infra/ansible-role-nginx
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
65 commits 1 branch 0 tags 239 KiB
Find a file
nd fc5a1f4b2d
add support to set location backends
2021-08-15 02:14:55 +02:00
defaults add support to set location backends 2021-08-15 02:14:55 +02:00
files add support for listen ips 2021-07-11 04:08:39 +02:00
filter_plugins letsencrypt argument for vhosts is optionaly, do not crash 2019-11-01 22:33:10 +01:00
handlers support php7.3 and buster 2019-07-19 01:34:28 +02:00
tasks fix linter 2021-07-17 01:41:43 +02:00
templates add support to set location backends 2021-08-15 02:14:55 +02:00
vars extend existing certificate list instead of overwriting it. Ansible realy needs a deep merge... 2020-04-26 11:57:17 +02:00
.gitignore use certificates role instead of letsencrypt role 2019-11-01 20:02:41 +01:00
README.md add support for listen ips 2021-07-11 04:08:39 +02:00

README.md

Nginx

Supported

Only Nginx 1.10.3 and Debian Stretch.

Other versions might work but are not tested.

Parameters and defaults

All configuration is to be placed inside the nginx dict.

#  array of DNS resolvers
resolver:
  - 8.8.8.8
  - 8.8.4.4

# name: *upstreamconfig*, see below for definition
upstreams: {}

# name: *vhostconfig*, see below for definition
vhosts: {}

# name: *mapsconfig*, see below for definition
maps: {}

# force all traffic on ssl, except letsencrypt challenges
force_ssl: True

# generate a self signed certificate as default ssl cert
snakeoil_default: False

# install php-fpm, setup a php-handler upstream and copy a php location snippet to include in configs
# either "False", "True" or a dict *phpconfig*, see below for definition
php: False

# dict of ips to accept "X-Forwarded-~" from
real_ip_from: {"127.0.0.1": {}, "::1": {}}

# array of headers to add on *all* vhosts
add_headers: []

upstreamconfig:

# array of upstream servers
server: 
  -
    # can be "unix:/path/to/socket" or "foo.bar" or "foo.bar:443"
    address: *mandatory*

    # monitor dns for changes
    resolve: true

vhosts:

# array of server names, example: foo.bar
servername: []

# set this server as default
default_server: False

listen:
	ssl: True
	ssl_port: 443
	nossl: False
	nossl_port: 80
	v4: True
	v4_ip:
	  - 0.0.0.0
	v6: True
	v6_ip:
	  - '[::]'

# example: "https://upstream". If set to None no reverse proxy will be set up.
backend: None

# sets ssl certs to letsencrypt paths and enable letsencrypt for this vhost
letsencrypt: False

# Array of custom config strings to add to the vhost config, the ";" is added after every entry
custom: []

# array of locations, see below
locations: [*locationconfig*, .. ]

# array of files to include at the server level
includes: []

# configure authentication, disabled by default. See *authconfig* below for definition
auth: *authconfig*

# array of headers to add on this vhost
add_headers: []

# SSL key, mutally exclusive with letsencrypt option
key: ~

# SSL certificat, mutally exclusive with letsencrypt option
crt: ~

locationconfig:

# a match definition, for example "/", see nginx docu: https://nginx.org/en/docs/http/ngx_http_core_module.html#location
match: ''

# an absolut unix path, only set if not none
alias: None

# Array of custom config strings to add to the vhost config, the ";" is added after every entry
custom: []

authconfig

# Boolean: enable authentication
enabled: False

# Path to a htpasswd file
path :''

# can be 'all' or 'any'
satisfy: 'all

mapsconfig:

See https://nginx.org/en/docs/http/ngx_http_map_module.html#map

# source variable name
source: ''

# destination variable name
destination: ''

# 'key: value' dict of values to map
data: {}

phpconfig:

ini:
	post_max_size: 64M
	upload_max_filesize: 64M