ansible-nginx-role

Role to manage nginx and vhosts for Debian.

Requirements

None

ToDo's

Role Variables

##
# Nginx setup configuration
##

# Nginx package should be installed
nginx_enabled: true

# Latest will install and update to latest versions, present will not update
nginx_packages_mode: latest # present|latest

nginx_worker_processes: auto
nginx_pid: /run/nginx.pid
nginx_modules_dir: /etc/nginx/modules-enabled

nginx_events_worker_connections: 1024
nginx_multi_accept: "off"

#
# Nginx basic settings
#
nginx_http_sendfile: 'on'
nginx_http_tcp_nopush: 'on'
nginx_http_tcp_nodelay: 'on'
nginx_http_keepalive_timeout: 65
nginx_http_types_hash_max_size: 2048

nginx_http_server_tokens: 'on'
nginx_http_server_names_hash_bucket_size: 64
nginx_http_server_name_in_redirect: 'on'

nginx_http_default_type: application/octet-stream

#
# Nginx ssl settings
#
nginx_http_ssl_protocols: 'TLSv1 TLSv1.1 TLSv1.2'
nginx_http_ssl_prefer_server_ciphers: 'on'
nginx_http_ssl_ciphers: 'AES128+EECDH:AES128+EDH:AES256+EECDH:AES256+EDH:!aNULL'
nginx_http_ssl_session_cache: 'shared:SSL:10m'
nginx_http_ssl_stapling: 'on'
nginx_http_resolver: 8.8.4.4 8.8.8.8 valid=300s
nginx_resolver_timeout: 10s

#
# Nginx logging settings
#
nginx_http_access_log: /var/log/nginx/access.log
nginx_http_error_log: /var/log/nginx/error.log

#
# Nginx gzip settings
#
nginx_http_gzip: 'on'
nginx_http_gzip_disable: '"msie6"'

#
# Nginx basic configuration
#

# Example for extra options prior to the http block of the nginx.conf
nginx_extra_conf_options: |
  env VARIABLE;
  include /etc/nginx/main.d/*.conf;

# Example for extra options near the end of the http block of the nginx.conf
nginx_extra_http_options: |
  #
  # Additional Settings
  #
  some_addition_stuff withSomeValue

#
# Nginx vhost configuration
#
nginx_manage_vhosts: false
nginx_clear_vhosts_first: false

# Removal of the default vhost shipped with nginx
nginx_remove_default_vhost: false

# Managed virtual hosts configuration
nginx_vhosts: 
  #
  # Virtual host: Example
  #
  - name: example
    filename: tld.example
    state: present

    # Redirection to https (optional)
    redirect:
      listen: 1.2.3.4:80
      server_name: example.tld
      target: https://example.tld

    # Basic config
    listen: 1.2.3.4:443 ssl http2
    server_name: example.tld
    access_log: /var/log/nginx/nginx-access.log
    error_log: /var/log/nginx/nginx-error.log
    root: /home/example/htdocs
    try_files: '$uri /$uri /index.php$is_args$args'
    index: index.php

    # SSL support (optional)
    ssl:
      enabled: 'off'
      # When provided it will copy the folder to the destination
      src_dir: ../files/certificates/my_cert_dir
      dest_dir: /etc/ssl
      cert: /etc/ssl/my_cert_dir/my.crt
      key: /etc/ssl/my_cert_dir/my.key

    # Locations for the vhost
    locations:
      - name: default
        location: /
        try_files: $uri /$uri /index.php$is_args$args
      - name: php
        location: '~ \.php$'
        fastcgi:
          pass: "unix:/var/run/php/php8.2-fpm-example.sock"
          index: index.php
          include_conf: fastcgi.conf
        additional_conf: |
          {% filter indent(width=8, first=false) %}
          fastcgi_read_timeout 3600;
          fastcgi_param ENVIRONMENT production;
          fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
          fastcgi_param DOCUMENT_ROOT $realpath_root;
          {% endfilter %}

    # Additional configuration
    additional_conf: |
      {% filter indent(width=8, first=false) %}
      client_max_body_size 32M;
      {% endfilter %}

Dependencies

None

Example Playbook

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:

- hosts: servers
  roles:
     - { role: methorz.nginx }

License

BSD

Author Information

https://twitter.com/methor_z