Ansible role which installs and configures Nginx, from a package or from source (including a series of optional modules).
It has been tested on Ansible 1.5 and above, and depends on the following roles:
- ANXS.apt
- ANXS.build-essential
- ANXS.perl
- ANXS.monit (if you want monit protection)
Currently it's been developed for, and tested on Ubuntu. It is assumed to work on other Debian distributions as well.
-
nginx_install_method- "source" or "package" -
nginx_user- user Nginx will run as -
nginx_uid- the uid for this user -
nginx_group- Nginx group -
nginx_gid- the gid for this group -
nginx_dir- location of the Nginx configuration (conf, sites-available, sites-enabled, ...) -
nginx_www_dir- location of the www root for Nginx sites -
nginx_log_dir- location of the Nginx logs -
nginx_pid- location of the Nginx PID file -
nginx_worker_processes- sets the number of worker processes -
nginx_daemon_disable- whether the daemon should be disabled which can be set to yes or no -
nginx_worker_rlimit_nofile- used for config value ofworker_rlimit_nofile. Can replace any "ulimit -n" command. The value depend on your usage (cache or not) but must always be superior than worker_connections. Set tonullto ignore -
nginx_error_log_options- option flags for the error_log -
nginx_error_log_filename- filename for the error log -
nginx_worker_connections- sets the number of worker connections -
nginx_multi_accept- used for config value of events { multi_accept }. Try to accept() as many connections as possible. Can be set to yes or no -
nginx_charset- used to specify an explicit default charset (say, 'utf-8', 'off'…) -
nginx_disable_access_log- whether or not to disable the access log, yes or no -
nginx_access_log_options- option flags for the access_log -
nginx_server_tokens- whether to send the Nginx version number in error pages and Server header, on or off -
nginx_event- used for config value of events { use }. Set the event-model. By default nginx looks for the most suitable method for your OS. -
nginx_sendfile- directive to activate or deactivate the usage of sendfile(), on or off -
nginx_keepalive- option whether to use the timeout options (below). Only the value "on" will include them -
nginx_keepalive_timeout- assigns the timeout for keep-alive connections with the client -
nginx_client_body_timeout- sets the read timeout for the request body from client -
nginx_client_header_timeout- specifies how long to wait for the client to send a request header -
nginx_send_timeout- specifies the response timeout to the client; it does not apply to the entire transfer but, rather, only between two subsequent client-read operations -
nginx_buffers- option whether to use the buffer options (below). Only the value "on" will include them -
client_body_buffer_size- specifies the client request body buffer size -
client_header_buffer_size- sets the headerbuffer size for the request header from client -
client_max_body_size- specifies the maximum accepted body size of a client request, as indicated by the request header Content-Length. Set to 0 to disable -
large_client_header_buffers- assigns the maximum number and size of buffers for large headers to read from client request -
nginx_server_names_hash_bucket_size- assigns the size of basket in the hash-tables of the names of servers. This value by default depends on the size of the line of processor cache -
nginx_types_hash_max_size- -
nginx_types_hash_bucket_size- -
nginx_proxy_read_timeout- defines a timeout (between two successive read operations) for reading a response from the proxied server. -
nginx_enable_rate_limiting- enable rate limiting, yes or no -
nginx_rate_limiting_zone_name- sets the shared memory zone -
nginx_rate_limiting_backoff- sets the maximum burst size of requests -
nginx_rate_limit- sets the rate (e.g. 1r/s) -
nginx_access_logs- a list of access log formats, filenames and optionsnginx_access_logs: - name: "main" format: '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"' options: null filename: "access.log" -
nginx_default_root- the directory to place the default site -
nginx_default_enable- whether or not to actually enable the defaul site
nginx_source_version- the version of Nginx to installnginx_source_url- URL for the Nginx source (versioned). By default it will get it fromnginx_source_versionnginx_source_prefix- prefix for installing nginx from source (versioned)nginx_source_conf_path- location of the main config file (innginx_dirby default)nginx_source_default_configure_flags- the default configure flags (before adding the modules). By default, this sets --prefix, --conf-path and --sbin-pathnginx_source_modules_included- see belownginx_source_modules_excluded- a list of configure flags to exclude modules. Example: ["mail_pop3_module", "mail_imap_module", "mail_smtp_module"]
nginx_source_modules_included is a dictionary (k,v) where k is the module name, and v its accompanying configure flag. All the possible options are given below:
nginx_source_modules_included:
http_stub_status_module: "--with-http_stub_status_module"
http_ssl_module: "--with-http_ssl_module"
http_gzip_static_module: "--with-http_gzip_static_module"
upload_progress_module: "--add-module=/tmp/nginx-upload-progress-module-{{nginx_upload_progress_version}}"
headers_more_module: "--add-module=/tmp/headers-more-nginx-module-{{nginx_headers_more_version}}"
http_auth_request_module: "--add-module=/tmp/ngx_http_auth_request_module-{{nginx_auth_request_release}}"
http_echo_module: "--add-module=/tmp/echo-nginx-module-{{nginx_echo_version}}"
google_perftools_module: "--with-google_perftools_module"
ipv6_module: "--with-ipv6"
http_real_ip_module: "--with-http_realip_module"
http_spdy_module: "--with-http_spdy_module"
http_perl_module: "--with-http_perl_module"
naxsi_module: "--add-module=/tmp/naxsi-{{nginx_naxsi_version}}/naxsi_src"
ngx_pagespeed: "--add-module=/tmp/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta"There is a possibility to configure a list of servers to be available (not yet enabled) as well. Just provide a list of dictionaries according to the following format:
nginx_sites:
- server:
name: foo
listen: 8080
server_name: localhost
location1:
name: "/"
try_files: "$uri $uri/ /index.html"
sendfile: "on"
- server:
name: bar
listen: 8888
server_name: webmail.localhost
location1:
name: /
try_files: "$uri $uri/ /index.html"
location2:
name: /images/
try_files: "$uri $uri/ /index.html"To enable or disable specific sites you can add prior used server_name attribute to the variables nginx_enabled_sites and nginx_disabled_sites.
nginx_enabled_sites:
- localhostnginx_disabled_sites:
- webmail.localhostYou can put Nginx under monit monitoring protection, by setting monit_protection: yes
- 'nginx_gzip' - whether to use gzip, can be "on" or "off"
- 'nginx_gzip_http_version'
- 'nginx_gzip_comp_level'
- 'nginx_gzip_proxied'
- 'nginx_gzip_vary'
- 'nginx_gzip_buffers'
- 'nginx_gzip_min_length'
- 'nginx_gzip_types'
- 'nginx_gzip_disable'
nginx_remote_ip_varnginx_authorized_ips
nginx_gzip_static- whether to use gzip_static, can be on or off
nginx_upload_progress_version- version of the upload_progress modulenginx_upload_progress_javascript_output- sets output in javascript. The default is true for backwards compatibilitynginx_upload_progress_zone_name- assigns one name which will be used to store the per-connection tracking information. The default is proxiednginx_upload_progress_zone_size- assigns the zone size in bytes. Default is 1m (1 megabyte)
nginx_headers_more_version- version of the headers_more module
nginx_auth_request_release- the release number of the http_auth_request module
nginx_echo_version- version of the http_echo module
nginx_realip_header- Sets the header to use for the RealIp Module; only accepts "X-Forwarded-For" or "X-Real-IP"nginx_realip_addresses- Sets the addresses to use for the http_realip configurationnginx_realip_real_ip_recursive- If recursive search is enabled, the original client address that matches one of the trusted addresses is replaced by the last non-trusted address sent in the request header field. Can be on "on" or "off". The default is "off"
nginx_naxsi_version- version of the naxsi module
To the contributors:
This project comes with a VagrantFile, this is a fast and easy way to test changes to the role, fire it up with vagrant up
See vagrant docs for getting setup with vagrant
Licensed under the MIT License. See the LICENSE file for details.
Are welcome!