An Ansible role to install Nginx, with HTTPS support, and configure it for use with Girder.
SSL/TLS certificates for HTTPS are provided via LetsEncrypt. This role ensures that certificates automatically renew and configures HTTPS to earn an A+ rating from SSL Labs Server Test.
Ubuntu 18.04+.
The target must be reachable from the internet via the domain name
nginx_hostname.
The target machine should also be able to initiate outgoing UDP connections from port 53 to the internet, for DNS resolution and OCSP stapling. Many firewalls (e.g. the AWS EC2 default security group) do not allow this by default.
| parameter | required | default | comments |
|---|---|---|---|
nginx_hostname |
yes | The hostname of the site. {{ inventory_hostname }} may provide this. |
|
nginx_registration_email |
no | girder@kitware.com |
The email address to register with Let's Encrypt for expiration alerts. |
nginx_girder_location |
no | / |
The path from which Girder will be served. |
nginx_extra_server_config |
no | Any extra Nginx configuration to add to the server block for Girder. |
This role does not have any formal dependencies, but is intended to be
used in conjunction with the
girder.girder role.
A typical playbook using this role may look like:
- name: Deploy public-facing Girder
hosts: all
vars:
ansible_python_interpreter: auto
roles:
- role: girder.mongodb
- role: girder.girder
- role: girder.nginx
vars:
nginx_hostname: data.girder.orgA typical
Ansible Galaxy requirements.yml file
should look like:
- src: girder.mongodb
version: master
- src: girder.girder
version: master
- src: girder.nginx
version: master