Skip to content
Snippets Groups Projects
Select Git revision
  • 8fd7a20a7c79a92cc6f406f6c0b58e5af88b45a6
  • master default protected
  • feature/ratelimit
3 results

nginx

nd's avatar
fix logrotate
nd authored
8fd7a20a
History
nd's avatar 8fd7a20a
History
Name Last commit Last update
defaults
files
filter_plugins
handlers
tasks
templates
vars
.gitignore
README.md
README.md

Nginx

Supported

Only Nginx 1.10.3 and Debian Stretch.

Other versions might work but are not tested.

Parameters and defaults

All configuration is to be placed inside the nginx dict.

#  array of DNS resolvers
resolver:
  - 8.8.8.8
  - 8.8.4.4

# name: *upstreamconfig*, see below for definition
upstreams: {}

# name: *vhostconfig*, see below for definition
vhosts: {}

# name: *mapsconfig*, see below for definition
maps: {}

# force all traffic on ssl, except letsencrypt challenges
force_ssl: True

# generate a self signed certificate as default ssl cert
snakeoil_default: False

# install php-fpm, setup a php-handler upstream and copy a php location snippet to include in configs
# either "False", "True" or a dict *phpconfig*, see below for definition
php: False

# dict of ips to accept "X-Forwarded-~" from
real_ip_from: {"127.0.0.1": {}, "::1": {}}

# array of headers to add on *all* vhosts
add_headers: []

upstreamconfig:

# array of upstream servers
server: 
  -
    # can be "unix:/path/to/socket" or "foo.bar" or "foo.bar:443"
    address: *mandatory*

    # monitor dns for changes
    resolve: true

vhosts:

# array of server names, example: foo.bar
servername: []

# set this server as default
default_server: False

listen:
	ssl: True
	ssl_port: 443
	nossl: False
	nossl_port: 80
	v4: True
	v4_ip:
	  - 0.0.0.0
	v6: True
	v6_ip:
	  - '[::]'

# example: "https://upstream". If set to None no reverse proxy will be set up.
backend: None

# sets ssl certs to letsencrypt paths and enable letsencrypt for this vhost
letsencrypt: False

# Array of custom config strings to add to the vhost config, the ";" is added after every entry
custom: []

# array of locations, see below
locations: [*locationconfig*, .. ]

# array of files to include at the server level
includes: []

# configure authentication, disabled by default. See *authconfig* below for definition
auth: *authconfig*

# array of headers to add on this vhost
add_headers: []

# SSL key, mutally exclusive with letsencrypt option
key: ~

# SSL certificat, mutally exclusive with letsencrypt option
crt: ~

locationconfig:

# a match definition, for example "/", see nginx docu: https://nginx.org/en/docs/http/ngx_http_core_module.html#location
match: ''

# an absolut unix path, only set if not none
alias: None

# Array of custom config strings to add to the vhost config, the ";" is added after every entry
custom: []

authconfig

# Boolean: enable authentication
enabled: False

# Path to a htpasswd file
path :''

# can be 'all' or 'any'
satisfy: 'all

# example: "https://upstream". If set to None no reverse proxy will be set up.
backend: None

mapsconfig:

See https://nginx.org/en/docs/http/ngx_http_map_module.html#map

# source variable name
source: ''

# destination variable name
destination: ''

# 'key: value' dict of values to map
data: {}

phpconfig:

ini:
	post_max_size: 64M
	upload_max_filesize: 64M

Impressum - Datenschutzerklärung