ansible-roles/nginx/defaults/main.yml

165 lines
5.7 KiB
YAML
Raw Normal View History

---
nginx_enabled: True
nginx_use_ppa: False
nginx_ppa_repo: ppa:nginx/stable
nginx_package_state: installed
#nginx_virthosts: []
nginx_snippets_dir: /etc/nginx/snippets
nginx_conf_snippets:
- nginx-compression.conf
- nginx-websockets.conf
- nginx-browser-cache.conf
- letsencrypt-proxy.conf
- nginx-proxy-params.conf
- nginx-server-ssl.conf
- nginx-cors.conf
nginx_old_snippets:
- compression.conf
nginx_workers: 4
nginx_worker_connections: 1024
nginx_multi_accept: 'off'
nginx_worker_rlimit_nofile: 2048
nginx_server_tokens: 'off'
nginx_large_client_header_buffers: 4 8k
nginx_enable_compression: True
nginx_gzip_vary: "on"
nginx_gzip_proxied: any
nginx_gzip_comp_level: 6
nginx_gzip_buffers: 16 8k
nginx_gzip_http_version: 1.1
nginx_gzip_types: "text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript"
nginx_enable_browser_cache: True
nginx_cache_control: public
nginx_html_cache_expire: -1
nginx_feed_cache_expire_enabled: False
nginx_feed_cache_expire: 1h
nginx_media_cache_expire: 1M
nginx_css_js_cache_expire: -1
nginx_reverse_proxy: False
nginx_define_x_real_ip: False
nginx_proxy_buffering: "on"
nginx_proxy_redirect: "off"
nginx_proxy_buffer_size: 128k
nginx_proxy_buffers: '4 {{ nginx_proxy_buffer_size }}'
nginx_proxy_busy_buffers_size: 256k
nginx_proxy_connect_timeout: 30s
nginx_proxy_read_timeout: 480s
nginx_proxy_send_timeout: 120s
nginx_proxy_temp_file_write_size: '{{ nginx_proxy_buffer_size }}'
nginx_client_max_body_size: 100M
nginx_client_body_timeout: 240s
nginx_cors_limit_origin: False
nginx_cors_acl_origin: 'http?://(localhost)'
# Find a set of acceptable defaults for the cache setup
nginx_cache_enabled: False
nginx_use_ldap_pam_auth: False
nginx_pam_svc_name: nginx
nginx_ldap_uri: "ldap://ldap.example.org"
nginx_ldap_base_dn: "dc=example,dc=org"
nginx_basic_auth: False
nginx_basic_auth_users:
- { name: 'test', pwd: 'hide inside a vault file', file: '/etc/nginx/htpasswd' }
# nginx_ldap_login_attribute: uid
# nginx_ldap_pam_groupdn:
nginx_letsencrypt_managed: True
nginx_websockets_support: False
nginx_use_common_virthost: False
# When we do not use letsencrypt:
# nginx_ssl_cert_file: '{{ pki_dir }}/certs/nginx.crt'
# nginx_ssl_cert_key: '{{ pki_dir }}/keys/nginx.key'
# Virtualhost example
# nginx_virthosts:
# - virthost_name: '{{ ansible_fqdn }}'
# listen: '{{ http_port }}'
# server_name: '{{ ansible_fqdn }}'
# server_aliases: ''
# index: index.html
# error_page: /path_to_error_page.html
# ssl_enabled: False
# ssl_only: False
# ssl_letsencrypt_certs: '{{ nginx_letsencrypt_managed }}'
# root: /usr/share/nginx/html/
# server_tokens: 'off'
# proxy_standard_setup: True
# proxy_additional_options:
# - 'proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache:30m max_size=250m;'
# proxies:
# - location: /
# target: http://localhost:{{ local_http_port }};
#
# extra_parameters: |
# location ~ \.php$ {
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass unix:/var/run/php5-fpm.sock;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# include fastcgi_params;
# }
# TODO: ckan, ssl with 80 -> 443 redirection, ssl only (no listening on 80).
# If nginx via ppa, proxy_protocol e http/2 too
# php, rewrite rules, acls, ldap auth
# More robust rules
# log format personalization (global, inside conf.d)
# CORS
#
# Special cases: mediawiki,...
#
# CORS example 1
# set $cors '';
# if ($http_origin ~* 'https?://(localhost|*\.example\.org)') {
# set $cors 'true';
# }
# if ($cors = 'true') {
# add_header 'Access-Control-Allow-Origin' "$http_origin";
# add_header 'Access-Control-Allow-Credentials' 'true';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, OPTIONS';
# add_header 'Access-Control-Allow-Headers' 'Accept,Authorization,Cache-Control,Content-Type,DNT,If-Modified-Since,Keep-Alive,Origin,User-Agent,X-Mx-ReqToken,X-Requested-With';
# }
# if ($request_method = 'OPTIONS') {
# return 204;
# }
# CORS example 2
# location / {
# if ($request_method = 'OPTIONS') {
# add_header 'Access-Control-Allow-Origin' '*';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# #
# # Custom headers and headers various browsers *should* be OK with but aren't
# #
# add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
# #
# # Tell client that this pre-flight info is valid for 20 days
# #
# add_header 'Access-Control-Max-Age' 1728000;
# add_header 'Content-Type' 'text/plain charset=UTF-8';
# add_header 'Content-Length' 0;
# return 204;
# }
# if ($request_method = 'POST') {
# add_header 'Access-Control-Allow-Origin' '*';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
# }
# if ($request_method = 'GET') {
# add_header 'Access-Control-Allow-Origin' '*';
# add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
# }