Repository: ANXS/nginx
Branch: master
Commit: b469b10482ef
Files: 53
Total size: 55.5 KB
Directory structure:
gitextract_5nkzvnhi/
├── .gitignore
├── .travis.yml
├── LICENSE
├── README.md
├── Vagrantfile
├── defaults/
│ └── main.yml
├── files/
│ ├── index.html
│ ├── mime.types
│ └── naxsi_core.rules
├── handlers/
│ └── main.yml
├── meta/
│ └── main.yml
├── tasks/
│ ├── configure.yml
│ ├── default_site.yml
│ ├── directories.yml
│ ├── main.yml
│ ├── modules/
│ │ ├── _authorized_ips.yml
│ │ ├── google_perftools_module.yml
│ │ ├── headers_more_module.yml
│ │ ├── http_auth_request_module.yml
│ │ ├── http_echo_module.yml
│ │ ├── http_geoip_module.yml
│ │ ├── http_gzip_static_module.yml
│ │ ├── http_perl_module.yml
│ │ ├── http_realip_module.yml
│ │ ├── http_spdy_module.yml
│ │ ├── http_ssl_module.yml
│ │ ├── http_stub_status_module.yml
│ │ ├── ipv6_module.yml
│ │ ├── naxsi_module.yml
│ │ ├── ngx_pagespeed.yml
│ │ └── upload_progress_module.yml
│ ├── modules.yml
│ ├── monit.yml
│ ├── package.yml
│ ├── scripts.yml
│ ├── sites.yml
│ ├── source.yml
│ └── user.yml
├── templates/
│ ├── .nginx_compilation_flags.j2
│ ├── default.site.j2
│ ├── etc_monit_conf.d_nginx.j2
│ ├── modules/
│ │ ├── authorized_ips.j2
│ │ ├── http_gzip_static.conf.j2
│ │ ├── http_realip.conf.j2
│ │ ├── nginx_status.j2
│ │ └── upload_progress.j2
│ ├── nginx.conf.j2
│ ├── nginx.init.j2
│ ├── nxdissite.j2
│ ├── nxensite.j2
│ └── site.j2
├── test.yml
└── vagrant-inventory
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitignore
================================================
*.sw[op]
.DS_Store
.AppleDouble
.LSOverride
Icon
._*
.Spotlight-V100
.Trashes
.vagrant
test
================================================
FILE: .travis.yml
================================================
---
language: python
python: "2.7"
env:
- INSTALL_METHOD=source ANSIBLE_VERSION=1.9.0.1
- INSTALL_METHOD=source ANSIBLE_VERSION=2.0.0.2
- INSTALL_METHOD=package ANSIBLE_VERSION=1.9.0.1
- INSTALL_METHOD=package ANSIBLE_VERSION=2.0.0.2
before_install:
- sudo apt-get update -qq
- sudo apt-get install -qq python-apt python-pycurl
install:
- pip install ansible==$ANSIBLE_VERSION
script:
- echo localhost > inventory
- ansible-playbook -i inventory test.yml --syntax-check
- ansible-playbook -i inventory test.yml --connection=local --sudo -e "nginx_install_method=$INSTALL_METHOD"
- >
ansible-playbook -i inventory test.yml --connection=local --sudo -e "nginx_install_method=$INSTALL_METHOD"
| grep -q 'changed=0.*failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
after_failure:
- cat /etc/nginx/nginx.conf
================================================
FILE: LICENSE
================================================
The MIT License
Copyright (c) 2014 Pieterjan Vandaele
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
================================================
FILE: README.md
================================================
## ANXS - nginx [](https://travis-ci.org/ANXS/nginx)
Ansible role which installs and configures Nginx, from a package or from source (including a series of optional modules).
#### Requirements & Dependencies
##### Ansible
It has been tested on Ansible 1.5 and above, and depends on the following roles:
- ANXS.apt
- ANXS.build-essential
- ANXS.perl
- ANXS.monit (if you want monit protection)
##### Platforms
Currently it's been developed for, and tested on Ubuntu. It is assumed to work on other Debian distributions as well.
#### Variables
##### default (nginx.conf)
- `nginx_install_method` - "source" or "package"
- `nginx_user` - user Nginx will run as
- `nginx_uid` - the uid for this user
- `nginx_group` - Nginx group
- `nginx_gid` - the gid for this group
- `nginx_dir` - location of the Nginx configuration (conf, sites-available, sites-enabled, ...)
- `nginx_www_dir` - location of the www root for Nginx sites
- `nginx_log_dir` - location of the Nginx logs
- `nginx_pid` - location of the Nginx PID file
- `nginx_worker_processes` - sets the number of worker processes
- `nginx_daemon_disable` - whether the daemon should be disabled which can be set to yes or no
- `nginx_worker_rlimit_nofile` - used for config value of `worker_rlimit_nofile`. Can replace any "ulimit -n" command. The value depend on your usage (cache or not) but must always be superior than worker_connections. Set to `null` to ignore
- `nginx_error_log_options` - option flags for the error_log
- `nginx_error_log_filename` - filename for the error log
- `nginx_worker_connections` - sets the number of worker connections
- `nginx_multi_accept` - used for config value of events { multi_accept }. Try to accept() as many connections as possible. Can be set to yes or no
- `nginx_charset` - used to specify an explicit default charset (say, 'utf-8', 'off'…)
- `nginx_disable_access_log` - whether or not to disable the access log, yes or no
- `nginx_access_log_options` - option flags for the access_log
- `nginx_server_tokens` - whether to send the Nginx version number in error pages and Server header, on or off
- `nginx_event` - used for config value of events { use }. Set the event-model. By default nginx looks for the most suitable method for your OS.
- `nginx_sendfile` - directive to activate or deactivate the usage of sendfile(), on or off
- `nginx_keepalive` - option whether to use the timeout options (below). Only the value "on" will include them
- `nginx_keepalive_timeout` - assigns the timeout for keep-alive connections with the client
- `nginx_client_body_timeout` - sets the read timeout for the request body from client
- `nginx_client_header_timeout` - specifies how long to wait for the client to send a request header
- `nginx_send_timeout` - specifies the response timeout to the client; it does not apply to the entire transfer but, rather, only between two subsequent client-read operations
- `nginx_buffers` - option whether to use the buffer options (below). Only the value "on" will include them
- `client_body_buffer_size` - specifies the client request body buffer size
- `client_header_buffer_size` - sets the headerbuffer size for the request header from client
- `client_max_body_size` - specifies the maximum accepted body size of a client request, as indicated by the request header Content-Length. Set to 0 to disable
- `large_client_header_buffers` - assigns the maximum number and size of buffers for large headers to read from client request
- `nginx_server_names_hash_bucket_size` - assigns the size of basket in the hash-tables of the names of servers. This value by default depends on the size of the line of processor cache
- `nginx_types_hash_max_size` -
- `nginx_types_hash_bucket_size` -
- `nginx_proxy_read_timeout` - defines a timeout (between two successive read operations) for reading a response from the proxied server.
- `nginx_enable_rate_limiting` - enable rate limiting, yes or no
- `nginx_rate_limiting_zone_name` - sets the shared memory zone
- `nginx_rate_limiting_backoff` - sets the maximum burst size of requests
- `nginx_rate_limit` - sets the rate (e.g. 1r/s)
- `nginx_access_logs` - a list of access log formats, filenames and options
nginx_access_logs:
- name: "main"
format: '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'
options: null
filename: "access.log"
#This will generate access_log /var/log/nginx/access.log combined
nginx_access_logs:
- name: "combined"
filename: "access.log"
- `nginx_default_root` - the directory to place the default site
- `nginx_default_enable` - whether or not to actually enable the defaul site
##### source
- `nginx_source_version` - the version of Nginx to install
- `nginx_source_url` - URL for the Nginx source (versioned). By default it will get it from `nginx_source_version`
- `nginx_source_prefix` - prefix for installing nginx from source (versioned)
- `nginx_source_conf_path` - location of the main config file (in `nginx_dir` by default)
- `nginx_source_default_configure_flags` - the default configure flags (before adding the modules). By default, this sets --prefix, --conf-path and --sbin-path
- `nginx_source_modules_included` - see below
- `nginx_source_modules_excluded` - a list of configure flags to exclude modules. Example: ["mail_pop3_module", "mail_imap_module", "mail_smtp_module"]
`nginx_source_modules_included` is a dictionary (k,v) where k is the module name, and v its accompanying configure flag. All the possible options are given below:
```yaml
nginx_source_modules_included:
http_stub_status_module: "--with-http_stub_status_module"
http_ssl_module: "--with-http_ssl_module"
http_gzip_static_module: "--with-http_gzip_static_module"
upload_progress_module: "--add-module=/tmp/nginx-upload-progress-module-{{nginx_upload_progress_version}}"
headers_more_module: "--add-module=/tmp/headers-more-nginx-module-{{nginx_headers_more_version}}"
http_auth_request_module: "--add-module=/tmp/ngx_http_auth_request_module-{{nginx_auth_request_release}}"
http_echo_module: "--add-module=/tmp/echo-nginx-module-{{nginx_echo_version}}"
google_perftools_module: "--with-google_perftools_module"
ipv6_module: "--with-ipv6"
http_real_ip_module: "--with-http_realip_module"
http_spdy_module: "--with-http_spdy_module"
http_perl_module: "--with-http_perl_module"
naxsi_module: "--add-module=/tmp/naxsi-{{nginx_naxsi_version}}/naxsi_src"
ngx_pagespeed: "--add-module=/tmp/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta"
http_geoip_module: "--with-http_geoip_module"
```
##### Sites
There is a possibility to configure a list of servers to be available (not yet enabled) as well. Just provide a list of dictionaries according to the following format:
```yaml
nginx_sites:
- server:
name: foo
listen: 8080
server_name: localhost
location1:
name: "/"
try_files: "$uri $uri/ /index.html"
sendfile: "on"
- server:
name: bar
listen: 8888
server_name: webmail.localhost
location1:
name: /
try_files: "$uri $uri/ /index.html"
location2:
name: /images/
try_files: "$uri $uri/ /index.html"
```
To enable or disable specific sites you can add prior used `server_name` attribute to the variables `nginx_enabled_sites` and `nginx_disabled_sites`.
```yaml
nginx_enabled_sites:
- localhost
```
```yaml
nginx_disabled_sites:
- webmail.localhost
```
##### Monit ?
You can put Nginx under monit monitoring protection, by setting `monit_protection: yes`
##### Modules
###### gzip module
- 'nginx_gzip' - whether to use gzip, can be "on" or "off"
- 'nginx_gzip_http_version'
- 'nginx_gzip_comp_level'
- 'nginx_gzip_proxied'
- 'nginx_gzip_vary'
- 'nginx_gzip_buffers'
- 'nginx_gzip_min_length'
- 'nginx_gzip_types'
- 'nginx_gzip_disable'
###### http_stub_status module
- `nginx_remote_ip_var`
- `nginx_authorized_ips`
###### http_gzip_static module
- `nginx_gzip_static` - whether to use gzip_static, can be on or off
###### upload_progress module
- `nginx_upload_progress_version` - version of the upload_progress module
- `nginx_upload_progress_javascript_output`- sets output in javascript. The default is true for backwards compatibility
- `nginx_upload_progress_zone_name` - assigns one name which will be used to store the per-connection tracking information. The default is proxied
- `nginx_upload_progress_zone_size` - assigns the zone size in bytes. Default is 1m (1 megabyte)
###### headers_more module
- `nginx_headers_more_version` - version of the headers_more module
###### http_auth_request module
- `nginx_auth_request_release` - the release number of the http_auth_request module
###### http_echo module
- `nginx_echo_version` - version of the http_echo module
###### http_realip module
- `nginx_realip_header` - Sets the header to use for the RealIp Module; only accepts "X-Forwarded-For" or "X-Real-IP"
- `nginx_realip_addresses` - Sets the addresses to use for the http_realip configuration
- `nginx_realip_real_ip_recursive` - If recursive search is enabled, the original client address that matches one of the trusted addresses is replaced by the last non-trusted address sent in the request header field. Can be on "on" or "off". The default is "off"
###### naxsi module
- `nginx_naxsi_version` - version of the naxsi module
###### geoip module
- `nginx_geoip: 'on'`
- `nginx_geoip_country: "{{nginx_dir}}/geoip/GeoIP.dat"`
- `nginx_geoip_city: "{{nginx_dir}}/geoip/GeoLiteCity.dat"`
#### Thanks
To the contributors:
- [Jean-Denis Vauguet](https://github.com/chikamichi)
#### Testing
This project comes with a VagrantFile, this is a fast and easy way to test changes to the role, fire it up with `vagrant up`.
See [vagrant docs](https://docs.vagrantup.com/v2/) for getting setup with vagrant
There are two ways to test the install: compiling nginx from source or installing from a package manager.
By default nginx compiles from source, however if desired, we can set a command line variable to install
from the package manager
export NGINX_INSTALL_METHOD=package
#### License
Licensed under the MIT License. See the LICENSE file for details.
#### Feedback, bug-reports, requests, ...
Are [welcome](https://github.com/ANXS/nginx/issues)!
================================================
FILE: Vagrantfile
================================================
# -*- mode: ruby -*-
# vi: set ft=ruby :
nginx_install_method = ENV.key?('NGINX_INSTALL_METHOD') ? ENV['NGINX_INSTALL_METHOD'] : 'source'
Vagrant.configure('2') do |config|
config.vm.define 'anxs' do |c|
c.vm.box = 'ubuntu/trusty64'
c.vm.network :private_network, ip: '192.168.88.16'
c.vm.hostname = 'anxs.local'
c.vm.provision 'ansible' do |ansible|
ansible.playbook = 'test.yml'
ansible.sudo = true
ansible.inventory_path = 'vagrant-inventory'
ansible.host_key_checking = false
ansible.extra_vars = {
nginx_install_method: nginx_install_method
}
end
end
end
================================================
FILE: defaults/main.yml
================================================
# file: nginx/defaults/main.yml
nginx_install_method: "source"
nginx_source_version: "1.8.0"
nginx: "nginx"
nginx_user: www-data
nginx_group: www-data
nginx_uid: 33
nginx_gid: 33
nginx_dir: "/etc/nginx"
nginx_www_dir: "/srv/www"
nginx_log_dir: "/var/log/nginx"
nginx_pid: "/var/run/nginx.pid"
# nginx.conf
nginx_worker_processes: 4
nginx_daemon_disable: no
nginx_worker_rlimit_nofile: null
nginx_error_log_options: null
nginx_error_log_filename: 'error.log'
nginx_worker_connections: 1024
nginx_multi_accept: 'on'
nginx_event: null
nginx_charset: null
nginx_disable_access_log: no
nginx_server_tokens: 'off'
nginx_sendfile: 'on'
nginx_keepalive: "on"
nginx_keepalive_timeout: "30"
nginx_client_body_timeout: "10"
nginx_client_header_timeout: "10"
nginx_send_timeout: "10"
nginx_buffers: "on"
nginx_client_body_buffer_size: "1k"
nginx_client_header_buffer_size: "1k"
nginx_client_max_body_size: "2m"
nginx_large_client_header_buffers: "2 1k"
nginx_server_names_hash_bucket_size: 64
nginx_types_hash_max_size: 2048
nginx_types_hash_bucket_size: 64
nginx_proxy_read_timeout: null
nginx_enable_rate_limiting: no
nginx_rate_limiting_zone_name: "default"
nginx_rate_limiting_backoff: "10m"
nginx_rate_limit: "1r/s"
nginx_access_logs:
- name: "main"
format: '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"'
options: null
filename: "access.log"
# default site
nginx_default_root: "{{nginx_www_dir}}/default"
nginx_default_enable: yes
# site inventory
nginx_sites: []
nginx_enabled_sites: []
nginx_disabled_sites: []
# source
nginx_source_url: "http://nginx.org/download/nginx-{{nginx_source_version}}.tar.gz"
nginx_source_prefix: "/usr/local/nginx/nginx-{{nginx_source_version}}"
nginx_source_conf_path: "{{nginx_dir}}/nginx.conf"
nginx_source_sbin_path: "{{nginx_source_prefix}}/sbin/nginx"
nginx_source_default_configure_flags: "--prefix={{nginx_source_prefix}} --conf-path={{nginx_source_conf_path}} --sbin-path={{nginx_source_sbin_path}}"
nginx_source_modules_included:
http_stub_status_module: "--with-http_stub_status_module"
http_ssl_module: "--with-http_ssl_module"
openssl: "--with-openssl=/tmp/openssl-{{ openssl_version }}"
http_gzip_static_module: "--with-http_gzip_static_module"
upload_progress_module: "--add-module=/tmp/nginx-upload-progress-module-{{nginx_upload_progress_version}}"
headers_more_module: "--add-module=/tmp/headers-more-nginx-module-{{nginx_headers_more_version}}"
http_auth_request_module: "--add-module=/tmp/ngx_http_auth_request_module-{{nginx_auth_request_release}}"
http_echo_module: "--add-module=/tmp/echo-nginx-module-{{nginx_echo_version}}"
google_perftools_module: "--with-google_perftools_module"
ipv6_module: "--with-ipv6"
http_real_ip_module: "--with-http_realip_module"
http_spdy_module: "--with-http_spdy_module"
http_perl_module: "--with-http_perl_module"
naxsi_module: "--add-module=/tmp/naxsi-{{nginx_naxsi_version}}/naxsi_src"
ngx_pagespeed: "--add-module=/tmp/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta"
http_geoip_module: "--with-http_geoip_module"
nginx_source_modules_excluded:
- mail_pop3_module
- mail_imap_module
- mail_smtp_module
nginx_source_configure_flags: "{{nginx_source_default_configure_flags}}{% for key, value in nginx_source_modules_included.items() %} {{value}}{% endfor %}{% for item in nginx_source_modules_excluded %} --without-{{item}}{% endfor %}"
# gzip_module
nginx_gzip: 'on'
nginx_gzip_http_version: 1.1
nginx_gzip_comp_level: 2
nginx_gzip_proxied: expired no-cache no-store private auth
nginx_gzip_vary: 'on'
nginx_gzip_buffers: null
nginx_gzip_min_length: 10240
nginx_gzip_types:
- text/plain
- text/css
- text/xml
- text/csv
- text/javascript
- application/x-javascript
- application/xml
- application/xml+rss
- application/javascript
- application/postscript
- application/pdf
- application/ecmascript
- application/json
- image/svg+xml
nginx_gzip_disable: "MSIE [1-6]\\."
# geoip_module
nginx_geoip: 'off'
nginx_geoip_country: "{{nginx_dir}}/geoip/GeoIP.dat"
nginx_geoip_city: "{{nginx_dir}}/geoip/GeoLiteCity.dat"
# http_stub_status_module configuration
nginx_remote_ip_var: "remote_addr"
nginx_authorized_ips:
- "127.0.0.1/32"
# http_gzip_static_module configuration
nginx_gzip_static: "off"
# upload_progress_module configuration
nginx_upload_progress_version: "0.9.1"
nginx_upload_progress_javascript_output: yes
nginx_upload_progress_zone_name: "proxied"
nginx_upload_progress_zone_size: "1m"
nginx_upload_progress_url: "https://github.com/masterzen/nginx-upload-progress-module/archive/v{{nginx_upload_progress_version}}.tar.gz"
# headers_more_module configuration
nginx_headers_more_version: "0.261"
nginx_headers_more_url: "https://github.com/agentzh/headers-more-nginx-module/archive/v{{nginx_headers_more_version}}.tar.gz"
# http_auth_request_module configuration
nginx_auth_request_release: "662785733552"
nginx_auth_request_url: "http://mdounin.ru/hg/ngx_http_auth_request_module/archive/{{nginx_auth_request_release}}.tar.gz"
# http_echo_module configuration
nginx_echo_version: "0.58"
nginx_echo_url: "https://github.com/agentzh/echo-nginx-module/archive/v{{nginx_echo_version}}.tar.gz"
# http_realip_module configuration
nginx_realip_header: "X-Forwarded-For"
nginx_realip_addresses: ["127.0.0.1"]
nginx_realip_real_ip_recursive: "off"
# naxsi_module configuration
nginx_naxsi_version: "0.53"
nginx_naxsi_url: "https://github.com/nbs-system/naxsi/archive/{{nginx_naxsi_version}}.tar.gz"
# ngx_pagespeed_module configuration
nginx_ngx_pagespeed_version: 1.9.32.4
# OpenSSL configuration
openssl_version: "1.0.2h"
================================================
FILE: files/index.html
================================================
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
</head>
<body>
<h1>Thank you for using ANXS.nginx</h1>
<p>If you see this page then Ansible has properly provisioned your nginx installation and you have not specified a default site with an existing index.html.</p>
<p>Additional configuration will likely be neccesary</p>
</body>
</html>
================================================
FILE: files/mime.types
================================================
types {
text/html html htm shtml;
text/css css;
text/xml xml;
image/gif gif;
image/jpeg jpeg jpg;
application/x-javascript js;
application/json json;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png png;
image/tiff tif tiff;
image/vnd.wap.wbmp wbmp;
image/x-icon ico;
image/x-jng jng;
image/x-ms-bmp bmp;
image/svg+xml svg svgz;
image/webp webp;
application/java-archive jar war ear;
application/mac-binhex40 hqx;
application/msword doc;
application/pdf pdf;
application/postscript ps eps ai;
application/rtf rtf;
application/vnd.ms-excel xls;
application/vnd.ms-powerpoint ppt;
application/vnd.wap.wmlc wmlc;
application/vnd.google-earth.kml+xml kml;
application/vnd.google-earth.kmz kmz;
application/x-7z-compressed 7z;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/xhtml+xml xhtml;
application/zip zip;
application/octet-stream bin exe dll;
application/octet-stream deb;
application/octet-stream dmg;
application/octet-stream eot;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/midi mid midi kar;
audio/mpeg mp3;
audio/ogg ogg;
audio/x-m4a m4a;
audio/x-realaudio ra;
video/3gpp 3gpp 3gp;
video/mp4 mp4;
video/mpeg mpeg mpg;
video/quicktime mov;
video/webm webm;
video/x-flv flv;
video/x-m4v m4v;
video/x-mng mng;
video/x-ms-asf asx asf;
video/x-ms-wmv wmv;
video/x-msvideo avi;
}
================================================
FILE: files/naxsi_core.rules
================================================
##################################
## INTERNAL RULES IDS:1-10 ##
##################################
#weird_request : 1
#big_body : 2
#no_content_type : 3
#@MainRule "msg:weird/incorrect request" id:1;
#@MainRule "msg:big request, unparsed" id:2;
#@MainRule "msg:uncommon hex encoding (%00 etc.)" id:10;
#@MainRule "msg:uncommon/empty content-type in POST" id:11;
#@MainRule "msg:uncommon/malformed URL" id:12;
#MainRule "str:123FREETEXT" "msg:exemple learning test pattern" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:BLOCK" id:0;
##################################
## SQL Injections IDs:1000-1099 ##
##################################
MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;
MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001;
MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
## Hardcore rules
MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003;
MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004;
MainRule "str:|" "msg:mysql keyword (|)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;
MainRule "str:&&" "msg:mysql keyword (&&)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006;
## end of hardcore rules
MainRule "str:--" "msg:mysql comment (--)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007;
MainRule "str:;" "msg:; in stuff" "mz:BODY|URL|ARGS" "s:$SQL:4,$XSS:8" id:1008;
MainRule "str:=" "msg:equal in var, probable sql/xss" "mz:ARGS|BODY" "s:$SQL:2" id:1009;
MainRule "str:(" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1010;
MainRule "str:)" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1011;
MainRule "str:'" "msg:simple quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$SQL:4,$XSS:8" id:1013;
MainRule "str:," "msg:, in stuff" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1015;
MainRule "str:#" "msg:mysql comment (#)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1016;
###############################
## OBVIOUS RFI IDs:1100-1199 ##
###############################
MainRule "str:http://" "msg:http:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1100;
MainRule "str:https://" "msg:https:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1101;
MainRule "str:ftp://" "msg:ftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1102;
MainRule "str:php://" "msg:php:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1103;
MainRule "str:sftp://" "msg:sftp:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1104;
MainRule "str:zlib://" "msg:zlib:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1105;
MainRule "str:data://" "msg:data:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1106;
MainRule "str:glob://" "msg:glob:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1107;
MainRule "str:phar://" "msg:phar:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1108;
MainRule "str:file://" "msg:file:// scheme" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1109;
#######################################
## Directory traversal IDs:1200-1299 ##
#######################################
MainRule "str:.." "msg:double dot" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1200;
MainRule "str:/etc/passwd" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1202;
MainRule "str:c:\\" "msg:obvious windows path" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203;
MainRule "str:cmd.exe" "msg:obvious probe" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1204;
MainRule "str:\\" "msg:backslash" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1205;
#MainRule "str:/" "msg:slash in args" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1206;
########################################
## Cross Site Scripting IDs:1300-1399 ##
########################################
MainRule "str:<" "msg:html open tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1302;
MainRule "str:>" "msg:html close tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1303;
MainRule "str:[" "msg:[, possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1310;
MainRule "str:]" "msg:], possible js" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311;
MainRule "str:~" "msg:~ character" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312;
MainRule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
MainRule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
####################################
## Evading tricks IDs: 1400-1500 ##
####################################
MainRule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
MainRule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
MainRule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402;
#############################
## File uploads: 1500-1600 ##
#############################
MainRule "rx:.ph|.asp|.ht" "msg:asp/php file upload!" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500;
================================================
FILE: handlers/main.yml
================================================
# file: nginx/handlers/main.yml
- name: restart nginx
service: name=nginx state=restarted
become: yes
when: not nginx_first_start.changed
- name: reload nginx
service: name=nginx state=reloaded
become: yes
================================================
FILE: meta/main.yml
================================================
# file: nginx/meta/main.yml
galaxy_info:
author: pjan vandaele
company: ANXS
description: Install and configure Nginx
min_ansible_version: 1.9
license: MIT
platforms:
- name: Ubuntu
versions:
- all
categories:
- system
dependencies:
- ANXS.hostname
- ANXS.apt
- role: ANXS.build-essential
when: nginx_install_method is defined and nginx_install_method == "source"
- role: ANXS.perl
when: nginx_install_method is defined and nginx_install_method == "source"
- role: ANXS.monit
when: monit_protection is defined and monit_protection == true
================================================
FILE: tasks/configure.yml
================================================
# nginx/tasks/configure.yml
- name: Nginx | Make sure the mime.types file is up to date
copy:
src: mime.types
dest: "{{nginx_dir}}/mime.types"
owner: root
group: root
mode: 0644
- name: Nginx | Check for existence of Nginx configuration
stat:
path: "{{nginx_dir}}/nginx.conf"
register: nginx_config
- name: Nginx | Make sure the Nginx configuration is updated
template:
src: nginx.conf.j2
dest: "{{nginx_dir}}/nginx.conf"
owner: root
group: root
mode: 0644
notify:
- restart nginx
- name: Nginx | Start Nginx the first time
service:
name: nginx
state: started
register: nginx_first_start
when: not nginx_config.stat.exists
================================================
FILE: tasks/default_site.yml
================================================
# file: nginx/tasks/default_site.yml
- name: Nginx | Make sure the default site root directory is present
file:
path: "{{nginx_default_root}}"
state: directory
owner: "{{nginx_user}}"
group: "{{nginx_group}}"
mode: 0754
- name: Nginx | Check for existing index.html
stat:
path: "{{nginx_default_root}}/index.html"
register: nginx_default_index
- name: Nginx | Copy placeholder index.html
copy:
src: "index.html"
dest: "{{nginx_default_root}}/index.html"
owner: "{{nginx_user}}"
group: "{{nginx_group}}"
mode: 0644
when: not nginx_default_index.stat.exists
- name: Nginx | Update the default site configuration
template:
src: default.site.j2
dest: "{{nginx_dir}}/sites-available/default"
owner: root
group: root
mode: 0644
- name: Nginx | Enable the default site
file:
path: "{{nginx_dir}}/sites-enabled/default"
src: "{{nginx_dir}}/sites-available/default"
state: link
when: nginx_default_enable
notify:
- reload nginx
- name: Nginx | Disable the default site
file:
path: "{{nginx_dir}}/sites-enabled/default"
state: absent
when: not nginx_default_enable
notify:
- reload nginx
- name: Nginx | Reload if we just created index.html
service:
name: nginx
state: reloaded
when: not nginx_default_index.stat.exists
================================================
FILE: tasks/directories.yml
================================================
# file: nginx/tasks/commons.yml
- name: Nginx | Make sure the nginx directory exists
file:
path: "{{nginx_dir}}"
owner: root
group: root
mode: 0755
state: directory
- name: Nginx | Make sure the nginx log directory exists
file:
path: "{{nginx_log_dir}}"
owner: root
group: root
mode: 0755
state: directory
- name: Nginx | Make sure the sites-available, sites-enabled and conf.d directories exist
file:
path: "{{nginx_dir}}/{{item}}"
owner: root
group: root
mode: 0755
state: directory
with_items: ["sites-available", "sites-enabled", "conf.d"]
================================================
FILE: tasks/main.yml
================================================
# file: nginx/tasks/main.yml
- include: package.yml
when: nginx_install_method == "package"
- include: source.yml
when: nginx_install_method == "source"
- include: scripts.yml
- include: configure.yml
- include: default_site.yml
- include: sites.yml
- include: monit.yml
when: monit_protection is defined and monit_protection == true
================================================
FILE: tasks/modules/_authorized_ips.yml
================================================
# file: nginx/tasks/modules/authorized_ips.yml
- name: Nginx | Modules | Updated the authorized_ip file
template:
src: templates/modules/authorized_ips.j2
dest: "{{nginx_dir}}/authorized_ips"
owner: root
group: root
mode: 0644
================================================
FILE: tasks/modules/google_perftools_module.yml
================================================
# file: roles/nginx/tasks/modules/google_perftools_module.yml
# configure flag: --with-google_perftools_module
- name: Nginx | Modules | Make sure the libgoogle-perftools-dev package is installed
apt:
pkg: libgoogle-perftools-dev
state: present
================================================
FILE: tasks/modules/headers_more_module.yml
================================================
# file: nginx/tasks/modules/headers_more_module.yml
# configure flag: --add-module=/tmp/nginx_headers_more
- name: Nginx | Modules | Download the headers_more_module source
get_url:
url: "{{nginx_headers_more_url}}"
dest: "/tmp/nginx-headers-more-module-{{nginx_headers_more_version}}.tar.gz"
- name: Nginx | Modules | Unpack the headers_more_module source
command: tar -xvzf /tmp/nginx-headers-more-module-{{nginx_headers_more_version}}.tar.gz
chdir=/tmp creates=/tmp/headers-more-nginx-module-{{nginx_headers_more_version}}
================================================
FILE: tasks/modules/http_auth_request_module.yml
================================================
# file: nginx/tasks/modules/http_auth_request_module.yml
# configure flag: --add-module=/tmp/nginx_auth_request
- name: Nginx | Modules | Download the http_auth_request_module source
get_url:
url: "{{nginx_auth_request_url}}"
dest: "/tmp/nginx-auth-request-module.tar.gz"
- name: Nginx | Modules | Unpack the http_auth_request_module source
command: tar -xvzf /tmp/nginx-auth-request-module.tar.gz chdir=/tmp creates=/tmp/ngx_http_auth_request_module-{{nginx_auth_request_release}}
================================================
FILE: tasks/modules/http_echo_module.yml
================================================
# file: nginx/tasks/modules/http_echo_module.yml
# configure flag: --add-module=/tmp/nginx_echo
- name: Nginx | Modules | Download the http_echo_module source
get_url:
url: "{{nginx_echo_url}}"
dest: "/tmp/nginx-echo-module.tar.gz"
- name: Nginx | Modules | Unpack the http_echo_module source
command: tar -xvzf /tmp/nginx-echo-module.tar.gz chdir=/tmp creates=/tmp/echo-nginx-module-{{nginx_echo_version}}
================================================
FILE: tasks/modules/http_geoip_module.yml
================================================
# file: nginx/tasks/modules/http_geoip_module.yml
# configure flag: --with-http_geoip_module
- name: Nginx | Modules | Install GeoIp lib
apt: pkg={{ item }} state=latest
with_items:
- libgeoip1
- libgeoip-dev
when: nginx_source_modules_included.http_geoip_module is defined
- name: Nginx | Modules | Create directory inside nginx
file: path={{nginx_dir}}/geoip state=directory
when: nginx_source_modules_included.http_geoip_module is defined
- name: Nginx | Modules | Download GeoIP database files
get_url: url=http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz dest={{nginx_dir}}/geoip/GeoIP.dat.gz
when: nginx_source_modules_included.http_geoip_module is defined
- name: Nginx | Modules | Download GeoLiteCity database files
get_url: url=http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz dest={{nginx_dir}}/geoip/GeoLiteCity.dat.gz
when: nginx_source_modules_included.http_geoip_module is defined
- name: Nginx | Modules | Check if the GeoIP file exists
stat: path={{nginx_dir}}/geoip/GeoIP.dat
register: geoip_file
- name: Nginx | Modules | Unarchive GeoIP files
shell: gunzip -c {{nginx_dir}}/geoip/GeoIP.dat.gz > {{nginx_dir}}/geoip/GeoIP.dat
when: not geoip_file.stat.exists
- name: Nginx | Modules | Check if the GeoLiteCity file exists
stat: path={{nginx_dir}}/geoip/GeoLiteCity.dat
register: geolitecity_file
- name: Nginx | Modules | Unarchive GeoLiteCity files
shell: gunzip -c {{nginx_dir}}/geoip/GeoLiteCity.dat.gz > {{nginx_dir}}/geoip/GeoLiteCity.dat
when: not geolitecity_file.stat.exists
================================================
FILE: tasks/modules/http_gzip_static_module.yml
================================================
# file: nginx/tasks/modules/http_gzip_static_module.yml
# configure flag: --with-http_gzip_static_module
- name: Nginx | Modules | Update the http_gzip_static_module configuration
template:
src: templates/modules/http_gzip_static.conf.j2
dest: "{{nginx_dir}}/conf.d/http_gzip_static.conf"
owner: root
group: root
mode: 0644
================================================
FILE: tasks/modules/http_perl_module.yml
================================================
# file: nginx/tasks/modules/http_perl_module.yml
# configure flag: --with-http_perl_module
# no contents
================================================
FILE: tasks/modules/http_realip_module.yml
================================================
# file: nginx/tasks/modules/http_realip_module.yml
# configure flag: --with-http_realip_module
- name: Nginx | Modules | Update the http_realip_module configuration
template:
src: templates/modules/http_realip.conf.j2
dest: "{{nginx_dir}}/conf.d/http_realip.conf"
owner: root
group: root
mode: 0644
================================================
FILE: tasks/modules/http_spdy_module.yml
================================================
# file: nginx/tasks/modules/http_spdy_module.yml
# configure flag: --with-http_spdy_module
# no contents
================================================
FILE: tasks/modules/http_ssl_module.yml
================================================
# file: nginx/tasks/modules/http_ssl_module.yml
# configure flag: --with-http_ssl_module
- name: get openssl source
shell: "wget https://www.openssl.org/source/openssl-{{ openssl_version }}.tar.gz"
args:
chdir: /tmp
creates: "/tmp/openssl-{{ openssl_version }}.tar.gz"
when: nginx_source_modules_included.openssl is defined
#get_url:
# url: "https://www.openssl.org/source/openssl-{{ openssl_version }}.tar.gz"
# dest: "/tmp/openssl-{{ openssl_version }}.tar.gz"
#when: nginx_source_modules_included.openssl is defined
- name: extract openssl source
command: "tar -xf /tmp/openssl-{{ openssl_version }}.tar.gz"
args:
chdir: /tmp
creates: "/tmp/openssl-{{ openssl_version }}"
when: nginx_source_modules_included.openssl is defined
================================================
FILE: tasks/modules/http_stub_status_module.yml
================================================
# file: nginx/tasks/modules/http_stub_status_module.yml
# configure flag: --with-http_stub_status_module
- include: _authorized_ips.yml
- name: Nginx | Modules | Make sure the nginx status configuration is updated
template:
src: templates/modules/nginx_status.j2
dest: "{{nginx_dir}}/sites-available/nginx_status"
owner: root
group: root
mode: 0644
- name: Nginx | Modules | Enable the status stub sites-available
file:
path: "{{nginx_dir}}/sites-enabled/nginx_status"
src: "{{nginx_dir}}/sites-available/nginx_status"
state: link
force: yes
================================================
FILE: tasks/modules/ipv6_module.yml
================================================
# file: roles/nginx/tasks/modules/ipv6_module.yml
# configure flag: --with-ipv6
# no contents
================================================
FILE: tasks/modules/naxsi_module.yml
================================================
# file: roles/nginx/tasks/modules/naxsi_module.yml
# configure flag: --add-module=/tmp/naxsi-{{nginx_naxsi_version}}/naxsi_src
- name: Nginx | Modules | Download the naxsi_module source
get_url:
url: "{{nginx_naxsi_url}}"
dest: "/tmp/nginx-naxsi-module.tar.gz"
- name: Nginx | Modules | Unpack the naxsi_module source
command: tar -xvzf /tmp/nginx-naxsi-module.tar.gz chdir=/tmp creates=/tmp/naxsi-{{nginx_naxsi_version}}
- name: Nginx | Modules | Make sure the naxsi_module configuration is up to date
copy:
src: files/naxsi_core.rules
dest: "{{nginx_dir}}/naxsi_core.rules"
owner: root
group: root
mode: 0644
================================================
FILE: tasks/modules/ngx_pagespeed.yml
================================================
# file: nginx/tasks/modules/ngx_pagespeed.yml
# configure flag: --add-module=/tmp/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta
- name: Nginx | Modules | Make sure the dependences are installed
apt:
pkg: "{{item}}"
with_items:
- zlib1g-dev
- libpcre3
- libpcre3-dev
- name: Nginx | Modules | Download the ngx_pagespeed source
get_url:
url: "https://github.com/pagespeed/ngx_pagespeed/archive/release-{{nginx_ngx_pagespeed_version}}-beta.tar.gz"
dest: "/tmp/ngx_pagespeed_module.tar.gz"
- name: Nginx | Modules | Unpack the ngx_pagespeed source
command: tar -xvzf /tmp/ngx_pagespeed_module.tar.gz
args:
chdir: /tmp
creates: "/tmp/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta"
- name: Nginx | Modules | Download the psol source
get_url:
url: "https://dl.google.com/dl/page-speed/psol/{{nginx_ngx_pagespeed_version}}.tar.gz"
dest: "/tmp/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta/psol.tar.gz"
- name: Nginx | Modules | Unpack the psol source
command: "tar -xvzf /tmp/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta/psol.tar.gz"
args:
chdir: "/tmp/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta"
creates: "/tmp/ngx_pagespeed-release-{{nginx_ngx_pagespeed_version}}-beta/psol"
================================================
FILE: tasks/modules/upload_progress_module.yml
================================================
# file: nginx/tasks/modules/upload_progress_module.yml
# configure flag: --add-module=/tmp/nginx_upload_progress
# to be completed...
- name: Nginx | Modules | Download the upload_progress_module source
get_url:
url: "{{nginx_upload_progress_url}}"
dest: "/tmp/nginx-upload-progress-module-{{nginx_upload_progress_version}}.tar.gz"
- name: Nginx | Modules | Unpack the upload_progress_module source
command: tar -xvzf /tmp/nginx-upload-progress-module-{{nginx_upload_progress_version}}.tar.gz chdir=/tmp creates=/tmp/nginx-upload-progress-module-{{nginx_upload_progress_version}}
- name: Nginx | Modules | Make sure the upload_progress_module configuration is updated
template:
src: templates/modules/upload_progress.j2
dest: "{{nginx_dir}}/sites-available/upload_progress"
owner: root
group: root
mode: 0644
================================================
FILE: tasks/modules.yml
================================================
# file: nginx/tasks/modules.yml
- include: modules/http_stub_status_module.yml
when: nginx_source_modules_included.http_stub_status_module is defined
- include: modules/http_ssl_module.yml
when: nginx_source_modules_included.http_ssl_module is defined
- include: modules/http_gzip_static_module.yml
when: nginx_source_modules_included.http_gzip_static_module is defined
- include: modules/upload_progress_module.yml
when: nginx_source_modules_included.upload_progress_module is defined
- include: modules/headers_more_module.yml
when: nginx_source_modules_included.headers_more_module is defined
- include: modules/http_auth_request_module.yml
when: nginx_source_modules_included.http_auth_request_module is defined
- include: modules/http_echo_module.yml
when: nginx_source_modules_included.http_echo_module is defined
- include: modules/google_perftools_module.yml
when: nginx_source_modules_included.google_perftools_module is defined
- include: modules/ipv6_module.yml
when: nginx_source_modules_included.ipv6_module is defined
- include: modules/http_realip_module.yml
when: nginx_source_modules_included.http_realip_module is defined
- include: modules/http_spdy_module.yml
when: nginx_source_modules_included.http_spdy_module is defined
- include: modules/naxsi_module.yml
when: nginx_source_modules_included.naxsi_module is defined
- include: modules/ngx_pagespeed.yml
when: nginx_source_modules_included.ngx_pagespeed is defined
- include: modules/http_geoip_module.yml
when: nginx_source_modules_included.http_geoip_module is defined
================================================
FILE: tasks/monit.yml
================================================
# file: nginx/tasks/monit.yml
- name: Nginx | | (Monit) Copy the nginx monit service file
template:
src: etc_monit_conf.d_nginx.j2
dest: /etc/monit/conf.d/nginx
notify:
- restart monit
================================================
FILE: tasks/package.yml
================================================
# file: nginx/tasks/package.yml
- name: Nginx | Make sure the ansible required dependencies are installed
apt:
pkg: python-pycurl
state: present
- name: Nginx | Add the nginx repository
apt_repository:
repo: ppa:nginx/stable
- name: Nginx | Make sure nginx is installed (package)
apt:
pkg: "{{nginx}}"
state: present
notify:
- restart nginx
- include: directories.yml
================================================
FILE: tasks/scripts.yml
================================================
# file: nginx/tasks/scripts.yml
- name: Nginx | Copy the nxensite and nxdissite scripts
template:
src: "{{item}}.j2"
dest: "/usr/sbin/{{item}}"
owner: root
group: root
mode: 0755
with_items: ["nxensite", "nxdissite"]
================================================
FILE: tasks/sites.yml
================================================
# file: nginx/tasks/sites.yml
- name: Nginx | Update the configurations for the sites inventory
template:
src: site.j2
dest: "{{nginx_dir}}/sites-available/{{item.server.name}}"
with_items: "{{nginx_sites}}"
when: nginx_sites|lower != 'none'
notify:
- reload nginx
- name: Nginx | Create virtual sites directories
file:
path: "{{nginx_www_dir}}/{{item.server.name}}"
state: directory
owner: "{{nginx_user}}"
group: "{{nginx_user}}"
mode: 0755
with_items: "{{nginx_sites}}"
- name: Nginx | Enable sites
file:
path: "{{nginx_dir}}/sites-enabled/{{item}}"
src: "{{nginx_dir}}/sites-available/{{item}}"
state: link
with_items: "{{nginx_enabled_sites}}"
notify:
- reload nginx
when: nginx_enabled_sites|lower != 'none'
- name: Nginx | Disable sites
file:
path: "{{nginx_dir}}/sites-enabled/{{item}}"
state: absent
with_items: "{{nginx_disabled_sites}}"
notify:
- reload nginx
when: nginx_disabled_sites|lower != 'none'
================================================
FILE: tasks/source.yml
================================================
# file: nginx/tasks/source.yml
- include: user.yml
- include: directories.yml
- name: Nginx | Make sure the Nginx build dependencies are installed
apt:
update_cache: yes
pkg: "{{item}}"
state: present
with_items:
- libpcre3
- libpcre3-dev
- libssl-dev
- name: Nginx | Download the Nginx source release if not yet present
get_url:
url: "{{nginx_source_url}}"
dest: "/tmp/nginx-{{nginx_source_version}}.tar.gz"
- include: "modules.yml"
- name: Nginx | Unpack the compressed Nginx source
command: tar -xvzf /tmp/nginx-{{nginx_source_version}}.tar.gz
chdir=/tmp creates=/tmp/nginx-{{nginx_source_version}}/README
- name: Nginx | Write out the version and flags used for the build
template:
src: .nginx_compilation_flags.j2
dest: "{{nginx_dir}}/.nginx_compilation_flags"
register: nginx_flags
- name: Nginx | Kill Nginx (old threads)
command: pkill nginx
ignore_errors: yes
when: nginx_flags.changed
- name: Nginx | Compile the Nginx source
shell: >
cd /tmp/{{nginx}}-{{nginx_source_version}} &&
./configure {{nginx_source_configure_flags}} &&
make &&
make install
when: nginx_flags.changed
- name: Nginx | Update the symbolic link to the nginx install
file:
path: /usr/local/nginx/default
src: "{{nginx_source_prefix}}"
state: link
force: yes
- name: Nginx | Install the upstart init script
template:
src: nginx.init.j2
dest: /etc/init.d/nginx
owner: root
group: root
mode: 0755
notify:
- restart nginx
- name: Nginx | Register Nginx as a service
service:
name: nginx
enabled: yes
================================================
FILE: tasks/user.yml
================================================
# file: nginx/tasks/user.yml
- name: Nginx | Make sure the nginx group is present
group:
gid: "{{nginx_gid}}"
name: "{{nginx_group}}"
state: present
- name: Nginx | Make sure the www directory is present
file:
path: "{{nginx_www_dir}}"
state: directory
- name: Nginx | Make sure the nginx user is present
user:
name: "{{nginx_user}}"
uid: "{{nginx_uid}}"
group: "{{nginx_group}}"
comment: "Nginx user"
home: "{{nginx_www_dir}}"
shell: /bin/false
state: present
system: yes
- name: Nginx | Set the right directory permissions for the www directory
file:
path: "{{nginx_www_dir}}"
owner: "{{nginx_user}}"
group: "{{nginx_group}}"
mode: 0755
state: directory
- name: Nginx | Check the current password expiry
command: grep {{nginx_user}} /etc/shadow
become: yes
register: nginx_old_password
changed_when: false
- name: Nginx | Set the right expiration on the nginx user
shell: "chage -I -1 -E -1 -m -1 -M -1 -W -1 -E -1 {{nginx_user}} && grep {{nginx_user}} /etc/shadow"
become: yes
register: nginx_new_password
changed_when: nginx_new_password.stdout != nginx_old_password.stdout
================================================
FILE: templates/.nginx_compilation_flags.j2
================================================
# This file is used to track the nginx build flags, DO NOT CHANGE MANUALLY
{{nginx_source_version}}
{{nginx_source_configure_flags}}
================================================
FILE: templates/default.site.j2
================================================
server {
listen 80;
server_name {{inventory_hostname}};
access_log {{nginx_log_dir}}/default.access.log;
location / {
root {{nginx_default_root}};
index index.html index.htm;
}
}
================================================
FILE: templates/etc_monit_conf.d_nginx.j2
================================================
check process nginx with pidfile {{nginx_pid}}
group www
start program = "/etc/init.d/nginx start"
stop program = "/etc/init.d/nginx stop"
if failed host localhost port 80 protocol http
with timeout 10 seconds
then restart
if 5 restarts within 5 cycles then timeout
================================================
FILE: templates/modules/authorized_ips.j2
================================================
geo ${{nginx_remote_ip_var}} $authorized_ip {
default no;
{% for ip in nginx_authorized_ips %}
{{ip}} yes;
{% endfor %}
}
================================================
FILE: templates/modules/http_gzip_static.conf.j2
================================================
gzip_static {{nginx_gzip_static}};
================================================
FILE: templates/modules/http_realip.conf.j2
================================================
{% for address in nginx_realip_addresses %}
set_real_ip_from {{address}};
{% endfor %}
real_ip_header {{nginx_realip_header}};
real_ip_recursive {{nginx_realip_real_ip_recursive}};
================================================
FILE: templates/modules/nginx_status.j2
================================================
include authorized_ips;
server {
listen 8090;
server_name _;
location /nginx_status {
if ($authorized_ip = no) {
return 404;
}
stub_status on;
access_log off;
}
}
================================================
FILE: templates/modules/upload_progress.j2
================================================
upload_progress {{nginx_upload_progress_zone_name}} {{nginx_upload_progress_zone_size}};
{% if nginx_upload_progress_javascript_output %}
upload_progress_java_output;
{% endif %}
================================================
FILE: templates/nginx.conf.j2
================================================
user {{nginx_user}}{% if nginx_user != nginx_group%} {{nginx_group}}{% endif %};
worker_processes {{nginx_worker_processes}};
{% if nginx_daemon_disable %}
daemon off;
{% endif %}
{% if nginx_worker_rlimit_nofile %}
worker_rlimit_nofile {{nginx_worker_rlimit_nofile}};
{% endif %}
error_log {{nginx_log_dir}}/{{nginx_error_log_filename}}{% if nginx_error_log_options %} {{nginx_error_log_options}}{% endif %};
pid {{nginx_pid}};
events {
worker_connections {{nginx_worker_connections}};
{% if nginx_multi_accept %}
multi_accept on;
{% endif %}
{% if nginx_event %}
use {{nginx_event}};
{% endif %}
}
http {
{% if nginx_install_method == "source" %}
{% if nginx_source_modules_included.naxsi_module is defined %}
include {{nginx_dir}}/naxsi_core.rules;
{% endif %}
{% endif %}
include {{nginx_dir}}/mime.types;
default_type application/octet-stream;
{% if nginx_charset %}
charset {{nginx_charset}};
{% endif %}
{% if nginx_disable_access_log %}
access_log off;
{% else %}
{% for log in nginx_access_logs %}
{% if 'format' in log %}
log_format {{log['name']}} {{log['format']}};
{% endif %}
access_log {{nginx_log_dir}}/{{log['filename']}} {{log['name']}}{% if 'options' in log and log['options']|lower != 'none' %} {{log['options']}}{% endif %};
{% endfor %}
{% endif %}
{% if nginx_server_tokens %}
server_tokens {{nginx_server_tokens}};
{% endif %}
sendfile {{nginx_sendfile}};
tcp_nopush on;
tcp_nodelay on;
{% if nginx_keepalive == 'on' %}
# Timeouts
keepalive_timeout {{nginx_keepalive_timeout}};
client_body_timeout {{nginx_client_body_timeout}};
client_header_timeout {{nginx_client_header_timeout}};
send_timeout {{nginx_send_timeout}};
{% endif %}
gzip {{nginx_gzip}};
{% if nginx_gzip == 'on' %}
gzip_http_version {{nginx_gzip_http_version}};
gzip_comp_level {{nginx_gzip_comp_level}};
gzip_proxied {{nginx_gzip_proxied}};
gzip_vary {{nginx_gzip_vary}};
{% if nginx_gzip_buffers %}
gzip_buffers {{nginx_gzip_buffers}};
{% endif %}
gzip_types {{nginx_gzip_types|join(' ')}};
gzip_min_length {{nginx_gzip_min_length}};
gzip_disable "{{nginx_gzip_disable}}";
{% endif %}
{% if nginx_install_method == "source" %}
{% if nginx_geoip == 'on' %}
geoip_country {{nginx_geoip_country}};
geoip_city {{nginx_geoip_city}};
{% endif %}
{% endif %}
{% if nginx_buffers == 'on' %}
client_body_buffer_size {{nginx_client_body_buffer_size}};
client_header_buffer_size {{nginx_client_header_buffer_size}};
client_max_body_size {{nginx_client_max_body_size}};
large_client_header_buffers {{nginx_large_client_header_buffers}};
{% endif %}
server_names_hash_bucket_size {{nginx_server_names_hash_bucket_size}};
types_hash_max_size {{nginx_types_hash_max_size}};
types_hash_bucket_size {{nginx_types_hash_bucket_size}};
{% if nginx_proxy_read_timeout %}
proxy_read_timeout {{nginx_proxy_read_timeout}};
{% endif %}
{% if nginx_enable_rate_limiting %}
limit_req_zone $binary_remote_addr zone={{nginx_rate_limiting_zone_name}}:{{nginx_rate_limiting_backoff}} rate={{nginx_rate_limit}};
{% endif %}
include {{nginx_dir}}/conf.d/*.conf;
include {{nginx_dir}}/sites-enabled/*;
}
================================================
FILE: templates/nginx.init.j2
================================================
#!/bin/sh
### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server
# Description: starts nginx using start-stop-daemon
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON={{nginx_source_prefix}}/sbin/nginx
NAME=nginx
DESC=nginx
PID={{nginx_pid}}
# Include nginx defaults if available
if [ -f /etc/default/nginx ]; then
. /etc/default/nginx
fi
test -x $DAEMON || exit 0
set -e
. /lib/lsb/init-functions
test_nginx_config() {
if $DAEMON -t $DAEMON_OPTS >/dev/null 2>&1; then
return 0
else
$DAEMON -t $DAEMON_OPTS
return $?
fi
}
case "$1" in
start)
echo -n "Starting $DESC: "
test_nginx_config
# Check if the ULIMIT is set in /etc/default/nginx
if [ -n "$ULIMIT" ]; then
# Set the ulimits
ulimit $ULIMIT
fi
start-stop-daemon --start --quiet --pidfile $PID \
--exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop --quiet --pidfile $PID \
--exec $DAEMON || true
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
start-stop-daemon --stop --quiet --pidfile \
$PID --exec $DAEMON || true
sleep 1
test_nginx_config
start-stop-daemon --start --quiet --pidfile \
$PID --exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
reload)
echo -n "Reloading $DESC configuration: "
test_nginx_config
start-stop-daemon --stop --signal HUP --quiet --pidfile $PID \
--exec $DAEMON || true
echo "$NAME."
;;
configtest|testconfig)
echo -n "Testing $DESC configuration: "
if test_nginx_config; then
echo "$NAME."
else
exit $?
fi
;;
status)
status_of_proc -p $PID "$DAEMON" nginx && exit 0 || exit $?
;;
*)
echo "Usage: $NAME {start|stop|restart|reload|force-reload|status|configtest}" >&2
exit 1
;;
esac
exit 0
================================================
FILE: templates/nxdissite.j2
================================================
#!/bin/sh -e
SYSCONFDIR='{{nginx_dir}}'
if [ -z $1 ]; then
echo "Which site would you like to disable?"
echo -n "Your choices are: "
ls $SYSCONFDIR/sites-enabled/* | \
sed -e "s,$SYSCONFDIR/sites-enabled/,,g" | xargs echo
echo -n "Site name? "
read SITENAME
else
SITENAME=$1
fi
if [ $SITENAME = "default" ]; then
PRIORITY="000"
fi
if ! [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \
-e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then
echo "This site is already disabled, or does not exist!"
exit 1
fi
if ! rm $SYSCONFDIR/sites-enabled/$SITENAME 2>/dev/null; then
rm -f $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME"
fi
echo "Site $SITENAME disabled; reload nginx to disable."
================================================
FILE: templates/nxensite.j2
================================================
#!/bin/sh -e
SYSCONFDIR='{{nginx_dir}}'
if [ -z $1 ]; then
echo "Which site would you like to enable?"
echo -n "Your choices are: "
ls $SYSCONFDIR/sites-available/* | \
sed -e "s,$SYSCONFDIR/sites-available/,,g" | xargs echo
echo -n "Site name? "
read SITENAME
else
SITENAME=$1
fi
if [ $SITENAME = "default" ]; then
PRIORITY="000"
fi
if [ -e $SYSCONFDIR/sites-enabled/$SITENAME -o \
-e $SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME" ]; then
echo "This site is already enabled!"
exit 0
fi
if ! [ -e $SYSCONFDIR/sites-available/$SITENAME ]; then
echo "This site does not exist!"
exit 1
fi
if [ $SITENAME = "default" ]; then
ln -sf $SYSCONFDIR/sites-available/$SITENAME \
$SYSCONFDIR/sites-enabled/"$PRIORITY"-"$SITENAME"
else
ln -sf $SYSCONFDIR/sites-available/$SITENAME $SYSCONFDIR/sites-enabled/$SITENAME
fi
echo "Site $SITENAME installed; reload nginx to enable."
================================================
FILE: templates/site.j2
================================================
server {
{% for k,v in item.server.iteritems() %}
{% if k.find('location') == -1 and k != 'name' %}
{{ k }} {{ v }};
{% endif %}
{% endfor %}
{% for k,v in item.server.iteritems() if k.find('location') != -1 %}
location {{ v.name }} {
{% for x,y in v.iteritems() if x != 'name' %}
{{ x }} {{ y }};
{% endfor %}
}
{% endfor %}
}
================================================
FILE: test.yml
================================================
- hosts: all
vars_files:
- 'defaults/main.yml'
tasks:
- name: install the dependencies
apt:
pkg: "{{item}}"
state: present
update_cache: yes
with_items: ["perl", "libperl-dev", "monit", "build-essential", "python-httplib2"]
- include: 'tasks/main.yml'
- name: Nginx | Check if nginx is available
uri: url="http://127.0.0.1" status=200
handlers:
- name: restart monit
service:
name: monit
state: restarted
- include: 'handlers/main.yml'
================================================
FILE: vagrant-inventory
================================================
[anxs]
anxs.local ansible_ssh_user=vagrant ansible_ssh_host=192.168.88.16 ansible_ssh_port=22
gitextract_5nkzvnhi/ ├── .gitignore ├── .travis.yml ├── LICENSE ├── README.md ├── Vagrantfile ├── defaults/ │ └── main.yml ├── files/ │ ├── index.html │ ├── mime.types │ └── naxsi_core.rules ├── handlers/ │ └── main.yml ├── meta/ │ └── main.yml ├── tasks/ │ ├── configure.yml │ ├── default_site.yml │ ├── directories.yml │ ├── main.yml │ ├── modules/ │ │ ├── _authorized_ips.yml │ │ ├── google_perftools_module.yml │ │ ├── headers_more_module.yml │ │ ├── http_auth_request_module.yml │ │ ├── http_echo_module.yml │ │ ├── http_geoip_module.yml │ │ ├── http_gzip_static_module.yml │ │ ├── http_perl_module.yml │ │ ├── http_realip_module.yml │ │ ├── http_spdy_module.yml │ │ ├── http_ssl_module.yml │ │ ├── http_stub_status_module.yml │ │ ├── ipv6_module.yml │ │ ├── naxsi_module.yml │ │ ├── ngx_pagespeed.yml │ │ └── upload_progress_module.yml │ ├── modules.yml │ ├── monit.yml │ ├── package.yml │ ├── scripts.yml │ ├── sites.yml │ ├── source.yml │ └── user.yml ├── templates/ │ ├── .nginx_compilation_flags.j2 │ ├── default.site.j2 │ ├── etc_monit_conf.d_nginx.j2 │ ├── modules/ │ │ ├── authorized_ips.j2 │ │ ├── http_gzip_static.conf.j2 │ │ ├── http_realip.conf.j2 │ │ ├── nginx_status.j2 │ │ └── upload_progress.j2 │ ├── nginx.conf.j2 │ ├── nginx.init.j2 │ ├── nxdissite.j2 │ ├── nxensite.j2 │ └── site.j2 ├── test.yml └── vagrant-inventory
Condensed preview — 53 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (62K chars).
[
{
"path": ".gitignore",
"chars": 92,
"preview": "*.sw[op]\n.DS_Store\n.AppleDouble\n.LSOverride\nIcon\n._*\n.Spotlight-V100\n.Trashes\n.vagrant\ntest\n"
},
{
"path": ".travis.yml",
"chars": 897,
"preview": "---\n\nlanguage: python\npython: \"2.7\"\nenv:\n - INSTALL_METHOD=source ANSIBLE_VERSION=1.9.0.1\n - INSTALL_METHOD=source ANS"
},
{
"path": "LICENSE",
"chars": 1079,
"preview": "The MIT License\n\nCopyright (c) 2014 Pieterjan Vandaele\n\nPermission is hereby granted, free of charge, to any person obta"
},
{
"path": "README.md",
"chars": 10492,
"preview": "## ANXS - nginx [](https://travis-ci.org/ANXS/nginx)\n"
},
{
"path": "Vagrantfile",
"chars": 630,
"preview": "# -*- mode: ruby -*-\n# vi: set ft=ruby :\n\nnginx_install_method = ENV.key?('NGINX_INSTALL_METHOD') ? ENV['NGINX_INSTALL_M"
},
{
"path": "defaults/main.yml",
"chars": 5699,
"preview": "# file: nginx/defaults/main.yml\n\nnginx_install_method: \"source\"\nnginx_source_version: \"1.8.0\"\nnginx: \"nginx\"\n\nnginx_user"
},
{
"path": "files/index.html",
"chars": 354,
"preview": "<!DOCTYPE html>\n<html>\n<head>\n<title>Welcome to nginx!</title>\n</head>\n<body>\n<h1>Thank you for using ANXS.nginx</h1>\n<p"
},
{
"path": "files/mime.types",
"chars": 3504,
"preview": "types {\n text/html html htm shtml;\n text/css css;\n tex"
},
{
"path": "files/naxsi_core.rules",
"chars": 5582,
"preview": "##################################\n## INTERNAL RULES IDS:1-10 ##\n##################################\n#weird_request "
},
{
"path": "handlers/main.yml",
"chars": 218,
"preview": "# file: nginx/handlers/main.yml\n\n- name: restart nginx\n service: name=nginx state=restarted\n become: yes\n when: not n"
},
{
"path": "meta/main.yml",
"chars": 589,
"preview": "# file: nginx/meta/main.yml\n\ngalaxy_info:\n author: pjan vandaele\n company: ANXS\n description: Install and configure N"
},
{
"path": "tasks/configure.yml",
"chars": 698,
"preview": "# nginx/tasks/configure.yml\n\n- name: Nginx | Make sure the mime.types file is up to date\n copy:\n src: mime.types\n "
},
{
"path": "tasks/default_site.yml",
"chars": 1344,
"preview": "# file: nginx/tasks/default_site.yml\n\n- name: Nginx | Make sure the default site root directory is present\n file:\n p"
},
{
"path": "tasks/directories.yml",
"chars": 615,
"preview": "# file: nginx/tasks/commons.yml\n\n- name: Nginx | Make sure the nginx directory exists\n file:\n path: \"{{nginx_dir}}\"\n"
},
{
"path": "tasks/main.yml",
"chars": 341,
"preview": "# file: nginx/tasks/main.yml\n\n- include: package.yml\n when: nginx_install_method == \"package\"\n- include: source.yml\n w"
},
{
"path": "tasks/modules/_authorized_ips.yml",
"chars": 250,
"preview": "# file: nginx/tasks/modules/authorized_ips.yml\n\n- name: Nginx | Modules | Updated the authorized_ip file\n template:\n "
},
{
"path": "tasks/modules/google_perftools_module.yml",
"chars": 256,
"preview": "# file: roles/nginx/tasks/modules/google_perftools_module.yml\n# configure flag: --with-google_perftools_module\n\n- name: "
},
{
"path": "tasks/modules/headers_more_module.yml",
"chars": 544,
"preview": "# file: nginx/tasks/modules/headers_more_module.yml\n# configure flag: --add-module=/tmp/nginx_headers_more\n\n- name: Ngin"
},
{
"path": "tasks/modules/http_auth_request_module.yml",
"chars": 496,
"preview": "# file: nginx/tasks/modules/http_auth_request_module.yml\n# configure flag: --add-module=/tmp/nginx_auth_request\n\n- name:"
},
{
"path": "tasks/modules/http_echo_module.yml",
"chars": 421,
"preview": "# file: nginx/tasks/modules/http_echo_module.yml\n# configure flag: --add-module=/tmp/nginx_echo\n\n- name: Nginx | Modules"
},
{
"path": "tasks/modules/http_geoip_module.yml",
"chars": 1603,
"preview": "# file: nginx/tasks/modules/http_geoip_module.yml\n# configure flag: --with-http_geoip_module\n\n- name: Nginx | Modules | "
},
{
"path": "tasks/modules/http_gzip_static_module.yml",
"chars": 347,
"preview": "# file: nginx/tasks/modules/http_gzip_static_module.yml\n# configure flag: --with-http_gzip_static_module\n\n- name: Nginx "
},
{
"path": "tasks/modules/http_perl_module.yml",
"chars": 106,
"preview": "# file: nginx/tasks/modules/http_perl_module.yml\n# configure flag: --with-http_perl_module\n\n# no contents\n"
},
{
"path": "tasks/modules/http_realip_module.yml",
"chars": 322,
"preview": "# file: nginx/tasks/modules/http_realip_module.yml\n# configure flag: --with-http_realip_module\n\n- name: Nginx | Modules "
},
{
"path": "tasks/modules/http_spdy_module.yml",
"chars": 106,
"preview": "# file: nginx/tasks/modules/http_spdy_module.yml\n# configure flag: --with-http_spdy_module\n\n# no contents\n"
},
{
"path": "tasks/modules/http_ssl_module.yml",
"chars": 771,
"preview": "# file: nginx/tasks/modules/http_ssl_module.yml\n# configure flag: --with-http_ssl_module\n\n- name: get openssl source\n s"
},
{
"path": "tasks/modules/http_stub_status_module.yml",
"chars": 585,
"preview": "# file: nginx/tasks/modules/http_stub_status_module.yml\n# configure flag: --with-http_stub_status_module\n\n- include: _au"
},
{
"path": "tasks/modules/ipv6_module.yml",
"chars": 95,
"preview": "# file: roles/nginx/tasks/modules/ipv6_module.yml\n# configure flag: --with-ipv6\n\n# no contents\n"
},
{
"path": "tasks/modules/naxsi_module.yml",
"chars": 648,
"preview": "# file: roles/nginx/tasks/modules/naxsi_module.yml\n# configure flag: --add-module=/tmp/naxsi-{{nginx_naxsi_version}}/nax"
},
{
"path": "tasks/modules/ngx_pagespeed.yml",
"chars": 1307,
"preview": "# file: nginx/tasks/modules/ngx_pagespeed.yml\n# configure flag: --add-module=/tmp/ngx_pagespeed-release-{{nginx_ngx_page"
},
{
"path": "tasks/modules/upload_progress_module.yml",
"chars": 847,
"preview": "# file: nginx/tasks/modules/upload_progress_module.yml\n# configure flag: --add-module=/tmp/nginx_upload_progress\n\n# to b"
},
{
"path": "tasks/modules.yml",
"chars": 1586,
"preview": "# file: nginx/tasks/modules.yml\n\n- include: modules/http_stub_status_module.yml\n when: nginx_source_modules_included.ht"
},
{
"path": "tasks/monit.yml",
"chars": 202,
"preview": "# file: nginx/tasks/monit.yml\n\n- name: Nginx | | (Monit) Copy the nginx monit service file\n template:\n src: etc_moni"
},
{
"path": "tasks/package.yml",
"chars": 404,
"preview": "# file: nginx/tasks/package.yml\n\n- name: Nginx | Make sure the ansible required dependencies are installed\n apt:\n pk"
},
{
"path": "tasks/scripts.yml",
"chars": 242,
"preview": "# file: nginx/tasks/scripts.yml\n\n- name: Nginx | Copy the nxensite and nxdissite scripts\n template:\n src: \"{{item}}."
},
{
"path": "tasks/sites.yml",
"chars": 1006,
"preview": "# file: nginx/tasks/sites.yml\n\n- name: Nginx | Update the configurations for the sites inventory\n template:\n src: si"
},
{
"path": "tasks/source.yml",
"chars": 1633,
"preview": "# file: nginx/tasks/source.yml\n\n- include: user.yml\n- include: directories.yml\n\n- name: Nginx | Make sure the Nginx buil"
},
{
"path": "tasks/user.yml",
"chars": 1180,
"preview": "# file: nginx/tasks/user.yml\n\n- name: Nginx | Make sure the nginx group is present\n group:\n gid: \"{{nginx_gid}}\"\n "
},
{
"path": "templates/.nginx_compilation_flags.j2",
"chars": 133,
"preview": "# This file is used to track the nginx build flags, DO NOT CHANGE MANUALLY\n{{nginx_source_version}}\n{{nginx_source_confi"
},
{
"path": "templates/default.site.j2",
"chars": 206,
"preview": "server {\n listen 80;\n server_name {{inventory_hostname}};\n\n access_log {{nginx_log_dir}}/default.access.log;\n\n l"
},
{
"path": "templates/etc_monit_conf.d_nginx.j2",
"chars": 302,
"preview": "check process nginx with pidfile {{nginx_pid}}\n group www\n start program = \"/etc/init.d/nginx start\"\n stop prog"
},
{
"path": "templates/modules/authorized_ips.j2",
"chars": 126,
"preview": "geo ${{nginx_remote_ip_var}} $authorized_ip {\n default no;\n{% for ip in nginx_authorized_ips %}\n {{ip}} yes;\n{% endfor"
},
{
"path": "templates/modules/http_gzip_static.conf.j2",
"chars": 35,
"preview": "gzip_static {{nginx_gzip_static}};\n"
},
{
"path": "templates/modules/http_realip.conf.j2",
"chars": 181,
"preview": "{% for address in nginx_realip_addresses %}\nset_real_ip_from {{address}};\n{% endfor %}\nreal_ip_header {{nginx_realip_hea"
},
{
"path": "templates/modules/nginx_status.j2",
"chars": 195,
"preview": "include authorized_ips;\n\nserver {\n listen 8090;\n server_name _;\n\n location /nginx_status {\n if ($authorized_ip = n"
},
{
"path": "templates/modules/upload_progress.j2",
"chars": 179,
"preview": "upload_progress {{nginx_upload_progress_zone_name}} {{nginx_upload_progress_zone_size}};\n{% if nginx_upload_progress_jav"
},
{
"path": "templates/nginx.conf.j2",
"chars": 3204,
"preview": "user {{nginx_user}}{% if nginx_user != nginx_group%} {{nginx_group}}{% endif %};\nworker_processes {{nginx_worker_proce"
},
{
"path": "templates/nginx.init.j2",
"chars": 2384,
"preview": "#!/bin/sh\n\n### BEGIN INIT INFO\n# Provides: nginx\n# Required-Start: $local_fs $remote_fs $network $syslog\n# R"
},
{
"path": "templates/nxdissite.j2",
"chars": 788,
"preview": "#!/bin/sh -e\n\nSYSCONFDIR='{{nginx_dir}}'\n\nif [ -z $1 ]; then\n echo \"Which site would you like to disable?\"\n "
},
{
"path": "templates/nxensite.j2",
"chars": 1007,
"preview": "#!/bin/sh -e\n\nSYSCONFDIR='{{nginx_dir}}'\n\nif [ -z $1 ]; then\n echo \"Which site would you like to enable?\"\n "
},
{
"path": "templates/site.j2",
"chars": 341,
"preview": "server {\n\n{% for k,v in item.server.iteritems() %}\n{% if k.find('location') == -1 and k != 'name' %}\n {{ k }} {{ v }};\n"
},
{
"path": "test.yml",
"chars": 531,
"preview": "- hosts: all\n vars_files:\n - 'defaults/main.yml'\n tasks:\n - name: install the dependencies\n apt:\n pk"
},
{
"path": "vagrant-inventory",
"chars": 94,
"preview": "[anxs]\nanxs.local ansible_ssh_user=vagrant ansible_ssh_host=192.168.88.16 ansible_ssh_port=22\n"
}
]
About this extraction
This page contains the full source code of the ANXS/nginx GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 53 files (55.5 KB), approximately 17.2k tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.