bitcoiner.social/ansible/playbooks/host_tasks/gabite.bitcoiner.social/nginx_conf.yml

---
- name: Configure nginx
  ansible.builtin.import_role:
    name: nginx_core.nginx_config
  vars:
    # overriding any numeric values in the main nginx config requires replacing the entire dictionary
    # See: https://github.com/nginxinc/ansible-role-nginx-config/issues/352
    nginx_config_main_template_enable: true
    nginx_config_main_template:
      template_file: nginx.conf.j2
      deployment_location: /etc/nginx/nginx.conf
      backup: false
      config: # https://nginx.org/en/docs/ngx_core_module.html
        main:
          user:
            username: nginx
            group: nginx
          worker_processes: auto
          error_log:
            file: /var/log/nginx/error.log
            level: notice
          #pid: /var/run/nginx.pid

          # worker_rlimit_nofile changes the limit on the maximum number of open files (RLIMIT_NOFILE) for worker processes.
          # Used to increase the limit without restarting the main process.
          # The recommended value seems to be worker_connections * 2
          worker_rlimit_nofile: 12288

        events:
          worker_connections: 4096

        http: # https://nginx.org/en/docs/http/ngx_http_core_module.html
          default_type: application/octet-stream
          sendfile: true
          server_tokens: false
          tcp_nodelay: true
          tcp_nopush: true
          include:
            - /etc/nginx/mime.types
            - /etc/nginx/http.conf
            - /etc/nginx/conf.d/*.conf

    nginx_config_http_template_enable: true
    nginx_config_http_template:
      - template_file: http/default.conf.j2
        deployment_location: /etc/nginx/http.conf
        backup: false
        config:
          core:
            default_type: application/octet-stream
            sendfile: true
            server_tokens: false
            tcp_nodelay: true
            tcp_nopush: true
            resolver: # required for oscp stapling
              address: 
              - '1.1.1.1'
              - '8.8.8.8'
            resolver_timeout: 10s
          log:
            format:
              - name: main
                format: |
                  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"  "$realip_remote_addr"'
          gzip: # https://nginx.org/en/docs/http/ngx_http_gzip_module.html
            enable: true
            comp_level: 9
            min_length: 100
            proxied: any
            types:
              - application/json
              - text/plain
              - text/css 
            vary: true

      - template_file: http/default.conf.j2
        deployment_location: "/etc/nginx/conf.d/mappings.conf"
        backup: false
        config:
          map:
            mappings: # https://nginx.org/en/docs/http/websocket.html
              - string: $http_upgrade
                variable: $connection_upgrade
                content:
                  - value: default
                    new_value: upgrade
                  - value: "''"
                    new_value: close
Initialize newly refactored infra repo. 2024-06-15 17:09:21 +00:00			`---`
			`- name: Configure nginx`
			`ansible.builtin.import_role:`
			`name: nginx_core.nginx_config`
			`vars:`
			`# overriding any numeric values in the main nginx config requires replacing the entire dictionary`
			`# See: https://github.com/nginxinc/ansible-role-nginx-config/issues/352`
			`nginx_config_main_template_enable: true`
			`nginx_config_main_template:`
			`template_file: nginx.conf.j2`
			`deployment_location: /etc/nginx/nginx.conf`
			`backup: false`
			`config: # https://nginx.org/en/docs/ngx_core_module.html`
			`main:`
			`user:`
			`username: nginx`
			`group: nginx`
			`worker_processes: auto`
			`error_log:`
			`file: /var/log/nginx/error.log`
			`level: notice`
			`#pid: /var/run/nginx.pid`

			`# worker_rlimit_nofile changes the limit on the maximum number of open files (RLIMIT_NOFILE) for worker processes.`
			`# Used to increase the limit without restarting the main process.`
			`# The recommended value seems to be worker_connections * 2`
			`worker_rlimit_nofile: 12288`

			`events:`
			`worker_connections: 4096`

			`http: # https://nginx.org/en/docs/http/ngx_http_core_module.html`
			`default_type: application/octet-stream`
			`sendfile: true`
			`server_tokens: false`
			`tcp_nodelay: true`
			`tcp_nopush: true`
			`include:`
			`- /etc/nginx/mime.types`
			`- /etc/nginx/http.conf`
			`- /etc/nginx/conf.d/*.conf`

			`nginx_config_http_template_enable: true`
			`nginx_config_http_template:`
			`- template_file: http/default.conf.j2`
			`deployment_location: /etc/nginx/http.conf`
			`backup: false`
			`config:`
			`core:`
			`default_type: application/octet-stream`
			`sendfile: true`
			`server_tokens: false`
			`tcp_nodelay: true`
			`tcp_nopush: true`
			`resolver: # required for oscp stapling`
			`address:`
			`- '1.1.1.1'`
			`- '8.8.8.8'`
			`resolver_timeout: 10s`
			`log:`
			`format:`
			`- name: main`
			`format: \|`
			`'$remote_addr - $remote_user [$time_local] "$request" '`
			`'$status $body_bytes_sent "$http_referer" '`
			`'"$http_user_agent" "$http_x_forwarded_for" "$realip_remote_addr"'`
			`gzip: # https://nginx.org/en/docs/http/ngx_http_gzip_module.html`
			`enable: true`
			`comp_level: 9`
			`min_length: 100`
			`proxied: any`
			`types:`
			`- application/json`
			`- text/plain`
			`- text/css`
			`vary: true`

			`- template_file: http/default.conf.j2`
			`deployment_location: "/etc/nginx/conf.d/mappings.conf"`
			`backup: false`
			`config:`
			`map:`
			`mappings: # https://nginx.org/en/docs/http/websocket.html`
			`- string: $http_upgrade`
			`variable: $connection_upgrade`
			`content:`
			`- value: default`
			`new_value: upgrade`
			`- value: "''"`
			`new_value: close`