No description

Find a file

psy daef88d92f update readme		2023-06-12 21:47:20 +02:00
defaults	add caching feature	2023-06-12 21:45:23 +02:00
files	add support for fancyindex	2021-12-04 01:40:24 +01:00
filter_plugins	letsencrypt argument for vhosts is optionaly, do not crash	2019-11-01 22:33:10 +01:00
handlers	support php7.3 and buster	2019-07-19 01:34:28 +02:00
tasks	add caching feature	2023-06-12 21:45:23 +02:00
templates	add caching feature	2023-06-12 21:45:23 +02:00
vars	add support for debian bullseye	2021-07-11 16:16:17 +02:00
.gitignore	use certificates role instead of letsencrypt role	2019-11-01 20:02:41 +01:00
README.md	update readme	2023-06-12 21:47:20 +02:00

README.md

Nginx

Supported

Only Nginx 1.10.3 and Debian Stretch.

Other versions might work but are not tested.

Parameters and defaults

All configuration is to be placed inside the nginx dict.

#  array of DNS resolvers
resolver:
  - 8.8.8.8
  - 8.8.4.4

# name: *upstreamconfig*, see below for definition
upstreams: {}

# name: *vhostconfig*, see below for definition
vhosts: {}

# name: *mapsconfig*, see below for definition
maps: {}

# name: *cacheconfig*, see below for definition
caches: {}

# force all traffic on ssl, except letsencrypt challenges
force_ssl: True

# generate a self signed certificate as default ssl cert
snakeoil_default: False

# install php-fpm, setup a php-handler upstream and copy a php location snippet to include in configs
# either "False", "True" or a dict *phpconfig*, see below for definition
php: False

# dict of ips to accept "X-Forwarded-~" from
real_ip_from: {"127.0.0.1": {}, "::1": {}}

# array of headers to add on *all* vhosts
add_headers: []

upstreamconfig:

# array of upstream servers
server: 
  -
    # can be "unix:/path/to/socket" or "foo.bar" or "foo.bar:443"
    address: *mandatory*

    # monitor dns for changes
    resolve: true

vhosts:

# array of server names, example: foo.bar
servername: []

# set this server as default
default_server: False

listen:
	ssl: True
	ssl_port: 443
	nossl: False
	nossl_port: 80
	v4: True
	v4_ip:
	  - 0.0.0.0
	v6: True
	v6_ip:
	  - '[::]'

# example: "https://upstream". If set to None no reverse proxy will be set up.
backend: None

# sets ssl certs to letsencrypt paths and enable letsencrypt for this vhost
letsencrypt: False

# Array of custom config strings to add to the vhost config, the ";" is added after every entry
custom: []

# array of locations, see below
locations: [*locationconfig*, .. ]

# array of files to include at the server level
includes: []

# configure authentication, disabled by default. See *authconfig* below for definition
auth: *authconfig*

# array of headers to add on this vhost
add_headers: []

# SSL key, mutally exclusive with letsencrypt option
key: ~

# SSL certificat, mutally exclusive with letsencrypt option
crt: ~

# Disallow access to dotfiles besides .well-known by default
disallow_dotfiles: True

locationconfig:

# a match definition, for example "/", see nginx docu: https://nginx.org/en/docs/http/ngx_http_core_module.html#location
match: ''

# an absolut unix path, only set if not none
alias: None

# Array of custom config strings to add to the vhost config, the ";" is added after every entry
custom: []

authconfig

# Boolean: enable authentication
enabled: False

# Path to a htpasswd file
path :''

# can be 'all' or 'any'
satisfy: 'all

# example: "https://upstream". If set to None no reverse proxy will be set up.
backend: None

mapsconfig:

See https://nginx.org/en/docs/http/ngx_http_map_module.html#map

# source variable name
source: ''

# destination variable name
destination: ''

# 'key: value' dict of values to map
data: {}

phpconfig:

# If set, fpm forks exactly the number of worker processes specified (pm=static, pm.max_children=COUNT)
fpm_process_count: 5
ini:
	post_max_size: 64M
	upload_max_filesize: 64M

cacheconfig:

keys_zone_size: "10m"
cache_size: "1g"
inactive_time: "10m"