Ansible Role: Nginx Proxy
Modular Ansible Role for deploying and configuring Nginx as a reverse-proxy
This Ansible role supports the two latest stable releases of specific
server-focused Linux distributions and aims to follow their deprecation
policies. Additionally we will focus on supporting the latest two stable
releases of each, which at the time of writing are as follows:
CentOS 7.x
Debian 11 or later
Ubuntu 20.04 LTS or later
AlmaLinux 8.x or later
RockyLinux 8.x or later
community.general
ansible.posix
Available variables are listed below with their default values (you can also see defaults/main.yml
)
Variable
Description
nginx_daemon
Default: nginx
nginx_group
Default: nobody
nginx_name
Default: nginx
nginx_user
Default: nginx
nginx_packages
Default: [nginx]
nginx_pid
Default: /var/run/nginx.pid
nginx_mime_includes
Default: /etc/nginx/mime.types
nginx_module_includes
Default: /usr/share/nginx/modules/*.conf
nginx_proxy_includes
Default: /etc/nginx/proxy.conf
nginx_site_includes
Default: /etc/nginx/conf.d/*.conf
nginx_trusted_proxies_includes
Default: /etc/nginx/trusted_proxies.conf
Variable
Description
nginx_client_body_buffer_size
Default 1m
nginx_client_header_buffer_size
Default 2k
nginx_client_max_body_size
Default 512m
Variable
Description
nginx_cache_convert_head:
Default: true
nginx_cache_honor_cc:
Default: false
nginx_cache_honor_cookies:
Default: true
nginx_cache_honor_expires:
Default: false
nginx_cache_inactive
Default: 1h
nginx_cache_name
Default: sitecache
nginx_cache_time_404
Default: 10
nginx_cache_time_default
Default: 5
nginx_etag
Default: true
nginx_open_file_cache_errors
Default: false
nginx_open_file_cache_inactive
Default: 8m
nginx_open_file_cache_max
Default: 16536
nginx_open_file_cache_min_uses
Default: 1
nginx_open_file_cache_valid
Default: 5m
nginx_ssi
Default: false
Variable
Description
nginx_gzip_enabled
Default: true
nginx_gzip_comp_level
Default: 9
nginx_gzip_min_length
Default: 256
Variable
Description
nginx_hsts_enable
Default: false
nginx_http2_enable
Default: true
nginx_keepalive_requests
Default: 100
nginx_keepalive_timeout
Default: 30
nginx_multi_accept
Default: true
nginx_reset_timedout_connection
Default: true
nginx_sendfile
Default: true
nginx_tcp_nodelay
Default: false
nginx_tcp_nopush
Default: true
Variable
Description
nginx_access_log
Default: /var/log/nginx/access.log
nginx_error_log
Default: /var/log/nginx/error.log
nginx_log_format_main
Default: $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"
Variable
Description
nginx_proxy_buffers
Default: [4, 32k]
nginx_proxy_buffer_size
Default: 32k
nginx_proxy_busy_buffers_size
Default: 64k
nginx_proxy_cache_key
Default: "$scheme$request_method$host$request_uri"
nginx_proxy_connect_timeout
Default: 90
nginx_proxy_hide_header
Default: ["Upgrade"]
nginx_proxy_read_timeout
Default: 90
nginx_proxy_redirect
Default: false
nginx_proxy_send_timeout
Default: 90
Variable
Description
nginx_ratelimit
Default: 8
nginx_ratelimit_burst
Default: 8
nginx_ratelimit_nodelay
Default: true
nginx_ratelimit_zone
Default: rlzone
nginx_ratelimit_paths
Default: [".*login\\.php", ".*xmlrpc\\.php", ".*wp-cron\\.php"]
Variable
Description
nginx_ssl_enable
Default: true
nginx_ssl_ciphers
Default: ["EECDH+AESGCM", "EDH+AESGCM", "AES256+EECDH", "AES256+EDH", "ECDHE-RSA-AES128-GCM-SHA256", "ECDHE-ECDSA-AES128-GCM-SHA256"]
nginx_ssl_protocols
Default: ["TLSv1.2", "TLSv1.3"]
nginx_ssl_session_cache
Default: "shared:SSL:32m"
Variable
Description
nginx_static_content_accel
Default: true
nginx_static_content_paths
Default: []
Variable
Description
nginx_worker_connections
Default: 4096
nginx_worker_processes
Default: auto
nginx_worker_rlimit_nofile
Default: 8192
nginx_worker_shutdown_timeout
Default: 4
Variable
Description
selinux_enabled
Default: false
- hosts : www
roles :
- role : inmotionhosting.nginx_proxy
GPLv3
InMotion Hosting