sorrowless.nginx
sbog/nginx
This is a role for installing and configuring the nginx web server. You can customize the HTTP settings for your site and add as many sites as you want with your chosen configurations.
Requirements
To use this role, you need Ansible version 2.4 or higher. The specific platform requirements can be found in the metadata file. Some older versions of this role support Ansible 1.4. For FreeBSD, you must have a working pkgng setup (see: FreeBSD pkgng). The Nginx Amplify agent can only be installed on CentOS, RedHat, Amazon, Debian, and Ubuntu distributions.
Installation
Run the following command to install the role:
ansible-galaxy install sorrowless.nginx
Role Variables
You can pass the following variables to the role (more details can be found in defaults/main.yml):
# User to run nginx
nginx_user: "www-data"
# Parameters for the events section
nginx_events_params:
- worker_connections 512
- debug_connection 127.0.0.1
- use epoll
- multi_accept on
# Define the servers for nginx
nginx_sites:
default:
- listen 80
- server_name _
- root "/usr/share/nginx/html"
- index index.html
foo:
- listen 8080
- server_name localhost
- root "/tmp/site1"
- location / { try_files $uri $uri/ /index.html; }
- location /images/ { try_files $uri $uri/ /index.html; }
bar:
- listen 9090
- server_name ansible
- root "/tmp/site2"
- location / { try_files $uri $uri/ /index.html; }
- location /images/ {
try_files $uri $uri/ /index.html;
allow 127.0.0.1;
deny all;
}
# Additional configuration settings
nginx_configs:
proxy:
- proxy_set_header X-Real-IP $remote_addr
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for
upstream:
- upstream foo { server 127.0.0.1:8080 weight=10; }
geo:
- geo $local {
default 0;
127.0.0.1 1;
}
gzip:
- gzip on
- gzip_disable msie6
# Configuration snippets
nginx_snippets:
error_pages:
- error_page 500 /http_errors/500.html
- error_page 502 /http_errors/502.html
- error_page 503 /http_errors/503.html
- error_page 504 /http_errors/504.html
# User/password files
nginx_auth_basic_files:
demo:
- foo:$apr1$mEJqnFmy$zioG2q1iDWvRxbHuNepIh0 # foo:demo
- bar:$apr1$H2GihkSo$PwBeV8cVWFFQlnAJtvVCQ. # bar:demo
# Enable Real IP for CloudFlare
nginx_set_real_ip_from_cloudflare: True
# Enable Nginx Amplify
nginx_amplify: true
nginx_amplify_api_key: "your_api_key_goes_here"
nginx_amplify_update_agent: true
# Define modules to enable in configuration
nginx_module_configs:
- mod-http-geoip
Examples
1) Install nginx with chosen HTTP settings, no sites configured:
- hosts: all
roles:
- {role: nginx,
nginx_http_params: ["sendfile on", "access_log /var/log/nginx/access.log"]
}
2) Install nginx with different HTTP settings, no sites configured:
- hosts: all
roles:
- {role: nginx,
nginx_http_params: ["tcp_nodelay on", "error_log /var/log/nginx/error.log"]}
Note: Make sure the HTTP settings you use are valid. This role won't check them.
3) Install nginx and add a site:
- hosts: all
roles:
- role: nginx
nginx_http_params:
- sendfile "on"
- access_log "/var/log/nginx/access.log"
nginx_sites:
bar:
- listen 8080
- location / { try_files $uri $uri/ /index.html; }
- location /images/ { try_files $uri $uri/ /index.html; }
4) Install nginx with extra parameters:
- hosts: all
vars:
- my_extra_params:
- client_max_body_size 200M
roles:
- role: sorrowless.nginx
nginx_http_params: "{{ nginx_http_default_params + my_extra_params }}"
5) Install nginx, add 2 sites and extra configuration:
---
- hosts: all
roles:
- role: nginx
nginx_http_params:
- sendfile on
- access_log /var/log/nginx/access.log
nginx_sites:
foo:
- listen 8080
- server_name localhost
- root /tmp/site1
- location / { try_files $uri $uri/ /index.html; }
- location /images/ { try_files $uri $uri/ /index.html; }
bar:
- listen 9090
- server_name ansible
- root /tmp/site2
- location / { try_files $uri $uri/ /index.html; }
- location /images/ { try_files $uri $uri/ /index.html; }
nginx_configs:
proxy:
- proxy_set_header X-Real-IP $remote_addr
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for
6) Install nginx, add 2 sites, extra configuration and upstream block:
---
- hosts: all
roles:
- role: nginx
nginx_error_log_level: info
nginx_http_params:
- sendfile on
- access_log /var/log/nginx/access.log
nginx_sites:
foo:
- listen 8080
- server_name localhost
- root /tmp/site1
- location / { try_files $uri $uri/ /index.html; }
- location /images/ { try_files $uri $uri/ /index.html; }
bar:
- listen 9090
- server_name ansible
- root /tmp/site2
- location / { try_files $uri $uri/ /index.html; }
- location /images/ { try_files $uri $uri/ /index.html; }
nginx_configs:
proxy:
- proxy_set_header X-Real-IP $remote_addr
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for
upstream:
- upstream foo_backend { server 127.0.0.1:8080 weight=10; }
7) Install nginx, add a site using multi-line syntax:
---
- hosts: all
roles:
- role: nginx
nginx_http_params:
- sendfile on
- access_log /var/log/nginx/access.log
nginx_sites:
foo:
- listen 443 ssl
- server_name foo.example.com
- |
location / {
proxy_set_header Host foo.example.com;
}
- |
location ~ /v2/users/.+?/organizations {
if ($request_method = PUT) {
set $myhost bar.example.com;
}
proxy_set_header Host $myhost;
}
8) Combine with ssl-certs role to manage SSL certificates:
- hosts: all
roles:
- jdauphant.ssl-certs
- role: sorrowless.nginx
nginx_configs:
ssl:
- ssl_certificate_key {{ssl_certs_privkey_path}}
- ssl_certificate {{ssl_certs_cert_path}}
nginx_sites:
default:
- listen 443 ssl
- server_name _
- root "/usr/share/nginx/html"
- index index.html
9) Use a custom template for site configuration:
- hosts: all
roles:
- role: nginx
nginx_sites:
custom_bar:
template: custom_bar.conf.j2
server_name: custom_bar.example.com
Custom template example (custom_bar.conf.j2):
# {{ ansible_managed }}
upstream backend {
server 10.0.0.101;
}
server {
server_name {{ item.value.server_name }};
location / {
proxy_pass http://backend;
}
}
10) Install nginx, add 2 sites and use snippets for access control:
---
- hosts: all
roles:
- role: nginx
nginx_http_params:
- sendfile on
- access_log /var/log/nginx/access.log
nginx_snippets:
accesslist_devel:
- allow 192.168.0.0/24
- deny all
nginx_sites:
foo:
- listen 8080
- server_name localhost
- root /tmp/site1
- include snippets/accesslist_devel.conf
- location / { try_files $uri $uri/ /index.html; }
- location /images/ { try_files $uri $uri/ /index.html; }
bar:
- listen 9090
- server_name ansible
- root /tmp/site2
- location / { try_files $uri $uri/ /index.html; }
- location /images/ { try_files $uri $uri/ /index.html; }
Dependencies
No dependencies.
License
This role is licensed under the BSD License.
Author Information
- Original: Benno Joy
- Modified by: DAUPHANT Julien
- Updated by: Stan Bogatkin
Installa
ansible-galaxy install sorrowless.nginxLicenza
bsd-2-clause
Download
9.2k
Proprietario
Barocco-style deployment engineer