Installing And Configuring NGINX As A Reverse Proxy Via An Ansible Playbook

NGINX Ansible Playbook on GitHub

Today I am looking at installing and configuring NGINX with an Ansible playbook.

In my previous blog posts I have looked at using an Ansible playbook to install the ELK (Elasticsearch, Logstash, Kibana) stack across three different computers, and then how Ansible roles can be used to organise a playbook.

Note: The files for this blog post are hosted in my GitHub repository at:


NGINX (pronounced “engine x“) is a web server which can also be used as a reverse proxy and/or load balancer. It is the reverse proxy options that NGINX offers that I will be utilising for use with my ELK stack.

Reverse Proxy

A reverse proxy can act as the bridge between the a client and web servers, retrieving resources from the web server (or web servers) and providing them to the client as if the resources have come from the reverse proxy directly.

Example of a reverse proxy
Example of a reverse proxy

Currently the Kibana server I set up uses IP address 192.***.**.72, however I may want to hide this from an end user that is connecting to Kibana. To do this I can use NGINX as a reverse proxy and can install / configure NGINX using an Ansible playbook.

The Ansible Playbook

NGINX Ansible Playbook on GitHub
NGINX Ansible Playbook on GitHub

The current files for this blog post are:


playbook.yml is the main playbook and is what Ansible calls on. Within playbook.yml is a few lines telling Ansible that it should apply the play against the nginx hosts, which are defined in the inventory file.

playbook.yml contents

playbook.yml calls on the nginx role, which is defined under the /roles/ folder. You may ask why I am using a role. Currently I am installing NGINX just for the task of setting up a reverse proxy for Kibana, however in future I might my NGINX playbook to configure several different parts of NGINX (i.e. serve static web pages, or act as a reverse proxy for more than one system). If this happens I can modify the nginx role (maybe separate the install of NGINX from the Kibana settings) and rename it kibana_nginx, then have other roles for the other settings. I wrote a bit about Ansible roles previously here.

The nginx role’s tasks

What The Tasks Are Doing

  • Install NGINX From Apt-Get

Calls on apt to install nginx, which is what the state: present does. If this is changed to state: absent then apt would try and remove nginx.

  • Disable NGINX Default Virtual Host

Disables the default virtual host for nginx via a command as I am amended it.

  • Create NGINX Conf File For Kibana

Uses the touch method to create an empty file.

  • Amend NGINX Conf File

Uses the “block in file” method to insert the configuration in the empty file created above. I’ve used the option of marker:”” so that Ansible does not wrap the inserted text in a comment / banner.

  • Link NGINX Kibana Reverse Proxy

Links the new configuration file to NGINX’s sites-enabled using a command. Ansible warns this is not the best method, so I need to make a little change here but it does currently work.

  • Make Sure NGINX Service Is Running

Using the service option this makes sure the NGINX service has restarted to make sure that the new configuration can take effect and also marks the NGINX service as enabled so that it starts after reboots.

The Vagrant File

NGINX Vagrant File

I am using the official ubuntu/xenial64 (Ubuntu 16.04) for this project – it’s a little old but I’m currently playing around with different OS boxes. I’ve set the box to use 2GB of RAM.

The Before & After

Before using NGINX as a reverse proxy users would need to enter the IP address of my test Kibana server and enter port number (5601) at the end of the address.

Kibana pre-NGINX reverse proxy

After the NGINX reverse proxy has been installed and set up users can enter the IP address of the NGINX machine and it brings them Kibana.

Kibana post NGINX reverse proxy install

If hostnames are resolvable or a domain name is available then this could be used instead of the IP address.

nginx reverse proxy with hostname resolvable