ansible-role-nginx/README.md

# ansible-roles-nginx

This role is designed to provide a reverse proxy in conjuction with another role based deployment such as a metrics stack

 - https://nginx.org/


## Task Configuration

```
- name: Setup nginx
  hosts: somehost
  become: true
  roles:
    - role: nginx
      nginx_sites:
        - name: lmer2-frontend
          url: lmer2.20c.com
          upstream: http://localhost:8001
          ssl: false
    - role: firewalld
      firewalld_services:
        - http
        - https
      firewalld_ports:
        - 8100/tcp # dashboard insecure mode
      firewalld_forwards:
        - port: 80
          to: 8080
        - port: 443
          to: 8443
```

`ssl` can have a few different meaningful values
-  undfefined will skip ssl entirely including its inclusion in the templates
-  true, lets encrypt will request a cert
-  false, lets encrypt will not request a cert but the template will assume a cert exists

`ssl_barrow` can be set to the url of an existing cert to piggy back on another existing cert


## Deployment and Removal


Sometimes you need to manually stop the running containers to get a clean run when re-deploying
Services must be stopped as the respecitve user or another means to aquire the correct user scope for systemd

```
systemctl --user stop container-nginx.service
```

Deploy

```
ansible-playbook -i hosts site.yml --tags=firewalld,nginx --limit=somehost
```

Remove

```
ansible-playbook -i hosts site.yml --tags=firewalld,nginx --extra-vars "container_state=absent firewall_action=remove" --limit=somehost
```
nginx role for deploying nginx and ssl 2024-08-21 01:45:03 +00:00			`# ansible-roles-nginx`

			`This role is designed to provide a reverse proxy in conjuction with another role based deployment such as a metrics stack`

			`- https://nginx.org/`


			`## Task Configuration`

			```
			`- name: Setup nginx`
			`hosts: somehost`
			`become: true`
			`roles:`
			`- role: nginx`
			`nginx_sites:`
			`- name: lmer2-frontend`
			`url: lmer2.20c.com`
			`upstream: http://localhost:8001`
			`ssl: false`
			`- role: firewalld`
			`firewalld_services:`
			`- http`
			`- https`
			`firewalld_ports:`
			`- 8100/tcp # dashboard insecure mode`
			`firewalld_forwards:`
			`- port: 80`
			`to: 8080`
			`- port: 443`
			`to: 8443`
			```

			`ssl` can have a few different meaningful values
			`- undfefined will skip ssl entirely including its inclusion in the templates`
			`- true, lets encrypt will request a cert`
			`- false, lets encrypt will not request a cert but the template will assume a cert exists`

			`ssl_barrow` can be set to the url of an existing cert to piggy back on another existing cert


			`## Deployment and Removal`


			`Sometimes you need to manually stop the running containers to get a clean run when re-deploying`
			`Services must be stopped as the respecitve user or another means to aquire the correct user scope for systemd`

			```
			`systemctl --user stop container-nginx.service`
			```

			`Deploy`

			```
			`ansible-playbook -i hosts site.yml --tags=firewalld,nginx --limit=somehost`
			```

			`Remove`

			```
			`ansible-playbook -i hosts site.yml --tags=firewalld,nginx --extra-vars "container_state=absent firewall_action=remove" --limit=somehost`
			```