-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx_lb_plus_modsec_vars.yaml
49 lines (48 loc) · 1.3 KB
/
nginx_lb_plus_modsec_vars.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
---
nginx_enable: true
nginx_start: true
nginx_type: plus
nginx_delete_license: true
nginx_license: # this is the Ansible host location to copy out, N+ with modsec is a unique license
certificate: "{{playbook_dir}}/license/nginx-repo.crt"
key: "{{playbook_dir}}/license/nginx-repo.key"
nginx_rest_api_enable: true
nginx_rest_api_write: true
nginx_rest_api_port: 8080
nginx_modules:
waf: true
nginx_http_template_enable: true
nginx_http_template:
default:
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
server_name: localhost
server_custom_options:
- modsecurity on
- modsecurity_rules_file /etc/nginx/modsec/main.conf
listen:
listen_localhost:
ip: 0.0.0.0
port: 80
opts: []
error_page: /usr/share/nginx/html
autoindex: false
reverse_proxy:
locations:
backend:
location: /
proxy_pass: http://backend_servers
upstreams:
upstream_1:
name: backend_servers
lb_method: least_conn
zone_name: backend
zone_size: 64k
sticky_cookie: false
servers:
backend_server_1:
address: webserver1
port: 3000
weight: 1
health_check: max_fails=3 fail_timeout=5s