Introduction to Ansible Transcripts
Lecture: Enhancing the Nginx Template
0:00 We added some tasks and variables to our playbook. We also need to modify the Nginx configuration to take advantage of HTTPS.
0:08 Head into roles/webserver/templates and we're going to modify this incredibly simple template that we created in last chapter.
0:17 First we want to prepare for an upstream server. An upstream server is where Nginx serves as a reverse proxy.
0:24 It simply passes requests along to a different server running on another port either on the same host or a different server all together.
0:30 In our case, we are going to have WSGI Web Server Gateway Interface, that's a Python standard for running web applications.
0:38 A WSGI server running on the same server as Nginx. So Nginx is simply going to serve as a reverse proxy
0:43 for requests that come in through port 80 or 443 over to the WSGI server on a different port. So the way that we specify this with Nginx
0:57 we have upstream and then we say the host which for us is going to be localhost and then we'll have a variable for the WSGI server port.
1:11 So these three lines by themselves don't do anything 'til we explicitly specify under our server what requests should be proxy.
1:17 First, let's upgrade the HTTP response handler that is running on port 80 so that the only thing that it does
1:24 is redirect requests to the HTTPS version. So nothing will be running off of HTTP. Be immediately converted over into HTTPS traffic.
1:35 Use our fully qualified domain name as a server name. This allows Nginx to respond to requests that come in through DNS.
1:49 And we'll permanently rewrite requests that come in to the HTTPS version. Write our HTTPS section for the server. Same server name
1:59 and we're going to be listening instead on port 443 with SSL. Now we're going to want to specify our SSL certificates
2:07 which although we haven't created them just yet will be created when we run our playbook. There could be an entire video course
2:12 on how to properly set up HTTPS on your web servers. One shortcut that I take is I take a look at the cipher list. So if you go to cipherli.st
2:24 we can snag the appropriate settings for really strong SSL security on Nginx. We do need to specify a few more things
2:36 such as where our SSL certificate is located.
2:56 And then our PEM certificate location. Okay we need to specify log settings.
3:16 Including our access and error logs. All right, two more bits of configuration and then we're done with this file.
3:31 We're going to have Nginx serve as a reverse proxy which we already configured up top but we need to explicitly specify
3:37 that we want it to serve as a reverse proxy. We also want Nginx to serve up static assets. When we take a look at our completed diagram
4:01 And the way that we're going to do this: any files that are heavy URL with static at the start of the path
4:07 we're going to search for those files, and if they exist we'll transfer them to the requesting client and if not, we'll pass back a 404.
4:19 So we're going to have a new variable that we'll specify the specific directory where we're serving the static assets.
4:30 Finally, set up our reverse proxy.
5:07 That is how we proxy to our app server WSGI app which we specified at the top of the file. Okay, we have two new variables:
5:15 a WSGI server port and sub app directory so we need to specify those.
5:38 Save that, and now we'll be able to see how this works.