Skip to content

hispanico/ansible-nginx-revproxy

Repository files navigation

ansible-role-nginx_revproxy

Install and configures Nginx as reverse proxy for multiple website.

GitHub Quality Downloads Galaxy Version
CI quality downloads Galaxy Version

Requirements

This role requires Ansible 2.4 or higher.

Role Variables

Default values:

nginx_revproxy_sites:                                         # List of sites to reverse proxy
  default:                                                    # Set default site to return 444 (Connection Closed Without Response)
    ssl: false                                                # Set to True if you want to redirect http to https
    letsencrypt: false

  example.com:                                                # Domain name
    domains:                                                  # List of server_name aliases
      - example.com
      - www.example.com
    upstreams:                                                # List of Upstreams
      - { backend_address: 192.168.0.100, backend_port: 80 }
      - { backend_address: 192.168.0.101, backend_port: 8080 }
    auth:                                                     # Define this block for a single HTTP user/password, or leave undefined for unauthenticated vhosts
      login: myusername
      password: mysecretpassword
    extra_locations:                                           # Set this block to add extra location, or leave it undefined for non extra location needed
      websocket:                                              # extra location name
        upstreams:                                            # list of upstreans for extra location
          - { backend_address: 192.168.0.102, backend_port: 8088 }
    listen: 9000                                              # Specify which port you want to listen to with clear HTTP, or leave undefined for 80
    ssl: false                                                # Set to True if you want to redirect http to https
    letsencrypt: false                                        # Set to True if you want to use letsencrypt
    conn_upgrade: true                                        # Set the Connection upgrade header values
    acls:                                                     # Limit access to certain client addresses (values can be address, CIDR, unix or all)
      - { mode: allow, value: 192.168.0.1 }
      - { mode: deny, value: all }

  example.org:                                                # Domain name
    domains:                                                  # List of server_name aliases
      - example.org
      - www.example.org
    upstreams:                                                # List of Upstreams
      - { backend_address: 192.168.0.200, backend_port: 80 }
      - { backend_address: 192.168.0.201, backend_port: 8080 }
    listen: 9000                                              # Specify which port you want to listen to with clear HTTP, or leave undefined for 80
    listen_ssl: 9001                                          # Specify which port you want to listen to with HTTPS, or leave undefined for 443
    ssl: true                                                 # Set to True if you want to redirect http to https
    ssl_certificate: /etc/ssl/certs/ssl-cert-snakeoil.pem     # ssl certificate, used if letsencrypt is false
    ssl_certificate_key: /etc/ssl/private/ssl-cert-snakeoil.key # ssl certificate key, used if letsencrypt is false
    letsencrypt: false                                        # Set to True if you want use letsencrypt
    letsencrypt_email: ""                                     # Set email for letencrypt cert

nginx_revproxy_certbot_auto: false                             # Set to true to install certbot-auto

nginx_revproxy_certbot_packages:                              # Install these packages from repo, when not using certbot-auto
  - certbot
  - python3-certbot-nginx

Dependencies

None.

Example Playbook

  - hosts: all
    roles:
      - hispanico.nginx_revproxy
    vars:
      nginx_revproxy_sites:
        default:
          ssl: false
          letsencrypt: false

        example.com:
          domains:
            - example.com
            - www.example.com
          upstreams:
            - { backend_address: 192.168.0.100, backend_port: 80 }
            - { backend_address: 192.168.0.101, backend_port: 80 }
          ssl: true
          letsencrypt: false

License

Licensed under the GPLv3 License. See the LICENSE file for details.

Author Information

Hispanico