Disroot-Ansible
/
nginx
11
1
Fork 0
Code Pull Requests 4 Projects Releases Activity
76 Commits 11 Branches 0 Tags 612 KiB
Jinja 100%
Go to file
muppeth fb2dde1d7d
cleaned up and streamlined the wildcard cert creation process 		2023-12-29 18:26:59 +01:00
defaults Disable Tor Default (#42) 2023-01-17 21:05:20 +00:00
handlers tor (#38) 2023-01-17 14:25:11 +00:00
tasks cleaned up and streamlined the wildcard cert creation process 2023-12-29 18:26:59 +01:00
templates/etc cleaned up and streamlined the wildcard cert creation process 2023-12-29 18:26:59 +01:00
LICENSE Migration commit; fresh start 2021-03-14 11:20:09 +01:00
README.MD cleaned up and streamlined the wildcard cert creation process 2023-12-29 18:26:59 +01:00

README.MD

Nginx role

This role, installs nginx webserver and manages all vhosts. The role is released under MIT Licence and we give no warranty for this piece of software. Currently supported OS - Debian.

Apart from installing and configuring nginx, you can also make use of bundeled vhost templates for many FLOSS services which helps out setup your server. Check templates/etc/nginx/sites-available for more details. Multiple Vhosts can be deployed and make use of templates. By default role does not deploy any Vhost. Example vhosts:

nginx_vhosts:
  - name: 'devchat'
    template: 'conversejs'
    proto: 'http'
    listen: '80'
    root: 'conversejs'
    index: 'index.php'
    use_access_log: 'true'
    use_error_log: 'true'
    nginx_error_log_level: 'warn'
    http_upload_url: 'https://example.org'
    bosh_url: 'https://example.org'
    headers: 'none'
    state: 'enable'
    letsencrypt: 'false'
  - name: 'framadate'
    template: 'framadate'
    proto: 'http'
    listen: '80'
    root: 'framadate/{{ framadate_version }}/framadate'
    index: 'index.php'
    use_access_log: 'true'
    use_error_log: 'true'
    nginx_error_log_level: 'warn'
    upstream_params:
      - 'fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;'
      - 'fastcgi_index index.php;'
      - 'include /etc/nginx/fastcgi_params;'
      - 'fastcgi_pass unix:{{ pool_listen }};'
    state: 'enable'
    letsencrypt: 'false'
  
  # Selfsigned cert example:
   - name: 'privatebin.example.com'
     template: 'privatebin'
     proto: 'https'
     listen: '443'
     root: 'privatebin'
     index: 'index.php'
     ssl_name: 'bin.example.com'
     selfsigned: 'true'
     use_access_log: 'false'
     use_error_log: 'true'
     nginx_error_log_level: 'warn'
     upstream_params:
       - 'fastcgi_pass unix:{{ pool_listen }};'
       - 'fastcgi_index index.php;'
       - 'fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;'
     header_xframe: 'none'
     header_cto: 'none'
     file_cache:
       - cache: 'max=1000 inactive=20s'
         valid: '30s'
         min_users: '2'
         cache_errors: 'on'
     state: 'enable'
     letsencrypt: 'false'

  # Selfsigned wildcard cert example:
   - name: 'privatebin.example.com'
     template: 'privatebin'
     proto: 'https'
     listen: '443'
     root: 'privatebin'
     index: 'index.php'
     wildcard: 'true' #enable wildcard
     ssl_name: 'wildcard.example.com' #specify direcotry name for wildcard cert
     domain_name: 'example.com' #domain name to create the cert for: *.example.com
     selfsigned: 'true'
     use_access_log: 'false'
     use_error_log: 'true'
     nginx_error_log_level: 'warn'
     upstream_params:
       - 'fastcgi_pass unix:{{ pool_listen }};'
       - 'fastcgi_index index.php;'
       - 'fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;'
     header_xframe: 'none'
     header_cto: 'none'
     file_cache:
       - cache: 'max=1000 inactive=20s'
         valid: '30s'
         min_users: '2'
         cache_errors: 'on'
     state: 'enable'
     letsencrypt: 'false'