weareinteractive.nginxis an Ansible role which:
- installs nginx
- configures nginx
- creates sites
- enables/disables sites
- optionally removes default host
- adds rules
- configures service
Note:
Since Ansible Galaxy supports organization now, this role has moved from
franklinkim.nginxtoweareinteractive.nginx!
Using ansible-galaxy:
$ ansible-galaxy install weareinteractive.nginxUsing requirements.yml:
- src: weareinteractive.nginxUsing git:
$ git clone https://github.com/weareinteractive/ansible-nginx.git weareinteractive.nginx- Ansible >= 2.4
Here is a list of all the default variables for this role, which are also available in defaults/main.yml.
---
# nginx_sites:
# - id: foo (required)
# name: foo.com (required)
# ip: '*'
# port: 80
# state: present
# add_webroot: no
# template: path/to/template.j2
# aliases: []
# redirects: []
# ssl:
# port: 443
# key_name: mykey.key
# key_path: path/to/key
# cert_name: mycert.crt
# cert_path: path/to/cert
# rules: []
# auth:
# name: foo
# file: foo
# append: ''
#
# dependencies packages to install package
nginx_dependencies:
- ca-certificates
- gnupg2
# apt repository
nginx_repo: "deb http://nginx.org/packages/{{ ansible_distribution|lower }}/ {{ ansible_distribution_release }} nginx"
# apt repository key
nginx_repo_key: ABF5BD827BD9BF62
# package name (version)
nginx_package: nginx
# run as a less privileged user for security reasons.
nginx_user: www-data
# number or auto
nginx_worker_processes: 1
nginx_worker_connections: 1024
# default settings
nginx_sendfile: 'on'
nginx_tcp_nopush: 'on'
nginx_tcp_nodelay: 'on'
nginx_keepalive_timeout: 15
nginx_types_hash_max_size: 2048
nginx_server_names_hash_bucket_size: 128
nginx_server_tokens: 'off'
# remove default site
nginx_remove_default: no
# start on boot
nginx_service_enabled: yes
# current state: started, stopped
nginx_service_state: started
# enabled/disabled sites
nginx_sites: []
# add rules
nginx_add_rules: yes
These are the handlers that are defined in handlers/main.yml.
---
- name: restart nginx
service: name=nginx state=restarted
when: nginx_service_state != 'stopped'
- name: reload nginx
service: name=nginx state=reloaded
when: nginx_service_state != 'stopped'
If nginx_add_rules is yes, it will copy some configuration rules to /etc/nginx/rules:
- cache_busting.conf
- cors_web_fonts.conf
- gzip.conf
- no_transform.conf
- ssl.conf
- cors_ajax.con
- expires.conf
- gzip_static.conf
- security.conf
This is an example playbook:
---
- hosts: all
become: yes
roles:
- weareinteractive.apt
- weareinteractive.openssl
- weareinteractive.htpasswd
- weareinteractive.nginx
vars:
htpasswd:
- name: foobar
users:
- { name: foobar, password: foobar }
openssl_generate_csr: yes
openssl_self_signed:
- name: fooboar.local
subject:
C: DE
ST: Bavaria
L: Munich
O: Foo Bar Inc
CN: foobar.local
emailAddress: [email protected]
nginx_sites:
- id: foobar
add_webroot: yes
name: foobar.local
ssl:
key_name: foobar.local.key
cert_name: foobar.local.crt
rules:
- gzip
- security
auth:
name: Foo Bar
file: foobar
nginx_worker_processes: 1
nginx_remove_default: yes
# do not start service as we're running in docker
nginx_service_state: stopped
nginx_service_enabled: no
$ git clone https://github.com/weareinteractive/ansible-nginx.git
$ cd ansible-nginx
$ make testIn lieu of a formal style guide, take care to maintain the existing coding style. Add unit tests and examples for any new or changed functionality.
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request
Note: To update the README.md file please install and run ansible-role:
$ gem install ansible-role
$ ansible-role docgenCopyright (c) We Are Interactive under the MIT license.