nginxinc.nginx_app_protect
NGINX App Protect WAF and DoS Ansible Role
This Ansible role helps you install and set up NGINX App Protect Web Application Firewall (WAF) or Denial of Service (DoS) protection on your target server.
Important Notes
- By default, the role installs NGINX App Protect WAF. To install the DoS version, set the variable
nginx_app_protect_dos_enabletotrue. - The role is under active development, so some issues may still exist and variables might change.
Requirements
NGINX App Protect License
You will need a license for NGINX App Protect WAF or DoS before using this role.
Ansible
- This role works with Ansible version
2.12and above. - Install the following collections for proper functionality:
collections:
- name: ansible.posix
version: 1.4.0
- name: community.crypto
version: 2.10.0
- name: community.general
version: 6.2.0
- name: community.docker # Needed only if you plan to use Molecule
version: 3.4.0
- For installation instructions, check the Ansible website.
Jinja2
- Jinja2 is used for templates. Ensure you have Jinja2 version
3.1or higher. - Installation details can be found on the Jinja2 website.
Molecule (Optional)
- Used for testing the role. Recommended version is
4.x. - Follow the instructions on the Molecule website to install it. Remember to also install the Molecule Docker driver.
- To run tests with Molecule, you'll need to put your NGINX App Protect license in the
files/licensefolder of the role.
Installation
Using Ansible Galaxy
To install the latest version of the role:
ansible-galaxy install nginxinc.nginx_app_protect
To update an existing installation:
ansible-galaxy install -f nginxinc.nginx_app_protect
Using Git
To clone the latest code from GitHub:
git clone https://github.com/nginxinc/ansible-role-nginx-app-protect.git
Supported Platforms
For NGINX App Protect WAF
Supports all platforms that support NGINX Plus with the listed distributions for WAF:
Amazon Linux 2:
- any
Debian:
- buster (10)
RHEL:
- 8.1+
Ubuntu:
- bionic (18.04)
- focal (20.04)
For NGINX App Protect DoS
Supports all platforms that support NGINX Plus with the listed distributions for DoS:
Debian:
- buster (10)
- bullseye (11)
RHEL:
- 8.0+
Ubuntu:
- bionic (18.04)
- focal (20.04)
Role Variables
This role has several variables. You can check their descriptions and default values in the defaults/ folder:
| Name | Description |
|---|---|
main.yml |
Variables for NGINX App Protect installation and configuration |
For details about preset variables, see the vars/ folder:
| Name | Description |
|---|---|
main.yml |
Supported platforms for NGINX App Protect |
Dependencies
If NGINX Plus is not installed, this role will install the required version of NGINX Plus based on the NGINX App Protect version you are installing.
Example Playbooks
You can find examples in the molecule/default/ folder:
| Name | Description |
|---|---|
molecule/default/converge.yml |
Install and configure NGINX App Protect WAF |
molecule/advanced/converge.yml |
Advanced integration test with NGINX App Protect WAF sending logs to a remote server |
molecule/dos/converge.yml |
Install NGINX App Protect DoS |
molecule/specific-version/converge.yml |
Install a specific version of NGINX App Protect signatures |
molecule/uninstall/converge.yml |
Uninstall NGINX App Protect WAF/DoS |
Additional Resources
You can explore more roles and collections for NGINX:
License
This project is licensed under the Apache License, Version 2.0.
Authors
© F5, Inc. 2020 - 2024
Official Ansible role for installing and configuring NGINX App Protect WAF and DoS
ansible-galaxy install nginxinc.nginx_app_protect