Mirror HanXHX/ansible-nginx dari GitHub.
 
 
Go to file
Emilien Mantel 0622f8ab87 Some changes on acme.sh install process
- Remove useless git directory
- Force use letsencrypt as default CA
2021-09-10 16:02:24 +02:00
defaults Fix yaml lint 2021-09-01 11:21:12 +02:00
doc Merge branch 'master' into debian_11 2021-09-03 12:08:30 +02:00
filter_plugins Compat python3 2020-05-18 16:10:42 +02:00
handlers Fix Ansible Lint 2021-09-01 11:58:39 +02:00
meta Fix Ansible Lint 2021-09-01 11:45:44 +02:00
tasks Some changes on acme.sh install process 2021-09-10 16:02:24 +02:00
templates/etc Drop Backuppc support 2021-09-01 11:06:02 +02:00
tests Fix ansible lint 2021-09-03 12:19:32 +02:00
vars Merge branch 'master' into debian_11 2021-09-03 12:08:30 +02:00
.ansible-lint Fix ansible lint 2021-09-03 12:19:32 +02:00
.gitignore Use upstream config from HanXHX.php role 2019-12-26 17:16:13 +01:00
.travis.yml Migrate to new TravisCI version 2021-09-01 12:05:07 +02:00
.yamllint.yml Fix yaml lint 2021-09-01 11:21:12 +02:00
LICENSE Initial commit 2015-07-15 12:12:06 +02:00
README.md Migrate to new TravisCI version 2021-09-01 12:05:07 +02:00
Vagrantfile Add Debian Bullseye (11) support 2021-09-01 11:07:54 +02:00

README.md

Nginx for Debian/FreeBSD Ansible role

Ansible Galaxy Build Status

Install and configure Nginx on Debian/FreeBSD.

Features:

  • SSL/TLS "hardened" support
  • Manage basic auth on site / location
  • Proxy + Upstream
  • Fast PHP configuration
  • Preconfigured site templates (should work on many app)
  • Auto-configure HTTP2 on SSL/TLS sites
  • Manage dynamic modules (install and loading)
  • Deploy custom facts.d with sites config
  • Can listen with proxy protocol
  • Generate certificates with acme.sh (let's encrypt) -- EXPERIMENTAL

Supported OS:

OS Working Stable (active support)
Debian Jessie (8) Yes Check latest supported version (1.5.0)
Debian Stretch (9) Yes Yes
Debian Buster (10) Yes Yes
Debian Bullseye (11) Yes Yes
FreeBSD 11 Yes No
FreeBSD 12 Yes No

Requirements

  • Ansible >=2.11
  • If you set true to nginx_backports, you must install backports repository before lauching this role.

Role Variables

Packaging

Debian:

  • nginx_apt_package: APT nginx package (try: apt-cache search ^nginx)
  • nginx_backports: Install nginx from backport repository (bool)

FreeBSD:

  • nginx_pkgng_package: PKGNG nginx package (should be "nginx" or "nginx-devel")

Shared

  • nginx_root: root directory where you want to have your files
  • nginx_log_dir: log directory (if you change it, don't forget to change logrotate config)
  • nginx_resolver: list of DNS resolver (default: OpenDNS)
  • nginx_error_log_level: default log level
  • nginx_auto_config_httpv2: boolean, auto configure HTTP2 where possible
  • nginx_fastcgi_fix_realpath: boolean, use realpath for fastcgi (fix problems with symlinks and PHP opcache)
  • nginx_default_hsts: string, default header sent for HSTS

Nginx Configuration

  • nginx_user
  • nginx_worker_processes
  • nginx_pid: daemon pid file
  • nginx_events_*: all variables in events block
  • nginx_http_*: all variables in http block
  • nginx_custom_http: instructions list (will put data in /etc/nginx/conf.d/custom.conf)
  • nginx_module_packages: package list module to install (Debian)
  • nginx_load_modules: module list to load (full path), should be used only on FreeBSD

Misc

  • nginx_debug_role: set true if you need to see output of no_log tasks

About modules

Last updates from Debian backports loads modules from /etc/nginx/modules-enabled directory. Disabling/Enabling is not supported anymore. Please wait further update.

Fine configuration

Site configuration

PHP configuration

Upstream Configuration

SSL/TLS Configuration

Basic Auth

FreeBSD

acme.sh

Note

  • Active support for Debian.
  • FreeBSD support is experimental (no Travis). I only test (for the moment) 10.2 (but it can work on other versions).

Dependencies

None

If you need to dev this role locally

Before use vagrant, run once:

ansible-galaxy install -p ./tests/ HanXHX.php,master

Example Playbook

See tests/test.yml.

License

GPLv2

Donation

If this code helped you, or if youve used them for your projects, feel free to buy me some 🍻

  • Bitcoin: 1BQwhBeszzWbUTyK4aUyq3SRg7rBSHcEQn
  • Ethereum: 63abe6b2648fd892816d87a31e3d9d4365a737b5
  • Litecoin: LeNDw34zQLX84VvhCGADNvHMEgb5QyFXyD
  • Monero: 45wbf7VdQAZS5EWUrPhen7Wo4hy7Pa7c7ZBdaWQSRowtd3CZ5vpVw5nTPphTuqVQrnYZC72FXDYyfP31uJmfSQ6qRXFy3bQ

No crypto-currency? the project is also a way of saying thank you! 😎

Author Information