Skip to content

Commit

Permalink
Add example playbooks
Browse files Browse the repository at this point in the history
  • Loading branch information
@alessfg
alessfg committed Sep 23, 2020
1 parent fc4c92b commit f78bb90
Show file tree
Hide file tree
Showing 11 changed files with 380 additions and 9 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# CHANGELOG

## 0.2.0 (September 23, 2020)

Add example playbooks covering a wide range of use cases.

## 0.1.0 (September 23, 2020)

Initial release of the Ansible NGINX collection.
26 changes: 18 additions & 8 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@ The Ansible NGINX collection includes the following roles:

|Name|Description|Version|
|----|-----------|-------|
[nginxinc.nginx](https://github.com/nginxinc/ansible-role-nginx)|Install NGINX|0.17.1
[nginxinc.nginx_config](https://github.com/nginxinc/ansible-role-nginx-config)|Configure NGINX|0.2.0
[nginxinc.nginx_app_protect](https://github.com/nginxinc/ansible-role-nginx-app-protect)|Install and configure NGINX App Protect|0.3.1
|[nginxinc.nginx](https://github.com/nginxinc/ansible-role-nginx)|Install NGINX|0.17.1|
|[nginxinc.nginx_config](https://github.com/nginxinc/ansible-role-nginx-config)|Configure NGINX|0.2.0|
|[nginxinc.nginx_app_protect](https://github.com/nginxinc/ansible-role-nginx-app-protect)|Install and configure NGINX App Protect|0.3.1|

Requirements
------------
Expand All @@ -36,22 +36,32 @@ You can also include the collection in a `requirements.yml` file and install it
---
collections:
- name: nginxinc.nginx_core
version: 0.1.0
version: 0.1.1
```
**Git**
Use `git clone https://github.com/nginxinc/ansible-collection-nginx.git` to pull the latest edge commit of the collection from GitHub.

Usage **(WIP)**
---------------
Usage
-----

Sample playbooks for each use case covered by this collection will be found in the `playbooks/` folder.
Sample playbooks for each use case covered by this collection can be found in the `playbooks/` folder:

|Name|Description|
|----|-----------|
|[`deploy-nginx.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx.yml)|Install NGINX|
|[`deploy-nginx-plus.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-plus.yml)|Install NGINX Plus|
|[`deploy-nginx-app-protect.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-app-protect.yml)|Install NGINX App Protect|
|[`deploy-nginx-plus-app-protect.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-plus-app-protect.yml)|Install NGINX Plus and NGINX App Protect|
|[`deploy-nginx-web-server.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-web-server.yml)|Install NGINX and configure a simple web server|
|[`deploy-nginx-web-server-proxy.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-web-server-proxy.yml)|Install NGINX and configure a simple reverse proxy in front of two web servers|
|[`deploy-nginx-plus-app-protect-web-server-proxy.yml`](https://github.com/nginxinc/ansible-collection-nginx/blob/main/playbooks/deploy-nginx-plus-app-protect-web-server-proxy.yml)|Install NGINX Plus and NGINX App Protect and configure a simple reverse proxy in front of two web servers protected by NGINX App Protect|

Development
-----------

Currently, all the NGINX roles (inside `roles/`) are Git submodules, and work on the roles themselves should take place in the upstream Role repository. At some point, the roles might move into this repository for their canonical home.
Currently, all the NGINX roles (inside `roles/`) are Git submodules, and work on the roles themselves should take place in the upstream role repository.

To update the roles included in this collection to their latest version, run:

Expand Down
2 changes: 1 addition & 1 deletion galaxy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
namespace: nginxinc
name: nginx_core
description: Install and configure NGINX and NGINX App Protect using Ansible
version: 0.1.0
version: 0.1.1
readme: README.md
license_file: LICENSE
authors:
Expand Down
Empty file removed playbooks/.gitkeep
View file
Empty file.
19 changes: 19 additions & 0 deletions playbooks/deploy-nginx-app-protect.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
- hosts: all
collections:
- nginxinc.nginx_core
roles:
- role: nginx_app_protect
vars:
nginx_app_protect_license:
certificate: <path/to/certificate>
key: <path/to/key>
nginx_app_protect_remove_license: false
nginx_app_protect_install_signatures: true
nginx_app_protect_install_threat_campaigns: true
nginx_app_protect_configure: true
nginx_app_protect_security_policy_template_enable: true
nginx_app_protect_security_policy_enforcement_mode: blocking
nginx_app_protect_log_policy_template_enable: true
nginx_app_protect_log_policy_filter_request_type: all
nginx_app_protect_conf_template_enable: false
137 changes: 137 additions & 0 deletions playbooks/deploy-nginx-plus-app-protect-web-server-proxy.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
---
- hosts: all
collections:
- nginxinc.nginx_core
roles:
- role: nginx
vars:
nginx_type: plus
nginx_license:
certificate: <path/to/certificate>
key: <path/to/key>
nginx_remove_license: false
- role: nginx_app_protect
vars:
nginx_app_protect_setup_license: false
nginx_app_protect_remove_license: false
nginx_app_protect_install_signatures: true
nginx_app_protect_install_threat_campaigns: true
nginx_app_protect_configure: true
nginx_app_protect_security_policy_template_enable: true
nginx_app_protect_security_policy_enforcement_mode: blocking
nginx_app_protect_log_policy_template_enable: true
nginx_app_protect_log_policy_filter_request_type: all
nginx_app_protect_conf_template_enable: false
- role: nginx_config
vars:
nginx_config_modules:
- modules/ngx_http_app_protect_module.so
nginx_config_http_template_enable: true
nginx_config_http_template:
app:
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
servers:
main:
app_protect:
enable: true
policy_file: /etc/nginx/app-protect-security-policy.json
security_log_enable: true
security_log:
path: /etc/nginx/app-protect-log-policy.json
dest: /var/log/app_protect/security.log
listen:
listen_localhost:
port: 80
server_name: localhost
access_log:
- name: main
location: /var/log/nginx/access.log
reverse_proxy:
locations:
main:
location: /
proxy_pass: http://upstr/
proxy_set_header:
header_host:
name: Host
value: $host
server_one:
listen:
listen_server_one:
port: 8081
server_name: localhost
access_log:
- name: main
location: /var/log/nginx/access.log
web_server:
locations:
server_one:
location: /
html_file_location: /usr/share/nginx/html
html_file_name: server_one.html
sub_filter:
once: false
sub_filters:
- "'server_hostname' '$hostname'"
- "'server_address' '$server_addr:$server_port'"
- "'server_url' '$request_uri'"
- "'remote_addr' '$remote_addr:$remote_port'"
- "'server_date' '$time_local'"
- "'client_browser' '$http_user_agent'"
- "'request_id' '$request_id'"
- "'nginx_version' '$nginx_version'"
- "'document_root' '$document_root'"
- "'proxied_for_ip' '$http_x_forwarded_for'"
server_two:
listen:
listen_server_two:
port: 8082
server_name: localhost
access_log:
- name: main
location: /var/log/nginx/access.log
web_server:
locations:
server_two:
location: /
html_file_location: /usr/share/nginx/html
html_file_name: server_two.html
sub_filter:
once: false
sub_filters:
- "'server_hostname' '$hostname'"
- "'server_address' '$server_addr:$server_port'"
- "'server_url' '$request_uri'"
- "'remote_addr' '$remote_addr:$remote_port'"
- "'server_date' '$time_local'"
- "'client_browser' '$http_user_agent'"
- "'request_id' '$request_id'"
- "'nginx_version' '$nginx_version'"
- "'document_root' '$document_root'"
- "'proxied_for_ip' '$http_x_forwarded_for'"
upstreams:
main:
name: upstr
lb_method: least_conn
servers:
server_one:
address: 0.0.0.0
port: 8081
server_two:
address: 0.0.0.0
port: 8082

nginx_config_html_demo_template_enable: true
nginx_config_html_demo_template:
server_one:
template_file: www/index.html.j2
html_file_name: server_one.html
html_file_location: /usr/share/nginx/html
web_server_name: Ansible NGINX collection - Server one
server_two:
template_file: www/index.html.j2
html_file_name: server_two.html
html_file_location: /usr/share/nginx/html
web_server_name: Ansible NGINX collection - Server two
24 changes: 24 additions & 0 deletions playbooks/deploy-nginx-plus-app-protect.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
---
- hosts: all
collections:
- nginxinc.nginx_core
roles:
- role: nginx
vars:
nginx_type: plus
nginx_license:
certificate: <path/to/certificate>
key: <path/to/key>
nginx_remove_license: false
- role: nginx_app_protect
vars:
nginx_app_protect_setup_license: false
nginx_app_protect_remove_license: true
nginx_app_protect_install_signatures: true
nginx_app_protect_install_threat_campaigns: true
nginx_app_protect_configure: true
nginx_app_protect_security_policy_template_enable: true
nginx_app_protect_security_policy_enforcement_mode: blocking
nginx_app_protect_log_policy_template_enable: true
nginx_app_protect_log_policy_filter_request_type: all
nginx_app_protect_conf_template_enable: false
11 changes: 11 additions & 0 deletions playbooks/deploy-nginx-plus.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
- hosts: all
collections:
- nginxinc.nginx_core
roles:
- role: nginx
vars:
nginx_type: plus
nginx_license:
certificate: <path/to/certificate>
key: <path/to/key>
110 changes: 110 additions & 0 deletions playbooks/deploy-nginx-web-server-proxy.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
---
- hosts: all
collections:
- nginxinc.nginx_core
roles:
- role: nginx
- role: nginx_config
vars:
nginx_config_http_template_enable: true
nginx_config_http_template:
app:
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
servers:
main:
listen:
listen_localhost:
port: 80
server_name: localhost
access_log:
- name: main
location: /var/log/nginx/access.log
reverse_proxy:
locations:
main:
location: /
proxy_pass: http://upstr/
proxy_set_header:
header_host:
name: Host
value: $host
server_one:
listen:
listen_server_one:
port: 8081
server_name: localhost
access_log:
- name: main
location: /var/log/nginx/access.log
web_server:
locations:
server_one:
location: /
html_file_location: /usr/share/nginx/html
html_file_name: server_one.html
sub_filter:
once: false
sub_filters:
- "'server_hostname' '$hostname'"
- "'server_address' '$server_addr:$server_port'"
- "'server_url' '$request_uri'"
- "'remote_addr' '$remote_addr:$remote_port'"
- "'server_date' '$time_local'"
- "'client_browser' '$http_user_agent'"
- "'request_id' '$request_id'"
- "'nginx_version' '$nginx_version'"
- "'document_root' '$document_root'"
- "'proxied_for_ip' '$http_x_forwarded_for'"
server_two:
listen:
listen_server_two:
port: 8082
server_name: localhost
access_log:
- name: main
location: /var/log/nginx/access.log
web_server:
locations:
server_two:
location: /
html_file_location: /usr/share/nginx/html
html_file_name: server_two.html
sub_filter:
once: false
sub_filters:
- "'server_hostname' '$hostname'"
- "'server_address' '$server_addr:$server_port'"
- "'server_url' '$request_uri'"
- "'remote_addr' '$remote_addr:$remote_port'"
- "'server_date' '$time_local'"
- "'client_browser' '$http_user_agent'"
- "'request_id' '$request_id'"
- "'nginx_version' '$nginx_version'"
- "'document_root' '$document_root'"
- "'proxied_for_ip' '$http_x_forwarded_for'"
upstreams:
main:
name: upstr
lb_method: least_conn
servers:
server_one:
address: 0.0.0.0
port: 8081
server_two:
address: 0.0.0.0
port: 8082

nginx_config_html_demo_template_enable: true
nginx_config_html_demo_template:
server_one:
template_file: www/index.html.j2
html_file_name: server_one.html
html_file_location: /usr/share/nginx/html
web_server_name: Ansible NGINX collection - Server one
server_two:
template_file: www/index.html.j2
html_file_name: server_two.html
html_file_location: /usr/share/nginx/html
web_server_name: Ansible NGINX collection - Server two
Loading

0 comments on commit f78bb90

Please sign in to comment.