|
|
||
|---|---|---|
| defaults | ||
| files | ||
| handlers | ||
| meta | ||
| tasks | ||
| templates | ||
| tests | ||
| vars | ||
| README.md | ||
nginx
This role handles installing nginx, ssl termination and configuring the nginx proxy - all depending on what variables are provided.
Without any extra variables set, it only install nginx, deploys the config and creates directories
With server-specific nginx.ssl variables set, it will configure the local ssl termination - most backend services will have SSL termination handled via nginx, though some (most notably freeipa) require SSL termination to be handled directly by the service itself
With the nginx.proxy variable, it will set certbot http proxy/passthrough to backend servers and tcp stream proxy/passthrough for backend servers w/ the public flag set to true
Requirements
If ssl termination is being handled via nginx, the certbot role is encouraged in order to use a Let's Encrypt cert. Without the certbot role, a self-signed cert will be used instead
Role Variables
Any specific variables (i.e. nginx settings) should be defined from the playbook-builder. If the nginx.proxy is set, the certbot nginx.ssl and certbot vars for all servers will be passed to it in order to configure certbot passthrough and tcp stream passthrough. Note that only domains with nginx.ssl configured will be allowed to be publicly accessible. Authenticated access may be added in the future if/when I set up authelia or a similar service
Dependencies
certbot (optional)
Example Playbook Template
Playbook creation should be handled by playbook-builder
without nginx-proxy
role:nginx:v1.0:workload,nginx role:nginx:testing:workload,nginx
with nginx-proxy (for portal server)
role:nginx:v1.0:workload,nginx:nginx-proxy role:nginx:testing:workload,nginx:nginx-proxy
License
GPL
Author Information
Beth Parker, ejparker@atcur.com