roles/nginx: Add role for nginx

This role installs nginx and provides a base/skeleton configuration suitable for most deployments.
2020-03-14 16:04:50 -05:00
parent 1fcfc80254
commit 5de8f3e612
8 changed files with 203 additions and 0 deletions
--- a/roles/nginx/templates/nginx.conf.j2
+++ b/roles/nginx/templates/nginx.conf.j2
@@ -0,0 +1,98 @@
+# For more information on configuration, see:
+#   * Official English Documentation: http://nginx.org/en/docs/
+#   * Official Russian Documentation: http://nginx.org/ru/docs/
+
+user nginx;
+worker_processes auto;
+error_log /var/log/nginx/error.log;
+{% if nginx_log_syslog|bool %}
+error_log syslog:server=unix:/dev/log,facility=daemon,nohostname;
+{% endif %}
+pid /run/nginx.pid;
+
+# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
+include /usr/share/nginx/modules/*.conf;
+
+events {
+    worker_connections 1024;
+}
+
+http {
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+{% if nginx_log_syslog|bool %}
+    access_log  syslog:server=unix:/dev/log,facility=daemon,nohostname main;
+{% endif %}
+
+    sendfile            on;
+    tcp_nopush          on;
+    tcp_nodelay         on;
+    keepalive_timeout   65;
+    types_hash_max_size 2048;
+
+    include             /etc/nginx/mime.types;
+    default_type        application/octet-stream;
+
+    # Load modular configuration files from the /etc/nginx/conf.d directory.
+    # See http://nginx.org/en/docs/ngx_core_module.html#include
+    # for more information.
+    include /etc/nginx/conf.d/*.conf;
+
+    server {
+        listen       80 default_server;
+        listen       [::]:80 default_server;
+        server_name  _;
+        root         /usr/share/nginx/html;
+
+{% if nginx_redirect_http_https %}
+        return 301 https://$host$request_uri;
+{% else %}
+        # Load configuration files for the default server block.
+        include /etc/nginx/default.d/*.conf;
+{% endif %}
+
+        error_page 404 /404.html;
+            location = /40x.html {
+        }
+
+        error_page 500 502 503 504 /50x.html;
+            location = /50x.html {
+        }
+    }
+{% if not nginx_disable_tls|d %}
+
+# Settings for a TLS enabled server.
+
+    server {
+        listen       443 ssl http2 default_server;
+        listen       [::]:443 ssl http2 default_server;
+        server_name  _;
+        root         /usr/share/nginx/html;
+
+        ssl_certificate "{{ nginx_ssl_certificate }}";
+        ssl_certificate_key "{{ nginx_ssl_certificate_key }}";
+{% if nginx_ssl_ca_certificate is defined %}
+        ssl_client_certificate "{{ nginx_ssl_ca_certificate }}";
+{% endif %}
+        ssl_session_cache {{ nginx_ssl_session_cache }};
+        ssl_session_timeout  {{ nginx_ssl_session_timeout }};
+        ssl_ciphers {{ nginx_ssl_ciphers|join(':') }};
+        ssl_prefer_server_ciphers on;
+
+        # Load configuration files for the default server block.
+        include /etc/nginx/default.d/*.conf;
+
+        error_page 404 /404.html;
+            location = /40x.html {
+        }
+
+        error_page 500 502 503 504 /50x.html;
+            location = /50x.html {
+        }
+    }
+{% endif %}
+
+}