This Ansible role installs and prepares Nginx as reverse proxy for Opencast. If no certificate is present, this role deploys a dummy certificate which allows Nginx to start up.
This role uses the community.crypto.openssl_dhparam module to generate Diffie-Hellman parameters. You therefor need to have the community.crypto collection installed.
- Path to Opencast's downloads directory (default:
- Path to Opencast's downloads directory (default:
- List of URLs to add CORS exceptions for (default:
- List of URLs to add CORS exceptions for (default:
While this deploys dummy TSL certificates which allow Nginx to start up, make sure to deploy proper certificates for production. To do that, copy your certificates to:
/etc/nginx/ssl/{{ inventory_hostname }}.key
/etc/nginx/ssl/{{ inventory_hostname }}.crt
If you want to use Let's Encrypt to generate certificates, you can also include the role
which will automatically generate TLS certificates for you.
You can also add some custom configuration in the file /etc/nginx/conf.d/extra.conf
The file is included after Opencast's main location
The role will not modify this file if it exists.
Additionally you can define other virtual hosts in /etc/nginx/sites-enabled/
They will be loaded as well.
ℹ️ You may want to disable Nginx default vhost on Debian based systems by removing the
Example of how to configure and use the role:
- hosts: servers
become: true
- role: elan.opencast_nginx
This will leave you with an invalid dummy certificate.
You will need to replace it with a valid one before booting up Opencast.
The role will not replace an existing certificate so you can safely use a file
task to deploy it afterwards:
- hosts: servers
become: true
- include_role:
name: elan.opencast_nginx
- name: install tls certificate
src: tls-{{ item }}.pem
dest: /etc/nginx/ssl/{{ inventory_hostname }}.{{ item }}
owner: root
group: root
mode: '0400'
notify: Reload nginx
- key
- crt
For linting and role development you can use the tools defined in development requirements. You can quickly install them in a python virtual environment like this:
# Create a virtual environment
python -m venv venv
# Activate the virtual environment
. venv/bin/activate
# Install the dependencies
pip install -r .dev_requirements.txt
E.g. you can then install the ansible requirements or run the linter (yamllint -c .yamllint . && ansible-lint
For development and testing you can use molecule. With podman as driver you can install it like this – preferably in a virtual environment:
pip install -r .dev_requirements.txt
Then you can create the test instances, apply the ansible config (converge) and destroy the test instances with these commands:
molecule create
molecule converge
molecule destroy
If you want to inspect a running test instance use molecule login --host <instance_name>
, where you replace <instance_name>
with the desired value.