INF-113 - nginx ansible role
Initial commit
disabled the default site, and added default_site as an option
Use nginx repo for newer version
Change-Id: I994a1f2f2f18cc2d1c42a2d9bb7321835a5dd1a1
diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2
new file mode 100644
index 0000000..01ff7d1
--- /dev/null
+++ b/templates/nginx.conf.j2
@@ -0,0 +1,62 @@
+# nginx templates/nginx.conf.j2 - {{ ansible_managed }}
+#
+# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
+# SPDX-License-Identifier: Apache-2.0
+
+user {{ nginx_username }};
+
+pid {{ nginx_pid_file }};
+
+worker_processes {{ nginx_conf_worker_processes }};
+
+include {{ nginx_conf_dir }}/modules-enabled/*.conf;
+
+events {
+ worker_connections {{ nginx_conf_worker_connections }};
+ multi_accept {{ nginx_conf_multi_accept }};
+}
+
+http {
+ # Basic Settings
+ sendfile on;
+ tcp_nopush on;
+ tcp_nodelay on;
+ keepalive_timeout 65;
+ types_hash_max_size 2048;
+
+ client_max_body_size {{ nginx_conf_client_max_body_size }};
+
+ # MIME Types
+ include {{ nginx_conf_dir }}/mime.types;
+ # YAML has official MIME type defined: http://www.iana.org/assignments/media-types/media-types.xhtml
+ # but many other websites (GitHub, etc.) use this type which displays YAML directly in the browser.
+ types {
+ text/yaml yaml yml;
+ }
+ default_type application/octet-stream;
+
+ # SSL Settings
+ # from https://ssl-config.mozilla.org/
+ ssl_session_cache shared:SSL:10m;
+ ssl_session_timeout 1d;
+ ssl_session_tickets off;
+
+ ssl_dhparam {{ nginx_conf_dir }}/dhparam;
+
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+ ssl_prefer_server_ciphers off;
+
+ # Logging Settings
+ access_log {{ nginx_log_dir }}/access.log;
+ error_log {{ nginx_log_dir }}/error.log;
+
+ # gzip Settings
+ gzip on;
+ gzip_proxied any;
+ gzip_types text/plain text/css text/javascript text/xml application/json application/javascript application/xml application/xml+rss;
+
+ # include Configuration and Enabled Sites
+ include {{ nginx_conf_dir }}/conf.d/*.conf;
+ include {{ nginx_conf_dir }}/sites-enabled/*;
+}