/ansible-https-proxy

Ansible role to set up nginx as a secure proxy

OtherNOASSERTION

HTTPS Proxy Role for Ansible CircleCI

Ansible role to set up nginx as a secure proxy. The primary use case is HTTPS termination for another service that can't do so on its own.

Requirements

None.

Role variables

Required variables:

  • external_hostname - the external URL of this proxy
  • upstream_origin - the internal hostname + port (if not 80) being proxied to
  • SSL configuration
    • Storing key data in a Vault is the recommended approach, though you can use the other options.

Dependencies

Example usage

# requirements.yml
- name: gsa.https-proxy
  src: https://github.com/GSA/ansible-https-proxy

# group_vars/https_proxy/vars.yml
external_hostname: secure.site.gov
upstream_origin: 127.0.0.1:8080
ssl_certs_local_cert_data: "{{ vault_ssl_certs_local_cert_data }}"
ssl_certs_local_privkey_data: "{{ vault_ssl_certs_local_privkey_data }}"

# group_vars/https_proxy/vault.yml (encrypted)
vault_ssl_certs_local_cert_data: |
  -----BEGIN CERTIFICATE-----
  ...
  -----END CERTIFICATE-----
vault_ssl_certs_local_privkey_data: |
  -----BEGIN RSA PRIVATE KEY-----
  ...
  -----END RSA PRIVATE KEY-----

# playbooks/https_proxy.yml
- hosts: https_proxy
  become: true
  roles:
    - gsa.https-proxy

License

CC0