artem_shestakov.nginx

Panoramica Versioni Approfondimenti

Ansible Nginx Role

========= Build

This is an Ansible role for installing Nginx on Debian and Red Hat operating systems.

Requirements

None

Variables

This role uses three types of variables. The first two depend on how you choose to install Nginx. The third includes general variables that apply regardless of installation type.

General Variables

  • install_from - Specifies how to install Nginx. Options: [source | repo]. Default: repo
  • nginx_http_add - A list of extra parameters added to the HTTP section of the Nginx config file. Default: []
  • nginx_stream_add - A list of extra parameters added to the stream section of the Nginx config file. Default: []
  • ssl_cert_path - Directory for SSL certificates used by Nginx. Default: \etc\nginx\ssl

Web Server

  • nginx_virtual_servers - A list of virtual servers. Default: []
    • listen - Specifies the IP address and port (or Unix domain socket and path) for the server to listen for requests.
    • server_name - A list of names for a virtual server.
    • locations - A list of locations
      • location - Configuration based on the request URI.
      • params - Sets parameters for the location, like proxy_pass, return, rewrite, etc.

TCP and UDP Load Balancing

  • tcp_udp_nlb - A list of dictionaries for backend servers for TCP and UDP load balancing, with fields:
    • name - Name of the upstream.
    • listen - Port for listening to incoming traffic on the Nginx proxy.
    • servers - A list of backend servers.
  • stub_status - If true, enables Nginx monitoring tool via the ngx_http_stub_status_module. Default: false
  • stub_status_settings - Settings for stub status with fields:
    • listen - Sets the address and port for requests. Default: 127.0.0.1:80
    • server_name - Names for the virtual server. Default: 127.0.0.1
    • location - Configuration based on the request URI. Default: /nginx_status

SSL

  • proxy_ssl - Enables SSL/TLS for connections to a proxied server.
  • proxy_ssl_certificate - Specifies the PEM format certificate file used for authentication to a proxied HTTPS server.
  • proxy_ssl_certificate_key - Specifies the PEM format secret key file used for authentication to a proxied HTTPS server.
  • proxy_ssl_ciphers - Specifies allowed ciphers for connections to a proxied server, in OpenSSL format.
  • ssl_certificate - Specifies the PEM format secret key file for the virtual server.
  • ssl_certificate_key - Specifies the PEM format secret key file for authentication to a proxied server.

Install from Repository Variables

Install from Source Variables

  • nginx_with_modules - List of non-default Nginx modules. Find the list of modules here. Default: []

Example Playbook

---
- name: Install Nginx app
  hosts: all
  remote_user: vagrant
  become: true
  roles:
    - artem_shestakov.nginx
  vars:
    - install_from: source
    - nginx_with_modules:
        - --with-file-aio 
        - --with-ipv6 
        - --with-http_ssl_module
        - --with-http_v2_module 
        - --with-http_realip_module 
        - --with-http_addition_module 
        - --with-http_xslt_module=dynamic  
        - --with-http_image_filter_module=dynamic
        - --with-http_sub_module 
        - --with-http_dav_module 
        - --with-http_flv_module 
        - --with-http_mp4_module 
        - --with-http_gunzip_module 
        - --with-http_gzip_static_module 
        - --with-http_random_index_module 
        - --with-http_secure_link_module 
        - --with-http_degradation_module 
        - --with-http_slice_module 
        - --with-http_stub_status_module 
        - --with-http_perl_module=dynamic 
        - --with-http_auth_request_module 
        - --with-mail=dynamic 
        - --with-mail_ssl_module  
        - --with-stream=dynamic
        - --with-stream_ssl_module 
        - --with-debug
    - tcp_udp_nlb:
        - name: example
          listen: 
            - 192.168.1.1:443
            - 192.168.1.2:443
          servers:
            - 10.79.1.196:443
        - name: example2
          listen: 
            - 10002
          servers:
            - 10.79.1.203:5601

Copy Certificates to Nginx Server

  1. Place your certificates in a directory.
  2. Set variables:
  • copy_ssl_certs - Set to true if you need to copy your certificates from your local machine to the remote Nginx server.
  • user_certs_path - A list of directories containing your SSL certificates to copy to Nginx. Default: ['./files/ssl/*']

License

BSD, MIT

Author Information

Artem Shestakov (artem.s.shestakov@gmail.com)

Informazioni sul progetto

Ansible role to install Nginx on Debian/Red Hat OS family.

role nginx proxy
Installa
ansible-galaxy install artem_shestakov.nginx
GitHub repository
0 stelle
0 fork
0 problemi aperti
Licenza
Unknown
Download
219
Proprietario