diff --git a/README.md b/README.md index 8c8f83e..f593ca7 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,13 @@ Nginx for Debian Ansible role Install and configure Nginx on Debian. -SSL management will come later. +Features: + +- SSL/TLS "hardened" support +- Manage basic auth on vhost / location +- Proxy + Upstream +- Fast PHP configuration +- Preconfigured vhost templates (should work on many app) Requirements ------------ @@ -17,24 +23,24 @@ Role Variables ### Packaging - - `nginx_apt_package`: APT nginx package (try: apt-cache search ^nginx) - - `nginx_backports`: Install nginx from backport repository (bool) +- `nginx_apt_package`: APT nginx package (try: apt-cache search ^nginx) +- `nginx_backports`: Install nginx from backport repository (bool) ### Shared - - `nginx_root`: root directory where you want to have your files - - `nginx_log_dir`: log directory (if you change it, don't forget to change logrotate config) - - `nginx_resolver`: list of DNS resolver (default: OpenDNS) - - `nginx_error_log_level`: default log level +- `nginx_root`: root directory where you want to have your files +- `nginx_log_dir`: log directory (if you change it, don't forget to change logrotate config) +- `nginx_resolver`: list of DNS resolver (default: OpenDNS) +- `nginx_error_log_level`: default log level ### Nginx Configuration - - `nginx_user` - - `nginx_worker_processes` - - `nginx_pid`: daemon pid file - - `nginx_events_*`: all variables in events block - - `nginx_http_*`: all variables in http block - - `nginx_custom_http`: instructions list (will put data in `/etc/nginx/conf.d/custom.conf`) +- `nginx_user` +- `nginx_worker_processes` +- `nginx_pid`: daemon pid file +- `nginx_events_*`: all variables in events block +- `nginx_http_*`: all variables in http block +- `nginx_custom_http`: instructions list (will put data in `/etc/nginx/conf.d/custom.conf`) Fine configuration ------------------ diff --git a/doc/auth.md b/doc/auth.md index 7f4237f..601534b 100644 --- a/doc/auth.md +++ b/doc/auth.md @@ -15,7 +15,7 @@ Each htpasswd has few keys: `nginx_htpasswd` should be placed in a vaut file. -Exemple +Example ------- ``` diff --git a/doc/php.md b/doc/php.md index 47a686e..81bd97c 100644 --- a/doc/php.md +++ b/doc/php.md @@ -15,3 +15,4 @@ Each socket have: - `max_fails` - `fail_timeout` +With default configuration, it works fine with PHP-FPM. But if you install PHP7 with Dotdeb, path changed between version, you must set well this list. diff --git a/doc/vhost.md b/doc/vhost.md index 2d1ce6f..208bde2 100644 --- a/doc/vhost.md +++ b/doc/vhost.md @@ -8,19 +8,21 @@ You can see many examples in: [tests/test.yml](../tests/test.yml). Common ------ - - `name`: (M) Domain or list of domain used. - - `template`: (D) template used to create vhost. Optional if you set `delete` to true or using `redirect_tor`. - - `enable`: (O) Enable the vhost (default is true) - - `delete`: (O) Delete the vhost (default is false) - - `redirect_from`: (O) Domain list to redirect to the first `name`. You can use this key to redirect non-www to www - - `redirect_to`: (O) Redirect all requests to this domain. Please set scheme (http:// or https:// or $sheme). - - `redirect_to_code`: Redirect code (default: 302) - - `location`: (O) Add new custom locations (it does not overwrite!) - - `more`: (O) Add more custom infos. - - `upstream_params`: (O) Add upstream params (useful when you want to pass variables to PHP) - - `override_try_files`: (O) overrides default try\_files defined in template - - `manage_local_content`: (O) Boolean. Set to false if you do not want to manage local content (images, css...). This option is useless if you use `_proxy` template or `redirect_to` feature. - - `htpasswd`: (0) References name key in `nginx_htpasswd`. Enable auth basic on all vhost. +- `name`: (M) Domain or list of domain used. +- `template`: (D) template used to create vhost. Optional if you set `delete` to true or using `redirect_tor`. +- `enable`: (O) Enable the vhost (default is true) +- `delete`: (O) Delete the vhost (default is false) +- `redirect_from`: (O) Domain list to redirect to the first `name`. You can use this key to redirect non-www to www +- `redirect_to`: (O) Redirect all requests to this domain. Please set scheme (http:// or https:// or $sheme). +- `redirect_to_code`: Redirect code (default: 302) +- `location`: (O) Add new custom locations (it does not overwrite!) +- `more`: (O) Add more custom infos. +- `upstream_params`: (O) Add upstream params (useful when you want to pass variables to PHP) +- `override_try_files`: (O) overrides default try\_files defined in template +- `manage_local_content`: (O) Boolean. Set to false if you do not want to manage local content (images, css...). This option is useless if you use `_proxy` template or `redirect_to` feature. +- `htpasswd`: (O) References name key in `nginx_htpasswd`. Enable auth basic on all vhost. +- `proto`: (O) list of protocol used. Default is a list with "http". If you need http and https, you must set a list with "http" and "https". You can only set "https" without http support. +- `ssl_name`: (D) name of the key used when using TLS/SSL. Mandatory when `proto` contains "https" (O): Optional (M): Mandatory @@ -29,15 +31,15 @@ Common Templates --------- - - `_base`: static template - - `_backuppc`: access to [BackupPC](http://backuppc.sourceforge.net/) (be careful: you need to install [fcgiwrap](https://packages.debian.org/jessie/fcgiwrap)) - - `_dokuwiki` - - `_redirect`: should not be called explicitly - - `_phalcon`: Phalcon PHP Framework - - `_php`: PHP base template. Can work with many frameworks/tools - - `_php_index`: Same as above. But you can only run index.php - - `_proxy` - - `_wordpress` +- `_base`: static template +- `_backuppc`: access to [BackupPC](http://backuppc.sourceforge.net/) (be careful: you need to install [fcgiwrap](https://packages.debian.org/jessie/fcgiwrap)) +- `_dokuwiki` +- `_redirect`: should not be called explicitly +- `_phalcon`: Phalcon PHP Framework +- `_php`: PHP base template. Can work with many frameworks/tools +- `_php_index`: Same as above. But you can only run index.php +- `_proxy` +- `_wordpress` Templates works as parent-child. @@ -48,8 +50,8 @@ Proxy template allow you to use Nginx as reverse proxy. Usefull when you have an You have many key added to vhost key: - - `upstream_name`: (O) upstream name used to pass proxy - - `proxy_params`: (M) list of raw params passed to the vhost +- `upstream_name`: (O) upstream name used to pass proxy +- `proxy_params`: (M) list of raw params passed to the vhost (O) : Optional