commit b313baee16bd5606f793dea1b367f1ec07fbeefd
author Zack Williams <zdw@opennetworking.org> Wed Apr 22 22:00:53 2020 -0700
committer Zack Williams <zdw@opennetworking.org> Fri Oct 02 18:04:14 2020 -0700
tree cc4d2a62cc306b14e38e26ffdc216191df70beb0

INF-113 - nginx ansible role

Initial commit
disabled the default site, and added default_site as an option
Use nginx repo for newer version

Change-Id: I994a1f2f2f18cc2d1c42a2d9bb7321835a5dd1a1

templates/nginx.conf.j2

diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2
new file mode 100644
index 0000000..01ff7d1
--- /dev/null
+++ b/templates/nginx.conf.j2
@@ -0,0 +1,62 @@
+# nginx templates/nginx.conf.j2 - {{ ansible_managed }}
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+user {{ nginx_username }};
+
+pid {{ nginx_pid_file }};
+
+worker_processes {{ nginx_conf_worker_processes }};
+
+include {{ nginx_conf_dir }}/modules-enabled/*.conf;
+
+events {
+  worker_connections {{ nginx_conf_worker_connections }};
+  multi_accept {{ nginx_conf_multi_accept }};
+}
+
+http {
+  # Basic Settings
+  sendfile on;
+  tcp_nopush on;
+  tcp_nodelay on;
+  keepalive_timeout 65;
+  types_hash_max_size 2048;
+
+  client_max_body_size {{ nginx_conf_client_max_body_size }};
+
+  # MIME Types
+  include {{ nginx_conf_dir }}/mime.types;
+  # YAML has official MIME type defined: http://www.iana.org/assignments/media-types/media-types.xhtml
+  # but many other websites (GitHub, etc.) use this type which displays YAML directly in the browser.
+  types {
+    text/yaml yaml yml;
+  }
+  default_type application/octet-stream;
+
+  # SSL Settings
+  # from https://ssl-config.mozilla.org/
+  ssl_session_cache   shared:SSL:10m;
+  ssl_session_timeout 1d;
+  ssl_session_tickets off;
+
+  ssl_dhparam {{ nginx_conf_dir }}/dhparam;
+
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+  ssl_prefer_server_ciphers off;
+
+  # Logging Settings
+  access_log {{ nginx_log_dir }}/access.log;
+  error_log {{ nginx_log_dir }}/error.log;
+
+  # gzip Settings
+  gzip on;
+  gzip_proxied any;
+  gzip_types text/plain text/css text/javascript text/xml application/json application/javascript application/xml application/xml+rss;
+
+  # include Configuration and Enabled Sites
+  include {{ nginx_conf_dir }}/conf.d/*.conf;
+  include {{ nginx_conf_dir }}/sites-enabled/*;
+}