https://github.com/firehed/ansible-nginx-vhost

Ansible role: Configure a Virtual Host in Nginx
https://github.com/firehed/ansible-nginx-vhost

Last synced: about 1 year ago
JSON representation

Ansible role: Configure a Virtual Host in Nginx

• Host: GitHub
• URL: https://github.com/firehed/ansible-nginx-vhost
• Owner: Firehed
• Created: 2015-10-30T19:27:45.000Z (over 10 years ago)
• Default Branch: master
• Last Pushed: 2015-10-30T23:28:10.000Z (over 10 years ago)
• Last Synced: 2025-02-13T22:27:05.563Z (over 1 year ago)
• Size: 105 KB
• Stars: 2
• Watchers: 5
• Forks: 4
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
Nginx Vhost

=========

Configures a single virtual host for nginx

Requirements

------------

Nginx should be installed on the system already (this can be done with the `Firehed.nginx` role)

Role Variables

--------------

Required:

    vhost_index: index.php

    vhost_root: /var/www/example.com

    vhost_name: example.com

Optional:

    vhost_alt_names: www.example.com www2.example.com

    vhost_fastcgi_params:

      SOME: value

      SOME_OTHER: value

    vhost_fastcgi_pass: 127.0.0.1:9000

    vhost_process_http: yes

    vhost_redirect_http: no

    

	# defaults to empty dictionary

    vhost_ssl:

      certificate: /path/to/public_key.pem

      private_key: /path/to/private_key.pem

      dhparam: /path/to/dhparam.pem (optional)

      hsts: 1576800 (optional, HSTS header lifetime duration in seconds)

      

Dependencies

------------

The `Firehed.nginx` role is highly recommended, as it installs and configures Nginx itself. However it's not listed as an explicit dependency as the two can run independently.

Example Playbook

----------------

**Important!** The default configuration *does not use SSL*, meaning your website *will be insecure*. The example below is secure.

    - hosts: servers

      roles:

        - role: Firehed.nginx-vhost

          vhost_index: index.php

          vhost_root: /var/www/example.com

          vhost_name: example.com

          vhost_process_http: no

          vhost_redirect_http: yes

          vhost_ssl:

            certificate: /etc/ssl/example.com/cert.pem

            private_key: /etc/ssl/example.com/key.pem

            dhparam: /etc/ssl/example.com/dhparam.pem

            hsts: 1576800

           

Recommended; shown above: To redirect HTTP to HTTPS (301), set `vhost_redirect_http: yes` and configure the `vhost_ssl` dictionary.

Ideal: To serve *only* HTTPS, set `vhost_process_http: no`, `vhost_redirect_http: no`, and configure the `vhost_ssl` dictionary. *The server will not even listen for plaintext HTTP requests!* This is not practial unless the domain is in the browser's HSTS Preload list or is an API that is only intended to be available over HTTPS.

**Not recommended**: To serve HTTP and HTTPS in parallel, set `vhost_process_http: yes` (default), `vhost_redirect_http: no` (default), and configure the `vhost_ssl` dictionary.

**Not recommended**: To serve HTTP only, do not provide a `vhost_ssl` value.

License

-------

MIT