Install and configures Nginx as reverse proxy for multiple website.
GitHub | Quality | Downloads | Galaxy | Version |
---|---|---|---|---|
This role requires Ansible 2.4 or higher.
Default values:
nginx_revproxy_sites: # List of sites to reverse proxy
default: # Set default site to return 444 (Connection Closed Without Response)
ssl: false # Set to True if you want to redirect http to https
letsencrypt: false
example.com: # Domain name
domains: # List of server_name aliases
- example.com
- www.example.com
upstreams: # List of Upstreams
- { backend_address: 192.168.0.100, backend_port: 80 }
- { backend_address: 192.168.0.101, backend_port: 8080 }
auth: # Define this block for a single HTTP user/password, or leave undefined for unauthenticated vhosts
login: myusername
password: mysecretpassword
listen: 9000 # Specify which port you want to listen to with clear HTTP, or leave undefined for 80
ssl: false # Set to True if you want to redirect http to https
letsencrypt: false # Set to True if you want to use letsencrypt
conn_upgrade: true # Set the Connection upgrade header values
example.org: # Domain name
domains: # List of server_name aliases
- example.org
- www.example.org
upstreams: # List of Upstreams
- { backend_address: 192.168.0.200, backend_port: 80 }
- { backend_address: 192.168.0.201, backend_port: 8080 }
listen: 9000 # Specify which port you want to listen to with clear HTTP, or leave undefined for 80
listen_ssl: 9001 # Specify which port you want to listen to with HTTPS, or leave undefined for 443
ssl: true # Set to True if you want to redirect http to https
ssl_certificate: /etc/ssl/certs/ssl-cert-snakeoil.pem # ssl certificate, used if letsencrypt is false
ssl_certificate_key: /etc/ssl/private/ssl-cert-snakeoil.key # ssl certificate key, used if letsencrypt is false
letsencrypt: false # Set to True if you want use letsencrypt
letsencrypt_email: "" # Set email for letencrypt cert
nginx_revproxy_certbot_auto: false # Set to true to install certbot-auto
nginx_revproxy_certbot_packages: # Install these packages from repo, when not using certbot-auto
- certbot
- python3-certbot-nginx
None.
- hosts: all
roles:
- hispanico.nginx_revproxy
vars:
nginx_revproxy_sites:
default:
ssl: false
letsencrypt: false
example.com:
domains:
- example.com
- www.example.com
upstreams:
- { backend_address: 192.168.0.100, backend_port: 80 }
- { backend_address: 192.168.0.101, backend_port: 80 }
proxy_directives: # List of custom directives for the proxy configuration
- { proxy_hide_header: Content-Security-Policy }
- { proxy_set_header: Content-Security-Policy "frame-ancestors 'none';" }
ssl: true
letsencrypt: false
- remove circular dependency of HTTPS re-direction when before certbot issues certificate
# os deps
sudo apt -y update
sudo apt install -y docker docker-compose # optional
sudo apt install -y python3-pip
sudo apt install -y ansible
pip install --upgrade pip
pip install --upgrade wheel
# ansible
cd /home/user
git clone git@github.com:harshalchaudhari35/ansible-nginx-revproxy.git
DOMAIN=example.com
TARGET=subdomain
cat >reverse_proxy.yml <<END_OF_HEREDOC_MARKER
- name: "Setting up the reverse proxy with HTTPS/SSL termination"
hosts: localhost
connection: local
become: yes
roles:
- ansible-nginx-revproxy
vars:
nginx_revproxy_certbot_auto: false # certbot auto deprecated
nginx_revproxy_certbot_packages: # Install these packages from repo, when not using certbot-auto
- certbot
- python3-certbot-nginx
nginx_revproxy_sites:
default:
ssl: True
letsencrypt: false
$TARGET.$DOMAIN:
domains:
- $TARGET.$DOMAIN
letsencrypt_email: user@example.com
upstreams:
- { backend_address: 127.0.0.1, backend_port: 3000 }
listen: 80
listen_ssl: 443
ssl: True
letsencrypt: True
api-$TARGET.$DOMAIN:
domains:
- api-$TARGET.$DOMAIN
upstreams:
- { backend_address: 127.0.0.1, backend_port: 5000 }
letsencrypt_email: user@example.com
listen: 80
listen_ssl: 443
ssl: True
letsencrypt: True
proxy_directives:
- { proxy_hide_header: Content-Security-Policy }
- { proxy_set_header: Content-Security-Policy "frame-ancestors 'self' $TARGET.$DOMAIN;" }
END_OF_HEREDOC_MARKER
ansible-playbook reverse-proxy.yml
Licensed under the GPLv3 License. See the LICENSE file for details.
Hispanico