A role to install nginx, including sensibly secure configuration according to latest Mozilla guidelines, and an UFW rule. Works with Debian, Ubuntu, and Arch Linux.
mozilla_configuration: modern|intermediate|old
(default:modern
). This is one of the three possible Mozilla recommendated SSL configuration levels, as can be seen here (including compatible systems): https://statics.tls.security.mozilla.org/server-side-tls-conf.jsonnginx_user: http
: This variable is OS specific and defined in vars/$os.ymlnginx_dhparams_path: /etc/ssl/nginx.dhparams
nginx_dhparams_size: 4096
nginx_hsts: false
: Set totrue
to enable HSTS.nginx_hsts_age: 15768000
: Set HSTS protection age in seconds.nginx_sites_path: /etc/nginx/sites
nginx_worker_processes: false
: Set totrue
to enable auto worker processes.nginx_global_custom
: A string to be included on the uppermost config level, next to thehttp
directive.nginx_acme_challenge: true
: Provide an acme challenge configuration, when nginx_base_conf in deployed.nginx_acme_challenge_path: /usr/share/nginx/letsencrypt
: Poing acme challenges here.nginx_acme_redirect: true
: Redirect to another server on incoming acme challenges. Mutually exclusive withnginx_acme_challenge
nginx_ufw_path: /etc/ufw/applications.d
: The ufw application config pathnginx_base_conf: true
: apply template/nginx-base.conf with redirect to https etc..
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: rixx.ansible-base, x: 42 }
BSD
rixx