Introduction to Ansible Transcripts
Chapter: Deployments
Lecture: Enhancing the Nginx Template

Login or purchase this course to watch this video and the rest of the course contents.
0:00 We added some tasks and variables to our playbook.
0:02 We also need to modify the Nginx configuration
0:05 to take advantage of HTTPS.
0:07 Head into roles/webserver/templates
0:12 and we're going to modify this incredibly simple template
0:15 that we created in last chapter.
0:16 First we want to prepare for an upstream server.
0:19 An upstream server is where Nginx serves
0:21 as a reverse proxy.
0:23 It simply passes requests along to a different server
0:26 running on another port
0:27 either on the same host or a different server all together.
0:29 In our case, we are going to have WSGI
0:32 Web Server Gateway Interface, that's a Python standard
0:35 for running web applications.
0:37 A WSGI server running on the same server as Nginx.
0:39 So Nginx is simply going to serve as a reverse proxy
0:42 for requests that come in through port 80 or 443
0:46 over to the WSGI server on a different port.
0:54 So the way that we specify this with Nginx
0:56 we have upstream and then we say the host
1:00 which for us is going to be localhost
1:01 and then we'll have a variable
1:03 for the WSGI server port.
1:10 So these three lines by themselves don't do anything
1:12 'til we explicitly specify under our server
1:15 what requests should be proxy.
1:16 First, let's upgrade the HTTP response handler
1:20 that is running on port 80
1:22 so that the only thing that it does
1:23 is redirect requests to the HTTPS version.
1:26 So nothing will be running off of HTTP.
1:28 Be immediately converted over into HTTPS traffic.
1:34 Use our fully qualified domain name as a server name.
1:36 This allows Nginx to respond to requests
1:39 that come in through DNS.
1:48 And we'll permanently rewrite requests that come in
1:50 to the HTTPS version.
1:52 Write our HTTPS section for the server.
1:55 Same server name
1:58 and we're going to be listening instead
1:59 on port 443 with SSL.
2:04 Now we're going to want to specify our SSL certificates
2:06 which although we haven't created them just yet
2:08 will be created when we run our playbook.
2:10 There could be an entire video course
2:11 on how to properly set up HTTPS on your web servers.
2:15 One shortcut that I take
2:16 is I take a look at the cipher list.
2:18 So if you go to cipherli.st
2:23 we can snag the appropriate settings
2:25 for really strong SSL security on Nginx.
2:33 We do need to specify a few more things
2:35 such as where our SSL certificate is located.
2:55 And then our PEM certificate location.
3:05 Okay we need to specify log settings.
3:15 Including our access and error logs.
3:27 All right, two more bits of configuration
3:29 and then we're done with this file.
3:30 We're going to have Nginx serve as a reverse proxy
3:32 which we already configured up top
3:34 but we need to explicitly specify
3:36 that we want it to serve as a reverse proxy.
3:38 We also want Nginx to serve up static assets.
3:41 When we take a look at our completed diagram
3:43 we see that we have Javascript, CSS, images
3:46 files like that that we want Nginx to serve up
3:49 and not go through the WSGI server.
4:00 And the way that we're going to do this:
4:02 any files that are heavy URL with static
4:05 at the start of the path
4:06 we're going to search for those files, and if they exist
4:09 we'll transfer them to the requesting client
4:11 and if not, we'll pass back a 404.
4:18 So we're going to have a new variable that we'll specify
4:21 the specific directory where
4:23 we're serving the static assets.
4:29 Finally, set up our reverse proxy.
5:06 That is how we proxy to our app server WSGI app
5:09 which we specified at the top of the file.
5:12 Okay, we have two new variables:
5:14 a WSGI server port and sub app directory
5:16 so we need to specify those.
5:37 Save that, and now we'll be able to see how this works.