BREAKING CHANGES:
- NGINX Plus requires a JWT license starting with R33. Make sure you include the path to the base64 encoded JWT license using the new
nginx_license['jwt']
parameter. - Remove support for RHEL 7 based distributions (RHEL/CentOS/Oracle Linux 7). CentOS 7 has reached EoL, RHEL 7 has reached EoM, and Oracle Linux 7 will reach EoL shortly. These distributions will not be supported by new NGINX releases moving forward. If you are still using one of these distributions, please consider upgrading. If you still want to use this role for the time being, please use the previous release (0.24.3). Do note that you will only be able to use NGINX versions released as of the date of the aforementioned release (July 11, 2024).
- Remove support for installing NGINX Open Source and NGINX Plus on Alpine Linux 3.16.
- Remove support for installing NGINX Open Source on Alpine Linux 3.17.
- Remove support for installing NGINX Open Source on Ubuntu mantic.
- No longer omit
allow_downgrade
module parameter when running Ansible versions lower than2.12
.
DEPRECATION WARNINGS:
- The NGINX Agent features contained in this role will be split into a separate role in the next minor release. If you are using this role to install and configure the NGINX Agent, please switch to the new role once it's available.
FEATURES:
- Add support for templating the entire NGINX Agent configuration file.
- Add support for installing and configuring the NGINX Plus HA keepalived package.
- Add validation tasks to check the Ansible version, the Jinja2 version, whether the required Ansible collections for this role are installed, and whether you are trying to install a valid NGINX module.
- Add support for installing NGINX Open Source and NGINX Plus on Alpine Linux 3.20.
- Add support for installing NGINX Open Source on Ubuntu oracular.
- Add support for installing NGINX Agent on Ubuntu noble.
- Bump the minimum version of Ansible supported to
2.16
, whilst clarifying that Ansible2.18
is not supported at this stage.
DOCUMENTATION:
- Update community docs per the latest NGINX template repository guidelines.
- Update and tweak the README. In order to make the installation instructions easier, some file names used by the various GitHub Actions workflows have been renamed.
TESTS:
- Update RHEL UBI images to UBI 8.10 and UBI 9.4.
MAINTENANCE:
- Installing certain NGINX modules on Alpine Linux 3.17 no longer requires installing
nginx-plus-module-ndk
as a separate step. - Add an
ansible_managed
comment to the various templated configs deployed by the role. - Tweak Release Drafter to work better with conventional commits.
CI/CD:
- Update GitHub Actions to Ubuntu 24.04 (noble).
- Switch GitHub Actions from using tags to release hashes.
- Remove commented out Molecule platforms and GitHub Actions QEMU step for the time being. These changes will be reverted if multi-arch testing can be reinstated in GitHub Actions.
- Bump the minimum version of Ansible supported on Ansible Galaxy to
2.16
. - Remove platform metadata from the Ansible Galaxy role metadata since platforms are no longer supported in Ansible Galaxy NG.
- Implement OSSF Scorecard.
- Implement Renovate and replace Dependabot.
- Automatically add milestone and project data to Renovate Bot PRs.
DEPRECATION WARNINGS:
- This is the last release that will support RHEL 7 based distributions. If you are using this role to install NGINX on RHEL/CentOS/Oracle Linux 7, do note that CentOS 7 has reached EoL and RHEL 7 has reached EoM and will not be supported by new NGINX releases moving forward.
- The NGINX Agent capabilities in this role will be migrated to a separate role sometime in the near future.
FEATURES:
- Implement the ability to install the NGINX Agent.
- Add Amazon Linux 2023, Alpine Linux 3.19 and Ubuntu noble to the list of NGINX OSS and NGINX Plus tested and supported distributions.
- Add Ubuntu matic to the list of supported NGINX OSS distributions.
- Remove Ubuntu lunar from the list of supported NGINX OSS distributions.
- Remove Alpine Linux 3.15 from the list of NGINX OSS and NGINX Plus tested and supported distributions.
ENHANCEMENTS:
- Allow strings in addition to a list when configuring
logrotate
. - Bump the Ansible
community.general
collection to9.0.1
,community.crypto
collection to2.20.0
andcommunity.docker
collection to3.10.3
.
BUG FIXES:
- Avoid re-copying the NGINX Amplify config file every time the role is run.
- Update conditional statements to avoid include Jinja2 warnings.
- Fix issue when installing NGINX on BSD systems.
CI/CD:
- Add Molecule tests for NGINX Amplify.
- Update the RHEL based tests to use the latest UBI release.
- Use the local role name (
ansible-role-nginx
) instead of the fully qualified role name (nginxinc.nginx
) in Molecule to ensure tests always work as intended in environments where the role has been already installed beforehand. - Implement F5 CLA.
- Hardcode version of Python requests module given its propensity to break the Docker Python SDK.
FEATURES:
- Add Alpine Linux 3.18 and Debian bookworm to the list of NGINX Plus tested and supported distributions.
- Remove Ubuntu kinetic from the list of NGINX OSS tested and supported distributions.
- Remove Alpine Linux 3.14 and Ubuntu bionic from the list of NGINX Plus tested and supported distributions.
- The
geoip2
module for NGINX Plus is no longer supported on Amazon Linux. - Add support for specific version for NGINX OSS install from source
CI/CD:
- Reimplement some platforms in the upgrade & downgrade Molecule scenarios since all platforms now have at least two releases.
- Replace the hardcoded NGINX version check in multiple Molecule scenarios with a dynamic NGINX version check.
- Explicitly specify the
x86_64
platform in certain Molecule scenarios to avoid compatibility issues in ARM based computers.
FEATURES:
- Add Alpine Linux 3.18, Debian bookworm, and Ubuntu kinetic/lunar to the list of NGINX OSS tested and supported distributions.
- Remove Alpine Linux 3.14 from the list of NGINX OSS tested and supported distributions.
- Remove Alpine Linux 3.13 from the list of NGINX Plus tested and supported distributions.
ENHANCEMENTS:
- Refactor the OSS BSD installation process to consolidate tasks and avoid Ansible Lint warnings.
- Refactor handlers to avoid Ansible Lint warnings.
- Enable SELinux configuration tasks on Oracle Linux OS.
- Bump the Ansible
ansible.posix
collection to1.5.4
,community.general
collection to6.4.0
,community.crypto
collection to2.14.1
andcommunity.docker
collection to3.4.7
. - Oracle Linux 8 requires the Python
python3.11-cryptography
package for validating the NGINX Plus repository certificate.
BUG FIXES:
- Fix an issue with the platform validation logic where distribution versions ending in
*.*0
would not be correctly identified.
CI/CD:
- Comment out the platform parameter out of Molecule tests. QEMU based tests are failing when trying to test the newest supported distribution.
- Split Ansible Lint into its own GitHub Actions job since Molecule no longer runs linters natively.
- Replace
molecule[docker]
withmolecule
andmolecule-plugins[docker]
. - Explicitly set the
ansible-compat
version. - Add pre-releases to Release Drafter.
BREAKING CHANGES:
-
When building from source the various libraries required to build NGINX from source, you will no longer need to specify the name of the package, only the version:
pcre_version: pcre2-10.42
is now:
pcre_version: 10.42
-
The
nginx_install_source_<package>: false
parameters have been reversed. Settingnginx_install_source_pcre: true
will now build PCRE from source, instead of using the default package manager. The previous behavior was unintuitive at best.
FEATURES:
- Validate that various role variables have been set to one of the allowed values.
- Add support for the newer
ndk
andset-misc
NGINX Plus dynamic modules and remove old code checks for distributions that are no longer supported. - Add AlmaLinux, Oracle Linux and Rocky Linux to the list of NGINX OSS and NGINX Plus tested and supported distributions.
- Add Alpine Linux 3.17 to the NGINX list of tested and supported platforms.
- Remove Alpine Linux 3.13 from the list of NGINX OSS supported distributions.
ENHANCEMENTS:
- Standardize code from dot to array notation to keep in with the standards set by the other roles in the Ansible NGINX core collection.
- Bump the minimum version of Ansible core required to run the role to
2.12
(2.11
is no longer supported by Ansible). - Improve validation of supported distributions when installing NGINX from the official repository.
- Bump the Ansible
community.general
collection to6.2.0
,community.crypto
collection to2.10.0
andcommunity.docker
collection to3.4.0
. - Use the official GitHub repositories as the source for the various packages required to compile NGINX OSS from source.
BUG FIXES:
- Specifying a module version would result in an invalid package name on Alpine Linux.
- Fix the NGINX installation process when installing NGINX from a distribution's package repository in CentOS/RHEL 7 based distributions.
- Fix an issue when installing the GeoIP2 module on an UBI 7 container where the the
libmaxminddb
package dependency might not be available viayum
(if it's not available,libmaxminddb
is installed from an external source). - GitHub Actions should now correctly skip *plus* scenarios only when the NGINX Plus license secrets are not present.
- Update the versions of the various packages required to build NGINX from source. The version of
zlib
listed in the role was no longer available. - The
ignore-tags
GitHub Actions key does not exist. Replace it with the correct key,tags-ignore
. - Remove the
arch
option from the Debian family NGINX repository source. In its current form this prevented the role from working any platforms beyondx86_64
/amd64
andaarch64
/arm64
.
TESTS:
- Update GitHub Actions to run on Ubuntu 22.04 (and thus support
cgroups
v2). - Explicitly specify
x86_64
/amd64
as the platform used in the Amazon Linux 2/CentOS/Oracle Linux/RHEL 7/SLES 15 Molecule Docker images. This will ensure that tests work when run on different host architectures (e.g. newer Macbooks withaarch64
/arm64
processors) when running tests in distributions that only supportx86_64
/amd64
(either due to lack of support for acgroups
v2 backport or due to lack of builds foraarch64
/arm64
). - Explicitly test some distributions using
aarch64
ands390x
as the Molecule platform. This should ensure the role works as intended across the various architectures that are officially supported. - Combine the
module
Molecule scenario with thedefault
scenario. - Add
stable
andversion
Molecule scenario. - Add
distribution
Molecule scenario. - Replace underscores with dashes in Molecule scenario names to improve naming consistency across the role.
FEATURES:
- Check NGINX Plus license is valid before trying to install NGINX Plus (this means the role now requires the
community.crypto
collection). - Add Ubuntu jammy (22.04) to the NGINX list of tested and supported platforms.
- Add RHEL 9 to the NGINX list of tested and supported platforms.
- Add Alpine Linux 3.16 to the NGINX list of tested and supported platforms (and remove Alpine Linux 3.12).
- Add CODEOWNERS file.
ENHANCEMENTS:
- Add support for PCRE 2 and OpenSSL 3.0 (built from source) when building NGINX from source.
- Tweak Release Drafter config.
- Bump the Ansible
community.general
collection to5.5.0
,ansible.posix
collection to1.4.0
andcommunity.docker
collection to3.1.0
. - Re-add Alpine Linux tests to
downgrade
Molecule scenarios.
BUG FIXES:
- Ensure gpg-agent is installed on Ubuntu/Debian to avoid APT key tasks failures.
- Always refresh the
yum
cache. - The role can now correctly upgrade NGINX to the latest release on Alpine Linux.
TESTS:
- Update GitHub Actions to only skip *plus* scenarios when the NGINX Plus license secrets are not present (it used to only run the NGINX Plus test scenarios during internal PRs).
- Add SLES 15 to all Molecule tests.
- Create downgrade and upgrade tests for NGINX Plus.
- Remove Yamllint (Ansible Lint now incorporates Yamllint).
- Skip Ansible Lint line length and no templates in name rules. Slightly refactor code to incorporate changes added to Ansible Lint 6.7.0.
FEATURES:
- Add Molecule testing infrastructure for RHEL 7/8.
- Rename all modules to use the fully qualified collection name (FQCN) per Ansible guidelines.
ENHANCEMENTS:
- Bump the Ansible
community.general
collection to4.7.0
andcommunity.docker
collection to2.3.0
. - Streamline configuring SELinux.
- Add
TimeoutStartSec
parameter to Systemd template. - Update Dependabot to trigger updates at the same time across all NGINX core roles at the same time and to avoid triggering release drafter on GitHub Actions dependency updates.
BUG FIXES:
Ansible check mode runs will no longer fail if NGINX has not yet been installed.
BREAKING CHANGES:
- CentOS 8 has reached EoL and has thus been removed from the list of supported platforms.
- The NGINX Plus
cookie-flag
module is no longer supported as of R26 and has been removed. - Remove SELinux parameters deprecated since
0.17
.
FEATURES:
- Backwards support for older versions of Ansible (e.g. Ansible
<2.12
). - Update NGINX Amplify repositories to use Python 3 when possible.
- Add Alpine Linux 3.15 to the NGINX Plus list of tested and supported platforms (and remove Alpine Linux 3.11).
ENHANCEMENTS:
- Use
pcre2
by default when possible. - Bump the Ansible
community.general
collection to4.4.0
andcommunity.docker
collection to2.1.1
.
BUG FIXES:
- The Molecule
upgrade
scenario verification test no longer has to be updated on each new NGINX OSS release. - Add GPG key for Ubuntu Focal during APT repository setup.
BREAKING CHANGES:
- The
nginx_state
variable has been replaced withnginx_setup
and instead of usingpresent
,absent
,latest
you should now useinstall
,uninstall
andupgrade
. nginx_install
variable is no more. Usenginx_enable
instead.- Ansible core
2.12
is now a minimum requirement for the role.
FEATURES:
- Pin repository data when installing NGINX OSS on Alpine and Debian distributions.
- You can now downgrade versions of NGINX and switch from stable to mainline and viceversa. You will need to specify the NGINX branch and version you wish to install when tweaking versions.
- Add Alpine Linux 3.15 to the NGINX OSS list of tested and supported platforms (and remove Alpine Linux 3.11).
ENHANCEMENTS:
- Bump the Ansible
community.general
collection to4.1.0
andcommunity.docker
collection to2.0.2
.
BUG FIXES:
- When building NGINX from source, the original source FTP repository
ftp.pcre.org
is not available anymore, according to http://pcre.org. The FTP repository has been updated to useftp.exim.org
instead. - Uninstalling NGINX should now work correctly under most scenarios.
ENHANCEMENTS:
- Change Dependabot frequency from daily to weekly.
- Minor touch-up of GitHub Actions workflows.
ENHANCEMENTS:
- Remove RHEL/CentOS 6 task specific parameters given those platforms have reached EOL.
- Change Ansible Lint exceptions from using an ID identifier to a text identifier.
- Move non NGINX specific dependencies from the role into the Molecule Dockerfile.
BUG FIXES:
- Always update NGINX dependencies to the latest available version to avoid outdated dependency issues (e.g. outdated CA certificates).
- The Check NGINX handler should now be run in the correct directory in BSD systems.
FEATURES:
Support installing NGINX OSS in Amazon Linux.
ENHANCEMENTS:
- Update the README and Ansible metadata matrix of supported distributions for NGINX OSS and NGINX Plus.
- Update the Molecule tests to include the newly supported distributions and remove distributions that are no longer supported for NGINX OSS and NGINX Plus.
- Bump the Ansible
community.general
collection to3.7.0
,ansible.posix
collection to1.3.0
andcommunity.docker
collection to1.9.1
.
BREAKING CHANGES:
Remove the deprecation warning in the README detailing the advent of the NGINX Core Ansible collection and the subsequent splitting from this role of the Ansible NGINX Config role and the Ansible NGINX Unit role.
FEATURES:
- Add a
nginx_manage_repo
feature flag which allows disabling NGINX repo management by this role. - Add a
nginx_install_epel_release
feature flag which allows epel-release to not be installed by this role if so desired.
ENHANCEMENTS:
Bump the Ansible community.general
collection to 3.5.0
and community.docker
collection to 1.9.0
.
BREAKING CHANGES:
- The NGINX Plus repository has been updated. This might cause some issues when running the role on an instance that already has NGINX Plus installed. Starting with NGINX Plus R25, you will need to install NGINX Plus using release
0.20.0
. If you are trying to install R23, please use release0.19.2
. NGINX Plus R24 should work with both release0.19.2
and0.20.0
. - The NGINX Plus modsecurity module is no longer supported by this role. Until NGINX Plus R25 is released, you might keep using release
0.19.2
if you wish to install modsecurity.
ENHANCEMENTS:
- Replace Ansible base with Ansible core. Ansible core will be the "core" Ansible release moving forward from Ansible
2.11
. - Update GitHub Actions to add a workflow dispatch option.
- Replace "yes"/"no" boolean values with "true"/"false" to comply with YAML spec
1.2
. - Bump the Ansible
community.general
collection to3.2.0
andcommunity.docker
collection to1.7.0
.
BUG FIXES:
Change the url used to grep the latest NGINX version when installing from source. This should avoid the source install failing whenever the stable
release is higher than the latest mainline
.
FEATURES:
-
Replace Ansible community distribution with Ansible base and add the necessary extra collections as a dependency requirement. For reference, these are:
--- collections: - name: community.general version: 3.0.0 - name: ansible.posix version: 1.2.0 - name: community.docker # This collection is only used as part of the Molecule testing suite version: 1.5.0
-
Explicitly list Jinja2
2.11.3
as a requirement, as well as detail the minimum supported version (2.11.x
). -
Add support for Dependabot.
-
Initial implementation of Release Drafter.
ENHANCEMENTS:
- Only run GitHub Actions Galaxy CI/CD workflow when a new release is published.
- Add Alpine
3.13
to the list of NGINX Plus supported platforms. - Specify GitHub Actions Ubuntu release.
- Minor GitHub template tweaks, including the creation of a SECURITY doc.
- Add Molecule NGINX OSS tests for Alpine 3.13, remove Molecule tests for Debian stretch, and update list of supported platforms.
- Update Ansible base to
2.10.8
, Ansible Lint to5.0.7
, Molecule to3.3.0
, Yamllint to1.26.1
and Docker Python SDK to5.0.0
. - Consolidate Molecule testing scenarios to address changes introduced in Ansible Lint
5.*
. - Override of systemd
Restart
value by using propernginx_service_restart
variable.
BUG FIXES:
- Add
state
parameter to package module in Molecule verification tests. - Change the command directory when running the NGINX configuration check handler to prevent edge case errors when the handler is run from a directory that the NGINX process' user does not have access to.
ENHANCEMENTS:
- The GitHub Actions Molecule CI/CD workflow should now correctly avoid running 'plus' related tests on external PRs.
- Update Ansible base to
2.10.4
, Ansible to2.10.5
, Molecule to3.2.2
and Docker Python SDK to4.4.1
. - Update copyright notice.
BREAKING CHANGES:
The NGINX configuration functionalities included in this role have been removed as of release 0.19.0. There now is a separate role to manage and create NGINX configurations available here. Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX configuration Ansible role repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on.
ENHANCEMENTS:
The GitHub Actions Molecule CI/CD workflow is no longer run on a new release (this is not necessary since it already runs on every push).
ENHANCEMENTS:
- Update Molecule to
3.2.1
and Docker Python SDK to4.4.0
. - Add Alpine
3.12
to supported platforms for NGINX Plus. - Remove Alpine
3.9
and CentOS/RHEL6
from supported platforms due to EOL. - Replace TravisCI with GitHub Actions.
ENHANCEMENTS:
Switch NGINX keysites and OSS default repository data from a dictionary to individual variables to prevent potential issues arisen from Jinja2 dictionary run-time evaluations.
BUG FIXES:
Fix issue whereas SELinux state would not be correctly set back to enforcing
when nginx_selinux: true
.
BREAKING CHANGES:
The NGINX Unit functionalities included in this role have been removed as of release 0.18.0. There now is a separate role to install NGINX Unit available here. Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit Ansible role repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on.
ENHANCEMENTS:
Implement a new syntax to specify modules to be installed. You can now use the following format if you want further fine grained control over how you install modules:
- name: njs # Required
state: present # Optional
version: =1.19.4+0.4.4-1~bionic # Optional
The old method of specifying modules (using a list of names) still works as expected.
ENHANCEMENTS:
- Add survey to README.
- Improve README structure and use tables where relevant.
- Update Ansible (now Ansible base) to
2.10.3
, Ansible (now Ansible Community Distribution) to2.10.3
, Ansible Lint to4.3.7
, Molecule to3.1.5
, and Yamllint to1.25.0
. - Optimize NGINX Plus install/remove tasks.
BUG FIXES:
- Prevent TravisCI from trying to build (and failing) NGINX Plus images on external PRs.
- Fix naming for SELinux facts dictionary.
- Role now runs correctly when using Ansible's check mode.
- Removing the NGINX Plus license in RHEL based distros should no longer return a repository not found error.
- Fix issue when removing NGINX Plus license on some distributions.
- Fix Amazon Linux NGINX Plus install while at it.
BUG FIXES:
Fix an issue where sometimes the role handlers will fail in distros where NGINX is not started upon installation.
ENHANCEMENTS:
- The role will no longer fail automatically on unsupported platforms, but the error message will still be displayed.
- The
Check NGINX
handler now always outputs anok
state instead ofchanged
since it's a read-only operation with no traceable changes.
BREAKING CHANGES:
- The process to install modules has changed. You will now have to use a list variable,
nginx_modules
, instead of manually setting the modules you want to install totrue
orfalse
. This change will also simplify adding future supported modules to this role. You can find a list of supported modules for NGINX and NGINX Plus invars/main.yml
. - Modules can no longer be added to your NGINX config using this role. Please use the
nginx_config
role instead. - Changed
nginx_configure
default value fromtrue
tofalse
to further promote the adoption of the NGINX config role.
FEATURES:
- A new variable has been introduced:
nginx_setup_license
-- Determine whether you want to use this role to upload your NGINX license to your target host.
- The role will now fail automatically if you try to deploy NGINX from an official repository in an unsupported distribution. You can find a list of supported distributions for NGINX and NGINX Plus in
vars/main.yml
- Three new tags have been introduced --
nginx_setup_license
,nginx_enable
andnginx_check_support
. - Add Alpine 3.12 to the list of supported platforms.
- Remove Alpine 3.8 from the list of supported platforms.
- Add NGINX Plus tests to TravisCI
ENHANCEMENTS:
- Added handlers to check for NGINX syntax validity and fail if any errors are detected.
- Switch to using
ansible_facts
wherever possible. - Major backend refactoring to reduce the number of files and tasks.
- You can now specify an
nginx_repository
for NGINX Plus too. - Moved "constant" variables to
vars/main.yml
. - Included deprecation warnings in task names and files.
- Improved tasks naming conventions.
- Update Ansible to
2.9.13
and Ansible Lint to4.3.5
.
BUG FIXES:
- NGINX Plus repository data for RHEL based distros is now appropriately set.
- Building NGINX from source should now work as expected in CentOS/RHEL 6 systems running Python
2.6
or earlier versions of2.7
.
BREAKING CHANGES:
The Debian and Ubuntu repositories have slightly changed. You may run into some duplication issues when running the role on a preexisting target that already has had NGINX installed using the role. To fix this, manually remove the old repository source.
ENHANCEMENTS:
- Update Ansible to
2.9.12
and Ansible Lint to4.3.2
. - Explicitly define
mode
in relevant tasks. - Explicitly define the
nginx
apt_repository
filename in Debian based distros.
FEATURES:
TravisCI now always uses the latest version of Docker.
BUG FIXES:
Building OpenSSL from source should now work properly in CentOS 8.
DEPRECATION WARNING:
With the advent of Ansible collections and to reduce the overhead of this role, the decision has been made to split this role into three smaller roles:
- The NGINX Ansible role will keep working as is and be used to install and setup NGINX.
- There now is a separate role to manage and create NGINX configurations available here. Any new issues or PRs related to configuring NGINX should be submitted in the new NGINX Config repository. New issues or PRs related to configuring NGINX submitted in this repository will not be worked on. The NGINX configuration functionalities included in this role will be removed in an upcoming release.
- NGINX Unit now has a separate role available here. Any new issues or PRs related to NGINX Unit should be submitted in the new NGINX Unit repository. New issues or PRs related to NGINX Unit submitted in this repository will not be worked on. The NGINX Unit functionalities included in this role will be removed in an upcoming release.
BREAKING CHANGES:
-
The Debian and Ubuntu repositories have slightly changed. You may run into some duplication issues when running the role on a preexisting target that already has had NGINX installed using the role. To fix this, manually remove the old repository source.
-
If you use
custom_options
you will now need to manually end each directive with a semicolon. -
The
status
directive is no longer supported in NGINX Plus, and thestub_status
directive has been reworked into a template. -
The listen directive structure in the
stream
template has been updated to the listen directive structure found in thehttp
template. You can now specify multiplelisten
directives in the sameserver
block as well as include any extralisten
options you might need.Old configuration example
listen_address: localhost listen_port: 80 udp_enable: false
New configuration example
listen: listen_localhost: ip: 0.0.0.0 # Wrap in square brackets for IPv6 addresses port: 80 ssl: false opts: [] # Listen opts like udp which will be added (ssl is automatically added if you specify 'ssl:').
The one major change is that instead of using
udp_enable: true
you will now need to useopts: [udp]
if you wish to enableudp
.
FEATURES:
- Add support to configure logrotate.
- Add support for Ubuntu Focal.
- Add support to configure SELinux.
- Two new variables have been introduced --
nginx_enable
andnginx_configure
-- to let you choose whether you want to install NGINX, configure NGINX, or both.
ENHANCEMENTS:
- Molecule tests using Testinfra have been migrated to use Ansible instead.
- The role now uses
include_tasks
instead ofimport_tasks
when possible to speed up the role's execution time. - Improve configuration cleanup capabilities. You can now remove all
*.conf
files in a given directory, or specify a list of files you wish to delete. - Improve configuration templating capabilities:
- Add support for unix upstreams.
- Add PID templating option.
- Add support for down parameter in upstreams.
- Add option for custom error pages.
- Add SSL support to
stream
contexts.
BUG FIXES:
nginx_debug_output
would sometimes fail if NGINX had not been automatically started by the system upon installation.- If
http_demo_conf
was undefined the web server template interpolation would fail.
This is a relatively minor release, but it includes a potential breaking change (hence the version bump). The one major new feature is the ability to install/build NGINX Open Source from source.
BREAKING CHANGES:
The NGINX Controller agent can no longer be installed using this role. Please use the Ansible collection linked in the README.
FEATURES:
- Install/build NGINX from source options now available.
- Implement NGINX http sub module templating.
- NGINX config is now correctly validated each run.
- SSL Private Key data is hidden when running the role with the
--diff
flag.
BUG FIXES:
- The role should no longer sporadically cause apt update to fail in amd64 systems when installing NGINX from an official repository.
- Modules should now correctly install when using a specific NGINX Plus version.
BREAKING CHANGES:
- The new listen templating options are not backwards with the previous listen templating options. Check the
README
ormolecule/template_module/playbook.yml
for examples on how to use the new listen template. - BSD and Linux NGINX installation tasks have undergone some major changes. As such, you may have to update your playbooks accordingly.
FEATURES:
- Improve NGINX http templating:
- Multiple server support in HTTP contexts.
- Header support.
- OCSP stapling.
- Improved proxy settings.
- Logging settings.
- Improved SSL settings.
- Improved authentication settings.
- Max body size support.
- Improved listen templating.
- Switch to Molecule for testing.
- Add support for Debian Buster.
- Support for specifying which version of NGINX to install.
- Split default variables into multiple functional files.
- Improve support for Alpine distributions.
- Support for updating or removing NGINX from your system.
- Implemented tags to support running specific tasks instead of the whole role.
BUG FIXES:
- Module installation when using NGINX Plus has been fixed.
- Websockets templating has been reenabled after being accidentally deleted.
- When deleting your NGINX Plus license from the system, the NGINX Plus repository will also be deleted to prevent issues further down the line if you run a repository update since there will not be a license anymore to authenticate into the NGINX Plus repository.
FEATURES:
Improve NGINX http templating - following parameters are now supported:
- Websockets.
- Basic authentication.
- Proxy cache.
- Proxy redirect.
- Proxy timeouts.
- SSL.
- Root (in server context).
- Add basic NGINX stream templating.
- Add support for RHEL 8 and Alpine Linux.
BUG FIXES:
Fix module installation tasks.
FEATURES:
- Allow setting a custom apt and rpm signing key host.
- Add support for enabling an http to https redirects.
- Add ansible_managed to templates.
- Rename html_app_name to web_server_name.
- Rename load_balancer block to reverse_proxy.
- Allow setting the listen port when using SSL.
- Improve SSL defaults.
- Allow setting http or https server locations in proxy_pass.
BUG FIXES:
- Ignore undefined values for autoindex and health check.
- Clarify that the redirect variable refers to a http to https redirect.
BUG FIXES:
Fix HTML template to use correct variable name.
FEATURES:
Improve templating support for health checks, multiple location blocks, and auto indexing.
BUG FIXES:
- Fetching the NGINX signing key is now more reliable.
- Fixed HTML templating.
FEATURES:
- Refactor NGINX templating and file uploading.
- Add ability to upload and template HTML files.
- Add ability to upload SSL keys and certificates.
FEATURES:
- Add ability to install NGINX Plus Controller agent.
- Refactor installation of NGINX Amplify agent.
- Rename variables to be prefixed with
nginx_
.
BUG FIXES:
Correct spelling of name in tasks/prerequisites/setup-debian.yml
.
FEATURES:
Add enabled parameter to NGINX and NGINX Unit handlers.
FEATURES:
- Add Amazon Linux 2 support for NGINX Plus.
- Add ability to delete NGINX Plus license after installation.
BUG FIXES:
- GeoIP module can now be properly installed.
- Module installation will no longer fail if only one module is specified.
FEATURES:
- Improve NGINX Unit related documentation.
- Add FreeBSD and Amazon Linux 2 support for NGINX Unit.
- Allow users to install NGINX Unit without having to also install NGINX.
FEATURES:
Add support for NGINX Unit.
FEATURES:
- Implement support for FreeBSD.
- Allow users to select the default NGINX repository.
FEATURES:
Improve Travis CI testing strategy.
BUG FIXES:
Fix templating and push tasks.
FEATURES:
Add support for all first party NGINX modules.
BUG FIXES:
- Role should now work correctly in distros with old versions of Python.
- Rest API configuration will now only be created when rest_api_enable is set to true (an empty file would be created in previous versions if rest_api_enable was set to false).
- Uploading/dynamically generating files should now result in the files being uploaded/created to/in the correct directory.
Initial release of the NGINX Ansible role. Features include:
- Install NGINX Open Source or NGINX Plus.
- Choose between stable or mainline NGINX Open Source.
- Install NGINX Amplify.
- Install NGINX Javascript, Perl, and ModSecurity WAF NGINX modules.
- Enable the NGINX Plus REST API and dashboard.
- Upload NGINX configuration files.
- Templated NGINX configuration system.