{"id":21163494,"url":"https://github.com/punktde/ansible-proserver-nginx","last_synced_at":"2026-05-16T17:39:49.336Z","repository":{"id":42696002,"uuid":"114998375","full_name":"punktDe/ansible-proserver-nginx","owner":"punktDe","description":null,"archived":false,"fork":false,"pushed_at":"2025-01-28T15:35:16.000Z","size":144,"stargazers_count":0,"open_issues_count":2,"forks_count":1,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-01-28T16:32:56.316Z","etag":null,"topics":["ansible","nginx","proserver"],"latest_commit_sha":null,"homepage":"","language":"Jinja","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/punktDe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-12-21T11:26:25.000Z","updated_at":"2024-08-29T11:48:30.000Z","dependencies_parsed_at":"2023-11-30T11:28:01.148Z","dependency_job_id":"67503351-c3a0-4b27-b68f-cf2ff98f340f","html_url":"https://github.com/punktDe/ansible-proserver-nginx","commit_stats":null,"previous_names":[],"tags_count":12,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/punktDe%2Fansible-proserver-nginx","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/punktDe%2Fansible-proserver-nginx/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/punktDe%2Fansible-proserver-nginx/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/punktDe%2Fansible-proserver-nginx/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/punktDe","download_url":"https://codeload.github.com/punktDe/ansible-proserver-nginx/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243609191,"owners_count":20318749,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","nginx","proserver"],"created_at":"2024-11-20T13:48:04.712Z","updated_at":"2026-05-16T17:39:49.330Z","avatar_url":"https://github.com/punktDe.png","language":"Jinja","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003c!-- BEGIN_ANSIBLE_DOCS --\u003e\n\u003c!--\nDo not edit README.md directly!\n\nThis file is generated automatically by aar-doc and will be overwritten.\n\nPlease edit meta/argument_specs.yml instead.\n--\u003e\n# ansible-proserver-nginx\n\nNginx role for Proserver\n\n## Supported Operating Systems\n\n- Debian 12, 13\n- Ubuntu 26.04, 24.04, 22.04\n- FreeBSD [Proserver](https://infrastructure.punkt.de/de/produkte/proserver.html)\n\n## Role Arguments\n\n\n\nAn Ansible role that sets up the Nginx web server on a Proserver.\n\n[ansible-proserver-dehydrated](https://github.com/punktDe/ansible-proserver-dehydrated) is required to manage HTTPS certificates.\n\n#### Options for `nginx`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `package` | By default the package 'nginx' will be installed. If you require the smaller version 'nginx-light' you can overwrite the default package name. | str | no | nginx |\n| `user` | The user nginx runs as. Defaults to 'www-data' on Linux and 'www' on others. | str | no |  |\n| `worker_processes` | The number of Nginx worker processes to be spawned. | int | no | 8 |\n| `worker_rlimit_nofile` | Changes the limit on the maximum number of open files (RLIMIT_NOFILE) for worker processes. | int | no |  |\n| `prefix` | Paths for configuration and logs. | dict of 'prefix' options | no |  |\n| `nameservers` | Specifies the resolvers that Nginx will use. Defaults to Cloudflare's IPv6 public DNS. | list of 'str' | no | ['[2606:4700:4700::1111]:53', '[2606:4700:4700::1001]:53'] |\n| `nameservers_valid` | Time for which the resolver results are valid. | str | no | 300s |\n| `nameservers_ipv6` | Enables or disables looking up of IPv6 addresses for resolved names. | str | no | on |\n| `server_names_hash_max_size` | Specifies the max size for the server names hash. Adjusting this may be useful if you use multiple long domain names. | int | no |  |\n| `server_names_hash_bucket_size` | Specifies the bucket size for the server names hash. Start with a value of 64 and try increasing by a power of 2 (128, 256...) if you see '[emerg] could not build the server_names_hash'. | int | no |  |\n| `dhparam_bits` | Specifies the size of [Diffie-Hellman](https://wiki.openssl.org/index.php/Diffie-Hellman_parameters) parameters to be used. The default size is set to 4096, but you can change it to 2048 if needed. | int | no | 4096 |\n| `proxy_ssl_trusted_certificate` | Specifies the CA certificates that will be used to verify upstream TLS. Defaults to system CA bundle. | path | no |  |\n| `security_headers` | Define or override security headers. These are merged with `nginx_security_headers_default` and written to `{{ nginx.prefix.config }}/include/security_headers.conf`. Structure: `- header: 'Name', value: 'Val', always: yes` | list of 'dict' | no | [] |\n| `hsts` | Gives you control over the HSTS policy. | dict of 'hsts' options | no |  |\n| `default_server` | If true, configures a default server block. | bool | no | True |\n| `client_max_body_size` | Sets the maximum allowed size of the client request body. | str | no | 100M |\n| `redirects` | Specify HTTP/HTTPS redirects. Format: `http://example.com: https://www.example.com` Can be used interchangeably with `moved_permanently`. | dict | no |  |\n| `moved_permanently` | Specify redirects with optional status codes. Format: `http://example.com: { url: https://..., code: 307 }` | dict | no |  |\n| `real_ip_header` | The header that carries the origin IP address (useful behind proxies like Cloudflare). | str | no | X-Real-IP |\n| `set_real_ip_from` | Dictionary of trusted proxy IP addresses to replace with original visitor IPs. Values are flattened. | dict | no |  |\n| `proxy` | Proxy settings. | dict of 'proxy' options | no |  |\n| `log_format` | Choose between `main` and `json` log format. | str | no | main |\n| `log_formats` | Control information written to logs. Keys are format names. Values can have `fields` (for JSON) or `value` (for raw string). | dict | no |  |\n| `modsecurity` | Configuration for [ModSecurity v3](https://github.com/SpiderLabs/ModSecurity). Disabled by default. Activate by setting `enabled: true`. recommended to start with `dry_run: true`. | dict of 'modsecurity' options | no |  |\n| `security_txt` | Adds [RFC9116](https://www.rfc-editor.org/info/rfc9116) compliance. If `Contact` is set, creates a compliant endpoint at `/.well-known/security.txt`. | dict of 'security_txt' options | no |  |\n| `dynamic_modules_path` | Path to the modules folder. | path | no |  |\n| `dynamic_modules` | Specifies which modules to load. Example: `ngx_stream_module.so: no` | dict | no |  |\n| `htpasswd` | Specify basic auth credentials. Format: `filename: { user: password }`. Provisioned to `{{ nginx.prefix.config }}/include`. | dict | no |  |\n| `stub_status_port` | If set, serves a stub_status page on this port. | int | no |  |\n| `mimetypes` | Override or add new mimetypes. Format: `type-name: { key: 'application/x-type', value: ['ext1'] }` | dict | no |  |\n| `ansible_info` | Expose inventory hostname and other info via JSON. | dict of 'ansible_info' options | no |  |\n\n#### Options for `nginx.prefix`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `config` | The configuration directory for Nginx. Defaults to `/etc/nginx` for Linux and `/usr/local/etc/nginx` for FreeBSD. | path | no |  |\n| `log` | The directory for Nginx logs | path | no | /var/log/nginx |\n| `modsecurity` | ModSecurity paths | dict of 'modsecurity' options | no |  |\n\n#### Options for `nginx.prefix.modsecurity`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `config` |  | path | no | /usr/local/etc/modsecurity |\n| `log` |  | path | no | /var/log/modsecurity |\n\n#### Options for `nginx.hsts`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `max_age` |  | int | no | 31536000 |\n| `include_subdomains` |  | bool | no | False |\n| `preload` |  | bool | no | False |\n\n#### Options for `nginx.proxy`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `hide_headers` | List of headers to hide from the upstream response. | list of 'str' | no |  |\n\n#### Options for `nginx.modsecurity`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `enabled` | Activate ModSecurity. | bool | no | False |\n| `dry_run` | If true, sets SecRuleEngine to 'DetectionOnly'. If false, set to 'On' (blocking). | bool | no | True |\n| `owasp_crs` | OWASP Core Rule Set configuration. | dict of 'owasp_crs' options | no |  |\n| `config` | Key-value pairs for `modsecurity.conf`. mostly follows SpiderLabs' recommended settings. | dict | no |  |\n| `actions` | Define custom ModSecurity actions. | dict | no |  |\n| `rules` | Define ModSecurity rules to be written to `modsecurity.conf`. | dict | no |  |\n\n#### Options for `nginx.modsecurity.owasp_crs`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `enabled` |  | bool | no | True |\n| `version` |  | str | no | 3.3.5 |\n\n#### Options for `nginx.security_txt`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `Contact` | Contact information (email, url, etc). | str | no |  |\n| `Expires` | Expiration date (defaults to 5 years from now). | str | no |  |\n| `Encryption` |  | str | no |  |\n| `Acknowledgments` |  | str | no |  |\n| `Preferred_Languages` |  | str | no | en |\n| `Canonical` |  | str | no |  |\n| `Policy` |  | str | no |  |\n| `Hiring` |  | str | no |  |\n| `CSAF` |  | str | no |  |\n\n#### Options for `nginx.ansible_info`\n\n|Option|Description|Type|Required|Default|\n|---|---|---|---|---|\n| `server_name` | Domain name to serve the info on. | str | no |  |\n| `private_api` | Location path to expose extended info (groups, endpoints). | str | no |  |\n\n#### Choices for main \u003e nginx \u003e dhparam_bits\n\n|Choice|\n|---|\n| 2048 |\n| 4096 |\n\n#### Choices for main \u003e nginx \u003e log_format\n\n|Choice|\n|---|\n| main |\n| json |\n\n## Dependencies\n- dehydrated\n\n## Installation\nAdd this role to the requirements.yml of your playbook as follows:\n```yaml\nroles:\n  - name: ansible-proserver-nginx\n    src: https://github.com/punktDe/ansible-proserver-nginx\n```\n\nAfterwards, install the role by running `ansible-galaxy install -r requirements.yml`\n\n## Example Playbook\n\n```yaml\n- hosts: all\n  roles:\n    - name: nginx\n```\n\n\u003c!-- END_ANSIBLE_DOCS --\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpunktde%2Fansible-proserver-nginx","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpunktde%2Fansible-proserver-nginx","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpunktde%2Fansible-proserver-nginx/lists"}