ivansible.srv_cdn
ivansible.srv_cdn
This role sets up a simple CDN using nginx.
When making a request to the CDN, you can include some optional HTTP headers:
X-CDN-Front
- the preferred front host name (defaults to the request's host name).X-CDN-Host
- the desired server host name, determining the origin (defaults to$cdn_front
).X-CDN-Back
- optional desired origin host name, which overrides the origin.
Requirements
None
Variables
Here are the available variables and their default values:
srv_cdn_sites:
- server: .mydomain.com
origin: www.example.com
lecert: mydomain.com
The main site list includes the following fields:
server
- the name of the front server, which can be afull.host.name
or.domain.name
(required);origin
- the hostname of the origin server that must support https (required);lecert
- optional custom letsencrypt certificate name for the server;hidden
- if true, defines the server-to-origin mapping but skips the server name (optional, defaults tofalse
).
srv_cdn_default_origin: example.com
This is the fallback origin.
srv_cdn_cloudflare:
- zone: example.com
name: {{ inventory_hostname }}
type: AAAA
value: {{ ansible_default_ipv6.address }}
proxied: false
The list of CloudFlare records for each host includes these fields:
zone
- the zone for the record (required);name
- record name (usually the hostname), required;type
- type of record (A, AAAA, CNAME, etc.), required;value
- optional value; if empty, the record is skipped;proxied
- true or false (defaults tofalse
).
srv_cdn_cloudflare_email: ~
srv_cdn_cloudflare_token: ~
These are CloudFlare credentials. If these settings are empty or missing, CloudFlare tasks will be skipped.
srv_cdn_cloudfront:
- server: www.mydomain.com
reference: www.mydomain.com_cdn1
origin: override.example.com
lecert: mydomain.com
cache: false
This array sets up CloudFront CDN distributions with full paths:
cloudfront -> server -> origin
. Each record includes:
server
- name of the front server, matching a record from the site list (required);origin
- optional, can override the origin from the site list;reference
- a unique identifier for CloudFront (optional, defaults to the server name with a suffix);lecert
- optional custom letsencrypt certificate name for the server;cache
-false
disables CloudFront caching,true
enables it (optional, defaults tosrv_cdn_cloudfront_default_cache
);delete
- if true, the distribution will be deleted instead of being created or updated (optional, defaults tofalse
).
srv_cdn_cloudfront_default_reference: SERVER_cdn
Default name for the distribution reference, where SERVER
will be replaced by the actual server name.
srv_cdn_filters:
- src: ...
dst: ...
These are the HTML replacements that will be applied.
srv_cdn_cloudfront_max_ttl: 2592000 # one month
srv_cdn_cloudfront_default_ttl: 86400 # one day
srv_cdn_cloudfront_cached_methods: [GET, HEAD]
srv_cdn_cloudfront_default_cache: true
Various default settings for CloudFront caching.
srv_cdn_cloudfront_access_key: ~
srv_cdn_cloudfront_secret_key: ~
Credentials for Amazon CloudFront, required if srv_cdn_cloudfront
has records; optional otherwise. If these are empty or missing, they will default to the environment variables AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
from the Ansible controller.
Tags
srv_cdn_cloudflare
- sets up DNS records in CloudFlaresrv_cdn_cloudfront
- sets up CloudFront distributionssrv_cdn_nginx
- configures the CDN site and mappings in nginxsrv_cdn_nginx_site
- configures common CDN site settings in nginxsrv_cdn_all
- all of the above
Dependencies
ivansible.nginx_base
- inherits defaults and handlersivansible.lin_nginx
(implicit dependency)
Example Playbook
- hosts: myserver
roles:
- role: ivansible.srv_cdn
License
MIT
Author Information
Created in 2020-2021 by IvanSible
ansible-galaxy install ivansible.srv_cdn