ivansible.srv_cdn

This role sets up a simple CDN using nginx.

When making a request to the CDN, you can include some optional HTTP headers:

• X-CDN-Front - the preferred front host name (defaults to the request's host name).
• X-CDN-Host - the desired server host name, determining the origin (defaults to $cdn_front).
• X-CDN-Back - optional desired origin host name, which overrides the origin.

Requirements

None

Variables

Here are the available variables and their default values:

    srv_cdn_sites:
      - server: .mydomain.com
        origin: www.example.com
        lecert: mydomain.com

The main site list includes the following fields:

• server - the name of the front server, which can be a full.host.name or .domain.name (required);
• origin - the hostname of the origin server that must support https (required);
• lecert - optional custom letsencrypt certificate name for the server;
• hidden - if true, defines the server-to-origin mapping but skips the server name (optional, defaults to false).

    srv_cdn_default_origin: example.com

This is the fallback origin.

    srv_cdn_cloudflare:
      - zone: example.com
        name: {{ inventory_hostname }}
        type: AAAA
        value: {{ ansible_default_ipv6.address }}
        proxied: false

The list of CloudFlare records for each host includes these fields:

• zone - the zone for the record (required);
• name - record name (usually the hostname), required;
• type - type of record (A, AAAA, CNAME, etc.), required;
• value - optional value; if empty, the record is skipped;
• proxied - true or false (defaults to false).

    srv_cdn_cloudflare_email: ~
    srv_cdn_cloudflare_token: ~

These are CloudFlare credentials. If these settings are empty or missing, CloudFlare tasks will be skipped.

    srv_cdn_cloudfront:
      - server: www.mydomain.com
        reference: www.mydomain.com_cdn1
        origin: override.example.com
        lecert: mydomain.com
        cache: false

This array sets up CloudFront CDN distributions with full paths: cloudfront -> server -> origin. Each record includes:

• server - name of the front server, matching a record from the site list (required);
• origin - optional, can override the origin from the site list;
• reference - a unique identifier for CloudFront (optional, defaults to the server name with a suffix);
• lecert - optional custom letsencrypt certificate name for the server;
• cache - false disables CloudFront caching, true enables it (optional, defaults to srv_cdn_cloudfront_default_cache);
• delete - if true, the distribution will be deleted instead of being created or updated (optional, defaults to false).

    srv_cdn_cloudfront_default_reference: SERVER_cdn

Default name for the distribution reference, where SERVER will be replaced by the actual server name.

    srv_cdn_filters:
      - src: ...
        dst: ...

These are the HTML replacements that will be applied.

    srv_cdn_cloudfront_max_ttl: 2592000    # one month
    srv_cdn_cloudfront_default_ttl: 86400  # one day
    srv_cdn_cloudfront_cached_methods: [GET, HEAD]
    srv_cdn_cloudfront_default_cache: true

Various default settings for CloudFront caching.

    srv_cdn_cloudfront_access_key: ~
    srv_cdn_cloudfront_secret_key: ~

Credentials for Amazon CloudFront, required if srv_cdn_cloudfront has records; optional otherwise. If these are empty or missing, they will default to the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY from the Ansible controller.

Tags

• srv_cdn_cloudflare - sets up DNS records in CloudFlare
• srv_cdn_cloudfront - sets up CloudFront distributions
• srv_cdn_nginx - configures the CDN site and mappings in nginx
• srv_cdn_nginx_site - configures common CDN site settings in nginx
• srv_cdn_all - all of the above

Dependencies

• ivansible.nginx_base - inherits defaults and handlers
• ivansible.lin_nginx (implicit dependency)

Example Playbook

    - hosts: myserver
      roles:
         - role: ivansible.srv_cdn

License

MIT

Author Information

Created in 2020-2021 by IvanSible