elan.simple_nginx_reverse_proxy

Panoramica Versioni Approfondimenti

Ansible Role for Simple Nginx Reverse Proxy Setup

molecule

This role sets up Nginx as a basic reverse proxy.

Role Variables

For a complete list of configuration options, check the defaults.

Proxy Configuration

This role comes with a basic setup that automatically redirects to HTTPS. You can also define a simple block to configure Nginx:

nginx_proxy: |
  location / {
    proxy_set_header        Host $host;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_pass              http://127.0.0.1:8080;
  }

TLS Certificates

The default setup provides easy, self-signed certificates if your own certificates are not found. Make sure to replace them with your own by updating these files:

  • /etc/nginx/tls/certificate.key;
  • /etc/nginx/tls/certificate.crt;

Advanced Configuration

You can change the nginx_config option to override the default setup and provide your own configuration files. Specify a list of src (source) and dest (destination) fields for templates to be deployed. The dest field should always be relative to /etc/nginx/:

roles:
  - role: elan.simple_nginx_reverse_proxy
    nginx_config:
      - src: nginx.conf
        dest: nginx.conf

Note that the role includes an nginx.conf template. If you specify src: nginx.conf, it will always use this included template.

This role can open Nginx ports in firewalld or ufw. It can also adjust the SELinux boolean to allow Nginx to function as a reverse proxy. These options are off by default, so you need to enable them manually:

  • configure_for_firewalld: true
  • configure_for_ufw: true
  • configure_for_selinux: true

Example Playbook

Your playbook could look like this:

---

- hosts: all
  become: true
  roles:
    - role: elan.simple_nginx_reverse_proxy
      configure_for_firewalld: true

Development

For development and testing, you can use molecule. If you're using podman as a driver, you can install it using a virtual environment like this:

pip install -r .dev_requirements.txt

Then you can create test instances, apply the Ansible configuration (converge), and destroy the test instances with these commands:

molecule create
molecule converge
molecule destroy

License

BSD-3-Clause

Author Information

ELAN e.V

Informazioni sul progetto

Installs and prepares Nginx as reverse proxy

role
Installa
ansible-galaxy install elan.simple_nginx_reverse_proxy
GitHub repository
0 stelle
1 fork
0 problemi aperti
Licenza
bsd-3-clause
Download
24.6k
Proprietario
elan e.V.
elan e.V. is a German non-profit organization helping universities and other higher education organizations with all things related to e-learning