├── tasks ├── modules_prepare │ ├── ipv6_module.yml │ ├── naxsi_module.yml │ ├── http_echo_module.yml │ ├── http_perl_module.yml │ ├── http_ssl_module.yml │ ├── headers_more_module.yml │ ├── http_realip_module.yml │ ├── ngx_http_sub_module.yml │ ├── ngx_pagespeed_module.yml │ ├── upload_progress_module.yml │ ├── google_perftools_module.yml │ ├── http_auth_request_module.yml │ ├── http_gzip_static_module.yml │ ├── http_stub_status_module.yml │ └── passenger_module.yml ├── modules_configure │ ├── http_ssl_module.yml │ ├── ipv6_module.yml │ ├── headers_more_module.yml │ ├── http_echo_module.yml │ ├── http_perl_module.yml │ ├── ngx_http_sub_module.yml │ ├── ngx_pagespeed_module.yml │ ├── google_perftools_module.yml │ ├── http_auth_request_module.yml │ ├── _authorized_ips.yml │ ├── naxsi_module.yml │ ├── passenger_module.yml │ ├── upload_progress_module.yml │ ├── http_realip_module.yml │ ├── http_gzip_static_module.yml │ ├── http_stub_status_module.yml │ └── geoip_module.yml ├── modules_install │ ├── passenger_module.yml │ ├── http_realip_module.yml │ ├── http_gzip_static_module.yml │ ├── http_stub_status_module.yml │ ├── ipv6_module.yml │ ├── http_perl_module.yml │ ├── ngx_http_sub_module.yml │ ├── http_ssl_module.yml │ ├── google_perftools_module.yml │ ├── upload_progress_module.yml │ ├── http_echo_module.yml │ ├── naxsi_module.yml │ ├── headers_more_module.yml │ ├── http_auth_request_module.yml │ ├── geoip_module.yml │ └── ngx_pagespeed_module.yml ├── main.yml ├── example.yml ├── modules_configure.yml ├── modules_prepare.yml ├── modules_install.yml ├── prepare.yml ├── configure.yml └── install.yml ├── .gitignore ├── templates ├── modules │ ├── http_gzip_static.conf.j2 │ ├── geoip_conf.j2 │ ├── authorized_ips.j2 │ ├── upload_progress.j2 │ ├── http_realip.conf.j2 │ ├── nginx_status.j2 │ ├── geoip_update.j2 │ └── passenger_conf.j2 ├── etc_monit_conf.d_nginx.j2 ├── nxdissite.j2 ├── nginx.service.systemd.j2 ├── nxensite.j2 ├── nginx.init.j2 ├── nginx.conf.j2 └── site.j2 ├── files ├── error │ ├── 401.html │ ├── 404.html │ ├── 400.html │ ├── 405.html │ ├── 408.html │ ├── 500.html │ ├── 501.html │ ├── 502.html │ ├── 402.html │ ├── 403.html │ ├── 503.html │ ├── 504.html │ └── 505.html ├── naxsi.rules ├── mime.types ├── naxsi_core.rules └── example_page_index.html ├── handlers └── main.yml ├── meta └── main.yml ├── vars └── main.yml ├── LICENSE ├── defaults └── main.yml └── README.md /tasks/modules_prepare/ipv6_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_prepare/naxsi_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_configure/http_ssl_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_configure/ipv6_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_install/passenger_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_prepare/http_echo_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_prepare/http_perl_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_prepare/http_ssl_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_configure/headers_more_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_configure/http_echo_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_configure/http_perl_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_configure/ngx_http_sub_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_configure/ngx_pagespeed_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_install/http_realip_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_prepare/headers_more_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_prepare/http_realip_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_prepare/ngx_http_sub_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_prepare/ngx_pagespeed_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_prepare/upload_progress_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_configure/google_perftools_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_configure/http_auth_request_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_install/http_gzip_static_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_install/http_stub_status_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_prepare/google_perftools_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_prepare/http_auth_request_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_prepare/http_gzip_static_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tasks/modules_prepare/http_stub_status_module.yml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.sw[op] 2 | .DS_Store 3 | .AppleDouble 4 | .LSOverride 5 | -------------------------------------------------------------------------------- /templates/modules/http_gzip_static.conf.j2: -------------------------------------------------------------------------------- 1 | gzip_static {{nginx_gzip_static}}; 2 | -------------------------------------------------------------------------------- /templates/modules/geoip_conf.j2: -------------------------------------------------------------------------------- 1 | geoip_country {{nginx_dir}}/geoip/GeoIP.dat ; 2 | geoip_city {{nginx_dir}}/geoip/GeoLiteCity.dat ; 3 | -------------------------------------------------------------------------------- /tasks/modules_install/ipv6_module.yml: -------------------------------------------------------------------------------- 1 | # file: roles/nginx/tasks/modules/ipv6_module.yml 2 | # configure flag: --with-ipv6 3 | 4 | # no contents 5 | -------------------------------------------------------------------------------- /tasks/modules_install/http_perl_module.yml: -------------------------------------------------------------------------------- 1 | # file: nginx/tasks/modules/http_perl_module.yml 2 | # configure flag: --with-http_perl_module 3 | 4 | # no contents 5 | -------------------------------------------------------------------------------- /tasks/modules_install/ngx_http_sub_module.yml: -------------------------------------------------------------------------------- 1 | # file: nginx/tasks/modules/ngx_http_sub_module.yml 2 | # configure flag: --with-http_sub_module 3 | 4 | # no contents 5 | -------------------------------------------------------------------------------- /templates/modules/authorized_ips.j2: -------------------------------------------------------------------------------- 1 | geo ${{nginx_remote_ip_var}} $authorized_ip { 2 | default no; 3 | {% for ip in nginx_authorized_ips %} 4 | {{ip}} yes; 5 | {% endfor %} 6 | } 7 | -------------------------------------------------------------------------------- /templates/modules/upload_progress.j2: -------------------------------------------------------------------------------- 1 | upload_progress {{nginx_upload_progress_zone_name}} {{nginx_upload_progress_zone_size}}; 2 | {% if nginx_upload_progress_javascript_output %} 3 | upload_progress_java_output; 4 | {% endif %} 5 | -------------------------------------------------------------------------------- /templates/modules/http_realip.conf.j2: -------------------------------------------------------------------------------- 1 | {% for address in nginx_realip_addresses %} 2 | set_real_ip_from {{address}}; 3 | {% endfor %} 4 | real_ip_header {{nginx_realip_header}}; 5 | real_ip_recursive {{nginx_realip_real_ip_recursive}}; 6 | -------------------------------------------------------------------------------- /templates/modules/nginx_status.j2: -------------------------------------------------------------------------------- 1 | include authorized_ips; 2 | 3 | server { 4 | listen 8090; 5 | server_name _; 6 | 7 | location /nginx_status { 8 | if ($authorized_ip = no) { 9 | return 404; 10 | } 11 | stub_status on; 12 | access_log off; 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /files/error/401.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 401 4 | 5 | 6 |
7 |

401

8 |

9 | Your pass is bad, you are done. 10 |
11 | Unauthorized: four-oh-one 12 |

13 |
14 | 15 | 16 | -------------------------------------------------------------------------------- /files/error/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 404 4 | 5 | 6 |
7 |

404

8 |

9 | Nothing here, forevermore, 10 |
11 | Page not found: four-oh-four 12 |

13 |
14 | 15 | 16 | -------------------------------------------------------------------------------- /tasks/modules_install/http_ssl_module.yml: -------------------------------------------------------------------------------- 1 | # file: nginx/tasks/modules/http_ssl_module.yml 2 | # configure flag: --with-http_ssl_module 3 | 4 | - name: get openssl source 5 | git: 6 | repo: "{{openssl_repo}}" 7 | dest: "{{nginx_build_dir}}/openssl-repo" 8 | version: "{{openssl_revision}}" 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /tasks/modules_install/google_perftools_module.yml: -------------------------------------------------------------------------------- 1 | # file: roles/nginx/tasks/modules/google_perftools_module.yml 2 | # configure flag: --with-google_perftools_module 3 | 4 | - name: Nginx Install | Modules | Make sure the libgoogle-perftools-dev package is installed 5 | apt: 6 | pkg: libgoogle-perftools-dev 7 | state: present 8 | -------------------------------------------------------------------------------- /files/error/400.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 400 4 | 5 | 6 |
7 |

400

8 |

9 | That makes no sense, you have blundered. 10 |
11 | Bad Request: four-hundred 12 |

13 |
14 | 15 | 16 | -------------------------------------------------------------------------------- /files/error/405.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 405 4 | 5 | 6 |
7 |

405

8 |

9 | That's not ok, that won't arrive, 10 |
11 | Method Not Allowed: four-oh-five 12 |

13 |
14 | 15 | 16 | -------------------------------------------------------------------------------- /files/error/408.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 408 4 | 5 | 6 |
7 |

408

8 |

9 | It's been too long, we won't wait, 10 |
11 | Request Timeout: four-oh-eight 12 |

13 |
14 | 15 | 16 | -------------------------------------------------------------------------------- /files/error/500.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 500 4 | 5 | 6 |
7 |

500

8 |

9 | We screwed up, our face is colored, 10 |
11 | Internal Error: five-hundred 12 |

13 |
14 | 15 | 16 | -------------------------------------------------------------------------------- /files/error/501.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 501 4 | 5 | 6 |
7 |

501

8 |

9 | We don't do that, it's not fun 10 |
11 | Method not implemented: five-oh-one 12 |

13 |
14 | 15 | 16 | -------------------------------------------------------------------------------- /files/error/502.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 502 4 | 5 | 6 |
7 |

502

8 |

9 | It's not my fault this won't go through, 10 |
11 | Bad Gateway: five-oh-two 12 |

13 |
14 | 15 | 16 | -------------------------------------------------------------------------------- /files/naxsi.rules: -------------------------------------------------------------------------------- 1 | # LearningMode; #Enables learning mode 2 | SecRulesEnabled; 3 | #SecRulesDisabled; 4 | DeniedUrl "/RequestDenied"; 5 | ## check rules 6 | CheckRule "$SQL >= 8" BLOCK; 7 | CheckRule "$RFI >= 8" BLOCK; 8 | CheckRule "$TRAVERSAL >= 4" BLOCK; 9 | CheckRule "$EVADE >= 4" BLOCK; 10 | CheckRule "$XSS >= 8" BLOCK; 11 | 12 | -------------------------------------------------------------------------------- /files/error/402.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 402 4 | 5 | 6 |
7 |

402

8 |

9 | Give us money or you can't go through, 10 |
11 | Payment Required: four-oh-two 12 |

13 |
14 | 15 | 16 | -------------------------------------------------------------------------------- /files/error/403.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 403 4 | 5 | 6 |
7 |

403

8 |

9 | You can't go there, make like a tree 10 |
11 | Access Forbidden: four-oh-three 12 |

13 |
14 | 15 | 16 | -------------------------------------------------------------------------------- /files/error/503.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 503 4 | 5 | 6 |
7 |

503

8 |

9 | You ask too much, you must now see, 10 |
11 | Service Unavailable: five-oh-three 12 |

13 |
14 | 15 | 16 | -------------------------------------------------------------------------------- /handlers/main.yml: -------------------------------------------------------------------------------- 1 | # file: nginx/handlers/main.yml 2 | 3 | - name: restart nginx 4 | service: name=nginx state=restarted 5 | become: yes 6 | 7 | - name: reload nginx 8 | service: name=nginx state=reloaded 9 | become: yes 10 | 11 | - name: restart monit 12 | service: name=monit state=restarted 13 | become: yes 14 | -------------------------------------------------------------------------------- /tasks/modules_configure/_authorized_ips.yml: -------------------------------------------------------------------------------- 1 | # file: nginx/tasks/modules/authorized_ips.yml 2 | 3 | - name: Nginx Configure | Modules | Updated the authorized_ip file 4 | template: 5 | src: templates/modules/authorized_ips.j2 6 | dest: "{{nginx_dir}}/authorized_ips" 7 | owner: root 8 | group: root 9 | mode: 0644 10 | -------------------------------------------------------------------------------- /files/error/504.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 504 4 | 5 | 6 |
7 |

504

8 |

9 | Things took too long and we will wait no more, 10 |
11 | Gateway Timeout: five-oh-four 12 |

13 |
14 | 15 | 16 | -------------------------------------------------------------------------------- /files/error/505.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 505 4 | 5 | 6 |
7 |

505

8 |

9 | That stuff is old, it didn't survive 10 |
11 | Unsupported HTTP Version: five-oh-five 12 |

13 |
14 | 15 | 16 | -------------------------------------------------------------------------------- /templates/etc_monit_conf.d_nginx.j2: -------------------------------------------------------------------------------- 1 | check process nginx with pidfile {{nginx_pid}} 2 | group www 3 | start program = "/etc/init.d/nginx start" 4 | stop program = "/etc/init.d/nginx stop" 5 | if failed host localhost port 80 protocol http 6 | with timeout 10 seconds 7 | then restart 8 | if 5 restarts within 5 cycles then timeout 9 | -------------------------------------------------------------------------------- /meta/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | galaxy_info: 3 | author: Eric Bishop (ericpaulbishop@gmail.com) 4 | description: Install and configure Nginx from source, supports a large number of optional modules including Passenger and GeoIP 5 | min_ansible_version: 1.5 6 | license: MIT 7 | platforms: 8 | - name: Debian 9 | versions: 10 | - all 11 | categories: 12 | - web 13 | 14 | dependencies: [] 15 | 16 | -------------------------------------------------------------------------------- /templates/modules/geoip_update.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | curl 'http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz' > "{{nginx_dir}}/geoip/GeoIP.dat.gz" 4 | curl 'http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz' > "{{nginx_dir}}/geoip/GeoLiteCity.dat.gz" 5 | 6 | gunzip -c "{{nginx_dir}}/geoip/GeoLiteCity.dat.gz" > "{{nginx_dir}}/geoip/GeoLiteCity.dat" 7 | gunzip -c "{{nginx_dir}}/geoip/GeoIP.dat.gz" > "{{nginx_dir}}/geoip/GeoIP.dat" 8 | 9 | echo "" 10 | -------------------------------------------------------------------------------- /tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - include: 'prepare.yml' 3 | 4 | - include: 'install.yml' 5 | when: "{{ old_checksum.stdout != new_checksum.stdout }}" 6 | 7 | - name: Nginx Configure | Set current checksum 8 | command: "mv '{{ nginx_dir }}/.nginx_compile_configuration.new' '{{ nginx_dir }}/.nginx_compile_configuration'" 9 | 10 | - name: Nginx Configure | Set current user checksum 11 | command: "mv '{{ nginx_dir }}/.nginx_user_configuration.new' '{{ nginx_dir }}/.nginx_user_configuration'" 12 | 13 | - include: 'configure.yml' 14 | -------------------------------------------------------------------------------- /tasks/modules_install/upload_progress_module.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Nginx Install | Modules | Download the upload_progress_module source 3 | get_url: 4 | url: "{{nginx_upload_progress_url}}" 5 | dest: "{{nginx_build_dir}}/nginx-upload-progress-module-{{nginx_upload_progress_version}}.tar.gz" 6 | 7 | - name: Nginx Install | Modules | Unpack the upload_progress_module source 8 | command: "tar -xvzf {{nginx_build_dir}}/nginx-upload-progress-module-{{nginx_upload_progress_version}}.tar.gz" 9 | args: 10 | chdir: "{{nginx_build_dir}}" 11 | creates: "{{nginx_build_dir}}/nginx-upload-progress-module-{{nginx_upload_progress_version}}" 12 | 13 | 14 | -------------------------------------------------------------------------------- /tasks/modules_install/http_echo_module.yml: -------------------------------------------------------------------------------- 1 | # file: nginx/tasks/modules/http_echo_module.yml 2 | # configure flag: --add-module={{nginx_build_dir}}/nginx_echo 3 | 4 | - name: Nginx Install | Modules | Download the http_echo_module source 5 | get_url: 6 | url: "{{nginx_echo_url}}" 7 | dest: "{{nginx_build_dir}}/nginx-echo-module-{{nginx_echo_version}}.tar.gz" 8 | 9 | - name: Nginx Install | Modules | Unpack the http_echo_module source 10 | command: "tar -xvzf {{nginx_build_dir}}/nginx-echo-module-{{nginx_echo_version}}.tar.gz" 11 | args: 12 | chdir: "{{nginx_build_dir}}" 13 | creates: "{{nginx_build_dir}}/echo-nginx-module-{{nginx_echo_version}}" 14 | -------------------------------------------------------------------------------- /tasks/modules_install/naxsi_module.yml: -------------------------------------------------------------------------------- 1 | # file: roles/nginx/tasks/modules/naxsi_module.yml 2 | # configure flag: --add-module={{nginx_build_dir}}/naxsi-{{nginx_naxsi_version}}/naxsi_src 3 | 4 | - name: Nginx Install | Modules | Download the naxsi_module source 5 | get_url: 6 | url: "{{nginx_naxsi_url}}" 7 | dest: "{{nginx_build_dir}}/nginx-naxsi-module-{{nginx_naxsi_version}}.tar.gz" 8 | 9 | - name: Nginx Install | Modules | Unpack the naxsi_module source 10 | command: "tar -xvzf {{nginx_build_dir}}/nginx-naxsi-module-{{nginx_naxsi_version}}.tar.gz" 11 | args: 12 | chdir: "{{nginx_build_dir}}" 13 | creates: "{{nginx_build_dir}}/naxsi-{{nginx_naxsi_version}}" 14 | 15 | 16 | -------------------------------------------------------------------------------- /tasks/modules_install/headers_more_module.yml: -------------------------------------------------------------------------------- 1 | # file: nginx/tasks/modules/headers_more_module.yml 2 | # configure flag: --add-module={{nginx_build_dir}}/nginx_headers_more 3 | 4 | - name: Nginx Install | Modules | Download the headers_more_module source 5 | get_url: 6 | url: "{{nginx_headers_more_url}}" 7 | dest: "{{nginx_build_dir}}/nginx-headers-more-module-{{nginx_headers_more_version}}.tar.gz" 8 | 9 | - name: Nginx Install | Modules | Unpack the headers_more_module source 10 | command: "tar -xvzf {{nginx_build_dir}}/nginx-headers-more-module-{{nginx_headers_more_version}}.tar.gz" 11 | args: 12 | chdir: "{{nginx_build_dir}}" 13 | creates: "{{nginx_build_dir}}/headers-more-nginx-module-{{nginx_headers_more_version}}" 14 | -------------------------------------------------------------------------------- /tasks/example.yml: -------------------------------------------------------------------------------- 1 | # example site files 2 | 3 | - name: Nginx Configure | Create example site directory 4 | file: 5 | path: "{{nginx_www_dir}}/example" 6 | state: directory 7 | owner: "{{nginx_user}}" 8 | group: "{{nginx_user}}" 9 | mode: 0755 10 | 11 | - name: Nginx Configure | Create example site files 12 | copy: 13 | src: "example_page_index.html" 14 | dest: "{{nginx_www_dir}}/example/index.html" 15 | owner: "{{nginx_user}}" 16 | group: "{{nginx_group}}" 17 | mode: 0644 18 | 19 | - name: Nginx Configure | Create example site error pages 20 | copy: 21 | src: "error" 22 | dest: "{{nginx_www_dir}}/example/" 23 | owner: "{{nginx_user}}" 24 | group: "{{nginx_group}}" 25 | mode: 0644 26 | 27 | -------------------------------------------------------------------------------- /tasks/modules_install/http_auth_request_module.yml: -------------------------------------------------------------------------------- 1 | # file: nginx/tasks/modules/http_auth_request_module.yml 2 | # configure flag: --add-module={{nginx_build_dir}}/nginx_auth_request 3 | 4 | - name: Nginx Install | Modules | Download the http_auth_request_module source 5 | get_url: 6 | url: "{{nginx_auth_request_url}}" 7 | dest: "{{nginx_build_dir}}/nginx-auth-request-module-{{nginx_auth_request_release}}.tar.gz" 8 | 9 | - name: Nginx Install | Modules | Unpack the http_auth_request_module source 10 | command: "tar -xvzf {{nginx_build_dir}}/nginx-auth-request-module-{{nginx_auth_request_release}}.tar.gz" 11 | args: 12 | chdir: "{{nginx_build_dir}}" 13 | creates: "{{nginx_build_dir}}/ngx_http_auth_request_module-{{nginx_auth_request_release}}" 14 | -------------------------------------------------------------------------------- /tasks/modules_configure/naxsi_module.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Nginx Configure | Modules | Make sure the naxsi_module configuration is up to date when enabled 3 | copy: 4 | src: files/naxsi_core.rules 5 | dest: "{{ nginx_dir }}/naxsi_core.rules" 6 | owner: root 7 | group: root 8 | mode: 0644 9 | when: "{{ nginx_modules.naxsi_module is defined and ( nginx_modules.naxsi_module == true or nginx_modules.naxsi_module == 'True' ) }}" 10 | 11 | - name: Nginx Configure | Modules | Make sure the naxsi_module configuration is removed when disabled 12 | file: 13 | path: "{{ nginx_dir }}/naxsi_core.rules" 14 | state: absent 15 | when: "{{ nginx_modules.naxsi_module is not defined or nginx_modules.naxsi_module == false or nginx_modules.naxsi_module == 'False' }}" 16 | 17 | -------------------------------------------------------------------------------- /templates/modules/passenger_conf.j2: -------------------------------------------------------------------------------- 1 | passenger_ruby {{ nginx_passenger_ruby }}; 2 | passenger_root {{ nginx_passenger_root }}; 3 | passenger_max_pool_size {{ nginx_passenger_max_pool_size }}; 4 | passenger_spawn_method {{ nginx_passenger_spawn_method }}; 5 | passenger_buffer_response {{ nginx_passenger_buffer_response }}; 6 | passenger_min_instances {{ nginx_passenger_min_instances }}; 7 | passenger_max_instances_per_app {{ nginx_passenger_max_instances_per_app }}; 8 | passenger_pool_idle_time {{ nginx_passenger_pool_idle_time }}; 9 | passenger_max_requests {{ nginx_passenger_max_requests }}; 10 | 11 | {% if nginx_passenger_nodejs is defined %}passenger_nodejs {{ nginx_passenger_nodejs }}{% endif %} 12 | -------------------------------------------------------------------------------- /vars/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | nginx_site_template_special_variables: 3 | name: true 4 | server_name: true 5 | listen: true 6 | ssl: true 7 | ssl_certificate: true 8 | ssl_certificate_key: true 9 | ssl_session_cache: true 10 | ssl_protocols: true 11 | ssl_ciphers: true 12 | ssl_prefer_server_ciphers: true 13 | disable_gnu_terry_pratchett: true 14 | locations: true 15 | enable_php: true 16 | php_location_match: true 17 | php_fastcgi_socket: true 18 | enable_fcgiwrap: true 19 | fcgiwrap_location_match: true 20 | fcgiwrap_fastcgi_socket: true 21 | 22 | -------------------------------------------------------------------------------- /tasks/modules_configure/passenger_module.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Nginx Configure | Modules | Create Passenger config file when enabled 3 | template: 4 | src: templates/modules/passenger_conf.j2 5 | dest: "{{ nginx_dir }}/conf.d/passenger.conf" 6 | owner: root 7 | group: root 8 | mode: 0644 9 | notify: 10 | - reload nginx 11 | when: "{{ nginx_modules.passenger_module is defined and ( nginx_modules.passenger_module == true or nginx_modules.passenger_module == 'True' ) }}" 12 | 13 | - name: Nginx Configure | Modules | Remove Passenger config file when disabled 14 | file: 15 | path: "{{ nginx_dir }}/conf.d/passenger.conf" 16 | state: absent 17 | notify: 18 | - reload nginx 19 | when: "{{ nginx_modules.passenger_module is not defined or nginx_modules.passenger_module == false or nginx_modules.passenger_module == 'False' }}" 20 | 21 | 22 | -------------------------------------------------------------------------------- /tasks/modules_install/geoip_module.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Nginx Install | Modules | Make sure the curl package is installed 4 | apt: 5 | pkg: curl 6 | state: present 7 | 8 | - name: Nginx Install | Modules | Download the geoip lib source 9 | get_url: 10 | url: "{{nginx_geoip_url}}" 11 | dest: "{{nginx_build_dir}}/geolib-{{nginx_geoip_version}}.tar.gz" 12 | 13 | - name: Nginx Install | Modules | Unpack the geoip library source 14 | command: "tar -xvzf {{nginx_build_dir}}/geolib-{{nginx_geoip_version}}.tar.gz" 15 | args: 16 | chdir: "{{nginx_build_dir}}" 17 | creates: "{{nginx_build_dir}}/GeoIP-{{nginx_geoip_version}}" 18 | 19 | - name: Nginx Install | Modules | Install the geoip library 20 | shell: > 21 | cd "{{nginx_build_dir}}/GeoIP-{{nginx_geoip_version}}" && 22 | ./configure && 23 | make && 24 | make install 25 | 26 | 27 | -------------------------------------------------------------------------------- /tasks/modules_configure/upload_progress_module.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Nginx Configure | Modules | Make sure the upload_progress_module configuration is updated when enabled 3 | template: 4 | src: templates/modules/upload_progress.j2 5 | dest: "{{ nginx_dir }}/sites-available/upload_progress" 6 | owner: root 7 | group: root 8 | mode: 0644 9 | when: "{{ nginx_modules.upload_progress_module is defined and ( nginx_modules.upload_progress_module == true or nginx_modules.upload_progress_module == 'True' ) }}" 10 | 11 | - name: Nginx Configure | Modules | Make sure the upload_progress_module configuration is removed when disabled 12 | file: 13 | path: "{{ nginx_dir }}/sites-available/upload_progress" 14 | state: absent 15 | when: "{{ nginx_modules.upload_progress_module is not defined or nginx_modules.upload_progress_module == false or nginx_modules.upload_progress_module == 'False' }}" 16 | 17 | -------------------------------------------------------------------------------- /templates/nxdissite.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | SYSCONFDIR='{{nginx_dir}}' 4 | 5 | if [ -z $1 ]; then 6 | echo "Which site would you like to disable?" 7 | echo -n "Your choices are: " 8 | ls $SYSCONFDIR/sites-enabled/* | \ 9 | sed -e "s,$SYSCONFDIR/sites-enabled/,,g" | xargs echo 10 | echo -n "Site name? " 11 | read SITENAME 12 | else 13 | SITENAME=$1 14 | fi 15 | 16 | if [ $SITENAME = "default" ]; then 17 | PRIORITY="000" 18 | fi 19 | 20 | if ! [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \ 21 | -e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then 22 | echo "This site is already disabled, or does not exist!" 23 | exit 1 24 | fi 25 | 26 | if ! rm $SYSCONFDIR/sites-enabled/$SITENAME 2>/dev/null; then 27 | rm -f $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" 28 | fi 29 | echo "Site $SITENAME disabled; reload nginx to disable." 30 | -------------------------------------------------------------------------------- /tasks/modules_configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # file: nginx/tasks/modules_configure.yml 3 | 4 | - include: modules_configure/http_stub_status_module.yml 5 | 6 | - include: modules_configure/http_ssl_module.yml 7 | 8 | - include: modules_configure/http_gzip_static_module.yml 9 | 10 | - include: modules_configure/upload_progress_module.yml 11 | 12 | - include: modules_configure/headers_more_module.yml 13 | 14 | - include: modules_configure/http_auth_request_module.yml 15 | 16 | - include: modules_configure/http_echo_module.yml 17 | 18 | - include: modules_configure/google_perftools_module.yml 19 | 20 | - include: modules_configure/ipv6_module.yml 21 | 22 | - include: modules_configure/http_realip_module.yml 23 | 24 | - include: modules_configure/naxsi_module.yml 25 | 26 | - include: modules_configure/ngx_http_sub_module.yml 27 | 28 | - include: modules_configure/ngx_pagespeed_module.yml 29 | 30 | - include: modules_configure/geoip_module.yml 31 | 32 | - include: modules_configure/passenger_module.yml 33 | 34 | 35 | -------------------------------------------------------------------------------- /tasks/modules_configure/http_realip_module.yml: -------------------------------------------------------------------------------- 1 | # file: nginx/tasks/modules/http_realip_module.yml 2 | # configure flag: --with-http_realip_module 3 | 4 | - name: Nginx Configure | Modules | Update the http_realip_module configuration when enabled 5 | template: 6 | src: templates/modules/http_realip.conf.j2 7 | dest: "{{ nginx_dir }}/conf.d/http_realip.conf" 8 | owner: root 9 | group: root 10 | mode: 0644 11 | notify: 12 | - reload nginx 13 | when: "{{ nginx_modules.http_realip_module is defined and ( nginx_modules.http_realip_module == true or nginx_modules.http_realip_module == 'True' ) }}" 14 | 15 | - name: Nginx Configure | Modules | Remove the http_realip_module configuration when disabled 16 | file: 17 | path: "{{ nginx_dir }}/conf.d/http_realip.conf" 18 | state: absent 19 | notify: 20 | - reload nginx 21 | when: "{{ nginx_modules.http_realip_module is not defined or nginx_modules.http_realip_module == false or nginx_modules.http_realip_module == 'False' }}" 22 | 23 | -------------------------------------------------------------------------------- /tasks/modules_configure/http_gzip_static_module.yml: -------------------------------------------------------------------------------- 1 | # file: nginx/tasks/modules/http_gzip_static_module.yml 2 | # configure flag: --with-http_gzip_static_module 3 | 4 | - name: Nginx Configure | Modules | Update the http_gzip_static_module configuration when enabled 5 | template: 6 | src: templates/modules/http_gzip_static.conf.j2 7 | dest: "{{ nginx_dir }}/conf.d/http_gzip_static.conf" 8 | owner: root 9 | group: root 10 | mode: 0644 11 | notify: 12 | - reload nginx 13 | when: "{{ nginx_modules.http_gzip_static_module is defined and ( nginx_modules.http_gzip_static_module == true or nginx_modules.http_gzip_static_module == 'True' ) }}" 14 | 15 | - name: Nginx Configure | Modules | Remove the http_gzip_static_module configuration when disabled 16 | file: 17 | path: "{{ nginx_dir }}/conf.d/http_gzip_static.conf" 18 | state: absent 19 | notify: 20 | - reload nginx 21 | when: "{{ nginx_modules.http_gzip_static_module is not defined or nginx_modules.http_gzip_static_module == false or nginx_modules.http_gzip_static_module == 'False' }}" 22 | -------------------------------------------------------------------------------- /tasks/modules_configure/http_stub_status_module.yml: -------------------------------------------------------------------------------- 1 | # file: nginx/tasks/modules/http_stub_status_module.yml 2 | # configure flag: --with-http_stub_status_module 3 | 4 | - include: _authorized_ips.yml 5 | 6 | - name: Nginx Configure | Modules | Make sure the nginx status configuration is updated when enabled 7 | template: 8 | src: templates/modules/nginx_status.j2 9 | dest: "{{ nginx_dir }}/sites-available/nginx_status" 10 | owner: root 11 | group: root 12 | mode: 0644 13 | notify: 14 | - reload nginx 15 | when: "{{ nginx_modules.http_stub_status_module is defined and ( nginx_modules.http_stub_status_module == true or nginx_modules.http_stub_status_module == 'True' ) }}" 16 | 17 | - name: Nginx Configure | Modules | Make sure the nginx status configuration is removed when disabled 18 | file: 19 | path: "{{ nginx_dir }}/sites-available/nginx_status" 20 | state: absent 21 | notify: 22 | - reload nginx 23 | when: "{{ nginx_modules.http_stub_status_module is not defined or nginx_modules.http_stub_status_module == false or nginx_modules.http_stub_status_module == 'False' }}" 24 | 25 | 26 | -------------------------------------------------------------------------------- /templates/nginx.service.systemd.j2: -------------------------------------------------------------------------------- 1 | # Stop dance for nginx 2 | # ======================= 3 | # 4 | # ExecStop sends SIGSTOP (graceful stop) to the nginx process. 5 | # If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control 6 | # and sends SIGTERM (fast shutdown) to the main process. 7 | # After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends 8 | # SIGKILL to all the remaining processes in the process group (KillMode=mixed). 9 | # 10 | # nginx signals reference doc: 11 | # http://nginx.org/en/docs/control.html 12 | # 13 | [Unit] 14 | Description=A high performance web server and a reverse proxy server 15 | After=network.target 16 | 17 | [Service] 18 | Type=forking 19 | PIDFile={{nginx_pid}} 20 | ExecStartPre={{nginx_sbin_path}} -t -q -g 'daemon on; master_process on;' 21 | ExecStart={{nginx_sbin_path}} -g 'daemon on; master_process on;' 22 | ExecReload={{nginx_sbin_path}} -g 'daemon on; master_process on;' -s reload 23 | ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile {{nginx_pid}} 24 | TimeoutStopSec=5 25 | KillMode=mixed 26 | 27 | [Install] 28 | WantedBy=multi-user.target 29 | 30 | 31 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License 2 | 3 | Copyright (c) 2014 Pieterjan Vandaele 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /templates/nxensite.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh -e 2 | 3 | SYSCONFDIR='{{nginx_dir}}' 4 | 5 | if [ -z $1 ]; then 6 | echo "Which site would you like to enable?" 7 | echo -n "Your choices are: " 8 | ls $SYSCONFDIR/sites-available/* | \ 9 | sed -e "s,$SYSCONFDIR/sites-available/,,g" | xargs echo 10 | echo -n "Site name? " 11 | read SITENAME 12 | else 13 | SITENAME=$1 14 | fi 15 | 16 | if [ $SITENAME = "default" ]; then 17 | PRIORITY="000" 18 | fi 19 | 20 | if [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \ 21 | -e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then 22 | echo "This site is already enabled!" 23 | exit 0 24 | fi 25 | 26 | if ! [ -e $SYSCONFDIR/sites-available/$SITENAME ]; then 27 | echo "This site does not exist!" 28 | exit 1 29 | fi 30 | 31 | if [ $SITENAME = "default" ]; then 32 | ln -sf $SYSCONFDIR/sites-available/$SITENAME \ 33 | $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" 34 | else 35 | ln -sf $SYSCONFDIR/sites-available/$SITENAME $SYSCONFDIR/sites-enabled/$SITENAME 36 | fi 37 | 38 | echo "Site $SITENAME installed; reload nginx to enable." 39 | -------------------------------------------------------------------------------- /tasks/modules_prepare/passenger_module.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Nginx Prepare | Modules | Get passenger path 3 | shell: "{% if ruby_location is defined %}{{ ruby_location + '/bin/' }}{% endif %}passenger-config --root || echo '' " 4 | register: passenger_root 5 | 6 | - name: Nginx Prepare | Modules | Install Passenger gem 7 | gem: 8 | name: passenger 9 | version: "{{nginx_passenger_version}}" 10 | user_install: no 11 | when: "{{ passenger_root.stdout == '' }}" 12 | 13 | - name: Nginx Prepare | Modules | Get passenger path if not yet defined 14 | shell: "{% if ruby_location is defined %}{{ ruby_location + '/bin/' }}{% endif %}passenger-config --root || echo '' " 15 | register: passenger_root 16 | 17 | - name: Nginx Prepare | Modules | Get ruby path 18 | shell: "which ruby || echo '' " 19 | register: environment_ruby_path 20 | 21 | - name: Nginx Prepare | Modules | Set Passenger module path 22 | set_fact: 23 | nginx_configure_flags: "{{nginx_configure_flags}} --add-module='{{ passenger_root.stdout }}/ext/nginx' " 24 | when: "{{ passenger_root.stdout != '' }}" 25 | 26 | - name: Nginx Prepare | Modules | Set ruby path for Passenger 27 | set_fact: 28 | nginx_passenger_ruby: "{% if ruby_location is defined %}{{ ruby_location + '/bin/ruby'}}{% else %}{{ environment_ruby_path.stdout }}{% endif %}" 29 | when: "{{ ruby_location is defined or environment_ruby_path.stdout != '' }}" 30 | 31 | - name: Nginx Prepare | Modules | Set Passenger root path 32 | set_fact: 33 | nginx_passenger_root: "{{ passenger_root.stdout }}" 34 | when: "{{ passenger_root.stdout != '' }}" 35 | 36 | -------------------------------------------------------------------------------- /tasks/modules_install/ngx_pagespeed_module.yml: -------------------------------------------------------------------------------- 1 | # file: nginx/tasks/modules/ngx_pagespeed.yml 2 | # configure flag: --add-module={{nginx_build_dir}}/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta 3 | 4 | - name: Nginx Install | Modules | Make sure the dependences are installed 5 | apt: 6 | pkg: "{{item}}" 7 | with_items: 8 | - zlib1g-dev 9 | - libpcre3 10 | - libpcre3-dev 11 | 12 | - name: Nginx Install | Modules | Download the ngx_pagespeed source 13 | get_url: 14 | url: "https://github.com/pagespeed/ngx_pagespeed/archive/release-{{nginx_ngx_pagespeed_version}}-beta.tar.gz" 15 | dest: "{{nginx_build_dir}}/ngx_pagespeed_module-{{nginx_ngx_pagespeed_version}}.tar.gz" 16 | 17 | - name: Nginx Install | Modules | Unpack the ngx_pagespeed source 18 | command: "tar -xvzf '{{nginx_build_dir}}/ngx_pagespeed_module-{{nginx_ngx_pagespeed_version}}.tar.gz'" 19 | args: 20 | chdir: "{{nginx_build_dir}}" 21 | creates: "{{nginx_build_dir}}/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta" 22 | 23 | - name: Nginx Install | Modules | Download the psol source 24 | get_url: 25 | url: "https://dl.google.com/dl/page-speed/psol/{{nginx_ngx_pagespeed_version}}.tar.gz" 26 | dest: "{{nginx_build_dir}}/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta/psol-{{nginx_ngx_pagespeed_version}}.tar.gz" 27 | 28 | - name: Nginx Install | Modules | Unpack the psol source 29 | command: "tar -xvzf {{nginx_build_dir}}/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta/psol-{{nginx_ngx_pagespeed_version}}.tar.gz" 30 | args: 31 | chdir: "{{nginx_build_dir}}/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta" 32 | creates: "{{nginx_build_dir}}/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta/psol" 33 | -------------------------------------------------------------------------------- /templates/nginx.init.j2: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ### BEGIN INIT INFO 4 | # Provides: nginx 5 | # Required-Start: $local_fs $remote_fs $network $syslog 6 | # Required-Stop: $local_fs $remote_fs $network $syslog 7 | # Default-Start: 2 3 4 5 8 | # Default-Stop: 0 1 6 9 | # Short-Description: starts the nginx web server 10 | # Description: starts nginx using start-stop-daemon 11 | ### END INIT INFO 12 | 13 | PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 14 | DAEMON={{nginx_sbin_path}} 15 | NAME=nginx 16 | DESC=nginx 17 | PID={{nginx_pid}} 18 | 19 | # Include nginx defaults if available 20 | if [ -f /etc/default/nginx ]; then 21 | . /etc/default/nginx 22 | fi 23 | 24 | test -x $DAEMON || exit 0 25 | 26 | set -e 27 | 28 | . /lib/lsb/init-functions 29 | 30 | test_nginx_config() { 31 | if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then 32 | return 0 33 | else 34 | $DAEMON -t $DAEMON_OPTS 35 | return $? 36 | fi 37 | } 38 | 39 | case "$1" in 40 | start) 41 | echo -n "Starting $DESC: " 42 | test_nginx_config 43 | # Check if the ULIMIT is set in /etc/default/nginx 44 | if [ -n "$ULIMIT" ]; then 45 | # Set the ulimits 46 | ulimit $ULIMIT 47 | fi 48 | start-stop-daemon --start --quiet --pidfile $PID \ 49 | --exec $DAEMON -- $DAEMON_OPTS || true 50 | echo "$NAME." 51 | ;; 52 | 53 | stop) 54 | echo -n "Stopping $DESC: " 55 | start-stop-daemon --stop --quiet --pidfile $PID \ 56 | --exec $DAEMON || true 57 | echo "$NAME." 58 | ;; 59 | 60 | restart|force-reload) 61 | echo -n "Restarting $DESC: " 62 | start-stop-daemon --stop --quiet --pidfile \ 63 | $PID --exec $DAEMON || true 64 | sleep 1 65 | test_nginx_config 66 | start-stop-daemon --start --quiet --pidfile \ 67 | $PID --exec $DAEMON -- $DAEMON_OPTS || true 68 | echo "$NAME." 69 | ;; 70 | 71 | reload) 72 | echo -n "Reloading $DESC configuration: " 73 | test_nginx_config 74 | start-stop-daemon --stop --signal HUP --quiet --pidfile $PID \ 75 | --exec $DAEMON || true 76 | echo "$NAME." 77 | ;; 78 | 79 | configtest|testconfig) 80 | echo -n "Testing $DESC configuration: " 81 | if test_nginx_config; then 82 | echo "$NAME." 83 | else 84 | exit $? 85 | fi 86 | ;; 87 | 88 | status) 89 | status_of_proc -p $PID "$DAEMON" nginx && exit 0 || exit $? 90 | ;; 91 | *) 92 | echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2 93 | exit 1 94 | ;; 95 | esac 96 | 97 | exit 0 98 | -------------------------------------------------------------------------------- /tasks/modules_prepare.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # file: nginx/tasks/modules_prepare.yml 3 | 4 | - include: modules_prepare/http_stub_status_module.yml 5 | when: "{{ nginx_modules.http_stub_status_module is defined and ( nginx_modules.http_stub_status_module == true or nginx_modules.http_stub_status_module == 'True' ) }}" 6 | 7 | - include: modules_prepare/http_ssl_module.yml 8 | when: "{{ nginx_modules.http_ssl_module is defined and ( nginx_modules.http_ssl_module == true or nginx_modules.http_ssl_module == 'True' ) }}" 9 | 10 | - include: modules_prepare/http_gzip_static_module.yml 11 | when: "{{ nginx_modules.http_gzip_static_module is defined and ( nginx_modules.http_gzip_static_module == true or nginx_modules.http_gzip_static_module == 'True' ) }}" 12 | 13 | - include: modules_prepare/upload_progress_module.yml 14 | when: "{{ nginx_modules.upload_progress_module is defined and ( nginx_modules.upload_progress_module == true or nginx_modules.upload_progress_module == 'True' ) }}" 15 | 16 | - include: modules_prepare/headers_more_module.yml 17 | when: "{{ nginx_modules.headers_more_module is defined and ( nginx_modules.headers_more_module == true or nginx_modules.headers_more_module == 'True' ) }}" 18 | 19 | - include: modules_prepare/http_auth_request_module.yml 20 | when: "{{ nginx_modules.http_auth_request_module is defined and ( nginx_modules.http_auth_request_module == true or nginx_modules.http_auth_request_module == 'True' ) }}" 21 | 22 | - include: modules_prepare/http_echo_module.yml 23 | when: "{{ nginx_modules.http_echo_module is defined and ( nginx_modules.http_echo_module == true or nginx_modules.http_echo_module == 'True' ) }}" 24 | 25 | - include: modules_prepare/google_perftools_module.yml 26 | when: "{{ nginx_modules.google_perftools_module is defined and ( nginx_modules.google_perftools_module == true or nginx_modules.google_perftools_module == 'True' ) }}" 27 | 28 | - include: modules_prepare/ipv6_module.yml 29 | when: "{{ nginx_modules.ipv6_module is defined and ( nginx_modules.ipv6_module == true or nginx_modules.ipv6_module == 'True' ) }}" 30 | 31 | - include: modules_prepare/http_realip_module.yml 32 | when: "{{ nginx_modules.http_realip_module is defined and ( nginx_modules.http_realip_module == true or nginx_modules.http_realip_module == 'True' ) }}" 33 | 34 | - include: modules_prepare/naxsi_module.yml 35 | when: "{{ nginx_modules.naxsi_module is defined and ( nginx_modules.naxsi_module == true or nginx_modules.naxsi_module == 'True' ) }}" 36 | 37 | - include: modules_prepare/ngx_http_sub_module.yml 38 | when: "{{ nginx_modules.ngx_http_sub_module is defined and ( nginx_modules.ngx_http_sub == true or nginx_modules.ngx_http_sub_module == 'True' ) }}" 39 | 40 | - include: modules_prepare/ngx_pagespeed_module.yml 41 | when: "{{ nginx_modules.ngx_pagespeed_module is defined and ( nginx_modules.ngx_pagespeed == true or nginx_modules.ngx_pagespeed_module == 'True' ) }}" 42 | 43 | - include: modules_prepare/passenger_module.yml 44 | when: "{{ nginx_modules.passenger_module is defined and ( nginx_modules.passenger_module == true or nginx_modules.passenger_module == 'True' ) }}" 45 | 46 | 47 | -------------------------------------------------------------------------------- /tasks/modules_install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # file: nginx/tasks/modules_install.yml 3 | 4 | - include: modules_install/http_stub_status_module.yml 5 | when: "{{ nginx_modules.http_stub_status_module is defined and ( nginx_modules.http_stub_status_module == true or nginx_modules.http_stub_status_module == 'True' ) }}" 6 | 7 | - include: modules_install/http_ssl_module.yml 8 | when: "{{ nginx_modules.http_ssl_module is defined and ( nginx_modules.http_ssl_module == true or nginx_modules.http_ssl_module == 'True' ) }}" 9 | 10 | - include: modules_install/http_gzip_static_module.yml 11 | when: "{{ nginx_modules.http_gzip_static_module is defined and ( nginx_modules.http_gzip_static_module == true or nginx_modules.http_gzip_static_module == 'True' ) }}" 12 | 13 | - include: modules_install/upload_progress_module.yml 14 | when: "{{ nginx_modules.upload_progress_module is defined and ( nginx_modules.upload_progress_module == true or nginx_modules.upload_progress_module == 'True' ) }}" 15 | 16 | - include: modules_install/headers_more_module.yml 17 | when: "{{ nginx_modules.headers_more_module is defined and ( nginx_modules.headers_more_module == true or nginx_modules.headers_more_module == 'True' ) }}" 18 | 19 | - include: modules_install/http_auth_request_module.yml 20 | when: "{{ nginx_modules.http_auth_request_module is defined and ( nginx_modules.http_auth_request_module == true or nginx_modules.http_auth_request_module == 'True' ) }}" 21 | 22 | - include: modules_install/http_echo_module.yml 23 | when: "{{ nginx_modules.http_echo_module is defined and ( nginx_modules.http_echo_module == true or nginx_modules.http_echo_module == 'True' ) }}" 24 | 25 | - include: modules_install/google_perftools_module.yml 26 | when: "{{ nginx_modules.google_perftools_module is defined and ( nginx_modules.google_perftools_module == true or nginx_modules.google_perftools_module == 'True' ) }}" 27 | 28 | - include: modules_install/ipv6_module.yml 29 | when: "{{ nginx_modules.ipv6_module is defined and ( nginx_modules.ipv6_module == true or nginx_modules.ipv6_module == 'True' ) }}" 30 | 31 | - include: modules_install/http_realip_module.yml 32 | when: "{{ nginx_modules.http_realip_module is defined and ( nginx_modules.http_realip_module == true or nginx_modules.http_realip_module == 'True' ) }}" 33 | 34 | - include: modules_install/naxsi_module.yml 35 | when: "{{ nginx_modules.naxsi_module is defined and ( nginx_modules.naxsi_module == true or nginx_modules.naxsi_module == 'True' ) }}" 36 | 37 | - include: modules_install/ngx_http_sub_module.yml 38 | when: "{{ nginx_modules.ngx_http_sub_module is defined and ( nginx_modules.ngx_http_sub_module == true or nginx_modules.ngx_http_sub_module == 'True' ) }}" 39 | 40 | - include: modules_install/ngx_pagespeed_module.yml 41 | when: "{{ nginx_modules.ngx_pagespeed_module is defined and ( nginx_modules.ngx_pagespeed_module == true or nginx_modules.ngx_pagespeed_module == 'True' ) }}" 42 | 43 | - include: modules_install/geoip_module.yml 44 | when: "{{ nginx_modules.geoip_module is defined and ( nginx_modules.geoip_module == true or nginx_modules.geoip_module == 'True' ) }}" 45 | 46 | - include: modules_install/passenger_module.yml 47 | when: "{{ nginx_modules.passenger_module is defined and ( nginx_modules.passenger_module == true or nginx_modules.passenger_module == 'True' ) }}" 48 | 49 | 50 | -------------------------------------------------------------------------------- /templates/nginx.conf.j2: -------------------------------------------------------------------------------- 1 | user {{nginx_user}}{% if nginx_user != nginx_group%} {{nginx_group}}{% endif %}; 2 | worker_processes {{nginx_worker_processes}}; 3 | {% if nginx_daemon_disable %} 4 | daemon off; 5 | {% endif %} 6 | {% if nginx_worker_rlimit_nofile %} 7 | worker_rlimit_nofile {{nginx_worker_rlimit_nofile}}; 8 | {% endif %} 9 | 10 | error_log {{nginx_log_dir}}/{{nginx_error_log_filename}}{% if nginx_error_log_options %} {{nginx_error_log_options}}{% endif %}; 11 | pid {{nginx_pid}}; 12 | 13 | events { 14 | worker_connections {{nginx_worker_connections}}; 15 | {% if nginx_multi_accept %} 16 | multi_accept on; 17 | {% endif %} 18 | {% if nginx_event %} 19 | use {{nginx_event}}; 20 | {% endif %} 21 | } 22 | 23 | 24 | http { 25 | {% if nginx_modules.naxsi_module is defined and nginx_modules.naxsi_module == true %} 26 | include {{nginx_dir}}/naxsi_core.rules; 27 | {% endif %} 28 | 29 | include {{nginx_dir}}/mime.types; 30 | default_type application/octet-stream; 31 | 32 | {% if nginx_charset %} 33 | charset {{nginx_charset}}; 34 | {% endif %} 35 | 36 | {% if nginx_disable_access_log %} 37 | access_log off; 38 | {% else %} 39 | {% for log in nginx_access_logs %} 40 | log_format {{log['name']}} {{log['format']}}; 41 | access_log {{nginx_log_dir}}/{{log['filename']}} {{log['name']}}{% if log['options'] %} {{log['options']}}{% endif %}; 42 | {% endfor %} 43 | {% endif %} 44 | {% if nginx_server_tokens %} 45 | server_tokens {{nginx_server_tokens}}; 46 | {% endif %} 47 | 48 | sendfile {{nginx_sendfile}}; 49 | tcp_nopush on; 50 | tcp_nodelay on; 51 | 52 | {% if nginx_keepalive == 'on' %} 53 | # Timeouts 54 | keepalive_timeout {{nginx_keepalive_timeout}}; 55 | client_body_timeout {{nginx_client_body_timeout}}; 56 | client_header_timeout {{nginx_client_header_timeout}}; 57 | send_timeout {{nginx_send_timeout}}; 58 | {% endif %} 59 | 60 | gzip {{nginx_gzip}}; 61 | {% if nginx_gzip == 'on' %} 62 | gzip_http_version {{nginx_gzip_http_version}}; 63 | gzip_comp_level {{nginx_gzip_comp_level}}; 64 | gzip_proxied {{nginx_gzip_proxied}}; 65 | gzip_vary {{nginx_gzip_vary}}; 66 | {% if nginx_gzip_buffers %} 67 | gzip_buffers {{nginx_gzip_buffers}}; 68 | {% endif %} 69 | gzip_types {{nginx_gzip_types|join(' ')}}; 70 | gzip_min_length {{nginx_gzip_min_length}}; 71 | gzip_disable "{{nginx_gzip_disable}}"; 72 | {% endif %} 73 | 74 | {% if nginx_buffers == 'on' %} 75 | client_body_buffer_size {{nginx_client_body_buffer_size}}; 76 | client_header_buffer_size {{nginx_client_header_buffer_size}}; 77 | client_max_body_size {{nginx_client_max_body_size}}; 78 | large_client_header_buffers {{nginx_large_client_header_buffers}}; 79 | {% endif %} 80 | 81 | server_names_hash_bucket_size {{nginx_server_names_hash_bucket_size}}; 82 | types_hash_max_size {{nginx_types_hash_max_size}}; 83 | types_hash_bucket_size {{nginx_types_hash_bucket_size}}; 84 | {% if nginx_proxy_read_timeout %} 85 | proxy_read_timeout {{nginx_proxy_read_timeout}}; 86 | {% endif %} 87 | 88 | {% if nginx_enable_rate_limiting %} 89 | limit_req_zone $binary_remote_addr zone={{nginx_rate_limiting_zone_name}}:{{nginx_rate_limiting_backoff}} rate={{nginx_rate_limit}}; 90 | {% endif %} 91 | 92 | include {{nginx_dir}}/conf.d/*.conf; 93 | include {{nginx_dir}}/sites-enabled/*; 94 | } 95 | -------------------------------------------------------------------------------- /tasks/prepare.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - include: "modules_prepare.yml" 4 | 5 | - name: Nginx Prepare | Make sure the nginx directory exists 6 | file: 7 | path: "{{ nginx_dir }}" 8 | owner: root 9 | group: root 10 | mode: 0755 11 | state: directory 12 | 13 | 14 | - name: Nginx Prepare | Test for presence of randomized server string 15 | shell: "cat '{{ nginx_dir }}'/.randomized_server_string || echo ''" 16 | register: old_randomized_string_output 17 | when: "{{ nginx_use_randomized_server_string == true or nginx_use_randomized_server_string == 'True' }}" 18 | 19 | 20 | - name: Nginx Prepare | Generate randomized server string 21 | set_fact: 22 | nginx_randomized_server_string: "{% if old_randomized_string_output.stdout == '' %}{% for i in range(1, 20 + (10|random)) %}{{ ['A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','0','1','2','3','4','5','6','7','8','9'] 23 | | random }}{% endfor %}{% else %}{{old_randomized_string_output.stdout}}{% endif %}" 24 | when: "{{ nginx_use_randomized_server_string == true or nginx_use_randomized_server_string == 'True' }}" 25 | 26 | 27 | - name: Nginx Prepare | Save randomized server string 28 | shell: "echo '{{nginx_randomized_server_string}}' > '{{nginx_dir}}'/.randomized_server_string" 29 | when: "{{ nginx_use_randomized_server_string == true or nginx_use_randomized_server_string == 'True' }}" 30 | 31 | 32 | - name: Nginx Prepare | Set preferred server string 33 | set_fact: 34 | nginx_server_string: "{% if nginx_use_randomized_server_string == true or nginx_use_randomized_server_string == 'True' %}{{nginx_randomized_server_string}}{% elif nginx_use_custom_server_string == true or nginx_use_custom_server_string == 'True' %}{{nginx_custom_server_string}}{% else %}{{''}}{% endif %}" 35 | 36 | 37 | - name: Nginx Prepare | Get old configuration checksum 38 | shell: "if [ -e '{{nginx_dir}}/.nginx_compile_configuration' ] ; then sha256sum '{{nginx_dir}}/.nginx_compile_configuration' | awk ' { print $1 } ' ; else echo 'N/A' ; fi" 39 | register: old_checksum 40 | 41 | - name: Nginx Prepare | Get old user configuration checksum 42 | shell: "if [ -e '{{nginx_dir}}/.nginx_user_configuration' ] ; then sha256sum '{{nginx_dir}}/.nginx_user_configuration' | awk ' { print $1 } ' ; else echo 'N/A' ; fi" 43 | register: old_user_checksum 44 | 45 | - name: Nginx Prepare | Save new configuration 46 | shell: " echo \"{{nginx_revision}}\\n{{nginx_repo}}\\n{{nginx_server_string}}\\n{{nginx_configure_flags}}\\n\" > '{{nginx_dir}}/.nginx_compile_configuration.new'" 47 | 48 | - name: Nginx Prepare | Save new user configuration 49 | shell: " echo \"{{nginx_user}}\\n{{nginx_group}}\\n{{nginx_uid}}\\n{{nginx_gid}}\\n\" > '{{nginx_dir}}/.nginx_user_configuration.new'" 50 | 51 | 52 | - name: Nginx Prepare | Get new configuration checksum 53 | shell: "if [ -e '{{nginx_dir}}/.nginx_compile_configuration.new' ] ; then sha256sum '{{nginx_dir}}/.nginx_compile_configuration.new' | awk ' { print $1 } ' ; else echo 'N/A' ; fi" 54 | register: new_checksum 55 | 56 | - name: Nginx Prepare | Get new user configuration checksum 57 | shell: "if [ -e '{{nginx_dir}}/.nginx_user_configuration.new' ] ; then sha256sum '{{nginx_dir}}/.nginx_user_configuration.new' | awk ' { print $1 } ' ; else echo 'N/A' ; fi" 58 | register: new_user_checksum 59 | 60 | 61 | -------------------------------------------------------------------------------- /tasks/modules_configure/geoip_module.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Nginx Configure | Create geoip data directory for nginx when geoip module is enabled 4 | file: 5 | path: "{{ nginx_dir }}/geoip" 6 | owner: root 7 | group: root 8 | state: directory 9 | mode: 0755 10 | when: "{{ nginx_modules.geoip_module is defined and ( nginx_modules.geoip_module == true or nginx_modules.geoip_module == 'True' ) }}" 11 | 12 | - name: Nginx Configure | Download geoip country data when geoip module is enabled 13 | get_url: 14 | url: "{{ nginx_geoip_country_url }}" 15 | dest: "{{ nginx_dir }}/geoip/GeoIP.dat.gz" 16 | force: no 17 | when: "{{ nginx_modules.geoip_module is defined and ( nginx_modules.geoip_module == true or nginx_modules.geoip_module == 'True' ) }}" 18 | 19 | - name: Nginx Configure | Download geoip country data when geoip module is enabled 20 | get_url: 21 | url: "{{nginx_geoip_city_url}}" 22 | dest: "{{nginx_dir}}/geoip/GeoLiteCity.dat.gz" 23 | force: no 24 | when: "{{ nginx_modules.geoip_module is defined and ( nginx_modules.geoip_module == true or nginx_modules.geoip_module == 'True' ) }}" 25 | 26 | - name: Nginx Configure | Extract geoip data when geoip module is enabled 27 | shell: > 28 | gunzip -c "{{ nginx_dir }}/geoip/GeoLiteCity.dat.gz" > "{{ nginx_dir }}/geoip/GeoLiteCity.dat" && 29 | gunzip -c "{{ nginx_dir }}/geoip/GeoIP.dat.gz" > "{{ nginx_dir }}/geoip/GeoIP.dat" 30 | args: 31 | creates: "{{ nginx_dir }}/geoip/GeoIP.dat" 32 | when: "{{ nginx_modules.geoip_module is defined and ( nginx_modules.geoip_module == true or nginx_modules.geoip_module == 'True' ) }}" 33 | 34 | - name: Nginx Configure | Set cron.monthly script to periodically update geoip data when geoip module is enabled 35 | template: 36 | src: templates/modules/geoip_update.j2 37 | dest: "/etc/cron.monthly/geoip_update" 38 | owner: root 39 | group: root 40 | mode: 0755 41 | when: "{{ nginx_modules.geoip_module is defined and ( nginx_modules.geoip_module == true or nginx_modules.geoip_module == 'True' ) }}" 42 | 43 | 44 | - name: Nginx Configure | Update geoip configuration file for nginx when geoip module is enabled 45 | template: 46 | src: templates/modules/geoip_conf.j2 47 | dest: "{{nginx_dir}}/conf.d/geoip.conf" 48 | owner: root 49 | group: root 50 | mode: 0644 51 | notify: 52 | - reload nginx 53 | when: "{{ nginx_modules.geoip_module is defined and ( nginx_modules.geoip_module == true or nginx_modules.geoip_module == 'True' ) }}" 54 | 55 | 56 | - name: Nginx Configure | Remove cron.monthly geoip update script when geoip module is disabled 57 | file: 58 | path: "/etc/cron.monthly/geoip_update" 59 | state: absent 60 | when: "{{ nginx_modules.geoip_module is not defined or nginx_modules.geoip_module == false or nginx_modules.geoip_module == 'False' }}" 61 | 62 | - name: Nginx Configure | Remove nginx geoip directory and files when geoip module is disabled 63 | file: 64 | path: "{{ nginx_dir }}/geoip" 65 | state: absent 66 | when: "{{ nginx_modules.geoip_module is not defined or nginx_modules.geoip_module == false or nginx_modules.geoip_module == 'False' }}" 67 | 68 | 69 | - name: Nginx Configure | Remove geoip configuration file for nginx when geoip module is disabled 70 | file: 71 | path: "{{ nginx_dir }}/conf.d/geoip.conf" 72 | state: absent 73 | notify: 74 | - reload nginx 75 | when: "{{ nginx_modules.geoip_module is not defined or nginx_modules.geoip_module == false or nginx_modules.geoip_module == 'False' }}" 76 | 77 | -------------------------------------------------------------------------------- /files/mime.types: -------------------------------------------------------------------------------- 1 | types { 2 | text/html html htm shtml; 3 | text/css css; 4 | text/xml xml; 5 | image/gif gif; 6 | image/jpeg jpeg jpg; 7 | application/x-javascript js; 8 | application/json json; 9 | application/atom+xml atom; 10 | application/rss+xml rss; 11 | text/mathml mml; 12 | text/plain txt; 13 | text/vnd.sun.j2me.app-descriptor jad; 14 | text/vnd.wap.wml wml; 15 | text/x-component htc; 16 | image/png png; 17 | image/tiff tif tiff; 18 | image/vnd.wap.wbmp wbmp; 19 | image/x-icon ico; 20 | image/x-jng jng; 21 | image/x-ms-bmp bmp; 22 | image/svg+xml svg svgz; 23 | image/webp webp; 24 | application/java-archive jar war ear; 25 | application/mac-binhex40 hqx; 26 | application/msword doc; 27 | application/pdf pdf; 28 | application/postscript ps eps ai; 29 | application/rtf rtf; 30 | application/vnd.ms-excel xls; 31 | application/vnd.ms-powerpoint ppt; 32 | application/vnd.wap.wmlc wmlc; 33 | application/vnd.google-earth.kml+xml kml; 34 | application/vnd.google-earth.kmz kmz; 35 | application/x-7z-compressed 7z; 36 | application/x-cocoa cco; 37 | application/x-java-archive-diff jardiff; 38 | application/x-java-jnlp-file jnlp; 39 | application/x-makeself run; 40 | application/x-perl pl pm; 41 | application/x-pilot prc pdb; 42 | application/x-rar-compressed rar; 43 | application/x-redhat-package-manager rpm; 44 | application/x-sea sea; 45 | application/x-shockwave-flash swf; 46 | application/x-stuffit sit; 47 | application/x-tcl tcl tk; 48 | application/x-x509-ca-cert der pem crt; 49 | application/x-xpinstall xpi; 50 | application/xhtml+xml xhtml; 51 | application/zip zip; 52 | application/octet-stream bin exe dll; 53 | application/octet-stream deb; 54 | application/octet-stream dmg; 55 | application/octet-stream eot; 56 | application/octet-stream iso img; 57 | application/octet-stream msi msp msm; 58 | audio/midi mid midi kar; 59 | audio/mpeg mp3; 60 | audio/ogg ogg; 61 | audio/x-m4a m4a; 62 | audio/x-realaudio ra; 63 | video/3gpp 3gpp 3gp; 64 | video/mp4 mp4; 65 | video/mpeg mpeg mpg; 66 | video/quicktime mov; 67 | video/webm webm; 68 | video/x-flv flv; 69 | video/x-m4v m4v; 70 | video/x-mng mng; 71 | video/x-ms-asf asx asf; 72 | video/x-ms-wmv wmv; 73 | video/x-msvideo avi; 74 | } 75 | -------------------------------------------------------------------------------- /templates/site.j2: -------------------------------------------------------------------------------- 1 | server 2 | { 3 | server_name {% if item.server['server_name'] is defined %}{{item.server['server_name']}}{% else %}{{inventory_hostname}}{% endif %}; 4 | {% if item.server['listen'] is defined and item.server['listen'] is not string and item.server['listen'] is iterable %} 5 | {% for v in listen %} 6 | listen {{v}}; 7 | {% endfor %} 8 | {% elif item.server['listen'] is defined %} 9 | listen {{item.server['listen']}}; 10 | {% elif item.server['listen'] is not defined and item.server['ssl_certificate'] is defined and item.server['ssl_certificate_key'] is defined %} 11 | listen 443; 12 | {% else %} 13 | listen 80; 14 | {% endif %} 15 | {% if item.server['ssl_certificate'] is defined and item.server['ssl_certificate_key'] is defined %} 16 | ssl {% if item.server['ssl'] is defined %}{{item.server['ssl']}}{% else %}on{% endif %}; 17 | ssl_certificate {{item.server['ssl_certificate']}}; 18 | ssl_certificate_key {{item.server['ssl_certificate_key']}}; 19 | 20 | ssl_session_cache {% if item.server['ssl_session_cache'] is defined %}{{item.server['ssl_session_cache']}}{% else %}builtin:1000 shared:SSL:10m{% endif %}; 21 | ssl_protocols {% if item.server['ssl_protocols'] is defined %}{{item.server['ssl_protocols']}}{% else %}TLSv1 TLSv1.1 TLSv1.2{% endif %}; 22 | ssl_ciphers {% if item.server['ssl_ciphers'] is defined %}{{item.server['ssl_ciphers']}}{% else %}HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4{% endif %}; 23 | ssl_prefer_server_ciphers {% if item.server['ssl_prefer_server_ciphers'] is defined %}{{item.server['ssl_prefer_server_ciphers']}}{% else %}on{% endif %}; 24 | {% endif %} 25 | 26 | {% for k,v in item.server.iteritems() %} 27 | {% if nginx_site_template_special_variables[k] is not defined %} 28 | {% if v is not string and v is iterable %} 29 | {% for lv in v %} 30 | {{ k }} {{ lv }}; 31 | {% endfor %} 32 | {% else %} 33 | {{ k }} {{ v }}; 34 | {% endif %} 35 | {% endif %} 36 | {% endfor %} 37 | {% if item.server.disable_gnu_terry_pratchett is not defined %} 38 | add_header X-Clacks-Overhead "GNU Terry Pratchett"; 39 | {% endif %} 40 | 41 | {% if item.server.locations is defined and item.server.locations is not string and item.server.locations is iterable %} 42 | {% for location in item.server.locations %} 43 | {% if location.location['match'] is defined %} 44 | location {{location.location['match']}} 45 | { 46 | {% for k,v in location.location.iteritems() if k != 'match' %} 47 | {% if v is not string and v is iterable %} 48 | {% for lv in v %} 49 | {{ k }} {{ lv }}; 50 | {% endfor %} 51 | {% else %} 52 | {{ k }} {{ v }}; 53 | {% endif %} 54 | {% endfor %} 55 | } 56 | {% endif %} 57 | {% endfor %} 58 | {% endif %} 59 | 60 | {% if item.server.enable_php is defined and item.server.enable_php == true %} 61 | #php 62 | location {% if item.server['php_location_match'] is defined %}{{item.server['php_location_match']}}{% else %} ~ '\.php$'{% endif %}{{ "\n\t{\n" }} 63 | try_files $uri =404; 64 | fastcgi_pass {% if item.server['php_fastcgi_socket'] is defined %}{{item.server['php_fastcgi_socket']}}{% else %}unix:/var/run/php5-fpm.sock{% endif %}; 65 | include {{ nginx_dir }}/fastcgi.conf; 66 | } 67 | {% endif %} 68 | 69 | {% if item.server.enable_fcgiwrap is defined and item.server.enable_fcgiwrap == true %} 70 | #fcgiwrap 71 | location {% if item.server['fcgiwrap_location_match'] is defined %}{{item.server['fcgiwrap_location_match']}}{% else %} ~ '\.cgi$'{% endif %}{{ "\n\t{\n" }} 72 | try_files $uri =404; 73 | fastcgi_pass {% if item.server['fcgiwrap_fastcgi_socket'] is defined %}{{item.server['fcgiwrap_fastcgi_socket']}}{% else %}unix:/var/run/fcgiwrap5-fpm.sock{% endif %}; 74 | include {{ nginx_dir }}/fastcgi.conf; 75 | } 76 | {% endif %} 77 | 78 | } 79 | -------------------------------------------------------------------------------- /tasks/configure.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Nginx Configure | Install the init script 4 | template: 5 | src: nginx.init.j2 6 | dest: /etc/init.d/nginx 7 | owner: root 8 | group: root 9 | mode: 0755 10 | notify: 11 | - restart nginx 12 | 13 | 14 | - name: Nginx Configure | Test if we are using systemd 15 | shell: "if [ -d /lib/systemd/system ] ; then echo 'true' ; else echo 'false' ; fi" 16 | register: have_systemd 17 | 18 | 19 | - name: Nginx Configure | Install the systemd script if using systemd 20 | template: 21 | src: nginx.service.systemd.j2 22 | dest: /lib/systemd/system/nginx.service 23 | owner: root 24 | group: root 25 | mode: 0644 26 | when: "{{ have_systemd.stdout == 'true' }}" 27 | notify: 28 | - restart nginx 29 | 30 | - name: Create Systemd symlink for nginx 31 | file: 32 | dest: "/etc/systemd/system/nginx.service" 33 | src: "/lib/systemd/system/nginx.service" 34 | state: link 35 | force: yes 36 | when: "{{ have_systemd.stdout == 'true' }}" 37 | notify: 38 | - restart nginx 39 | 40 | 41 | - name: Nginx Configure | Reload scripts if using systemd 42 | shell: "systemctl daemon-reload" 43 | when: "{{ have_systemd.stdout == 'true' }}" 44 | 45 | 46 | - name: Nginx Configure | Register Nginx as a service 47 | service: 48 | name: nginx 49 | enabled: yes 50 | 51 | 52 | - name: Nginx Configure | Install the nxensite and nxdissite scripts 53 | template: 54 | src: "{{item}}.j2" 55 | dest: "/usr/sbin/{{ item }}" 56 | owner: root 57 | group: root 58 | mode: 0755 59 | with_items: ["nxensite", "nxdissite"] 60 | notify: 61 | - reload nginx 62 | 63 | 64 | - name: Nginx Configure | Make sure the mime.types file is up to date 65 | copy: 66 | src: mime.types 67 | dest: "{{ nginx_dir }}/mime.types" 68 | owner: root 69 | group: root 70 | mode: 0644 71 | notify: 72 | - reload nginx 73 | 74 | 75 | - name: Nginx Configure | Make sure the Nginx configuration is updated 76 | template: 77 | src: nginx.conf.j2 78 | dest: "{{ nginx_dir }}/nginx.conf" 79 | owner: root 80 | group: root 81 | mode: 0644 82 | notify: 83 | - reload nginx 84 | 85 | - include: "modules_configure.yml" 86 | 87 | 88 | #sites 89 | 90 | - name: Nginx Configure | Update the configurations for the sites inventory 91 | template: 92 | src: "{{ item.template|default('site.j2') }}" 93 | dest: "{{ nginx_dir }}/sites-available/{{ item.server.name }}" 94 | with_items: "{{ nginx_sites }}" 95 | when: "{{ nginx_sites|lower != 'none' }}" 96 | 97 | 98 | # example 99 | 100 | - include: 'example.yml' 101 | when: nginx_enable_example == true 102 | 103 | 104 | 105 | # enable/disable sites 106 | 107 | - name: Nginx Configure | Enable sites 108 | file: 109 | path: "{{ nginx_dir }}/sites-enabled/{{ item.server.name }}" 110 | src: "{{ nginx_dir }}/sites-available/{{ item.server.name }}" 111 | state: link 112 | with_items: "{{ nginx_sites }}" 113 | when: "{{ nginx_sites|lower != 'none' and nginx_enabled_sites|lower != 'none' and item.server.name in nginx_enabled_sites }}" 114 | notify: 115 | - reload nginx 116 | 117 | 118 | - name: Nginx Configure | Ensure sites not enabled are disabled 119 | file: 120 | path: "{{ nginx_dir }}/sites-enabled/{{ item.server.name }}" 121 | state: absent 122 | with_items: "{{ nginx_sites }}" 123 | when: "{{ nginx_sites|lower != 'none' and ( nginx_enabled_sites|lower == 'none' or item.server.name not in nginx_enabled_sites ) }}" 124 | notify: 125 | - reload nginx 126 | 127 | 128 | # monit support 129 | - name: Ensure monit is installed when monit protection enabled 130 | apt: 131 | pkg: "monit" 132 | state: present 133 | when: "{{ nginx_monit_protection == true or nginx_monit_protection == 'True' }}" 134 | 135 | - name: Nginx Configure | Create the nginx monit service file when monit protection enabled 136 | template: 137 | src: etc_monit_conf.d_nginx.j2 138 | dest: /etc/monit/conf.d/nginx 139 | notify: 140 | - restart monit 141 | when: "{{ nginx_monit_protection == true or nginx_monit_protection == 'True' }}" 142 | 143 | - name: Nginx Configure | Remove the nginx monit service file when monit protection disabled 144 | file: 145 | path: /etc/monit/conf.d/nginx 146 | state: absent 147 | when: "{{ nginx_monit_protection == false or nginx_monit_protection == 'False' }}" 148 | 149 | -------------------------------------------------------------------------------- /tasks/install.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | 4 | 5 | # If Nginx or php5-fpm running stop them 6 | - name: Nginx Install | Shut down nginx if it is running 7 | shell: "pkill nginx || echo ''" 8 | when: "{{ old_user_checksum.stdout != new_user_checksum.stdout }}" 9 | 10 | - name: Nginx Install | Shut down php-fpm if it is running 11 | shell: "pkill php || echo ''" 12 | when: "{{ old_user_checksum.stdout != new_user_checksum.stdout }}" 13 | 14 | 15 | # Nginx User/Group 16 | - name: Nginx Install | Make sure the nginx group is present 17 | group: 18 | gid: "{{ nginx_gid }}" 19 | name: "{{ nginx_group }}" 20 | state: present 21 | when: "{{ old_user_checksum.stdout != new_user_checksum.stdout }}" 22 | 23 | - name: Nginx Install | Make sure the www directory is present 24 | file: 25 | path: "{{ nginx_www_dir }}" 26 | state: directory 27 | when: "{{ old_user_checksum.stdout != new_user_checksum.stdout }}" 28 | 29 | - name: Nginx Install | Make sure the nginx user is present 30 | user: 31 | name: "{{ nginx_user }}" 32 | uid: "{{ nginx_uid }}" 33 | group: "{{ nginx_group }}" 34 | comment: "Nginx user" 35 | home: "{{ nginx_www_dir }}" 36 | shell: /bin/false 37 | state: present 38 | system: yes 39 | when: "{{ old_user_checksum.stdout != new_user_checksum.stdout }}" 40 | 41 | - name: Nginx Install | Set the right directory permissions for the www directory 42 | file: 43 | path: "{{ nginx_www_dir }}" 44 | owner: "{{ nginx_user }}" 45 | group: "{{ nginx_group }}" 46 | mode: 0755 47 | state: directory 48 | when: "{{ old_user_checksum.stdout != new_user_checksum.stdout }}" 49 | 50 | - name: Nginx Install | Set the right expiration on the nginx user 51 | shell: "chage -I -1 -E -1 -m -1 -M -1 -W -1 -E -1 {{nginx_user}} && grep {{nginx_user}} /etc/shadow" 52 | become: yes 53 | when: "{{ old_user_checksum.stdout != new_user_checksum.stdout }}" 54 | 55 | 56 | # Nginx directories 57 | 58 | - name: Nginx Install | Make sure the nginx directory exists 59 | file: 60 | path: "{{ nginx_dir }}" 61 | owner: root 62 | group: root 63 | mode: 0755 64 | state: directory 65 | 66 | - name: Nginx Install | Make sure the nginx log directory exists 67 | file: 68 | path: "{{ nginx_log_dir }}" 69 | owner: root 70 | group: root 71 | mode: 0755 72 | state: directory 73 | 74 | - name: Nginx Install | Make sure the sites-available, sites-enabled and conf.d directories exist 75 | file: 76 | path: "{{ nginx_dir }}/{{ item }}" 77 | owner: root 78 | group: root 79 | mode: 0755 80 | state: directory 81 | with_items: ["sites-available", "sites-enabled", "conf.d"] 82 | 83 | 84 | # Build Dependencies 85 | 86 | - name: Nginx Install | Make sure the Nginx build dependencies are installed 87 | apt: 88 | update_cache: yes 89 | pkg: "{{ item }}" 90 | state: present 91 | with_items: 92 | - perl 93 | - build-essential 94 | - git 95 | - mercurial 96 | - libperl-dev 97 | - libcurl4-openssl-dev 98 | - libpcre3 99 | - libpcre3-dev 100 | - libssl-dev 101 | 102 | - name: Nginx Install | Clone the Nginx repo 103 | hg: 104 | repo: "{{ nginx_repo }}" 105 | dest: "{{ nginx_build_dir }}/nginx-repo" 106 | revision: "{{ nginx_revision }}" 107 | purge: "yes" 108 | 109 | - name: Nginx Install | test for presence of configure script 110 | shell: > 111 | if [ ! -e '{{nginx_build_dir}}/nginx-repo/configure' ] && [ -e '{{nginx_build_dir}}/nginx-repo/auto/configure' ] ; then 112 | cp '{{nginx_build_dir}}/nginx-repo/auto/configure' '{{nginx_build_dir}}/nginx-repo/configure' ; 113 | fi 114 | 115 | 116 | - include: "modules_install.yml" 117 | 118 | - name: Nginx Install | Set Server Name 119 | shell: > 120 | cd {{nginx_build_dir}}/nginx-repo && 121 | perl -pi -e "s/\"Server:.*CRLF/\"Server: {{nginx_server_string}}\" CRLF/g" "src/http/ngx_http_header_filter_module.c" && 122 | perl -pi -e "s/\"Server:[\t ]+nginx\"/\"Server: {{nginx_server_string}}\"/g" "src/http/ngx_http_header_filter_module.c" && 123 | perl -pi -e "s/\\.*<\/center\>/
Server Response<\/center>/g" "src/http/ngx_http_special_response.c" 124 | when: "{{ nginx_server_string != '' }}" 125 | 126 | 127 | - name: Nginx Install | Compile the Nginx source 128 | shell: > 129 | cd {{nginx_build_dir}}/nginx-repo && 130 | ./configure {{nginx_configure_flags}} && 131 | make 132 | 133 | 134 | - name: Nginx Install | Shut down nginx if it is running 135 | shell: "pkill nginx || echo ''" 136 | 137 | 138 | - name: Nginx Install | Install the Nginx source 139 | shell: > 140 | cd {{ nginx_build_dir }}/nginx-repo && make install 141 | notify: restart nginx 142 | 143 | 144 | - name: Nginx Install | Remove default html directory created by install 145 | file: 146 | path: "{{nginx_www_dir}}/html" 147 | state: absent 148 | 149 | -------------------------------------------------------------------------------- /files/naxsi_core.rules: -------------------------------------------------------------------------------- 1 | ################################## 2 | ## INTERNAL RULES IDS:1-10 ## 3 | ################################## 4 | #weird_request : 1 5 | #big_body : 2 6 | #no_content_type : 3 7 | 8 | #@MainRule "msg:weird/incorrect request" id:1; 9 | #@MainRule "msg:big request, unparsed" id:2; 10 | #@MainRule "msg:uncommon hex encoding (%00 etc.)" id:10; 11 | #@MainRule "msg:uncommon/empty content-type in POST" id:11; 12 | #@MainRule "msg:uncommon/malformed URL" id:12; 13 | 14 | #MainRule "str:123FREETEXT" "msg:exemple learning test pattern" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:BLOCK" id:0; 15 | 16 | ################################## 17 | ## SQL Injections IDs:1000-1099 ## 18 | ################################## 19 | MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000; 20 | MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001; 21 | MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002; 22 | ## Hardcore rules 23 | MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003; 24 | MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004; 25 | MainRule "str:|" "msg:mysql keyword (|)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005; 26 | MainRule "str:&&" "msg:mysql keyword (&&)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006; 27 | ## end of hardcore rules 28 | MainRule "str:--" "msg:mysql comment (--)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007; 29 | MainRule "str:;" "msg:; in stuff" "mz:BODY|URL|ARGS" "s:$SQL:4,$XSS:8" id:1008; 30 | MainRule "str:=" "msg:equal in var, probable sql/xss" "mz:ARGS|BODY" "s:$SQL:2" id:1009; 31 | MainRule "str:(" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1010; 32 | MainRule "str:)" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1011; 33 | MainRule "str:'" "msg:simple quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1013; 34 | MainRule "str:," "msg:, in stuff" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1015; 35 | MainRule "str:#" "msg:mysql comment (#)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1016; 36 | 37 | ############################### 38 | ## OBVIOUS RFI IDs:1100-1199 ## 39 | ############################### 40 | MainRule "str:http://" "msg:http:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1100; 41 | MainRule "str:https://" "msg:https:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1101; 42 | MainRule "str:ftp://" "msg:ftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1102; 43 | MainRule "str:php://" "msg:php:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1103; 44 | MainRule "str:sftp://" "msg:sftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1104; 45 | MainRule "str:zlib://" "msg:zlib:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1105; 46 | MainRule "str:data://" "msg:data:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1106; 47 | MainRule "str:glob://" "msg:glob:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1107; 48 | MainRule "str:phar://" "msg:phar:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1108; 49 | MainRule "str:file://" "msg:file:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1109; 50 | 51 | ####################################### 52 | ## Directory traversal IDs:1200-1299 ## 53 | ####################################### 54 | MainRule "str:.." "msg:double dot" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1200; 55 | MainRule "str:/etc/passwd" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1202; 56 | MainRule "str:c:\\" "msg:obvious windows path" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203; 57 | MainRule "str:cmd.exe" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1204; 58 | MainRule "str:\\" "msg:backslash" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1205; 59 | #MainRule "str:/" "msg:slash in args" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1206; 60 | 61 | ######################################## 62 | ## Cross Site Scripting IDs:1300-1399 ## 63 | ######################################## 64 | MainRule "str:<" "msg:html open tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1302; 65 | MainRule "str:>" "msg:html close tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1303; 66 | MainRule "str:[" "msg:[, possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1310; 67 | MainRule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; 68 | MainRule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; 69 | MainRule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; 70 | MainRule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; 71 | 72 | #################################### 73 | ## Evading tricks IDs: 1400-1500 ## 74 | #################################### 75 | MainRule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; 76 | MainRule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; 77 | MainRule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; 78 | 79 | ############################# 80 | ## File uploads: 1500-1600 ## 81 | ############################# 82 | MainRule "rx:.ph|.asp|.ht" "msg:asp/php file upload!" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500; 83 | -------------------------------------------------------------------------------- /defaults/main.yml: -------------------------------------------------------------------------------- 1 | # file: nginx/defaults/main.yml 2 | 3 | nginx_install_method: "source" 4 | nginx_repo: "http://hg.nginx.org/nginx" 5 | nginx_revision: "release-1.13.0" 6 | 7 | nginx_user: "www-data" 8 | nginx_group: "www-data" 9 | nginx_uid: 33 10 | nginx_gid: 33 11 | 12 | nginx_dir: "/etc/nginx" 13 | nginx_www_dir: "/var/www" 14 | nginx_log_dir: "/var/log/nginx" 15 | nginx_pid: "/var/run/nginx.pid" 16 | 17 | nginx_conf_path: "{{nginx_dir}}/nginx.conf" 18 | nginx_sbin_path: "/usr/local/sbin/nginx" 19 | 20 | nginx_build_dir: "/tmp/nginx" 21 | 22 | nginx_enable_example: true 23 | 24 | 25 | # set custom server string? 26 | nginx_use_randomized_server_string: false 27 | nginx_randomized_server_string: "" 28 | nginx_use_custom_server_string: false 29 | nginx_custom_server_string: "" 30 | 31 | 32 | # monit 33 | nginx_monit_protection: false 34 | 35 | 36 | # modules 37 | nginx_include_http_stub_status_module: true 38 | nginx_include_http_ssl_module: true 39 | nginx_include_openssl: true 40 | nginx_include_http_gzip_static_module: true 41 | nginx_include_upload_progress_module: true 42 | nginx_include_headers_more_module: true 43 | nginx_include_http_auth_request_module: true 44 | nginx_include_http_echo_module: false 45 | nginx_include_google_perftools_module: true 46 | nginx_include_ipv6_module: true 47 | nginx_include_http_real_ip_module: true 48 | nginx_include_http_v2_module: true 49 | nginx_include_http_perl_module: true 50 | nginx_include_http_sub_module: true 51 | nginx_include_naxsi_module: true 52 | nginx_include_ngx_http_sub_module: false 53 | nginx_include_ngx_pagespeed_module: true 54 | nginx_include_geoip_module: false 55 | nginx_include_passenger_module: false 56 | nginx_include_mail_pop3_module: false 57 | nginx_include_mail_imap_module: false 58 | nginx_include_mail_smtp_module: false 59 | 60 | 61 | 62 | 63 | # nginx.conf 64 | nginx_worker_processes: 4 65 | nginx_daemon_disable: no 66 | nginx_worker_rlimit_nofile: null 67 | nginx_error_log_options: null 68 | nginx_error_log_filename: 'error.log' 69 | nginx_worker_connections: 1024 70 | nginx_multi_accept: 'on' 71 | nginx_event: null 72 | nginx_charset: null 73 | nginx_disable_access_log: no 74 | nginx_server_tokens: 'off' 75 | nginx_sendfile: 'on' 76 | nginx_keepalive: "on" 77 | nginx_keepalive_timeout: "30" 78 | nginx_client_body_timeout: "10" 79 | nginx_client_header_timeout: "10" 80 | nginx_send_timeout: "10" 81 | nginx_buffers: "on" 82 | nginx_client_body_buffer_size: "1k" 83 | nginx_client_header_buffer_size: "1k" 84 | nginx_client_max_body_size: "2m" 85 | nginx_large_client_header_buffers: "2 1k" 86 | nginx_server_names_hash_bucket_size: 64 87 | nginx_types_hash_max_size: 2048 88 | nginx_types_hash_bucket_size: 64 89 | nginx_proxy_read_timeout: null 90 | nginx_enable_rate_limiting: no 91 | nginx_rate_limiting_zone_name: "default" 92 | nginx_rate_limiting_backoff: "10m" 93 | nginx_rate_limit: "1r/s" 94 | nginx_access_logs: 95 | - name: "main" 96 | format: '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"' 97 | options: null 98 | filename: "access.log" 99 | 100 | 101 | # default site 102 | nginx_example_root: "{{nginx_www_dir}}/example" 103 | 104 | # sites 105 | nginx_sites: 106 | - server: 107 | name: example 108 | listen: 80 109 | root: "{{nginx_www_dir}}/example" 110 | error_page: 111 | - "400 406 407 409 410 411 412 413 414 415 416 417 418 422 423 424 425 426 444 449 450 490 /error/400.html" 112 | - "401 /error/401.html" 113 | - "402 /error/402.html" 114 | - "403 /error/403.html" 115 | - "404 /error/404.html" 116 | - "405 /error/405.html" 117 | - "408 /error/408.html" 118 | - "500 506 507 509 510 /error/500.html" 119 | - "501 /error/501.html" 120 | - "502 /error/502.html" 121 | - "503 /error/503.html" 122 | - "504 /error/504.html" 123 | - "505 /error/505.html" 124 | locations: 125 | - location: 126 | match: "/error/403.html" 127 | allow: "all" 128 | 129 | nginx_enabled_sites: [ 'example' ] 130 | 131 | 132 | 133 | # gzip_module 134 | nginx_gzip: 'on' 135 | nginx_gzip_http_version: 1.1 136 | nginx_gzip_comp_level: 2 137 | nginx_gzip_proxied: expired no-cache no-store private auth 138 | nginx_gzip_vary: 'on' 139 | nginx_gzip_buffers: null 140 | nginx_gzip_min_length: 10240 141 | nginx_gzip_types: 142 | - text/plain 143 | - text/css 144 | - text/xml 145 | - text/csv 146 | - text/javascript 147 | - application/x-javascript 148 | - application/xml 149 | - application/xml+rss 150 | - application/javascript 151 | - application/postscript 152 | - application/pdf 153 | - application/ecmascript 154 | - application/json 155 | - image/svg+xml 156 | nginx_gzip_disable: "MSIE [1-6]\\." 157 | 158 | 159 | # http_stub_status_module configuration 160 | nginx_remote_ip_var: "remote_addr" 161 | nginx_authorized_ips: 162 | - "127.0.0.1/32" 163 | 164 | # http_gzip_static_module configuration 165 | nginx_gzip_static: "off" 166 | 167 | 168 | # upload_progress_module configuration 169 | nginx_upload_progress_version: "0.9.1" 170 | nginx_upload_progress_javascript_output: yes 171 | nginx_upload_progress_zone_name: "proxied" 172 | nginx_upload_progress_zone_size: "1m" 173 | nginx_upload_progress_url: "https://github.com/masterzen/nginx-upload-progress-module/archive/v{{nginx_upload_progress_version}}.tar.gz" 174 | 175 | 176 | # headers_more_module configuration 177 | nginx_headers_more_version: "0.26" 178 | nginx_headers_more_url: "https://github.com/openresty/headers-more-nginx-module/archive/v{{nginx_headers_more_version}}.tar.gz" 179 | 180 | 181 | # http_auth_request_module configuration 182 | nginx_auth_request_release: "662785733552" 183 | nginx_auth_request_url: "http://mdounin.ru/hg/ngx_http_auth_request_module/archive/{{nginx_auth_request_release}}.tar.gz" 184 | 185 | 186 | # http_echo_module configuration 187 | nginx_echo_version: "0.58" 188 | nginx_echo_url: "https://github.com/openresty/echo-nginx-module/archive/v{{nginx_echo_version}}.tar.gz" 189 | 190 | 191 | # http_realip_module configuration 192 | nginx_realip_header: "X-Forwarded-For" 193 | nginx_realip_addresses: ["127.0.0.1"] 194 | nginx_realip_real_ip_recursive: "off" 195 | 196 | 197 | # naxsi_module configuration 198 | nginx_naxsi_version: "0.53-2" 199 | nginx_naxsi_url: "https://github.com/nbs-system/naxsi/archive/{{nginx_naxsi_version}}.tar.gz" 200 | 201 | # ngx_pagespeed_module configuration 202 | nginx_ngx_pagespeed_version: "1.11.33.2" 203 | 204 | # OpenSSL configuration 205 | openssl_revision: "OpenSSL_1_1_0e" 206 | openssl_repo: "https://github.com/openssl/openssl" 207 | 208 | # Passenger configuration 209 | nginx_passenger_version: "5.0.10" 210 | 211 | nginx_passenger_max_pool_size: 6 212 | nginx_passenger_spawn_method: 'smart-lv2' 213 | nginx_passenger_buffer_response: 'on' 214 | nginx_passenger_min_instances: 1 215 | nginx_passenger_max_instances_per_app: 0 216 | nginx_passenger_pool_idle_time: 300 217 | nginx_passenger_max_requests: 0 218 | 219 | # GeoIP 220 | nginx_geoip_version: '1.6.5' 221 | nginx_geoip_url: "https://github.com/maxmind/geoip-api-c/releases/download/v{{nginx_geoip_version}}/GeoIP-{{nginx_geoip_version}}.tar.gz" 222 | nginx_geoip_country_url: 'http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz' 223 | nginx_geoip_city_url: 'http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz' 224 | 225 | 226 | ### There may be reason to over-ride the following variables, but generally they shouldn't change 227 | 228 | 229 | 230 | nginx_module_include_flags: 231 | http_stub_status_module: "--with-http_stub_status_module" 232 | http_ssl_module: "--with-http_ssl_module" 233 | openssl: "--with-openssl={{nginx_build_dir}}/openssl-repo" 234 | http_gzip_static_module: "--with-http_gzip_static_module" 235 | upload_progress_module: "--add-module={{nginx_build_dir}}/nginx-upload-progress-module-{{nginx_upload_progress_version}}" 236 | headers_more_module: "--add-module={{nginx_build_dir}}/headers-more-nginx-module-{{nginx_headers_more_version}}" 237 | http_auth_request_module: "--add-module={{nginx_build_dir}}/ngx_http_auth_request_module-{{nginx_auth_request_release}}" 238 | http_echo_module: "--add-module={{nginx_build_dir}}/echo-nginx-module-{{nginx_echo_version}}" 239 | google_perftools_module: "--with-google_perftools_module" 240 | ipv6_module: "--with-ipv6" 241 | http_real_ip_module: "--with-http_realip_module" 242 | http_v2_module: "--with-http_v2_module" 243 | http_perl_module: "--with-http_perl_module" 244 | http_sub_module: "--with-http_sub_module" 245 | naxsi_module: "--add-module={{nginx_build_dir}}/naxsi-{{nginx_naxsi_version}}/naxsi_src" 246 | ngx_http_sub_module: "--with-http_sub_module" 247 | ngx_pagespeed_module: "--add-module={{nginx_build_dir}}/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta" 248 | geoip_module: "--with-http_geoip_module --with-ld-opt='-Wl,-R,/usr/local/lib -L /usr/local/lib'" 249 | 250 | 251 | 252 | nginx_module_exclude_flags: 253 | mail_pop3_module: " --without-mail_pop3_module " 254 | mail_imap_module: " --without-mail_imap_module " 255 | mail_smtp_module: " --without-mail_smtp_module " 256 | 257 | 258 | 259 | 260 | 261 | nginx_modules: 262 | http_stub_status_module: "{{nginx_include_http_stub_status_module}}" 263 | http_ssl_module: "{{nginx_include_http_ssl_module}}" 264 | openssl: "{{nginx_include_openssl}}" 265 | http_gzip_static_module: "{{nginx_include_http_gzip_static_module}}" 266 | upload_progress_module: "{{nginx_include_upload_progress_module}}" 267 | headers_more_module: "{{nginx_include_headers_more_module}}" 268 | http_auth_request_module: "{{nginx_include_http_auth_request_module}}" 269 | http_echo_module: "{{nginx_include_http_echo_module}}" 270 | google_perftools_module: "{{nginx_include_google_perftools_module}}" 271 | ipv6_module: "{{nginx_include_ipv6_module}}" 272 | http_real_ip_module: "{{nginx_include_http_real_ip_module}}" 273 | http_v2_module: "{{nginx_include_http_v2_module}}" 274 | http_perl_module: "{{nginx_include_http_perl_module}}" 275 | http_sub_module: "{{nginx_include_http_sub_module}}" 276 | naxsi_module: "{{nginx_include_naxsi_module}}" 277 | ngx_pagespeed_module: "{{nginx_include_ngx_pagespeed_module}}" 278 | geoip_module: "{{nginx_include_geoip_module}}" 279 | passenger_module: "{{nginx_include_passenger_module}}" 280 | mail_pop3_module: "{{nginx_include_mail_pop3_module}}" 281 | mail_imap_module: "{{nginx_include_mail_imap_module}}" 282 | mail_smtp_module: "{{nginx_include_mail_smtp_module}}" 283 | 284 | 285 | nginx_default_configure_flags: "--prefix='{{nginx_www_dir}}' --conf-path='{{nginx_conf_path}}' --sbin-path='{{nginx_sbin_path}}' --error-log-path='{{nginx_log_dir}}/error.log' --http-log-path='{{nginx_log_dir}}/access.log' --pid-path='{{nginx_pid}}' --user='{{nginx_user}}' --group='{{nginx_group}}' " 286 | 287 | nginx_configure_flags: "{{nginx_default_configure_flags}}{% for key, enabled in nginx_modules.items() %}{% if (enabled == true or enabled == 'True') and nginx_module_include_flags[key] is defined %}{{ ' ' + nginx_module_include_flags[key] }}{% elif key in nginx_module_exclude_flags.keys() and ( enabled == false or enabled == 'False' ) %}{{ ' ' + nginx_module_exclude_flags[key] }}{% endif %}{% endfor %}" 288 | 289 | 290 | 291 | 292 | 293 | 294 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Ansible Nginx Role - Overview 2 | 3 | Ansible role which installs and configures Nginx, from source. 4 | 5 | This is based largely on the ANXS/nginx ansible role with some major differences/improvements: 6 | 7 | - Installation from source is the only available installation option 8 | - Support for Passenger and GeoIP modules, as well as those supported by anxs/nginx 9 | - Properly removes config files if reinstalled without modules that were previously present 10 | - site configuration with reasonable SSL settings by default when ssl cert/key are specified 11 | - Site configuration that can set multiple directives with the same name 12 | - Monit support is controlled by nginx_monit_protection parameter and properly enabled/disabled by this variable 13 | - Latest compile parameters are not saved until after installation, so if something goes wrong we know what current binary was built with 14 | - Modules are enabled/disabled by single parameters, not list of modules, so single modules can be enabled/disabled relative to defaults without specifying entire list of modules 15 | - Modules are enabled/disabled without specifying entire configure flag, just true/false 16 | - Nginx can be compiled so server header string is set to a random string, or custom text 17 | 18 | #### Requirements & Dependencies 19 | 20 | ##### Ansible 21 | 22 | This role has been tested on Ansible 1.5 and above 23 | 24 | ##### Platforms 25 | 26 | Currently it's been developed for, and tested on Debian. It is assumed to work on Ubuntu and other Debian distributions as well. 27 | 28 | 29 | #### Variables 30 | 31 | ##### build parameters 32 | - `nginx_version` - the version of Nginx to install 33 | - `nginx_url` - URL for the Nginx source (versioned). By default it will get it from `nginx_source_version` 34 | - `nginx_prefix` - prefix for installing nginx from source (versioned) 35 | - `nginx_conf_path` - location of the main config file (in `nginx_dir` by default) 36 | - `nginx_default_configure_flags` - the default configure flags (before adding the modules), it is not recommended that you change this 37 | - `nginx_configure_flags` - a full list of the configure flags (including modules), do not change this unless you're sure you know what you are doing 38 | - `nginx_use_randomized_server_string` - Set the server header string to a string of random digits, default is false 39 | - `nginx_use_custom_server_string` - Set the server header string to a specific, custom string, the nginx_custom_server_string parameter, default is false 40 | - `nginx_custom_server_string` - The server header string to use when nginx_use_custom_server_string is set to true 41 | 42 | 43 | The following variables can be used to enable/disable modules to include in the build by setting them to true: 44 | 45 | - `nginx_include_http_stub_status_module` - Enabled (true) by default 46 | - `nginx_include_http_ssl_module` - Enabled (true) by default 47 | - `nginx_include_openssl` - Build ssl module by linking to latest openssl source, not system openssl library - Enabled (true) by default 48 | - `nginx_include_http_gzip_static_module` - Enabled (true) by default 49 | - `nginx_include_upload_progress_module` - Enabled (true) by default 50 | - `nginx_include_headers_more_module` - Enabled (true) by default 51 | - `nginx_include_http_auth_request_module` - Enabled (true) by default 52 | - `nginx_include_http_echo_module` - Enabled (true) by default 53 | - `nginx_include_google_perftools_module` - Enabled (true) by default 54 | - `nginx_include_ipv6_module` - Enabled (true) by default 55 | - `nginx_include_http_real_ip_module` - Enabled (true) by default 56 | - `nginx_include_http_v2_module` - Enabled (true) by default 57 | - `nginx_include_http_perl_module` - Enabled (true) by default 58 | - `nginx_include_http_sub_module` - Enabled (true) by default 59 | - `nginx_include_naxsi_module` - Enabled (true) by default 60 | - `nginx_include_ngx_http_sub_module` - Disabled (false) by default 61 | - `nginx_include_ngx_pagespeed_module` - Enabled (true) by default 62 | - `nginx_include_geoip_module` - Disabled (false) by default 63 | - `nginx_include_passenger_module` - Disabled (false) by default 64 | - `nginx_include_passenger_module` - Disabled (false) by default 65 | - `nginx_include_mail_pop3_module` - Disabled (false) by default 66 | - `nginx_include_mail_imap_module` - Disabled (false) by default 67 | - `nginx_include_mail_smtp_module` - Disabled (false) by default 68 | 69 | 70 | 71 | ##### global configuration parameters (nginx.conf) 72 | 73 | - `nginx_user` - user Nginx will run as 74 | - `nginx_uid` - the uid for this user 75 | - `nginx_group` - Nginx group 76 | - `nginx_gid` - the gid for this group 77 | - `nginx_dir` - location of the Nginx configuration (conf, sites-available, sites-enabled, ...) 78 | - `nginx_www_dir` - location of the www root for Nginx sites 79 | - `nginx_log_dir` - location of the Nginx logs 80 | - `nginx_pid` - location of the Nginx PID file 81 | - `nginx_worker_processes` - sets the number of worker processes 82 | - `nginx_daemon_disable` - whether the daemon should be disabled which can be set to yes or no 83 | - `nginx_worker_rlimit_nofile` - used for config value of `worker_rlimit_nofile`. Can replace any "ulimit -n" command. The value depend on your usage (cache or not) but must always be superior than worker_connections. Set to `null` to ignore 84 | - `nginx_error_log_options` - option flags for the error_log 85 | - `nginx_error_log_filename` - filename for the error log 86 | - `nginx_worker_connections` - sets the number of worker connections 87 | - `nginx_multi_accept` - used for config value of events { multi_accept }. Try to accept() as many connections as possible. Can be set to yes or no 88 | - `nginx_charset` - used to specify an explicit default charset (say, 'utf-8', 'off'…) 89 | - `nginx_disable_access_log` - whether or not to disable the access log, yes or no 90 | - `nginx_access_log_options` - option flags for the access_log 91 | - `nginx_server_tokens` - whether to send the Nginx version number in error pages and Server header, on or off 92 | - `nginx_event` - used for config value of events { use }. Set the event-model. By default nginx looks for the most suitable method for your OS. 93 | - `nginx_sendfile` - directive to activate or deactivate the usage of sendfile(), on or off 94 | - `nginx_keepalive` - option whether to use the timeout options (below). Only the value "on" will include them 95 | - `nginx_keepalive_timeout` - assigns the timeout for keep-alive connections with the client 96 | - `nginx_client_body_timeout` - sets the read timeout for the request body from client 97 | - `nginx_client_header_timeout` - specifies how long to wait for the client to send a request header 98 | - `nginx_send_timeout` - specifies the response timeout to the client; it does not apply to the entire transfer but, rather, only between two subsequent client-read operations 99 | - `nginx_buffers` - option whether to use the buffer options (below). Only the value "on" will include them 100 | - `client_body_buffer_size` - specifies the client request body buffer size 101 | - `client_header_buffer_size` - sets the headerbuffer size for the request header from client 102 | - `client_max_body_size` - specifies the maximum accepted body size of a client request, as indicated by the request header Content-Length. Set to 0 to disable 103 | - `large_client_header_buffers` - assigns the maximum number and size of buffers for large headers to read from client request 104 | - `nginx_server_names_hash_bucket_size` - assigns the size of basket in the hash-tables of the names of servers. This value by default depends on the size of the line of processor cache 105 | - `nginx_types_hash_max_size` - 106 | - `nginx_types_hash_bucket_size` - 107 | - `nginx_proxy_read_timeout` - defines a timeout (between two successive read operations) for reading a response from the proxied server. 108 | - `nginx_enable_rate_limiting` - enable rate limiting, yes or no 109 | - `nginx_rate_limiting_zone_name` - sets the shared memory zone 110 | - `nginx_rate_limiting_backoff` - sets the maximum burst size of requests 111 | - `nginx_rate_limit` - sets the rate (e.g. 1r/s) 112 | - `nginx_access_logs` - a list of access log formats, filenames and options 113 | 114 | nginx_access_logs: 115 | - name: "main" 116 | format: '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"' 117 | options: null 118 | filename: "access.log" 119 | - `nginx_default_root` - the directory to place the default site 120 | - `nginx_default_enable` - whether or not to actually enable the defaul site 121 | 122 | 123 | 124 | ##### Site Configuration 125 | 126 | 127 | The role allows you to configure a list of sites (servers). Just provide a list of dictionaries according to the following format: 128 | 129 | ```yaml 130 | nginx_sites: 131 | - server: 132 | name: foo 133 | listen: 8080 134 | error_page: 135 | - "404 /error/404.html" 136 | - "502 /error/502.html" 137 | server_name: localhost 138 | locations: 139 | - location: 140 | match: / 141 | try_files: "$uri $uri/ /index.html" 142 | sendfile: "on" 143 | - server: 144 | name: bar 145 | listen: 8888 146 | server_name: webmail.localhost 147 | locations: 148 | - location: 149 | match: / 150 | try_files: "$uri $uri/ /index.html" 151 | - location: 152 | match: ' ~ image' 153 | try_files: "$uri $uri/ /index.html" 154 | ``` 155 | 156 | Note that this differs slightly from the format in the ANXS/nginx role. Locations are defined in a sub-list for each site, with a separate location 157 | entry for each one. Also, while the match condition was listed in the 'name' attribute in the ANXS/nginx role, here it should be specified with 'match'. 158 | 159 | Also, you can define multiple directives with the same name as a list, as with the error page shown in the site 'foo' above. 160 | 161 | 162 | Also worth noting: The site configuration will add the line: 163 | 164 | ``add_header X-Clacks-Overhead "GNU Terry Pratchett"`` 165 | 166 | by default. This is a tribute, to the 167 | late, great Terry Pratchett. See further details at http://www.gnuterrypratchett.com/ You can disable this default by adding the variable `disable_gnu_terry_pratchett` under your server. However, I strongly urge you not to do this -- pick up a copy of *Going Postal* or *Thud* and judge for yourself. 168 | 169 | Finally, be aware that you can configure a site independently of this playbook by creating your own configuration file in the sites_available directory within the directory specified by the `nginx_dir` parameter. This file will not be modified/deleted unless that server is included in the nginx_sites list. 170 | 171 | ##### Enabling / Disabling Sites 172 | 173 | To specify which sites are enabled, add the `server_name` attribute to the `nginx_enabled_sites` variable. All sites defined in the `nginx_sites` variable that are not included in the `nginx_enabled_sites` variable will be disabled. 174 | 175 | 176 | ```yaml 177 | nginx_enabled_sites: 178 | - localhost 179 | ``` 180 | 181 | 182 | ##### Example Site 183 | 184 | If you don't specify any sites in the nginx_sites list, the playbook will configure an example site and enable it, served on port 80. The files will be in the example directory under the directory specified by the `nginx_www_dir` variable. The example site is not the default nginx site, but rather shows a pink, ascii brontosaurus along with a message that your server is configured. The pink brontosaurus is a bit of an inside joke that I've been using in older deployment scripts for a while and I saw no harm in including it -- it's just the initial example site, and it is a bit of a change from the boring defaults. 185 | 186 | 187 | 188 | ##### Monit Support 189 | You can put Nginx under monit monitoring protection, by setting `nginx_monit_protection: true` 190 | 191 | 192 | ##### Module specific parameters 193 | 194 | ###### gzip module 195 | - 'nginx_gzip' - whether to use gzip, can be "on" or "off" 196 | - 'nginx_gzip_http_version' 197 | - 'nginx_gzip_comp_level' 198 | - 'nginx_gzip_proxied' 199 | - 'nginx_gzip_vary' 200 | - 'nginx_gzip_buffers' 201 | - 'nginx_gzip_min_length' 202 | - 'nginx_gzip_types' 203 | - 'nginx_gzip_disable' 204 | 205 | ###### http_stub_status module 206 | - `nginx_remote_ip_var` 207 | - `nginx_authorized_ips` 208 | 209 | ###### http_gzip_static module 210 | - `nginx_gzip_static` - whether to use gzip_static, can be on or off 211 | 212 | ###### upload_progress module 213 | - `nginx_upload_progress_version` - version of the upload_progress module 214 | - `nginx_upload_progress_javascript_output`- sets output in javascript. The default is true for backwards compatibility 215 | - `nginx_upload_progress_zone_name` - assigns one name which will be used to store the per-connection tracking information. The default is proxied 216 | - `nginx_upload_progress_zone_size` - assigns the zone size in bytes. Default is 1m (1 megabyte) 217 | 218 | ###### headers_more module 219 | - `nginx_headers_more_version` - version of the headers_more module 220 | 221 | ###### http_auth_request module 222 | - `nginx_auth_request_release` - the release number of the http_auth_request module 223 | 224 | ###### http_echo module 225 | - `nginx_echo_version` - version of the http_echo module 226 | 227 | ###### http_realip module 228 | - `nginx_realip_header` - Sets the header to use for the RealIp Module; only accepts "X-Forwarded-For" or "X-Real-IP" 229 | - `nginx_realip_addresses` - Sets the addresses to use for the http_realip configuration 230 | - `nginx_realip_real_ip_recursive` - If recursive search is enabled, the original client address that matches one of the trusted addresses is replaced by the last non-trusted address sent in the request header field. Can be on "on" or "off". The default is "off" 231 | 232 | ###### naxsi module 233 | - `nginx_naxsi_version` - version of the naxsi module 234 | 235 | ###### passenger module 236 | - `nginx_passenger_version` - The version of the passenger module ot install 237 | - `nginx_passenger_max_pool_size` - Max pool size, default is 6 238 | - `nginx_passenger_spawn_method` - Spawn method, default is 'smart-lv2' 239 | - `nginx_passenger_buffer_response` - Whether to buffer the response, default is 'on' 240 | - `nginx_passenger_min_instances` - Minimum processes at a given time, default is 1 241 | - `nginx_passenger_max_instances_per_app` - Maximum processes per app, default is 0 242 | - `nginx_passenger_pool_idle_time` - Idle time, default is 300 243 | - `nginx_passenger_max_requests` - Max requests before shutting down process and starting a new one, default is 0 (unlimited) 244 | 245 | ##### geoip module 246 | - `nginx_geoip_version` - Version of the module 247 | - `nginx_geoip_url` - URL from which to fetch the GeoIP data 248 | - `nginx_geoip_country_url` - URL from which to fetch Country GeoIP data 249 | - `nginx_geoip_city_url` - URL from which to fetch City GeoIP data 250 | 251 | #### Thanks 252 | 253 | To the contributors of the original ANXS/nginx module this one is based on: 254 | - [ANXS](https://github.com/anxs) 255 | - [Jean-Denis Vauguet](https://github.com/chikamichi) 256 | 257 | 258 | #### License 259 | 260 | Licensed under the MIT License. See the LICENSE file for details. 261 | 262 | 263 | #### Feedback, bug-reports, requests, ... 264 | 265 | Are [welcome](https://github.com/ericpaulbishop/ansible-role-nginx-server/issues)! 266 | -------------------------------------------------------------------------------- /files/example_page_index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Nothing To See Here 5 | 6 | 7 |
8 |

Ansible has successfully configured your web server.

9 |

Please disregard the pink brontosaurus.

10 |

Move along, nothing to see here...

11 | 
 12 |               
 13 | 
 14 |                                                                                                                                                                                                         
 15 |                                                                                                                                                                ,:;'+:'                                  
 16 |                                                                                                                                                            +#@@#####@#@@##;                             
 17 |                                                                                                                                                       ;#@#####+;;,,;:#####@#@#:                         
 18 |                                                                                                                                                    ,######:;;;;;;;;;;;;;;;;,##@@;                       
 19 |                                                                                                                                                   '######;;;;;;;;;;;;;;;;;;;##'+++.                     
 20 |                                                                                                                                                  +#####;;;;;;####,;;;;;;;;;#+ ;+.'#:                    
 21 |                                                                                                                                                 :####;;;;;,##:;;:#+;;;;;;;;#+ @@..##                    
 22 |                                                                                                                                                 ####.;;;;;##; #@.,#,;;;;;;;##.   '###:                  
 23 |                                                                                                                                                 ###+;;;;;;#+ :##;;#.;;;;;;;.@#++##++@##'                
 24 |                                                                                                                                                ####;;;;;;;+#.   ;;#.;;;;;;;;;;,:;;;;,#@####.            
 25 |                                                                                                                                                ####;;;;;;;;##+;;##+;;;;;;;;;;;;;;;;;;;;''####.          
 26 |                                                                                                                                               ,###:;;;;;;;;;,::.:;;;;;;;;;;;;;;;;;;;;;;;;;;##@          
 27 |                                                                                                                                               ####;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;@#.         
 28 |                                                                                                                                               ###;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+#;         
 29 |                                                                                                                                               ###,;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;.#:;;;;;;;;;+#;         
 30 |                                                                                                                                              ;###;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###;;;;;;++;##;         
 31 |                                                                                                                                              '##';;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+#';;;;;.@@.:#+         
 32 |                                                                                                                                              @@#.;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;.##,##          
 33 |                                                                                                                                             :###;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;:##          
 34 |                                                                                                                                            ;:##';;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;.##;          
 35 |                                                                                                                                             #@#;;;;;;;;;;;;;;;;;;;::.##+',+++#@#,;.;;.,;;+#@@           
 36 |                                                                                                                                            ;###;;;;;;;;;;;;;;;;;,##@#@@#:+@@####@#########@+;           
 37 |                                                                                                                                            +###;;;;;;;;;;;;;;;;,##;;;;;;;;;;;;;;;;;;.####.              
 38 |                                                                                                                                            ####;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;.##+                
 39 |                                                                                                                                           ;###;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###;                
 40 |                                                                                                                                           ;###.;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;'#@@                  
 41 |                                                                                                                                           ####;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;'+@##@;                  
 42 |                                                                                                                                           #@#:;;;;;;;;;;;;;;;;;;;;;;;;;;,+###@###@#.                    
 43 |                                                                                                                                           ###;;;;;;;;;;;;;;;;;;;;;;;;;;.#####@#+;                       
 44 |                                                                                                                                          +##@;;;;;;;;;;;;;;;;;;;;;;;;;;#@#+.                            
 45 |                                                                                                                                          ###';;;;;;;;;;;;;;;;;;;;;;;;;;##+                              
 46 |                                                                                                                                          ####;;;;;;;;;;;;;;;;;;;;;;;;;.@@                               
 47 |                                                                                                                                         ###@;;;;;;;;;;;;;;;;;;;;;;;;;;#@@;                              
 48 |                                                                                                                                         +###;;;;;;;;;;;;;;;;;;;;;;;;;;#@+;                              
 49 |                                                                                                                                         ###+;;;;;;;;;;;;;;;;;;;;;;;;;;##';                              
 50 |                                                                                                                                         ###,;;;;;;;;;;;;;;;;;;;;;;;;;,##+                               
 51 |                                                                                                                                        :###;;;;;;;;;;;;;;;;;;;;;;;;;;;##;                               
 52 |                                                                                                                                        :##+;;;;;;;;;;;;;;;;;;;;;;;;;;;@#:                               
 53 |                                                                                                                                        +##:;;;;;;;;;;;;;;;;;;;;;;;;;;;@@                                
 54 |                                                                                                                                        ###;;;;;;;;;;;;;;;;;;;;;;;;;;;#@#                                
 55 |                                                                                                                                        ###;;;;;;;;;;;;;;;;;;;;;;;;;;;##@                                
 56 |                                                                                                                                       .###.;;;;;;;;;;;;;;;;;;;;;;;;;;'@@;                               
 57 |                                                                                                                                       :##+.;;;;;;;;;;;;;;;;;;;;;;;;;;+##.                               
 58 |                                                                                                                                       :###;;;;;;;;;;;;;;;;;;;;;;;;;;;###;                               
 59 |                                                                                                                                       '@##;;;;;;;;;;;;;;;;;;;;;;;;;;;:##                                
 60 |                                                                                                                                       ####;;;;;;;;;;;;;;;;;;;;;;;;;;;##+                                
 61 |                                                                                                                                      .###.;;;;;;;;;;;;;;;;;;;;;;;;;;;##;                                
 62 |                                                                                                                                      ,@##;;;;;;;;;;;;;;;;;;;;;;;;;;;.@@                                 
 63 |                                                                                                                                      +###.;;;;;;;;;;;;;;;;;;;;;;;;;;,##:                                
 64 |                                                                                                                                      ,###;;;;;;;;;;;;;;;;;;;;;;;;;;;,##;                                
 65 |                                                                                                                                      ;@##;;;;;;;;;;;;;;;;;;;;;;;;;;;.##                                 
 66 |                                                                                                                                      ###:;;;;;;;;;;;;;;;;;;;;;;;;;;;:##                                 
 67 |                                                                                                                                     ;###;;;;;;;;;;;;;;;;;;;;;;;;;;;;+##                                 
 68 |                                                                                                                                     ;@#;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+#;                                 
 69 |                                                                                                                                     ,@@';;;;;;;;;;;;;;;;;;;;;;;;;;;;+#                                  
 70 |                                                                                                                                     ,@@;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+#                                  
 71 |                                                                                                                                     :@@';;;;;;;;;;;;;;;;;;;;;;;;;;;;##                                  
 72 |                                                                                                                                     ###;;;;;;;;;;;;;;;;;;;;;;;;;;;;;##                                  
 73 |                                                                                                                                    .###;;;;;;;;;;;;;;;;;;;;;;;;;;;;.##                                  
 74 |                                                                                                                                    ,@##;;;;;;;;;;;;;;;;;;;;;;;;;;;;;@#                                  
 75 |                                                                                                                                    :###;;;;;;;;;;;;;;;;;;;;;;;;;;;;#@+                                  
 76 |                                                                                                                                    +##';;;;;;;;;;;;;;;;;;;;;;;;;;;;#@@                                  
 77 |                                                                                                                                    ####;;;;;;;;;;;;;;;;;;;;;;;;;;;;#@#                                  
 78 |                                                                                                                                   .###+;;;;;;;;;;;;;;;;;;;;;;;;;;;.+@+                                  
 79 |                                                                                                                                   ,###;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+@+                                  
 80 |                                                                                                                                   .###;;;;;;;;;;;;;;;;;;;;;;;;;;;;,+##                                  
 81 |                                                                                                                                   ####;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###                                  
 82 |                                                                                                                                  .###+;;;;;;;;;;;;;;;;;;;;;;;;;;;;,###                                  
 83 |                                                                                                                                  :###;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;##,                                  
 84 |                                                                                                                                  ;###;;;;;;;;;;;;;;;;;;;;;;;;;;;;;#@#                                   
 85 |                                                                                                                                 ;####;;;;;;;;;;;;;;;;;;;;;;;;;;;;;#@@                                   
 86 |                                                                                                                                 ;###:;;;;;;;;;;;;;;;;;;;;;;;;;;;;;##@                                   
 87 |                                                                                                                                 :###:;;;;;;;;;;;;;;;;;;;;;;;;;;;;:@#;                                   
 88 |                                                                                                                                 ,###;;;;;;;;;;;;;;;;;;;;;;;;;;;;;#@@                                    
 89 |                                                                                                                                .####;;;;;;;;;;;;;;;;;;;;;;;;;;;;;##@                                    
 90 |                                                                                                                                ####;;;;;;;;;;;;;;;;;;;;;;;;;;;;;,##+                                    
 91 |                                                                                                                               .####;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###                                     
 92 |                                                                                               .    ;                         ;####;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;##@                                     
 93 |                                                                                   ; .,,+######@###@@###'.,                  #####.;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###.                                    
 94 |                                                                             ####@@###@####+#+'####@@######@###';          ######;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;'###                                     
 95 |                                                                      ;.'@#########:.;;;.;;;;;;;;;;;;,'######@@###@#:':+@######';;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###,                                     
 96 |                                                                     +#########+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;:###@@####@######;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;,###,                                     
 97 |                                                                   ;#######;,;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;.;.;.+.;;,;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+###                                      
 98 |                                                                ;:####+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;##@;                                      
 99 |                                                               +@@#;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;####                                       
100 |                                                             ;##@,;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###,                                       
101 |                                                            ;###;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###;                                       
102 |                                                           :###:;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+###                                        
103 |                                                          ;###;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;#@@:                                        
104 |                                                          ###';;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;:#@                                         
105 |                                                         :#@#;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;@##;                                        
106 |                                                        ;###.;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;:@@;                                         
107 |                                                        ###;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;:#@;                                         
108 |                                                       :@##;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;##@;                                         
109 |                                                       ###.;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;,###.                                         
110 |                                                      +##:;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###                                          
111 |                                                     ;@#+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###;                                          
112 |                                                     +@#;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;##@,                                          
113 |                                                    .#@;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;.###;                                          
114 |                                                    @@#;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;##+                                           
115 |                                                   ###.;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;,##;                                           
116 |                                                   ###;;;;.;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###                                            
117 |                                                  :##:;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###                                            
118 |                                                  ###;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;:@#:                                            
119 |                                                 ;##';;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###                                             
120 |                                                 @##;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;@##                                             
121 |                                                .#@#;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;,@@#                                             
122 |                                                +##,;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;'@@+                                             
123 |                                                #@#;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;.###:                                             
124 |                                                @@.;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;'###                                              
125 |                                               :@#;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###'                                              
126 |                                               @@;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###;                                              
127 |                                              ;##;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###;                                               
128 |                                              @@:;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###.                                               
129 |                                              #@;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###'                                                
130 |                                             :##;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###                                                 
131 |                                             ##:;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;,@##.                                                 
132 |                                             ##;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;###                                                   
133 |                                            +##;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;##@;                                                   
134 |                                            ##,;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;,###;                                                    
135 |                                           +@#;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;.###+                                                     
136 |                                           #@;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;####;                                                     
137 |                                          '@#;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;######'                                                     
138 |                                         ,@@.;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;,;;;;;;;;;;;@@+.###:                                                     
139 |                                         +@;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;';;;;;;;;;;+@@;;;+##:                                                     
140 |                                        ,#+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;''.;;;;;;;###;;;;###;                                                     
141 |                                       :@#;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;##.;;;;;;##;;;;;;;##:                                                     
142 |                                       @#:;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;#;;;;;+@@,;;;;;;#@#:                                                     
143 |                                     ;##+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;'';;;'@@';;;;;;;;###:                                                     
144 |                                    +###;;;;;;;;;;;;;;;;;;;;.;;;;;;;;;;;;;;;;;;;;;;;;;..;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;#';:#@#,;;;;;;;;;+@#                                                      
145 |                                  ;####;;;;;;;;;;;;;;;;;;;;;',;;;;;;;;;;;;;;;;;;;;;;;.+';;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;######;;;;;;;;;;;#@#:                                                     
146 |                                 +###+;;;;;;;;;;;;;;;;;;;;;;;+;;;;;;;;;;;;;;;;;;;;;;;##;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;####.;;;;;;;;;;;;'##;                                                     
147 |                                ;###';;;;;;;;;;;;;;;;;;;;;;;++;;;;;;;;;;;;;;;;;;;;;;.#;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;.##';;;;;;;;;;;;;;;###                                                     
148 |                              ;####';;;;;;;;;;;;;;;;;;;;;;;;;#.;;;;;;;;;;;;;;;;;;;;;##;;;;;;;;;;;;;;;#,;;;;;;;;;;;;;;;;;;;;;;;;@#+;;;;;;;;;;;;;;;####                                                    
149 |                              ####.;;;;;;;;;;;;;;;;;;;;;;;;;:+';;;;;;;;;;;;;;;;;;;;;##;;;;;;;;;;;;;;;+#.;;;;;;;;;;;;;;;;;;;;;;;#@.;;;;;;;;;;;;;;;;###'                                                   
150 |                            ;##@';;;;;;;;;;;;;;;;;;;;;;;;;;;@#.;;;;;;;;;;;;;;;;;;;;.+##+;;;;;;;;;;;;;;##;;;;;;;;;;;;;;;;;;;;;;;,#;;;;;;;;;;;;;;;;;.@@                                                    
151 |                           #@##.;;;;;;;;;;;;;;;;;;;;;;;;;;;;#+,;;;;;;;;;;;;;;;;;;;;;#########:;;;;;;;;##;;;;;;;;;;;;;;;;;;;;;;;;#;;;;;;;;;;;;;;;;;###                                                    
152 |                          @@@,;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+@#.;;;;;;;;;;;;;;;;;;;;:###########@@##+#####;;;;;;;;;;;;;;;;;;;;;;#@+;;;;;;;;;;;;;;;+'###                                                   
153 |                        :###;;;;;;;;;;;;;;;;;;;;;;;;;;;;;.####.;;;;;;;;;;;;;;;;;;;;,##;;;;;#########@@###.;;;;;;;;;;;;;;;;;;;;;.@@;;;;;;;;;;;;;..;;##,                                                   
154 |                       :#@;;;;;;;;;;;;;;;;;;;;;;;;;;;;;,######;;;;;;;;;;;;;;;;;;;;;.##;;;;;;;;..#####+###;;;;;;;;;;;;;;;;;;;;;;;@@.;;;;;;;;;;;;;;####                                                    
155 |                      +@#.;;;;;;;;;;;;;;;;;;;;;;;;;;;;#@#+'+@+;;;;;;;;;;;;;;;;;;;;;;#+';;;;;;;;;.##;  ;###;;;;;;;;;;;;;;;;;;;;;;+@+;;;;;;;;;;;++++;#'                                                    
156 |                     ###+;;;;;;;;;;;;;;;;;;;;;;;;;:##@@#   +@@;;;;;;;;;;;;;;;;;;;;;;##';;;;;;;;;;##;   '##;;;;;;;;;;;;;;;;;;;;;;.@@;;;;;;;;;;;;;;;'##                                                    
157 |                    '###;;;;;;;;;;;;;;;;;;;;;;;;.##@##:    '@@;;;;;;;;;;;;;;;;;;;;;;##;;;;;;;;;;;#@'   :##;;;;;;;;;;;;;;;;;;;;;;;+#;;;;;;;;;;;.;+###'                                                    
158 |                    @##+;;;;;;;;;;;;;;;;;;;;;;,####:       +@@;;;;;;;;;;;;;;;;;;;;;;##';;;;;;;;;;.#@   .##;;;;;;;;;;;;;;;;;;;;;;;#@;;;;;;;;;;;.;,###                                                     
159 |                    ###+;;;;;;;;;;;;;;;;..;;.#@###         :@@;;;;;;;;;;;;;;;;;;;;;;;##;;;;;;;;;;;@@   '#@;;;;;;;;;;;;;;;;;;;;;,###';;;;;;;;;;;;;,##'                                                    
160 |                    ####;;;;;;;;;;;;;;;;++#@@@@'           ##+;;;;;;;;;;;;;;;;;;;;;;;.##;;;;;;++###'   ,'#+;;;;;;;;;;;;;;;;;;;...,##;;;;;;;;;;;;;;###                                                    
161 |                    @###;;;;;;;;;;;;:+######:             ;##:;;;;;;;;;;;;;;;;;;;;;;;;##;;;;;;:++##,   ;##+;;;;;;;;;;;;;;;;;;;::##@;;;;;;;;;;;;;;;,##+                                                   
162 |                    '####.;;;;;,+#@####@##;                #@.;;;;;;;;;;;;;;;;;;;;;;+###;;;;;;:;:##+   :@@+;;;;;;;;;;;;;;;;;':+;'##;;;;;;;;;;;;;;;:###:                                                  
163 |                     '#@####@@#######,.;                  .@@:;;;;;;;;;;;;;;;;;;;;;;;.##;;;;;;,++##+   ;#@;;;;;;;;;;;;;;;;;;;;;.'##;;;;;;;;;;;;;######@#                                                 
164 |                        :++#'++++,                        ,@@;;;;;;;;;;;;;;;;;;;;;;;,##+;;;;;;.'###,   ,@@;;;;;;;;;;;;;;;;;;.++@@#.:;;;;;;;;;;,####@+:+@'                                                
165 |                                                          :@#;;;;;;;;;;;;;;;;;;;;;,+##+;;;;;;;,+###.   ;##;;;;;;;;;;;;;;;;;;;;;@@#;.;;;;;;;;,@###  .#++@#                                                
166 |                                                          ;@';;;;;;;;;;;;;;;;;;;;;'+##;;;;;;;;;;:#@;   ;##:;;;;;;;;;;;;;;;;;;;;,@#;;;;;;;;;#@@##+   ;###:                                                
167 |                                                          @@.;;;;;;;;;;;;;;;;;;;;;###;;;;;;;;;;;'###;  @@#;;;;;;;;;;;;;;;;;;;;;,@#;;;;;;;;##   ##'   #@+                                                 
168 |                                                         :##;;;;;;;;;;;;;;;;;;;;;;:#;;;;;;;;;.;######,:###;;;;;;;;;;;;;;;;;;;;;;@@;;;;;;;;#     ##  '##                                                  
169 |                                                         ###;;;;;;;;;;;;;;;;;;;;;;,@';;;;'+,###@##+:#+;@@;;;;;;;;;;;;;;;;;;;;;;;##'+;.,:###     ##@#@#                                                   
170 |                                                         @@#;;;;;;;;;;;;;;;;;;;;;;,@+;;.#', ##   ##+#''##,;;;;;;;;;;;;;;;;;;;;;;:####@#####     ##@@#                                                    
171 |                                                        ,@@#;;;;;;;;;;;;;;;;;;;;';######+   ,#   ###@;'##;;;;;;;;;;;;;;;;;;;;;;;;###########+#+@#,                                                       
172 |                                                        ;@@#;;;;;;;;;;;.###@####@######@     #;;'@@+ ;###;;;;;;;;;;;;;;;;;;;;;;;,####'    ##@#@#;                                                        
173 |                                                         ;@##+;;;;;;;;+##@#@###+.;##++###@;+@@#@@';   ###.;;;;;;;;;;;;;;.;;;;.+@@##+##     ;;..                                                          
174 |                                                           #@##+;.;;;,#@+   .##   .++'###@+++;        ####+.;;;;;;;;;;,########@###;##:                                                                  
175 |                                                            .+@##@@###@#    .@#    ,####               ;#####+,;;;;;;;#@:  ;@@.  .#@##                                                                   
176 |                                                               ;'####@@#     @@    ,##+                  .####@###,.;#@'    ;#;   +##                                                                    
177 |                                                                   .:'##@#::###;.;.;#+                      ,'##@@#####:     ##.;'@@;                                                                    
178 |                                                                       ;@@++@##@@@@#@                          ;.,'####+     ##@@@@;                                                                     
179 |                                                                               ':+#,                                 #######@#+'+                                                                        
180 |                                                                                                                      .#####';                                                                           
181 |                                                                                                                                                                                                         
182 |                                                                                                                                                                                                         
183 |                                                                                                                                                                                                         
184 |
185 |
186 | 187 | 188 | --------------------------------------------------------------------------------