https://github.com/hugomrdias/ansible-role-nginx

Ansible role to install nginx
https://github.com/hugomrdias/ansible-role-nginx

Last synced: 3 months ago
JSON representation

Ansible role to install nginx

• Host: GitHub
• URL: https://github.com/hugomrdias/ansible-role-nginx
• Owner: hugomrdias
• License: mit
• Created: 2016-06-17T14:40:59.000Z (almost 9 years ago)
• Default Branch: master
• Last Pushed: 2017-04-19T00:01:45.000Z (about 8 years ago)
• Last Synced: 2025-03-02T04:29:08.761Z (4 months ago)
• Homepage: https://galaxy.ansible.com/hugomrdias/nginx
• Size: 25.4 KB
• Stars: 1
• Watchers: 3
• Forks: 4
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# ansible-role-nginx [![build status](https://gitlab.com/hugomrdias/ansible-role-nginx/badges/master/build.svg)](https://gitlab.com/hugomrdias/ansible-role-nginx/commits/master)

> Role to install Nginx in Debian systems

This is for advanced users. This is installs openssh 1.0.2+ from debian jessie-backports and nginx from the offical ubuntu xenial packages to enable http2 with ALPN support using openssh 1.0.2+

A base ssl conf is available at `/etc/nginx/conf.d/ssl/ssl.conf` to be included although to be used you need to generate `dhparam` first with `openssl dhparam -out /etc/nginx/conf.d/ssl/dhparam.pem 2048` or 4096.

After that you just need to add the following directives to each server and this should give you an A+ score in SSL Labs.

```

ssl_certificate /etc/nginx/conf.d/ssl/domain.chained.pem;

ssl_certificate_key /etc/nginx/conf.d/ssl/domain.key;

ssl_trusted_certificate /etc/nginx/conf.d/ssl/domain.chained.pem;

```

This role uses synchronize module so you need to enable sudo without password atleast for rsync

```

# file: /etc/sudoers

%sudo   ALL=(ALL:ALL) ALL, NOPASSWD: /usr/bin/rsync

```

## Requirements

None   

## Role Variables

Check `defaults/main.yml`

## Dependencies

None

## Example Playbook

Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:

    - hosts: servers

      roles:

         - { role: hugomrdias.nginx }

## Resources

### nginx, tcp tuning

https://www.linode.com/docs/websites/nginx/configure-nginx-for-optimized-performance   

https://tweaked.io/guide/nginx/   

http://www.revsys.com/12days/nginx-tuning/   

http://dak1n1.com/blog/12-nginx-performance-tuning/   

https://t37.net/nginx-optimization-understanding-sendfile-tcp_nodelay-and-tcp_nopush.html   

http://serverfault.com/questions/775298/debian-jessie-nginx-with-openssl-1-0-2-to-use-alpn-rather-than-npn   

https://wiki.debian.org/AptPreferences#Pinning   

## nginx

### installing custom nginx build with nchan

https://serversforhackers.com/compiling-third-party-modules-into-nginx   

https://github.com/slact/nchan/releases

```

# package to install after rebuild

# offical sources

nginx_*

```

## License

MIT © [Hugo Dias](http://hugodias.me)