👾 Help make the NGINX App Protect Ansible role better by participating in our survey! 👾
This role installs and configures NGINX App Protect (WAF) for NGINX Plus on your target host.
Note: This role is still in active development. There may be unidentified issues and the role variables may change as development continues.
- This role is developed and tested with maintained versions of Ansible core (above
2.11) and Ansible (above2.9.10). - When using Ansible base, you will also need to install the following collections:
Note: You can alternatively install the Ansible community distribution (what is known as the "old" Ansible) if you don't want to manage individual collections.
--- collections: - name: community.general version: 3.1.0 - name: ansible.posix version: 1.2.0
- Instructions on how to install Ansible can be found in the Ansible website.
- This role uses Jinja2 templates. Ansible base installs Jinja2 by default, but depending on your install and/or upgrade path, you might be running an outdated version of Jinja2. The minimum version of Jinja2 required for the role to properly function is
2.11. - Instructions on how to install Jinja2 can be found in the Jinja2 website.
- Molecule is used to test the various functionalities of the role. The recommended version of Molecule to test this role is
3.3. - Instructions on how to install Molecule can be found in the Molecule website.
- To run the Molecule tests, you must first add your NGINX repository certificate and key to the local environment. Run the following commands to export these files as base64-encoded variables and execute the Molecule tests:
You can alternatively copy your NGINX license to the role's
export NGINX_CRT=$( cat <path to your certificate file> | base64 ) export NGINX_KEY=$( cat <path to your key file> | base64 ) molecule test
files/licensefolder.
Use ansible-galaxy install nginxinc.nginx_app_protect to install the latest stable release of the role on your system.
Use git clone https://github.com/nginxinc/ansible-role-nginx-app-protect.git to pull the latest edge commit of the role from GitHub.
The NGINX App Protect Ansible role supports all platforms supported by NGINX Plus that intersect with the following list:
CentOS:
- 7.4+
RHEL:
- 7.4+
Debian:
- 9
Ubuntu:
- 18.04
- 20.04Note: Due to a packaging limitation in NGINX App Protect on Alpine, it may be required to explicitly install NGINX Plus on the instance before using the NGINX App Protect role if a hotfix version of NGINX Plus has been published. It is recommended to use the NGINX Core Ansible role for this purpose.
This role has multiple variables. The descriptions and defaults for all these variables can be found in the defaults/ folder in the following files:
| Name | Description |
|---|---|
main.yml: |
NGINX App Protect installation and configuration variables |
Similarly, descriptions and defaults for preset variables can be found in the vars/ folder in the following files:
| Name | Description |
|---|---|
main.yml |
List of supported NGINX App Protect platforms |
- If NGINX Plus is not already installed on the system, this role will install the version of NGINX Plus that is dependent on the version of NGINX App Protect that is being installed.
A working functional playbook example can be found in the molecule/default/ folder in the following file:
| Name | Description |
|---|---|
molecule/default/converge.yml |
Install and configure NGINX App Protect |
You can find the Ansible NGINX Core collection of roles to install and configure NGINX Open Source, NGINX Plus, and NGINX App Protect here.
You can find the Ansible NGINX role to install NGINX here.
You can find the Ansible NGINX configuration role to configure NGINX here.
You can find the Ansible NGINX Controller collection of roles to install and configure NGINX Controller here.
You can find the Ansible NGINX Unit role to install NGINX Unit here.
© F5 Networks, Inc. 2020 - 2021