Split defaults/main.yml to more files in directory defaults/main (#200)
This commit is contained in:
parent
cc4311dd05
commit
c2c0bb990a
499
README.md
499
README.md
@ -33,7 +33,7 @@ Alpine:
|
|||||||
CentOS:
|
CentOS:
|
||||||
versions:
|
versions:
|
||||||
- 6
|
- 6
|
||||||
- 7.4+
|
- 7
|
||||||
- 8
|
- 8
|
||||||
Debian:
|
Debian:
|
||||||
versions:
|
versions:
|
||||||
@ -191,493 +191,16 @@ FreeBSD:
|
|||||||
Role Variables
|
Role Variables
|
||||||
--------------
|
--------------
|
||||||
|
|
||||||
This role has multiple variables. The defaults for all these variables are the following:
|
This role has multiple variables. The descriptions and defaults for all these variables can be found in the directory **`defaults/main`** in the following files:
|
||||||
|
|
||||||
```yaml
|
- **[defaults/main/main.yml](./defaults/main/main.yml):** NGINX installation variables
|
||||||
---
|
- **[defaults/main/amplify.yml](./defaults/main/amplify.yml):** NGINX Amplify agent installation variables
|
||||||
# Install NGINX.
|
- **[defaults/main/controller.yml](./defaults/main/controller.yml):** NGINX Controller agent installation variables
|
||||||
# Default is true.
|
- **[defaults/main/template.yml](./defaults/main/template.yml):** NGINX configuration templating variables
|
||||||
nginx_enable: true
|
- **[defaults/main/upload.yml](./defaults/main/upload.yml):** NGINX configuration/HTML/SSL upload variables
|
||||||
|
- **[defaults/main/linux.yml](./defaults/main/linux.yml):** Linux installation variables
|
||||||
# Start NGINX service.
|
- **[defaults/main/bsd.yml](./defaults/main/bsd.yml):** BSD installation variables
|
||||||
# Default is true.
|
- **[defaults/main/unit.yml](./defaults/main/unit.yml):** NGINX Unit installation variables
|
||||||
nginx_start: true
|
|
||||||
|
|
||||||
# Print NGINX configuration file to terminal after executing playbook.
|
|
||||||
nginx_debug_output: false
|
|
||||||
|
|
||||||
# Supported systems
|
|
||||||
nginx_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
|
|
||||||
nginx_bsd_systems: ['FreeBSD', 'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD']
|
|
||||||
|
|
||||||
# Specify which type of NGINX you want to install.
|
|
||||||
# Options are 'opensource' or 'plus'.
|
|
||||||
# Default is 'opensource'.
|
|
||||||
nginx_type: opensource
|
|
||||||
# Specify which version of NGINX you want to install.
|
|
||||||
# Default is empty.
|
|
||||||
# nginx_version: =19-1~bionic
|
|
||||||
|
|
||||||
# Specify repository origin for NGINX Open Source.
|
|
||||||
# Options are 'nginx_repository' or 'os_repository'.
|
|
||||||
# Only works if 'nginx_type' is set to 'opensource'.
|
|
||||||
# Default is nginx_repository.
|
|
||||||
nginx_install_from: nginx_repository
|
|
||||||
|
|
||||||
# Choose where to fetch the NGINX signing key from.
|
|
||||||
# Default is the official NGINX signing key host.
|
|
||||||
# nginx_signing_key: http://nginx.org/keys/nginx_signing.key
|
|
||||||
|
|
||||||
# Specify source repository for NGINX Open Source.
|
|
||||||
# Only works if 'install_from' is set to 'nginx_repository'.
|
|
||||||
# Defaults are the official NGINX repositories.
|
|
||||||
# nginx_repository: deb https://nginx.org/packages/mainline/debian/ stretch nginx
|
|
||||||
|
|
||||||
# Choose to install BSD packages or ports.
|
|
||||||
# Options are True for packages or False for ports.
|
|
||||||
# Default is True.
|
|
||||||
nginx_bsd_install_packages: true
|
|
||||||
|
|
||||||
# Choose to update BSD ports collection.
|
|
||||||
# Options are True for update or False for do not update.
|
|
||||||
# Default is True.
|
|
||||||
nginx_bsd_update_ports: true
|
|
||||||
|
|
||||||
# Choose to install packages built from BSD ports collection if
|
|
||||||
# available.
|
|
||||||
# Options are True for use packages or False for do not use packages.
|
|
||||||
# Default is True.
|
|
||||||
nginx_bsd_portinstall_use_packages: true
|
|
||||||
|
|
||||||
# Specify which branch of NGINX Open Source you want to install.
|
|
||||||
# Options are 'mainline' or 'stable'.
|
|
||||||
# Only works if 'install_from' is set to 'nginx_repository'.
|
|
||||||
# Default is mainline.
|
|
||||||
nginx_branch: mainline
|
|
||||||
|
|
||||||
# Location of your NGINX Plus license in your local machine.
|
|
||||||
# Default is the files folder within the NGINX Ansible role.
|
|
||||||
nginx_license:
|
|
||||||
certificate: license/nginx-repo.crt
|
|
||||||
key: license/nginx-repo.key
|
|
||||||
|
|
||||||
# Delete NGINX Plus license after installation for security purposes.
|
|
||||||
# Default is true.
|
|
||||||
nginx_delete_license: true
|
|
||||||
|
|
||||||
# Install NGINX JavaScript, Perl, ModSecurity WAF (NGINX Plus only), GeoIP, Image-Filter, RTMP Media Streaming, and/or XSLT modules.
|
|
||||||
# Default is false.
|
|
||||||
nginx_modules:
|
|
||||||
njs: false
|
|
||||||
perl: false
|
|
||||||
waf: false
|
|
||||||
geoip: false
|
|
||||||
image_filter: false
|
|
||||||
rtmp: false
|
|
||||||
xslt: false
|
|
||||||
|
|
||||||
# Install NGINX Amplify.
|
|
||||||
# Use your NGINX Amplify API key.
|
|
||||||
# Requires access to either the NGINX stub status or the NGINX Plus REST API.
|
|
||||||
# Default is null.
|
|
||||||
nginx_amplify_enable: false
|
|
||||||
nginx_amplify_api_key: null
|
|
||||||
|
|
||||||
# Install NGINX Controller.
|
|
||||||
# Use your NGINX Controller API key and NGINX Controller API endpoint.
|
|
||||||
# Requires NGINX Plus and write access to the NGINX Plus REST API.
|
|
||||||
# Default is null.
|
|
||||||
nginx_controller_enable: false
|
|
||||||
nginx_controller_api_key: null
|
|
||||||
nginx_controller_api_endpoint: null
|
|
||||||
|
|
||||||
# Install NGINX Unit and NGINX Unit modules.
|
|
||||||
# Use a list of supported NGINX Unit modules.
|
|
||||||
# Default is false.
|
|
||||||
nginx_unit_enable: false
|
|
||||||
nginx_unit_modules: null
|
|
||||||
|
|
||||||
# Remove previously existing NGINX configuration files.
|
|
||||||
# Use a list of paths you wish to remove.
|
|
||||||
# Default is false.
|
|
||||||
nginx_cleanup_config: false
|
|
||||||
nginx_cleanup_config_path:
|
|
||||||
- /etc/nginx/conf.d
|
|
||||||
|
|
||||||
# Enable uploading NGINX configuration files to your system.
|
|
||||||
# Default for uploading files is false.
|
|
||||||
# Default location of files is the files folder within the NGINX Ansible role.
|
|
||||||
# Upload the main NGINX configuration file.
|
|
||||||
nginx_main_upload_enable: false
|
|
||||||
nginx_main_upload_src: conf/nginx.conf
|
|
||||||
nginx_main_upload_dest: /etc/nginx/
|
|
||||||
# Upload HTTP NGINX configuration files.
|
|
||||||
nginx_http_upload_enable: false
|
|
||||||
nginx_http_upload_src: conf/http/*.conf
|
|
||||||
nginx_http_upload_dest: /etc/nginx/conf.d/
|
|
||||||
# Upload Stream NGINX configuration files.
|
|
||||||
nginx_stream_upload_enable: false
|
|
||||||
nginx_stream_upload_src: conf/stream/*.conf
|
|
||||||
nginx_stream_upload_dest: /etc/nginx/conf.d/
|
|
||||||
# Upload HTML files.
|
|
||||||
nginx_html_upload_enable: false
|
|
||||||
nginx_html_upload_src: www/*
|
|
||||||
nginx_html_upload_dest: /usr/share/nginx/html
|
|
||||||
# Upload SSL certificates and keys.
|
|
||||||
nginx_ssl_upload_enable: false
|
|
||||||
nginx_ssl_crt_upload_src: ssl/*.crt
|
|
||||||
nginx_ssl_crt_upload_dest: /etc/ssl/certs/
|
|
||||||
nginx_ssl_key_upload_src: ssl/*.key
|
|
||||||
nginx_ssl_key_upload_dest: /etc/ssl/private/
|
|
||||||
|
|
||||||
# Enable creating dynamic templated NGINX HTML demo websites.
|
|
||||||
nginx_html_demo_template_enable: false
|
|
||||||
nginx_html_demo_template:
|
|
||||||
default:
|
|
||||||
template_file: www/index.html.j2
|
|
||||||
html_file_name: index.html
|
|
||||||
html_file_location: /usr/share/nginx/html
|
|
||||||
web_server_name: Default
|
|
||||||
|
|
||||||
# Enable creating dynamic templated NGINX configuration files.
|
|
||||||
# Defaults are the values found in a fresh NGINX installation.
|
|
||||||
nginx_main_template_enable: false
|
|
||||||
nginx_main_template:
|
|
||||||
template_file: nginx.conf.j2
|
|
||||||
conf_file_name: nginx.conf
|
|
||||||
conf_file_location: /etc/nginx/
|
|
||||||
user: nginx
|
|
||||||
worker_processes: auto
|
|
||||||
#worker_rlimit_nofile: 1024
|
|
||||||
error_log:
|
|
||||||
location: /var/log/nginx/error.log
|
|
||||||
level: warn
|
|
||||||
worker_connections: 1024
|
|
||||||
http_enable: true
|
|
||||||
http_settings:
|
|
||||||
access_log_format:
|
|
||||||
- name: main
|
|
||||||
format: |-
|
|
||||||
'$remote_addr - $remote_user [$time_local] "$request" '
|
|
||||||
'$status $body_bytes_sent "$http_referer" '
|
|
||||||
'"$http_user_agent" "$http_x_forwarded_for"'
|
|
||||||
access_log_location:
|
|
||||||
- name: main
|
|
||||||
location: /var/log/nginx/access.log
|
|
||||||
tcp_nopush: true
|
|
||||||
tcp_nodelay: true
|
|
||||||
keepalive_timeout: 65
|
|
||||||
cache: false
|
|
||||||
rate_limit: false
|
|
||||||
keyval: false
|
|
||||||
#server_tokens: "off"
|
|
||||||
http_global_autoindex: false
|
|
||||||
#http_custom_options: []
|
|
||||||
stream_enable: false
|
|
||||||
#stream_custom_options: []
|
|
||||||
#auth_request_http: /auth
|
|
||||||
#auth_request_set_http:
|
|
||||||
#name: $auth_user
|
|
||||||
#value: $upstream_http_x_user
|
|
||||||
|
|
||||||
# Enable creating dynamic templated NGINX HTTP configuration files.
|
|
||||||
# Defaults will not produce a valid configuration. Instead they are meant to showcase
|
|
||||||
# the options available for templating. Each key represents a new configuration file.
|
|
||||||
nginx_http_template_enable: false
|
|
||||||
nginx_http_template:
|
|
||||||
default:
|
|
||||||
template_file: http/default.conf.j2
|
|
||||||
conf_file_name: default.conf
|
|
||||||
conf_file_location: /etc/nginx/conf.d/
|
|
||||||
servers:
|
|
||||||
server1:
|
|
||||||
listen:
|
|
||||||
listen_localhost:
|
|
||||||
ip: localhost # Wrap in square brackets for IPv6 addresses
|
|
||||||
port: 8081
|
|
||||||
opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
|
|
||||||
server_name: localhost
|
|
||||||
include_files: []
|
|
||||||
error_page: /usr/share/nginx/html
|
|
||||||
access_log:
|
|
||||||
- name: main
|
|
||||||
location: /var/log/nginx/access.log
|
|
||||||
error_log:
|
|
||||||
location: /var/log/nginx/error.log
|
|
||||||
level: warn
|
|
||||||
root: /usr/share/nginx/html
|
|
||||||
https_redirect: false
|
|
||||||
autoindex: false
|
|
||||||
auth_basic: null
|
|
||||||
auth_basic_user_file: null
|
|
||||||
try_files: $uri $uri/index.html $uri.html =404
|
|
||||||
#auth_request: /auth
|
|
||||||
#auth_request_set:
|
|
||||||
#name: $auth_user
|
|
||||||
#value: $upstream_http_x_user
|
|
||||||
client_max_body_size: 1m
|
|
||||||
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
|
|
||||||
add_headers:
|
|
||||||
strict_transport_security:
|
|
||||||
name: Strict-Transport-Security
|
|
||||||
value: max-age=15768000; includeSubDomains
|
|
||||||
always: true
|
|
||||||
#header_name:
|
|
||||||
#name: Header-X
|
|
||||||
#value: Value-X
|
|
||||||
#always: false
|
|
||||||
ssl:
|
|
||||||
cert: /etc/ssl/certs/default.crt
|
|
||||||
key: /etc/ssl/private/default.key
|
|
||||||
dhparam: /etc/ssl/private/dh_param.pem
|
|
||||||
protocols: TLSv1 TLSv1.1 TLSv1.2
|
|
||||||
ciphers: HIGH:!aNULL:!MD5
|
|
||||||
prefer_server_ciphers: true
|
|
||||||
session_cache: none
|
|
||||||
session_timeout: 5m
|
|
||||||
disable_session_tickets: false
|
|
||||||
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
|
|
||||||
stapling: true
|
|
||||||
stapling_verify: true
|
|
||||||
#custom_options: []
|
|
||||||
web_server:
|
|
||||||
locations:
|
|
||||||
default:
|
|
||||||
location: /
|
|
||||||
include_files: []
|
|
||||||
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
|
|
||||||
add_headers:
|
|
||||||
strict_transport_security:
|
|
||||||
name: Strict-Transport-Security
|
|
||||||
value: max-age=15768000; includeSubDomains
|
|
||||||
always: true
|
|
||||||
#header_name:
|
|
||||||
#name: Header-X
|
|
||||||
#value: Value-X
|
|
||||||
#always: false
|
|
||||||
html_file_location: /usr/share/nginx/html
|
|
||||||
html_file_name: index.html
|
|
||||||
autoindex: false
|
|
||||||
auth_basic: null
|
|
||||||
auth_basic_user_file: null
|
|
||||||
try_files: $uri $uri/index.html $uri.html =404
|
|
||||||
#auth_request: /auth
|
|
||||||
#auth_request_set:
|
|
||||||
#name: $auth_user
|
|
||||||
#value: $upstream_http_x_user
|
|
||||||
client_max_body_size: 1m
|
|
||||||
#returns:
|
|
||||||
#return302:
|
|
||||||
#code: 302
|
|
||||||
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
|
||||||
#custom_options: []
|
|
||||||
http_demo_conf: false
|
|
||||||
reverse_proxy:
|
|
||||||
locations:
|
|
||||||
backend:
|
|
||||||
location: /
|
|
||||||
include_files: []
|
|
||||||
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
|
|
||||||
add_headers:
|
|
||||||
strict_transport_security:
|
|
||||||
name: Strict-Transport-Security
|
|
||||||
value: max-age=15768000; includeSubDomains
|
|
||||||
always: true
|
|
||||||
#header_name:
|
|
||||||
#name: Header-X
|
|
||||||
#value: Value-X
|
|
||||||
#always: false
|
|
||||||
proxy_connect_timeout: null
|
|
||||||
proxy_pass: http://backend
|
|
||||||
#rewrites:
|
|
||||||
# - /foo(.*) /$1 break
|
|
||||||
#proxy_pass_request_body: off
|
|
||||||
#allows:
|
|
||||||
# - 192.168.1.0/24
|
|
||||||
#denies:
|
|
||||||
# - all
|
|
||||||
proxy_set_header:
|
|
||||||
header_host:
|
|
||||||
name: Host
|
|
||||||
value: $host
|
|
||||||
header_x_real_ip:
|
|
||||||
name: X-Real-IP
|
|
||||||
value: $remote_addr
|
|
||||||
header_x_forwarded_for:
|
|
||||||
name: X-Forwarded-For
|
|
||||||
value: $proxy_add_x_forwarded_for
|
|
||||||
header_x_forwarded_proto:
|
|
||||||
name: X-Forwarded-Proto
|
|
||||||
value: $scheme
|
|
||||||
#header_upgrade:
|
|
||||||
#name: Upgrade
|
|
||||||
#value: $http_upgrade
|
|
||||||
#header_connection:
|
|
||||||
#name: Connection
|
|
||||||
#value: "Upgrade"
|
|
||||||
#header_random:
|
|
||||||
#name: RandomName
|
|
||||||
#value: RandomValue
|
|
||||||
#internal: false
|
|
||||||
#proxy_store: off
|
|
||||||
#proxy_store_acccess: user:rw
|
|
||||||
proxy_read_timeout: null
|
|
||||||
proxy_send_timeout: null
|
|
||||||
proxy_ssl:
|
|
||||||
cert: /etc/ssl/certs/proxy_default.crt
|
|
||||||
key: /etc/ssl/private/proxy_default.key
|
|
||||||
trusted_cert: /etc/ssl/certs/proxy_ca.crt
|
|
||||||
protocols: TLSv1 TLSv1.1 TLSv1.2
|
|
||||||
ciphers: HIGH:!aNULL:!MD5
|
|
||||||
verify: false
|
|
||||||
verify_depth: 1
|
|
||||||
session_reuse: true
|
|
||||||
proxy_cache: backend_proxy_cache
|
|
||||||
proxy_cache_valid:
|
|
||||||
- code: 200
|
|
||||||
time: 10m
|
|
||||||
- code: 301
|
|
||||||
time: 1m
|
|
||||||
proxy_temp_path:
|
|
||||||
path: /var/cache/nginx/proxy/backend/temp
|
|
||||||
proxy_cache_lock: false
|
|
||||||
proxy_cache_min_uses: 3
|
|
||||||
proxy_cache_revalidate: false
|
|
||||||
proxy_cache_use_stale:
|
|
||||||
- http_403
|
|
||||||
- http_404
|
|
||||||
proxy_ignore_headers:
|
|
||||||
- Vary
|
|
||||||
- Cache-Control
|
|
||||||
proxy_cookie_path:
|
|
||||||
path: /web/
|
|
||||||
replacement: /
|
|
||||||
proxy_buffering: false
|
|
||||||
proxy_http_version: 1.0
|
|
||||||
websocket: false
|
|
||||||
auth_basic: null
|
|
||||||
auth_basic_user_file: null
|
|
||||||
try_files: $uri $uri/index.html $uri.html =404
|
|
||||||
#auth_request: /auth
|
|
||||||
#auth_request_set:
|
|
||||||
#name: $auth_user
|
|
||||||
#value: $upstream_http_x_user
|
|
||||||
#returns:
|
|
||||||
#return302:
|
|
||||||
#code: 302
|
|
||||||
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
|
||||||
#custom_options: []
|
|
||||||
health_check_plus: false
|
|
||||||
returns:
|
|
||||||
return301:
|
|
||||||
location: /
|
|
||||||
code: 301
|
|
||||||
value: http://$host$request_uri
|
|
||||||
proxy_cache:
|
|
||||||
proxy_cache_path:
|
|
||||||
- path: /var/cache/nginx/proxy/backend
|
|
||||||
keys_zone:
|
|
||||||
name: backend_proxy_cache
|
|
||||||
size: 10m
|
|
||||||
levels: "1:2"
|
|
||||||
max_size: 10g
|
|
||||||
inactive: 60m
|
|
||||||
use_temp_path: true
|
|
||||||
proxy_temp_path:
|
|
||||||
path: /var/cache/nginx/proxy/temp
|
|
||||||
proxy_cache_valid:
|
|
||||||
- code: 200
|
|
||||||
time: 10m
|
|
||||||
- code: 301
|
|
||||||
time: 1m
|
|
||||||
proxy_cache_lock: true
|
|
||||||
proxy_cache_min_uses: 5
|
|
||||||
proxy_cache_revalidate: true
|
|
||||||
proxy_cache_use_stale:
|
|
||||||
- error
|
|
||||||
- timeout
|
|
||||||
proxy_ignore_headers:
|
|
||||||
- Expires
|
|
||||||
upstreams:
|
|
||||||
upstream1:
|
|
||||||
name: backend
|
|
||||||
lb_method: least_conn
|
|
||||||
zone_name: backend_mem_zone
|
|
||||||
zone_size: 64k
|
|
||||||
sticky_cookie: false
|
|
||||||
servers:
|
|
||||||
server1:
|
|
||||||
address: localhost
|
|
||||||
port: 8081
|
|
||||||
weight: 1
|
|
||||||
health_check: max_fails=1 fail_timeout=10s
|
|
||||||
#custom_options: []
|
|
||||||
#custom_options: []
|
|
||||||
|
|
||||||
# Enable NGINX status data.
|
|
||||||
# Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus.
|
|
||||||
# Note - 'status' has been deprecated since NGINX Plus R13.
|
|
||||||
# Default is false.
|
|
||||||
nginx_status_enable: false
|
|
||||||
nginx_status_location: /etc/nginx/conf.d/stub_status.conf
|
|
||||||
nginx_status_port: 80
|
|
||||||
|
|
||||||
# Enable NGINX Plus REST API, write access to the REST API, and NGINX Plus dashboard.
|
|
||||||
# Requires NGINX Plus.
|
|
||||||
# Default is false.
|
|
||||||
nginx_rest_api_enable: false
|
|
||||||
nginx_rest_api_template_file: http/api.conf.j2
|
|
||||||
nginx_rest_api_file_location: /etc/nginx/conf.d/api.conf
|
|
||||||
nginx_rest_api_port: 80
|
|
||||||
nginx_rest_api_write: false
|
|
||||||
nginx_rest_api_dashboard: false
|
|
||||||
|
|
||||||
# Enable creating dynamic templated NGINX stream configuration files.
|
|
||||||
# Defaults will not produce a valid configuration. Instead they are meant to showcase
|
|
||||||
# the options available for templating. Each key represents a new configuration file.
|
|
||||||
nginx_stream_template_enable: false
|
|
||||||
nginx_stream_template:
|
|
||||||
default:
|
|
||||||
template_file: stream/default.conf.j2
|
|
||||||
conf_file_name: default.conf
|
|
||||||
conf_file_location: /etc/nginx/conf.d/stream/
|
|
||||||
network_streams:
|
|
||||||
default:
|
|
||||||
listen_address: localhost
|
|
||||||
listen_port: 80
|
|
||||||
udp_enable: false
|
|
||||||
include_files: []
|
|
||||||
proxy_pass: backend
|
|
||||||
proxy_timeout: 3s
|
|
||||||
proxy_connect_timeout: 1s
|
|
||||||
proxy_protocol: false
|
|
||||||
proxy_ssl:
|
|
||||||
cert: /etc/ssl/certs/proxy_default.crt
|
|
||||||
key: /etc/ssl/private/proxy_default.key
|
|
||||||
trusted_cert: /etc/ssl/certs/proxy_ca.crt
|
|
||||||
protocols: TLSv1 TLSv1.1 TLSv1.2
|
|
||||||
ciphers: HIGH:!aNULL:!MD5
|
|
||||||
verify: false
|
|
||||||
verify_depth: 1
|
|
||||||
session_reuse: true
|
|
||||||
health_check_plus: false
|
|
||||||
#custom_options: []
|
|
||||||
upstreams:
|
|
||||||
upstream1:
|
|
||||||
name: backend
|
|
||||||
lb_method: least_conn
|
|
||||||
zone_name: backend
|
|
||||||
zone_size: 64k
|
|
||||||
sticky_cookie: false
|
|
||||||
servers:
|
|
||||||
server1:
|
|
||||||
address: localhost
|
|
||||||
port: 8080
|
|
||||||
weight: 1
|
|
||||||
health_check: max_fails=1 fail_timeout=10s
|
|
||||||
#custom_options: []
|
|
||||||
#custom_options: []
|
|
||||||
```
|
|
||||||
|
|
||||||
Dependencies
|
Dependencies
|
||||||
------------
|
------------
|
||||||
@ -752,7 +275,7 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
|
|||||||
conf_file_name: default.conf
|
conf_file_name: default.conf
|
||||||
conf_file_location: /etc/nginx/conf.d/
|
conf_file_location: /etc/nginx/conf.d/
|
||||||
servers:
|
servers:
|
||||||
server1:
|
server1:
|
||||||
listen:
|
listen:
|
||||||
listen_localhost:
|
listen_localhost:
|
||||||
#ip: 0.0.0.0
|
#ip: 0.0.0.0
|
||||||
|
7
defaults/main/amplify.yml
Normal file
7
defaults/main/amplify.yml
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
# Install NGINX Amplify.
|
||||||
|
# Use your NGINX Amplify API key.
|
||||||
|
# Requires access to either the NGINX stub status or the NGINX Plus REST API.
|
||||||
|
# Default is null.
|
||||||
|
nginx_amplify_enable: false
|
||||||
|
nginx_amplify_api_key: null
|
26
defaults/main/bsd.yml
Normal file
26
defaults/main/bsd.yml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
---
|
||||||
|
# Supported distributions
|
||||||
|
nginx_bsd_systems: ['FreeBSD', 'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD']
|
||||||
|
|
||||||
|
# Supported distributions NGINX Plus
|
||||||
|
# https://docs.nginx.com/nginx/technical-specs/
|
||||||
|
nginx_plus_bsd_systems: ['FreeBSD']
|
||||||
|
|
||||||
|
# Choose to install BSD packages or ports.
|
||||||
|
# Options are True for packages or False for ports.
|
||||||
|
# Default is True.
|
||||||
|
nginx_bsd_install_packages: true
|
||||||
|
|
||||||
|
# Choose to update BSD ports collection.
|
||||||
|
# Options are True for update or False for do not update.
|
||||||
|
# Default is True.
|
||||||
|
nginx_bsd_update_ports: true
|
||||||
|
|
||||||
|
# Choose to install packages built from BSD ports collection if
|
||||||
|
# available.
|
||||||
|
# Options are True for use packages or False for do not use packages.
|
||||||
|
# Default is True.
|
||||||
|
nginx_bsd_portinstall_use_packages: true
|
||||||
|
|
||||||
|
# FreeBSD extra packages
|
||||||
|
nginx_freebsd_extra_packages: ['security/ca_root_nss']
|
8
defaults/main/controller.yml
Normal file
8
defaults/main/controller.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
# Install NGINX Controller.
|
||||||
|
# Use your NGINX Controller API key and NGINX Controller API endpoint.
|
||||||
|
# Requires NGINX Plus and write access to the NGINX Plus REST API.
|
||||||
|
# Default is null.
|
||||||
|
nginx_controller_enable: false
|
||||||
|
nginx_controller_api_key: null
|
||||||
|
nginx_controller_api_endpoint: null
|
8
defaults/main/linux.yml
Normal file
8
defaults/main/linux.yml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
# Supported distributions
|
||||||
|
nginx_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
|
||||||
|
|
||||||
|
# Supported distributions NGINX Plus
|
||||||
|
# https://docs.nginx.com/nginx/technical-specs/
|
||||||
|
# RedHat={Amazon,CentOS,OracleLinux,RHEL} Debian={Ubuntu,Debian}
|
||||||
|
nginx_plus_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
|
69
defaults/main/main.yml
Normal file
69
defaults/main/main.yml
Normal file
@ -0,0 +1,69 @@
|
|||||||
|
---
|
||||||
|
# Install NGINX.
|
||||||
|
# Default is true.
|
||||||
|
nginx_enable: true
|
||||||
|
|
||||||
|
# Start NGINX service.
|
||||||
|
# Default is true.
|
||||||
|
nginx_start: true
|
||||||
|
|
||||||
|
# Print NGINX configuration file to terminal after executing playbook.
|
||||||
|
nginx_debug_output: false
|
||||||
|
|
||||||
|
# Specify which type of NGINX you want to install.
|
||||||
|
# Options are 'opensource' or 'plus'.
|
||||||
|
# Default is 'opensource'.
|
||||||
|
nginx_type: opensource
|
||||||
|
|
||||||
|
# Specify which version of NGINX you want to install.
|
||||||
|
# Default is empty.
|
||||||
|
# nginx_version: =19-1~bionic
|
||||||
|
|
||||||
|
# Specify repository origin for NGINX Open Source.
|
||||||
|
# Options are 'nginx_repository' or 'os_repository'.
|
||||||
|
# Only works if 'nginx_type' is set to 'opensource'.
|
||||||
|
# Default is nginx_repository.
|
||||||
|
nginx_install_from: nginx_repository
|
||||||
|
|
||||||
|
# Choose where to fetch the NGINX signing key from.
|
||||||
|
# Default is the official NGINX signing key host.
|
||||||
|
# nginx_signing_key: http://nginx.org/keys/nginx_signing.key
|
||||||
|
|
||||||
|
# Specify source repository for NGINX Open Source.
|
||||||
|
# Only works if 'install_from' is set to 'nginx_repository'.
|
||||||
|
# Defaults are the official NGINX repositories.
|
||||||
|
# nginx_repository: deb https://nginx.org/packages/mainline/debian/ stretch nginx
|
||||||
|
|
||||||
|
# Specify which branch of NGINX Open Source you want to install.
|
||||||
|
# Options are 'mainline' or 'stable'.
|
||||||
|
# Only works if 'install_from' is set to 'nginx_repository'.
|
||||||
|
# Default is mainline.
|
||||||
|
nginx_branch: mainline
|
||||||
|
|
||||||
|
# Location of your NGINX Plus license in your local machine.
|
||||||
|
# Default is the files folder within the NGINX Ansible role.
|
||||||
|
nginx_license:
|
||||||
|
certificate: license/nginx-repo.crt
|
||||||
|
key: license/nginx-repo.key
|
||||||
|
|
||||||
|
# Delete NGINX Plus license after installation for security purposes.
|
||||||
|
# Default is false.
|
||||||
|
nginx_delete_license: false
|
||||||
|
|
||||||
|
# Install NGINX JavaScript, Perl, ModSecurity WAF (NGINX Plus only), GeoIP, Image-Filter, RTMP Media Streaming (NGINX Plus only), and/or XSLT modules.
|
||||||
|
# Default is false.
|
||||||
|
nginx_modules:
|
||||||
|
njs: false
|
||||||
|
perl: false
|
||||||
|
waf: false
|
||||||
|
geoip: false
|
||||||
|
image_filter: false
|
||||||
|
rtmp: false
|
||||||
|
xslt: false
|
||||||
|
|
||||||
|
# Remove previously existing NGINX configuration files.
|
||||||
|
# Use a list of paths you wish to remove.
|
||||||
|
# Default is false.
|
||||||
|
nginx_cleanup_config: false
|
||||||
|
nginx_cleanup_config_path:
|
||||||
|
- /etc/nginx/conf.d
|
@ -1,147 +1,4 @@
|
|||||||
---
|
---
|
||||||
# Install NGINX.
|
|
||||||
# Default is true.
|
|
||||||
nginx_enable: true
|
|
||||||
|
|
||||||
# Start NGINX service.
|
|
||||||
# Default is true.
|
|
||||||
nginx_start: true
|
|
||||||
|
|
||||||
# Print NGINX configuration file to terminal after executing playbook.
|
|
||||||
nginx_debug_output: false
|
|
||||||
|
|
||||||
# Supported distributions
|
|
||||||
nginx_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
|
|
||||||
nginx_bsd_systems: ['FreeBSD', 'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD']
|
|
||||||
# Supported distributions NGINX Plus
|
|
||||||
# https://docs.nginx.com/nginx/technical-specs/
|
|
||||||
# RedHat={Amazon,CentOS,OracleLinux,RHEL} Debian={Ubuntu,Debian}
|
|
||||||
nginx_plus_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
|
|
||||||
nginx_plus_bsd_systems: ['FreeBSD']
|
|
||||||
|
|
||||||
# Specify which type of NGINX you want to install.
|
|
||||||
# Options are 'opensource' or 'plus'.
|
|
||||||
# Default is 'opensource'.
|
|
||||||
nginx_type: opensource
|
|
||||||
# Specify which version of NGINX you want to install.
|
|
||||||
# Default is empty.
|
|
||||||
# nginx_version: =19-1~bionic
|
|
||||||
|
|
||||||
# Specify repository origin for NGINX Open Source.
|
|
||||||
# Options are 'nginx_repository' or 'os_repository'.
|
|
||||||
# Only works if 'nginx_type' is set to 'opensource'.
|
|
||||||
# Default is nginx_repository.
|
|
||||||
nginx_install_from: nginx_repository
|
|
||||||
|
|
||||||
# Choose where to fetch the NGINX signing key from.
|
|
||||||
# Default is the official NGINX signing key host.
|
|
||||||
# nginx_signing_key: http://nginx.org/keys/nginx_signing.key
|
|
||||||
|
|
||||||
# Specify source repository for NGINX Open Source.
|
|
||||||
# Only works if 'install_from' is set to 'nginx_repository'.
|
|
||||||
# Defaults are the official NGINX repositories.
|
|
||||||
# nginx_repository: deb https://nginx.org/packages/mainline/debian/ stretch nginx
|
|
||||||
|
|
||||||
# Choose to install BSD packages or ports.
|
|
||||||
# Options are True for packages or False for ports.
|
|
||||||
# Default is True.
|
|
||||||
nginx_bsd_install_packages: true
|
|
||||||
|
|
||||||
# Choose to update BSD ports collection.
|
|
||||||
# Options are True for update or False for do not update.
|
|
||||||
# Default is True.
|
|
||||||
nginx_bsd_update_ports: true
|
|
||||||
|
|
||||||
# Choose to install packages built from BSD ports collection if
|
|
||||||
# available.
|
|
||||||
# Options are True for use packages or False for do not use packages.
|
|
||||||
# Default is True.
|
|
||||||
nginx_bsd_portinstall_use_packages: true
|
|
||||||
|
|
||||||
# Specify which branch of NGINX Open Source you want to install.
|
|
||||||
# Options are 'mainline' or 'stable'.
|
|
||||||
# Only works if 'install_from' is set to 'nginx_repository'.
|
|
||||||
# Default is mainline.
|
|
||||||
nginx_branch: mainline
|
|
||||||
|
|
||||||
# Location of your NGINX Plus license in your local machine.
|
|
||||||
# Default is the files folder within the NGINX Ansible role.
|
|
||||||
nginx_license:
|
|
||||||
certificate: license/nginx-repo.crt
|
|
||||||
key: license/nginx-repo.key
|
|
||||||
|
|
||||||
# Delete NGINX Plus license after installation for security purposes.
|
|
||||||
# Default is true.
|
|
||||||
nginx_delete_license: true
|
|
||||||
|
|
||||||
# Install NGINX JavaScript, Perl, ModSecurity WAF (NGINX Plus only), GeoIP, Image-Filter, RTMP Media Streaming, and/or XSLT modules.
|
|
||||||
# Default is false.
|
|
||||||
nginx_modules:
|
|
||||||
njs: false
|
|
||||||
perl: false
|
|
||||||
waf: false
|
|
||||||
geoip: false
|
|
||||||
image_filter: false
|
|
||||||
rtmp: false
|
|
||||||
xslt: false
|
|
||||||
|
|
||||||
# FreeBSD extra packages
|
|
||||||
nginx_freebsd_extra_packages: ['security/ca_root_nss']
|
|
||||||
|
|
||||||
# Install NGINX Amplify.
|
|
||||||
# Use your NGINX Amplify API key.
|
|
||||||
# Requires access to either the NGINX stub status or the NGINX Plus REST API.
|
|
||||||
# Default is null.
|
|
||||||
nginx_amplify_enable: false
|
|
||||||
nginx_amplify_api_key: null
|
|
||||||
|
|
||||||
# Install NGINX Controller.
|
|
||||||
# Use your NGINX Controller API key and NGINX Controller API endpoint.
|
|
||||||
# Requires NGINX Plus and write access to the NGINX Plus REST API.
|
|
||||||
# Default is null.
|
|
||||||
nginx_controller_enable: false
|
|
||||||
nginx_controller_api_key: null
|
|
||||||
nginx_controller_api_endpoint: null
|
|
||||||
|
|
||||||
# Install NGINX Unit and NGINX Unit modules.
|
|
||||||
# Use a list of supported NGINX Unit modules.
|
|
||||||
# Default is false.
|
|
||||||
nginx_unit_enable: false
|
|
||||||
nginx_unit_modules: null
|
|
||||||
|
|
||||||
# Remove previously existing NGINX configuration files.
|
|
||||||
# Use a list of paths you wish to remove.
|
|
||||||
# Default is false.
|
|
||||||
nginx_cleanup_config: false
|
|
||||||
nginx_cleanup_config_path:
|
|
||||||
- /etc/nginx/conf.d
|
|
||||||
|
|
||||||
# Enable uploading NGINX configuration files to your system.
|
|
||||||
# Default for uploading files is false.
|
|
||||||
# Default location of files is the files folder within the NGINX Ansible role.
|
|
||||||
# Upload the main NGINX configuration file.
|
|
||||||
nginx_main_upload_enable: false
|
|
||||||
nginx_main_upload_src: conf/nginx.conf
|
|
||||||
nginx_main_upload_dest: /etc/nginx/
|
|
||||||
# Upload HTTP NGINX configuration files.
|
|
||||||
nginx_http_upload_enable: false
|
|
||||||
nginx_http_upload_src: conf/http/*.conf
|
|
||||||
nginx_http_upload_dest: /etc/nginx/conf.d/
|
|
||||||
# Upload Stream NGINX configuration files.
|
|
||||||
nginx_stream_upload_enable: false
|
|
||||||
nginx_stream_upload_src: conf/stream/*.conf
|
|
||||||
nginx_stream_upload_dest: /etc/nginx/conf.d/
|
|
||||||
# Upload HTML files.
|
|
||||||
nginx_html_upload_enable: false
|
|
||||||
nginx_html_upload_src: www/*
|
|
||||||
nginx_html_upload_dest: /usr/share/nginx/html
|
|
||||||
# Upload SSL certificates and keys.
|
|
||||||
nginx_ssl_upload_enable: false
|
|
||||||
nginx_ssl_crt_upload_src: ssl/*.crt
|
|
||||||
nginx_ssl_crt_upload_dest: /etc/ssl/certs/
|
|
||||||
nginx_ssl_key_upload_src: ssl/*.key
|
|
||||||
nginx_ssl_key_upload_dest: /etc/ssl/private/
|
|
||||||
|
|
||||||
# Enable creating dynamic templated NGINX HTML demo websites.
|
# Enable creating dynamic templated NGINX HTML demo websites.
|
||||||
nginx_html_demo_template_enable: false
|
nginx_html_demo_template_enable: false
|
||||||
nginx_html_demo_template:
|
nginx_html_demo_template:
|
6
defaults/main/unit.yml
Normal file
6
defaults/main/unit.yml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
# Install NGINX Unit and NGINX Unit modules.
|
||||||
|
# Use a list of supported NGINX Unit modules.
|
||||||
|
# Default is false.
|
||||||
|
nginx_unit_enable: false
|
||||||
|
nginx_unit_modules: null
|
26
defaults/main/upload.yml
Normal file
26
defaults/main/upload.yml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
---
|
||||||
|
# Enable uploading NGINX configuration files to your system.
|
||||||
|
# Default for uploading files is false.
|
||||||
|
# Default location of files is the files folder within the NGINX Ansible role.
|
||||||
|
# Upload the main NGINX configuration file.
|
||||||
|
nginx_main_upload_enable: false
|
||||||
|
nginx_main_upload_src: conf/nginx.conf
|
||||||
|
nginx_main_upload_dest: /etc/nginx/
|
||||||
|
# Upload HTTP NGINX configuration files.
|
||||||
|
nginx_http_upload_enable: false
|
||||||
|
nginx_http_upload_src: conf/http/*.conf
|
||||||
|
nginx_http_upload_dest: /etc/nginx/conf.d/
|
||||||
|
# Upload Stream NGINX configuration files.
|
||||||
|
nginx_stream_upload_enable: false
|
||||||
|
nginx_stream_upload_src: conf/stream/*.conf
|
||||||
|
nginx_stream_upload_dest: /etc/nginx/conf.d/
|
||||||
|
# Upload HTML files.
|
||||||
|
nginx_html_upload_enable: false
|
||||||
|
nginx_html_upload_src: www/*
|
||||||
|
nginx_html_upload_dest: /usr/share/nginx/html
|
||||||
|
# Upload SSL certificates and keys.
|
||||||
|
nginx_ssl_upload_enable: false
|
||||||
|
nginx_ssl_crt_upload_src: ssl/*.crt
|
||||||
|
nginx_ssl_crt_upload_dest: /etc/ssl/certs/
|
||||||
|
nginx_ssl_key_upload_src: ssl/*.key
|
||||||
|
nginx_ssl_key_upload_dest: /etc/ssl/private/
|
Loading…
Reference in New Issue
Block a user