Mirror HanXHX/ansible-nginx dari GitHub.
 
 
Go to file
Emilien M 20d04015c1
Remove newlines+tab on server_name. Bypass acme.sh limitations (#38)
2019-03-20 19:37:55 +01:00
defaults Update crypto helpers 2019-02-12 18:03:52 +01:00
doc Manages locations before "/" 2019-02-20 15:13:25 +01:00
filter_plugins Remove heavy code (nginx filename) using a filter 2017-10-26 15:33:00 +02:00
handlers Fixes some warnings 2019-02-12 18:04:24 +01:00
meta Drop Jessie support 2019-02-13 14:40:03 +01:00
tasks Drop Jessie support 2019-02-13 14:40:03 +01:00
templates/etc Remove newlines+tab on server_name. Bypass acme.sh limitations (#38) 2019-03-20 19:37:55 +01:00
tests Fix tests 2019-02-21 18:32:38 +01:00
vars Fix deprecations (#35) 2019-01-24 11:05:46 +01:00
.gitignore New PHP management 2017-10-26 11:04:38 +02:00
.travis.yml Drop Jessie support 2019-02-13 14:40:03 +01:00
LICENSE Initial commit 2015-07-15 12:12:06 +02:00
README.md Drop Jessie support 2019-02-13 14:40:03 +01:00
Vagrantfile Drop Jessie support 2019-02-13 14:40:03 +01:00

README.md

Nginx for Debian/FreeBSD Ansible role

Ansible Galaxy Build Status

Install and configure Nginx on Debian/FreeBSD.

Features:

  • SSL/TLS "hardened" support
  • Manage basic auth on site / location
  • Proxy + Upstream
  • Fast PHP configuration
  • Preconfigured site templates (should work on many app)
  • Auto-configure HTTP2 on SSL/TLS sites
  • Manage dynamic modules (install and loading)
  • Deploy custom facts.d with sites config
  • Can listen with proxy protocol
  • Generate certificates with acme.sh (let's encrypt) -- EXPERIMENTAL

Supported OS:

OS Working Stable (active support)
Debian Jessie (8) Yes Check latest supported version (1.5.0)
Debian Stretch (9) Yes Yes
FreeBSD 11 Yes No
FreeBSD 12 Yes No

Requirements

Ansible 2.6+. If you set true to nginx_backports, you must install backports repository before lauching this role.

Role Variables

Packaging

Debian:

  • nginx_apt_package: APT nginx package (try: apt-cache search ^nginx)
  • nginx_backports: Install nginx from backport repository (bool)

FreeBSD:

  • nginx_pkgng_package: PKGNG nginx package (should be "nginx" or "nginx-devel")

Shared

  • nginx_root: root directory where you want to have your files
  • nginx_log_dir: log directory (if you change it, don't forget to change logrotate config)
  • nginx_resolver: list of DNS resolver (default: OpenDNS)
  • nginx_error_log_level: default log level
  • nginx_auto_config_httpv2: boolean, auto configure HTTP2 where possible
  • nginx_fastcgi_fix_realpath: boolean, use realpath for fastcgi (fix problems with symlinks and PHP opcache)

Nginx Configuration

  • nginx_user
  • nginx_worker_processes
  • nginx_pid: daemon pid file
  • nginx_events_*: all variables in events block
  • nginx_http_*: all variables in http block
  • nginx_custom_http: instructions list (will put data in /etc/nginx/conf.d/custom.conf)
  • nginx_module_packages: package list module to install (Debian)
  • nginx_load_modules: module list to load (full path), should be used only on FreeBSD

Misc

  • nginx_debug_role: set true if you need to see output of no_log tasks

About modules

Last updates from Debian backports loads modules from /etc/nginx/modules-enabled directory. Disabling/Enabling is not supported anymore. Please wait further update.

Fine configuration

Site configuration

PHP configuration

Upstream Configuration

SSL/TLS Configuration

Basic Auth

FreeBSD

acme.sh

Note

  • Active support for Debian.
  • FreeBSD support is experimental (no Travis). I only test (for the moment) 10.2 (but it can work on other versions).
  • I don't manage BackupPC for FreeBSD (PR welcome).

Dependencies

None

Example Playbook

See tests/test.yml.

License

GPLv2

Donation

If this code helped you, or if youve used them for your projects, feel free to buy me some 🍻

  • Bitcoin: 1BQwhBeszzWbUTyK4aUyq3SRg7rBSHcEQn
  • Ethereum: 63abe6b2648fd892816d87a31e3d9d4365a737b5
  • Litecoin: LeNDw34zQLX84VvhCGADNvHMEgb5QyFXyD
  • Monero: 45wbf7VdQAZS5EWUrPhen7Wo4hy7Pa7c7ZBdaWQSRowtd3CZ5vpVw5nTPphTuqVQrnYZC72FXDYyfP31uJmfSQ6qRXFy3bQ

No crypto-currency? the project is also a way of saying thank you! 😎

Author Information