-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.yml
62 lines (51 loc) · 2.37 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# If set, we make sure to remove the "default" server supplied by debian-based distros
# the one in sites-enabled/default
nginx_delete_default_site: no
# Places the contents of this variable in conf.d/override.conf
# This is a place where we can add overrides for global http directives.
nginx_override_conf: ""
# A list of proxy_pass items to configure. A list of hashes following the structure of
# _nginx_simple_proxy_passes_item
nginx_simple_proxy_passes: []
_nginx_simple_proxy_passes_item:
server_name: "_"
target_url: "http://localhost:8080/"
extra_conf: ""
ssl_only: no
# Whether we generate a collection of useful snippets in /etc/nginx/snippets.
# See README.
nginx_generate_snippets: yes
# If specified, our nginx instance will have a global authentication mechanism with a single
# user/password pair. This is useful for environments which we want "semi secure" (the content
# isn't really sensitive, but we don't want the vast public to see it nonetheless) such as
# staging environments.
nginx_global_auth_realm: ''
nginx_global_auth_username: ''
nginx_global_auth_password: ''
# Whether to enable a "catchall" config that acts as a fallback when the requested domain has no
# configuration. See inidividual flags below to control features of this catchall config. This
# catchall only listens to the port 80.
nginx_catchall_enable: no
# When enabled, make the location for ACME challenges point to nginx_catchall_acme_challenge_path.
# This should be the path where you place the results of ACME challenges being presented to you
# when you request a certificate.
nginx_catchall_answers_acme_challenge: yes
nginx_catchall_acme_challenge_path: /var/ssl/challenges
# When enabled, redirects requests to the same host/path, but on HTTPS.
nginx_catchall_redirects_to_https: yes
#When enabled, returns 444 error code on server names not defined for nginx
nginx_catchall_empty_site_on_error: yes
# Allows us to generate a list of snippets with custom ssl key/certs paths.
# nginx_custom_ssl_snippets has to be enabled.
nginx_custom_ssl_snippets: []
_nginx_custom_ssl_snippet_example:
- name: 'example.ssl.conf'
ssl_key_path: '/var/ssl/private/example.key'
ssl_cert_path: '/var/ssl/certs/example.crt'
# a list of domain names that nginx should handle and redirect to the main name
nginx_redirects: []
_nginx_redirects_item:
from_name: "_"
to_name: ""
ssl_only: no
redirect_code: 301