-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx.yml
72 lines (62 loc) · 2.84 KB
/
nginx.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
---
- hosts: all
vars:
log_directory: "/var/log/nginx"
dhparam_path: "/etc/nginx/ssl/dhparams.pem"
pre_tasks:
- name: Create log files directory
file: path={{ log_directory }} state=directory recurse=true
- name: Create nginx ssl directory
file: path=/etc/nginx/ssl state=directory recurse=true
- name: Create dhparams.pem
command: openssl dhparam -dsaparam -out {{ dhparam_path }} 4096 creates={{ dhparam_path }}
roles:
- role: jdauphant.nginx
nginx_official_repo: True
# nginx_installation_type: "configuration-only"
nginx_worker_rlimit_nofile: 102400
nginx_http_params:
- sendfile "on"
- access_log "{{ log_directory }}/access.log"
- error_log "{{ log_directory }}/error.log"
- charset utf-8
- server_tokens off
nginx_events_params:
- worker_connections 4096
- use epoll
- multi_accept on
nginx_configs:
proxy:
- proxy_set_header Host $host
- proxy_set_header X-Real-IP $remote_addr
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for
- proxy_set_header X-Forwarded-Proto $scheme
- proxy_next_upstream error timeout invalid_header updating
- proxy_next_upstream_timeout 5s
- proxy_next_upstream_tries 2
ssl:
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2
- ssl_session_cache shared:SSL:50m
- ssl_session_timeout 1d
- ssl_dhparam "{{ dhparam_path }}"
- ssl_prefer_server_ciphers on
- ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"
gzip:
- gzip on
- gzip_disable "msie6"
- gzip_vary on
- gzip_min_length 256
- gzip_proxied any
- gzip_comp_level 5
- gzip_buffers 16 8k
- gzip_http_version 1.1
- gzip_types text/plain text/css application/javascript application/ecmascript application/json application/pdf application/postscript application/x-javascript image/svg+xml text/xml application/xml+rss text/javascript
nginx_sites:
webmain:
- listen 80
- charset utf-8
- server_name _
- root /srv/webmain
- index index.html
- access_log "{{ log_directory }}/webmain-access.log"
- error_log "{{ log_directory }}/webmain-error.log"