sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
328318bc19
ansible-role-nginx/defaults/main.yml
Timothy Allen 328318bc19 Advance SSL and proxy SSL settings (#100) 
* Added stream template variables
* Added logic in Stream template
* Add udp variable
* Add ssl protocols and ciphers
* Add advance ssl to template
* Add SSL variables
2019-02-22 17:28:19 +00:00

314 lines
9.8 KiB
YAML
Raw Blame History

---
# Install NGINX.
# Default is true.
nginx_enable: true
# Print NGINX configuration file to terminal after executing playbook.
nginx_debug_output: false
# Specify which version of NGINX you want to install.
# Options are 'opensource' or 'plus'.
# Default is 'opensource'.
nginx_type: opensource
# Specify repository origin for NGINX Open Source.
# Options are 'nginx_repository' or 'os_repository'.
# Only works if 'nginx_type' is set to 'opensource'.
# Default is nginx_repository.
nginx_install_from: nginx_repository
# Choose where to fetch the NGINX signing key from.
# Default is the official NGINX signing key host.
# nginx_signing_key: http://nginx.org/keys/nginx_signing.key
# Specify source repository for NGINX Open Source.
# Only works if 'install_from' is set to 'nginx_repository'.
# Defaults are the official NGINX repositories.
nginx_repository:
debian:
- >-
deb https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx
- >-
deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx
redhat:
- >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ (ansible_distribution == "RedHat")
| ternary('rhel/', 'centos/') }}{{ ansible_distribution_major_version|int }}/$basearch/
suse:
- >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}sles/12
# Specify which branch of NGINX Open Source you want to install.
# Options are 'mainline' or 'stable'.
# Only works if 'install_from' is set to 'nginx_repository'.
# Default is mainline.
nginx_branch: mainline
# Location of your NGINX Plus license in your local machine.
# Default is the files folder within the NGINX Ansible role.
nginx_license:
certificate: license/nginx-repo.crt
key: license/nginx-repo.key
# Delete NGINX Plus license after installation for security purposes.
# Default is true.
nginx_delete_license: true
# Install NGINX JavaScript, Perl, ModSecurity WAF (NGINX Plus only), GeoIP, Image-Filter, RTMP Media Streaming, and/or XSLT modules.
# Default is false.
nginx_modules:
njs: false
perl: false
waf: false
geoip: false
image_filter: false
rtmp: false
xslt: false
# Install NGINX Amplify.
# Use your NGINX Amplify API key.
# Requires access to either the NGINX stub status or the NGINX Plus REST API.
# Default is null.
nginx_amplify_enable: false
nginx_amplify_api_key: null
# Install NGINX Controller.
# Use your NGINX Controller API key and NGINX Controller API endpoint.
# Requires NGINX Plus and write access to the NGINX Plus REST API.
# Default is null.
nginx_controller_enable: false
nginx_controller_api_key: null
nginx_controller_api_endpoint: null
# Install NGINX Unit and NGINX Unit modules.
# Use a list of supported NGINX Unit modules.
# Default is false.
nginx_unit_enable: false
nginx_unit_modules: null
# Remove previously existing NGINX configuration files.
# Use a list of paths you wish to remove.
# Default is false.
nginx_cleanup_config: false
nginx_cleanup_config_path:
- /etc/nginx/conf.d
# Enable uploading NGINX configuration files to your system.
# Default for uploading files is false.
# Default location of files is the files folder within the NGINX Ansible role.
# Upload the main NGINX configuration file.
nginx_main_upload_enable: false
nginx_main_upload_src: conf/nginx.conf
nginx_main_upload_dest: /etc/nginx/
# Upload HTTP NGINX configuration files.
nginx_http_upload_enable: false
nginx_http_upload_src: conf/http/*.conf
nginx_http_upload_dest: /etc/nginx/conf.d/
# Upload Stream NGINX configuration files.
nginx_stream_upload_enable: false
nginx_stream_upload_src: conf/stream/*.conf
nginx_stream_upload_dest: /etc/nginx/conf.d/
# Upload HTML files.
nginx_html_upload_enable: false
nginx_html_upload_src: www/*
nginx_html_upload_dest: /usr/share/nginx/html
# Upload SSL certificates and keys.
nginx_ssl_upload_enable: false
nginx_ssl_crt_upload_src: ssl/*.crt
nginx_ssl_crt_upload_dest: /etc/ssl/certs/
nginx_ssl_key_upload_src: ssl/*.key
nginx_ssl_key_upload_dest: /etc/ssl/private/
# Enable creating dynamic templated NGINX HTML demo websites.
nginx_html_demo_template_enable: false
nginx_html_demo_template:
default:
template_file: www/index.html.j2
html_file_name: index.html
html_file_location: /usr/share/nginx/html
web_server_name: Default
# Enable creating dynamic templated NGINX configuration files.
# Defaults are the values found in a fresh NGINX installation.
nginx_main_template_enable: false
nginx_main_template:
template_file: nginx.conf.j2
conf_file_name: nginx.conf
conf_file_location: /etc/nginx/
user: nginx
worker_processes: auto
error_level: warn
worker_connections: 1024
http_enable: true
http_settings:
keepalive_timeout: 65
cache: false
rate_limit: false
keyval: false
stream_enable: false
http_global_autoindex: false
# Enable creating dynamic templated NGINX HTTP configuration files.
# Defaults will not produce a valid configuration. Instead they are meant to showcase
# the options available for templating. Each key represents a new configuration file.
nginx_http_template_enable: false
nginx_http_template:
default:
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
port: 8081
server_name: localhost
error_page: /usr/share/nginx/html
root: /usr/share/nginx/html
https_redirect: false
autoindex: false
ssl:
cert: /etc/ssl/certs/default.crt
key: /etc/ssl/private/default.key
protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5
session_cache: none
session_timeout: 5m
web_server:
locations:
default:
location: /
html_file_location: /usr/share/nginx/html
html_file_name: index.html
autoindex: false
auth_basic: null
auth_basic_file: null
http_demo_conf: false
reverse_proxy:
proxy_cache_path:
- path: /var/cache/nginx/proxy/backend
keys_zone:
name: backend_proxy_cache
size: 10m
levels: "1:2"
max_size: 10g
inactive: 60m
use_temp_path: true
proxy_temp_path:
path: /var/cache/nginx/proxy/temp
proxy_cache_lock: true
proxy_cache_min_uses: 5
proxy_cache_revalidate: true
proxy_cache_use_stale:
- error
- timeout
proxy_ignore_headers:
- Expires
locations:
backend:
location: /
proxy_pass: http://backend
proxy_ssl:
cert: /etc/ssl/certs/proxy_default.crt
key: /etc/ssl/private/proxy_default.key
trusted_cert: /etc/ssl/certs/proxy_ca.crt
protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5
verify: false
verify_depth: 1
session_reuse: true
proxy_cache: frontend_proxy_cache
proxy_temp_path:
path: /var/cache/nginx/proxy/backend/temp
proxy_cache_lock: false
proxy_cache_min_uses: 3
proxy_cache_revalidate: false
proxy_cache_use_stale:
- http_403
- http_404
proxy_ignore_headers:
- Vary
- Cache-Control
websocket: false
auth_basic: null
auth_basic_file: null
health_check_plus: false
proxy_cache:
proxy_cache_path:
path: /var/cache/nginx
keys_zone:
name: one
size: 10m
proxy_temp_path:
path: /var/cache/nginx/proxy
upstreams:
upstream1:
name: backend
lb_method: least_conn
zone_name: backend_mem_zone
zone_size: 64k
sticky_cookie: false
servers:
server1:
address: localhost
port: 8081
weight: 1
health_check: max_fails=1 fail_timeout=10s
# Enable NGINX status data.
# Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus.
# Default is false.
nginx_status_enable: false
nginx_status_port: 8080
# Enable NGINX Plus REST API, write access to the REST API, and NGINX Plus dashboard.
# Requires NGINX Plus.
# Default is false.
nginx_rest_api_enable: false
nginx_rest_api_location: /etc/nginx/conf.d/api.conf
nginx_rest_api_port: 8080
nginx_rest_api_write: false
nginx_rest_api_dashboard: false
# Enable creating dynamic templated NGINX stream configuration files.
# Defaults will not produce a valid configuration. Instead they are meant to showcase
# the options available for templating. Each key represents a new configuration file.
nginx_stream_template_enable: false
nginx_stream_template:
default:
template_file: stream/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/stream/
network_streams:
default:
listen_address: localhost
listen_port: 80
udp_enable: false
proxy_pass: backend
proxy_timeout: 3s
proxy_connect_timeout: 1s
proxy_protocol: false
proxy_ssl:
cert: /etc/ssl/certs/proxy_default.crt
key: /etc/ssl/private/proxy_default.key
trusted_cert: /etc/ssl/certs/proxy_ca.crt
protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5
verify: false
verify_depth: 1
session_reuse: true
health_check_plus: false
upstreams:
upstream1:
name: backend
lb_method: least_conn
zone_name: backend
zone_size: 64k
sticky_cookie: false
servers:
server1:
address: localhost
port: 8080
weight: 1
health_check: max_fails=1 fail_timeout=10s
Reference in New Issue View Git Blame Copy Permalink