ansible-role-nginx/defaults/main/main.yml

119 lines
4.4 KiB
YAML

---
# Enable NGINX options -- `nginx_install` and `nginx_configure`.
# Default is true.
nginx_enable: true
# Install NGINX and NGINX modules.
# Variables for these options can be found below.
# Default is true.
nginx_install: true
# Enable NGINX configuration options.
# Variables for these options can be found in `./template.yml` and `./upload.yml`.
# Default is true.
nginx_configure: true
# Start NGINX service.
# Default is true.
nginx_start: true
# Print NGINX configuration file to terminal after executing playbook.
nginx_debug_output: false
# Specify which type of NGINX you want to install.
# Options are 'opensource' or 'plus'.
# Default is 'opensource'.
nginx_type: opensource
# Specify which version of NGINX you want to install.
# Default is empty.
# nginx_version: "=19-1~bionic"
# For Plus and modules you'll need a wilcard like below (which installs plus-20 and modules)
# nginx_version: "-20*"
# Specify whether you want to maintain your version of NGINX, upgrade to the latest version, or remove NGINX.
# Can be used with `nginx_version` to fine tune control on which version of NGINX is installed/used on each playbook execution.
# Using 'present' will install the latest version (or 'nginx_version') of NGINX on a fresh install.
# Using 'latest' will upgrade NGINX to the latest version (that matches your 'nginx_version') of NGINX on every playbook execution.
# Using 'absent' will remove NGINX from your system.
# Default is present.
nginx_state: present
# Specify repository origin for NGINX Open Source.
# Options are 'nginx_repository', 'source' or 'os_repository'.
# Only works if 'nginx_type' is set to 'opensource'.
# Default is nginx_repository.
nginx_install_from: nginx_repository
# Specify source install options for NGINX Open Source.
# Options represent whether to install from source also or to install from packages (default).
# These only apply if 'nginx_install_from' is set to 'source'.
# For the tools, true means we will install from a package and false means install from source.
# 'nginx_install_source_build_tools' will install compiler and build tools from packages.
# If false, you need to have these present.
nginx_install_source_build_tools: true
nginx_install_source_pcre: false
nginx_install_source_openssl: true
nginx_install_source_zlib: false
# Choose where to fetch the NGINX signing key from.
# Default is the official NGINX signing key host.
# nginx_signing_key: http://nginx.org/keys/nginx_signing.key
# Specify source repository for NGINX Open Source.
# Only works if 'install_from' is set to 'nginx_repository'.
# Defaults are the official NGINX repositories.
# nginx_repository: deb https://nginx.org/packages/mainline/debian/ stretch nginx
# Specify which branch of NGINX Open Source you want to install.
# Options are 'mainline' or 'stable'.
# Only works if 'install_from' is set to 'nginx_repository' or 'source'.
# Default is mainline.
nginx_branch: mainline
# Location of your NGINX Plus license in your local machine.
# Default is the files folder within the NGINX Ansible role.
nginx_license:
certificate: license/nginx-repo.crt
key: license/nginx-repo.key
# Remove NGINX Plus license and repository after installation for security purposes.
# Default is false.
nginx_delete_license: false
# Install NGINX JavaScript, Perl, ModSecurity WAF (NGINX Plus only), GeoIP, Image-Filter, RTMP Media Streaming (NGINX Plus only), and/or XSLT modules.
# Default is false.
nginx_modules:
njs: false
perl: false
waf: false
geoip: false
image_filter: false
rtmp: false
xslt: false
# Remove previously existing NGINX configuration files.
# You can specify a list of paths you wish to remove.
# Alternatively you can also choose whether to recurse through the paths specified.
# Default is false.
nginx_cleanup_config: false
nginx_cleanup_config_path:
- directory:
- /etc/nginx/conf.d
recurse: false
# Set selinux enforcing for nginx (Centos/Redhat only) - you may need to open ports on your own
nginx_selinux: false
# Enable enforcing mode if true. Permissive if false (audit only, no enforcing) globally (only works with nginx_selinux: true)
nginx_selinux_enforcing: true
# List of TCP ports to add to http_port_t type (80 and 443 have this type already)
# nginx_selinux_tcp_ports:
# - 80
# - 443
# List of UDP ports to add to http_port_t type
# nginx_selinux_udp_ports:
# - 80
# - 443
# Temporary directory to hold selinux modules
nginx_tempdir: /tmp