGINX configuration files.
|
|
|
|
nginx_http_upload_enable: false
|
|
|
|
nginx_http_upload_src: conf/http/*.conf
|
2019-01-14 17:37:49 +01:00
|
|
|
nginx_http_upload_dest: /etc/nginx/conf.d/
|
2018-10-16 20:52:04 +02:00
|
|
|
# Upload Stream NGINX configuration files.
|
|
|
|
nginx_stream_upload_enable: false
|
|
|
|
nginx_stream_upload_src: conf/stream/*.conf
|
2019-01-14 17:37:49 +01:00
|
|
|
nginx_stream_upload_dest: /etc/nginx/conf.d/
|
2018-10-16 20:52:04 +02:00
|
|
|
# Upload HTML files.
|
|
|
|
nginx_html_upload_enable: false
|
|
|
|
nginx_html_upload_src: www/*
|
|
|
|
nginx_html_upload_dest: /usr/share/nginx/html
|
|
|
|
# Upload SSL certificates and keys.
|
|
|
|
nginx_ssl_upload_enable: false
|
|
|
|
nginx_ssl_crt_upload_src: ssl/*.crt
|
2019-01-14 17:37:49 +01:00
|
|
|
nginx_ssl_crt_upload_dest: /etc/ssl/certs/
|
2018-10-16 20:52:04 +02:00
|
|
|
nginx_ssl_key_upload_src: ssl/*.key
|
2019-01-14 17:37:49 +01:00
|
|
|
nginx_ssl_key_upload_dest: /etc/ssl/private/
|
2018-10-16 20:52:04 +02:00
|
|
|
|
2018-11-19 21:06:19 +01:00
|
|
|
# Enable creating dynamic templated NGINX HTML demo websites.
|
2018-10-16 20:52:04 +02:00
|
|
|
nginx_html_demo_template_enable: false
|
|
|
|
nginx_html_demo_template:
|
|
|
|
default:
|
|
|
|
template_file: www/index.html.j2
|
|
|
|
html_file_name: index.html
|
|
|
|
html_file_location: /usr/share/nginx/html
|
2018-12-03 21:02:51 +01:00
|
|
|
web_server_name: Default
|
2018-10-16 20:52:04 +02:00
|
|
|
|
|
|
|
# Enable creating dynamic templated NGINX configuration files.
|
2018-01-26 20:00:26 +01:00
|
|
|
# Defaults are the values found in a fresh NGINX installation.
|
2018-09-15 01:28:20 +02:00
|
|
|
nginx_main_template_enable: false
|
2018-10-16 20:52:04 +02:00
|
|
|
nginx_main_template:
|
|
|
|
template_file: nginx.conf.j2
|
|
|
|
conf_file_name: nginx.conf
|
|
|
|
conf_file_location: /etc/nginx/
|
|
|
|
user: nginx
|
|
|
|
worker_processes: auto
|
|
|
|
error_level: warn
|
|
|
|
worker_connections: 1024
|
|
|
|
http_enable: true
|
|
|
|
http_settings:
|
|
|
|
keepalive_timeout: 65
|
|
|
|
cache: false
|
|
|
|
rate_limit: false
|
|
|
|
keyval: false
|
|
|
|
stream_enable: false
|
2018-11-26 20:06:46 +01:00
|
|
|
http_global_autoindex: false
|
2019-04-18 11:51:44 +02:00
|
|
|
#auth_request_http: /auth
|
2018-10-16 20:52:04 +02:00
|
|
|
|
|
|
|
# Enable creating dynamic templated NGINX HTTP configuration files.
|
|
|
|
# Defaults will not produce a valid configuration. Instead they are meant to showcase
|
|
|
|
# the options available for templating. Each key represents a new configuration file.
|
2018-09-15 01:28:20 +02:00
|
|
|
nginx_http_template_enable: false
|
2018-10-16 20:52:04 +02:00
|
|
|
nginx_http_template:
|
|
|
|
default:
|
|
|
|
template_file: http/default.conf.j2
|
|
|
|
conf_file_name: default.conf
|
|
|
|
conf_file_location: /etc/nginx/conf.d/
|
|
|
|
port: 8081
|
|
|
|
server_name: localhost
|
|
|
|
error_page: /usr/share/nginx/html
|
2019-02-15 14:59:38 +01:00
|
|
|
root: /usr/share/nginx/html
|
2019-01-14 17:26:37 +01:00
|
|
|
https_redirect: false
|
2018-11-26 20:06:46 +01:00
|
|
|
autoindex: false
|
2019-05-20 15:48:24 +02:00
|
|
|
auth_basic: null
|
|
|
|
auth_basic_user_file: null
|
2019-04-04 20:09:42 +02:00
|
|
|
try_files: $uri $uri/index.html $uri.html =404
|
2019-04-18 11:51:44 +02:00
|
|
|
#auth_request: /auth
|
2018-10-16 20:52:04 +02:00
|
|
|
ssl:
|
2019-01-14 17:26:37 +01:00
|
|
|
cert: /etc/ssl/certs/default.crt
|
|
|
|
key: /etc/ssl/private/default.key
|
2019-04-08 15:16:28 +02:00
|
|
|
dhparam: /etc/ssl/private/dh_param.pem
|
2019-02-22 18:28:19 +01:00
|
|
|
protocols: TLSv1 TLSv1.1 TLSv1.2
|
|
|
|
ciphers: HIGH:!aNULL:!MD5
|
|
|
|
session_cache: none
|
|
|
|
session_timeout: 5m
|
2018-10-16 20:52:04 +02:00
|
|
|
web_server:
|
2018-11-14 17:50:12 +01:00
|
|
|
locations:
|
|
|
|
default:
|
|
|
|
location: /
|
|
|
|
html_file_location: /usr/share/nginx/html
|
|
|
|
html_file_name: index.html
|
2018-11-26 20:06:46 +01:00
|
|
|
autoindex: false
|
2019-02-12 13:32:11 +01:00
|
|
|
auth_basic: null
|
2019-05-20 15:48:24 +02:00
|
|
|
auth_basic_user_file: null
|
2019-04-04 20:09:42 +02:00
|
|
|
try_files: $uri $uri/index.html $uri.html =404
|
2019-04-18 11:51:44 +02:00
|
|
|
#auth_request: /auth
|
|
|
|
#returns:
|
|
|
|
#return302:
|
|
|
|
#code: 302
|
|
|
|
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
2018-10-16 20:52:04 +02:00
|
|
|
http_demo_conf: false
|
2019-01-14 17:26:37 +01:00
|
|
|
reverse_proxy:
|
2019-02-12 16:12:40 +01:00
|
|
|
proxy_cache_path:
|
|
|
|
- path: /var/cache/nginx/proxy/backend
|
|
|
|
keys_zone:
|
|
|
|
name: backend_proxy_cache
|
|
|
|
size: 10m
|
|
|
|
levels: "1:2"
|
|
|
|
max_size: 10g
|
|
|
|
inactive: 60m
|
|
|
|
use_temp_path: true
|
|
|
|
proxy_temp_path:
|
|
|
|
path: /var/cache/nginx/proxy/temp
|
|
|
|
proxy_cache_lock: true
|
|
|
|
proxy_cache_min_uses: 5
|
|
|
|
proxy_cache_revalidate: true
|
|
|
|
proxy_cache_use_stale:
|
|
|
|
- error
|
|
|
|
- timeout
|
|
|
|
proxy_ignore_headers:
|
|
|
|
- Expires
|
2018-11-13 07:57:44 +01:00
|
|
|
locations:
|
|
|
|
backend:
|
|
|
|
location: /
|
2019-03-07 21:34:22 +01:00
|
|
|
proxy_connect_timeout: null
|
2019-01-14 17:26:37 +01:00
|
|
|
proxy_pass: http://backend
|
2019-04-18 11:51:44 +02:00
|
|
|
#proxy_pass_request_body: off
|
|
|
|
proxy_set_header:
|
|
|
|
header_host:
|
|
|
|
name: Host
|
|
|
|
value: $host
|
|
|
|
header_x_real_ip:
|
|
|
|
name: X-Real-IP
|
|
|
|
value: $remote_addr
|
|
|
|
header_x_forwarded_for:
|
|
|
|
name: X-Forwarded-For
|
|
|
|
value: $proxy_add_x_forwarded_for
|
|
|
|
header_x_forwarded_proto:
|
|
|
|
name: X-Forwarded-Proto
|
|
|
|
value: $scheme
|
|
|
|
#header_upgrade:
|
|
|
|
#name: Upgrade
|
|
|
|
#value: $http_upgrade
|
|
|
|
#header_connection:
|
|
|
|
#name: Connection
|
|
|
|
#value: "Upgrade"
|
|
|
|
#header_random:
|
|
|
|
#name: RandomName
|
|
|
|
#value: RandomValue
|
|
|
|
#internal: false
|
|
|
|
#proxy_store: off
|
|
|
|
#proxy_store_acccess: user:rw
|
2019-03-07 21:34:22 +01:00
|
|
|
proxy_read_timeout: null
|
2019-02-22 18:28:19 +01:00
|
|
|
proxy_ssl:
|
|
|
|
cert: /etc/ssl/certs/proxy_default.crt
|
|
|
|
key: /etc/ssl/private/proxy_default.key
|
|
|
|
trusted_cert: /etc/ssl/certs/proxy_ca.crt
|
|
|
|
protocols: TLSv1 TLSv1.1 TLSv1.2
|
|
|
|
ciphers: HIGH:!aNULL:!MD5
|
|
|
|
verify: false
|
|
|
|
verify_depth: 1
|
|
|
|
session_reuse: true
|
2019-02-12 16:12:40 +01:00
|
|
|
proxy_cache: frontend_proxy_cache
|
|
|
|
proxy_temp_path:
|
|
|
|
path: /var/cache/nginx/proxy/backend/temp
|
|
|
|
proxy_cache_lock: false
|
|
|
|
proxy_cache_min_uses: 3
|
|
|
|
proxy_cache_revalidate: false
|
|
|
|
proxy_cache_use_stale:
|
|
|
|
- http_403
|
|
|
|
- http_404
|
|
|
|
proxy_ignore_headers:
|
|
|
|
- Vary
|
|
|
|
- Cache-Control
|
2019-02-08 14:32:32 +01:00
|
|
|
websocket: false
|
2019-02-12 13:32:11 +01:00
|
|
|
auth_basic: null
|
2019-05-20 15:48:24 +02:00
|
|
|
auth_basic_user_file: null
|
2019-04-04 20:09:42 +02:00
|
|
|
try_files: $uri $uri/index.html $uri.html =404
|
2019-04-18 11:51:44 +02:00
|
|
|
#auth_req: /auth
|
|
|
|
#returns:
|
|
|
|
#return302:
|
|
|
|
#code: 302
|
|
|
|
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
2018-10-16 20:52:04 +02:00
|
|
|
health_check_plus: false
|
2019-02-12 16:12:40 +01:00
|
|
|
proxy_cache:
|
|
|
|
proxy_cache_path:
|
|
|
|
path: /var/cache/nginx
|
|
|
|
keys_zone:
|
|
|
|
name: one
|
|
|
|
size: 10m
|
|
|
|
proxy_temp_path:
|
|
|
|
path: /var/cache/nginx/proxy
|
2018-10-16 20:52:04 +02:00
|
|
|
upstreams:
|
|
|
|
upstream1:
|
|
|
|
name: backend
|
|
|
|
lb_method: least_conn
|
2019-02-12 16:12:40 +01:00
|
|
|
zone_name: backend_mem_zone
|
2018-10-16 20:52:04 +02:00
|
|
|
zone_size: 64k
|
|
|
|
sticky_cookie: false
|
|
|
|
servers:
|
|
|
|
server1:
|
|
|
|
address: localhost
|
|
|
|
port: 8081
|
|
|
|
weight: 1
|
2018-11-10 10:37:49 +01:00
|
|
|
health_check: max_fails=1 fail_timeout=10s
|
2018-10-16 20:52:04 +02:00
|
|
|
|
2019-02-15 15:51:09 +01:00
|
|
|
# Enable NGINX status data.
|
|
|
|
# Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus.
|
|
|
|
# Default is false.
|
|
|
|
nginx_status_enable: false
|
|
|
|
nginx_status_port: 8080
|
|
|
|
|
|
|
|
# Enable NGINX Plus REST API, write access to the REST API, and NGINX Plus dashboard.
|
|
|
|
# Requires NGINX Plus.
|
|
|
|
# Default is false.
|
|
|
|
nginx_rest_api_enable: false
|
2019-05-21 17:23:06 +02:00
|
|
|
nginx_rest_api_src: http/api.conf.j2
|
2019-02-15 15:51:09 +01:00
|
|
|
nginx_rest_api_location: /etc/nginx/conf.d/api.conf
|
|
|
|
nginx_rest_api_port: 8080
|
|
|
|
nginx_rest_api_write: false
|
|
|
|
nginx_rest_api_dashboard: false
|
|
|
|
|
2018-10-16 20:52:04 +02:00
|
|
|
# Enable creating dynamic templated NGINX stream configuration files.
|
2019-02-06 13:39:48 +01:00
|
|
|
# Defaults will not produce a valid configuration. Instead they are meant to showcase
|
|
|
|
# the options available for templating. Each key represents a new configuration file.
|
2018-09-15 01:28:20 +02:00
|
|
|
nginx_stream_template_enable: false
|
2019-02-06 13:39:48 +01:00
|
|
|
nginx_stream_template:
|
|
|
|
default:
|
|
|
|
template_file: stream/default.conf.j2
|
|
|
|
conf_file_name: default.conf
|
|
|
|
conf_file_location: /etc/nginx/conf.d/stream/
|
|
|
|
network_streams:
|
|
|
|
default:
|
|
|
|
listen_address: localhost
|
|
|
|
listen_port: 80
|
|
|
|
udp_enable: false
|
|
|
|
proxy_pass: backend
|
|
|
|
proxy_timeout: 3s
|
|
|
|
proxy_connect_timeout: 1s
|
|
|
|
proxy_protocol: false
|
2019-02-22 18:28:19 +01:00
|
|
|
proxy_ssl:
|
|
|
|
cert: /etc/ssl/certs/proxy_default.crt
|
|
|
|
key: /etc/ssl/private/proxy_default.key
|
|
|
|
trusted_cert: /etc/ssl/certs/proxy_ca.crt
|
|
|
|
protocols: TLSv1 TLSv1.1 TLSv1.2
|
|
|
|
ciphers: HIGH:!aNULL:!MD5
|
|
|
|
verify: false
|
|
|
|
verify_depth: 1
|
|
|
|
session_reuse: true
|
2019-02-06 13:39:48 +01:00
|
|
|
health_check_plus: false
|
|
|
|
upstreams:
|
|
|
|
upstream1:
|
|
|
|
name: backend
|
|
|
|
lb_method: least_conn
|
|
|
|
zone_name: backend
|
|
|
|
zone_size: 64k
|
|
|
|
sticky_cookie: false
|
|
|
|
servers:
|
|
|
|
server1:
|
|
|
|
address: localhost
|
|
|
|
port: 8080
|
|
|
|
weight: 1
|
|
|
|
health_check: max_fails=1 fail_timeout=10s
|