diff options
Diffstat (limited to 'nginx')
| -rw-r--r-- | nginx/defaults/main.yaml | 7 | ||||
| -rw-r--r-- | nginx/files/nginx.conf | 91 | ||||
| -rw-r--r-- | nginx/handlers/main.yaml | 5 | ||||
| -rw-r--r-- | nginx/tasks/main.yaml | 44 |
4 files changed, 147 insertions, 0 deletions
diff --git a/nginx/defaults/main.yaml b/nginx/defaults/main.yaml new file mode 100644 index 0000000..0fc22d0 --- /dev/null +++ b/nginx/defaults/main.yaml @@ -0,0 +1,7 @@ +--- + +nginx_conf_src: "files/{{nginx_server_name}}/nginx.conf.j2" +nginx_root_src: "files/{{nginx_server_name}}/root/" +nginx_root_dest: "/var/www/{{nginx_server_name}}" +nginx_server_type: "site" +nginx_root: false diff --git a/nginx/files/nginx.conf b/nginx/files/nginx.conf new file mode 100644 index 0000000..2f7cb0a --- /dev/null +++ b/nginx/files/nginx.conf @@ -0,0 +1,91 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + ## + # Gzip Settings + ## + + gzip on; + + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + +stream { + ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + include /etc/nginx/streams-enabled/*; +} + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/nginx/handlers/main.yaml b/nginx/handlers/main.yaml new file mode 100644 index 0000000..1feca07 --- /dev/null +++ b/nginx/handlers/main.yaml @@ -0,0 +1,5 @@ +--- + +- name: restart nginx + become: yes + systemd: name="nginx" state="restarted" daemon_reload="yes" diff --git a/nginx/tasks/main.yaml b/nginx/tasks/main.yaml new file mode 100644 index 0000000..846650d --- /dev/null +++ b/nginx/tasks/main.yaml @@ -0,0 +1,44 @@ +--- + +- name: apt install nginx + become: yes + apt: name="nginx" + +- name: disable default site + become: yes + file: path="/etc/nginx/sites-enabled/default" state="absent" + +- name: install base config + become: yes + copy: src="nginx.conf" dest="/etc/nginx/nginx.conf" + notify: restart nginx + +- name: make stream dirs + become: yes + file: path="/etc/nginx/streams-{{item}}" state="directory" + loop: ["available", "enabled"] + +- name: make config available + become: yes + template: + src: "{{nginx_conf_src}}" + dest: "/etc/nginx/{{nginx_server_type}}s-available/{{nginx_server_name}}.conf" + notify: restart nginx + +- name: enable config + become: yes + file: + src: "/etc/nginx/{{nginx_server_type}}s-available/{{nginx_server_name}}.conf" + dest: "/etc/nginx/{{nginx_server_type}}s-enabled/{{nginx_server_name}}.conf" + state: "link" + notify: restart nginx + +- name: copy root files + become: yes + copy: src="{{nginx_root_src}}" dest="{{nginx_root_dest}}/" + when: nginx_root + notify: restart nginx + +- name: enable nginx service + become: yes + systemd: name="nginx" enabled="yes" state="started" |