-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathmain.yml
166 lines (155 loc) · 5.1 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
---
# defaults file for ansible-nginx-load-balancer
# NGINX load balancer configs
## frontend_listen_port
##
## location
##
## method
### define the load balancing method
### round_robin(default), least_conn, ip_hash
#### round_robin
##### requests to the application servers are distributed in a round-robin fashion
####
#### least_conn
##### next request is assigned to the server with the least number of active connections
####
#### ip_hash
##### a hash-function is used to determine what server should be selected for
##### the next request (based on the client’s IP address)
####
## protocol
### http, https
#### Defines backend protocol
## server_name
##
## ssl
### Defines if SSL listen port for protocol http
##
## upstream
### server
#### Define individual server(s)
###
### servers
#### Define Ansible groups to iterate through hosts
###
### backend_listen_port
#### Define the backend listen port which application is listening on
nginx_load_balancer_configs: []
# - name: "{{ inventory_hostname_short+'-letsencrypt' }}"
# frontend_listen_port: 80
# locations:
# - location: /.well-known/acme-challenge
# options:
# - root /var/www/letsencrypt
# - try_files $uri $uri/ =404
# - location: /
# options:
# - "rewrite ^ https://{{ ssl_domain_name }}$request_uri? permanent"
# method: round_robin
# protocol: http
# server_name:
# - "{{ ssl_domain_name }}"
# ssl: false
# upstream: []
# - name: google_dns
# frontend_listen_port: 53
# method: round_robin
# protocol: udp
# upstream:
# - server: 8.8.8.8
# backend_listen_port: 53
# - server: 8.8.4.4
# backend_listen_port: 53
# - name: web_app
# frontend_listen_port: 80
# locations:
# - location: /
# options:
# - proxy_buffering off
# - proxy_http_version 1.1
# - "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for"
# - "proxy_set_header Upgrade $http_upgrade"
# - "proxy_set_header Connection $http_connection"
# - access_log off
# - proxy_pass http://127.0.0.1:8080
# method: round_robin
# protocol: http
# server_name:
# - test.vagrant.local
# ssl: false
# upstream:
# - servers: "{{ groups['web_servers'] }}"
# backend_listen_port: 80
# options:
# - "fail_timeout=10s"
# - "max_conns=0"
# - "max_fails=1"
# - "weight=1"
# - server: 192.168.250.11
# backend_listen_port: 80
# options:
# - "fail_timeout=10s"
# - "max_conns=0"
# - "weight=1"
# - server: 192.168.250.12
# backend_listen_port: 80
# options:
# - backup
# - "fail_timeout=10s"
# - "max_conns=0"
# - "weight=1"
# Provides the configuration file context in which the directives that affect
# connection processing are specified.
nginx_load_balancer_events:
# Sets the maximum number of simultaneous connections that can be opened by a
# worker process.
# The Ubuntu default is 768
- "worker_connections 1024"
# Includes another file, or files matching the specified mask, into
# configuration. Included files should consist of syntactically correct
# directives and blocks
nginx_load_balancer_includes:
- "/etc/nginx/modules-enabled/*.conf"
# Defines a file that will store the process ID of the main process
ngninx_load_balancer_pid: /run/nginx.pid
# Defines if using a highly available setup. i.e. multiple nginx load balancers
nginx_load_balancer_ha: false
# Defines the prefix path/file for SSL cert(s) when using HA
## We do this in order to generate the keys on the primary and sync the keys to
## all other nodes in the HA setup.
nginx_load_balancer_ha_key_file_prefix: "{{ '/etc/ssl/' + nginx_load_balancer_ha_primary }}"
# Defines the primary host when in HA mode
nginx_load_balancer_ha_primary: node0
# Defines SSL cert(s) info
nginx_load_balancer_ssl:
{}
# csr_key_file: "/etc/ssl/{{ inventory_hostname }}-csr.pem"
# enabled: false
# generate_keys: false
# private_key_file: "/etc/ssl/private/{{ inventory_hostname }}-key.pem"
# private_key_size: 4096
# private_key_type: RSA
# protocols:
# - TLSv1
# - TLSv1.1
# - TLSv1.2
# public_key_file: "/etc/ssl/public/{{ inventory_hostname }}-cert.pem"
# public_key_valid_days: 1825
# regenerate_keys: false
# Defines the user which NGINX runs as
nginx_load_balancer_user: www-data
# Define version to install
# development/stable
nginx_load_balancer_version: stable
# Defines the number of worker processes.
# The optimal value depends on many factors including (but not limited to) the
# number of CPU cores, the number of hard disk drives that store data, and
# load pattern. When one is in doubt, setting it to the number of available CPU
# cores would be a good start (the value “auto” will try to autodetect it).
#
# The default below will detect the number of cpu cores/threads and multiply by
# 4. You may want to scale this up/down or set to auto. You can also experiment
# by using the Apache benchmark tool to see where the sweet spot is.
# ab -c 40 -n 50000 http://192.168.250.200/
nginx_load_balancer_worker_processes: "{{ ansible_processor_vcpus * 4 }}"