91 lines
3.1 KiB
YAML
91 lines
3.1 KiB
YAML
|
---
|
||
|
- name: Configure nginx
|
||
|
ansible.builtin.import_role:
|
||
|
name: nginx_core.nginx_config
|
||
|
vars:
|
||
|
# overriding any numeric values in the main nginx config requires replacing the entire dictionary
|
||
|
# See: https://github.com/nginxinc/ansible-role-nginx-config/issues/352
|
||
|
nginx_config_main_template_enable: true
|
||
|
nginx_config_main_template:
|
||
|
template_file: nginx.conf.j2
|
||
|
deployment_location: /etc/nginx/nginx.conf
|
||
|
backup: false
|
||
|
config: # https://nginx.org/en/docs/ngx_core_module.html
|
||
|
main:
|
||
|
user:
|
||
|
username: nginx
|
||
|
group: nginx
|
||
|
worker_processes: auto
|
||
|
error_log:
|
||
|
file: /var/log/nginx/error.log
|
||
|
level: notice
|
||
|
#pid: /var/run/nginx.pid
|
||
|
|
||
|
# worker_rlimit_nofile changes the limit on the maximum number of open files (RLIMIT_NOFILE) for worker processes.
|
||
|
# Used to increase the limit without restarting the main process.
|
||
|
# The recommended value seems to be worker_connections * 2
|
||
|
worker_rlimit_nofile: 12288
|
||
|
|
||
|
events:
|
||
|
worker_connections: 4096
|
||
|
|
||
|
http: # https://nginx.org/en/docs/http/ngx_http_core_module.html
|
||
|
default_type: application/octet-stream
|
||
|
sendfile: true
|
||
|
server_tokens: false
|
||
|
tcp_nodelay: true
|
||
|
tcp_nopush: true
|
||
|
include:
|
||
|
- /etc/nginx/mime.types
|
||
|
- /etc/nginx/http.conf
|
||
|
- /etc/nginx/conf.d/*.conf
|
||
|
|
||
|
nginx_config_http_template_enable: true
|
||
|
nginx_config_http_template:
|
||
|
- template_file: http/default.conf.j2
|
||
|
deployment_location: /etc/nginx/http.conf
|
||
|
backup: false
|
||
|
config:
|
||
|
core:
|
||
|
default_type: application/octet-stream
|
||
|
sendfile: true
|
||
|
server_tokens: false
|
||
|
tcp_nodelay: true
|
||
|
tcp_nopush: true
|
||
|
resolver: # required for oscp stapling
|
||
|
address:
|
||
|
- '1.1.1.1'
|
||
|
- '8.8.8.8'
|
||
|
resolver_timeout: 10s
|
||
|
log:
|
||
|
format:
|
||
|
- name: main
|
||
|
format: |
|
||
|
'$remote_addr - $remote_user [$time_local] "$request" '
|
||
|
'$status $body_bytes_sent "$http_referer" '
|
||
|
'"$http_user_agent" "$http_x_forwarded_for" "$realip_remote_addr"'
|
||
|
gzip: # https://nginx.org/en/docs/http/ngx_http_gzip_module.html
|
||
|
enable: true
|
||
|
comp_level: 9
|
||
|
min_length: 100
|
||
|
proxied: any
|
||
|
types:
|
||
|
- application/json
|
||
|
- text/plain
|
||
|
- text/css
|
||
|
vary: true
|
||
|
|
||
|
- template_file: http/default.conf.j2
|
||
|
deployment_location: "/etc/nginx/conf.d/mappings.conf"
|
||
|
backup: false
|
||
|
config:
|
||
|
map:
|
||
|
mappings: # https://nginx.org/en/docs/http/websocket.html
|
||
|
- string: $http_upgrade
|
||
|
variable: $connection_upgrade
|
||
|
content:
|
||
|
- value: default
|
||
|
new_value: upgrade
|
||
|
- value: "''"
|
||
|
new_value: close
|