Installing And Configuring NGINX As A Reverse Proxy Via An Ansible Playbook

NGINX Ansible Playbook on GitHub

Today I am looking at installing and configuring NGINX with an Ansible playbook.

In my previous blog posts I have looked at using an Ansible playbook to install the ELK (Elasticsearch, Logstash, Kibana) stack across three different computers, and then how Ansible roles can be used to organise a playbook.

Note: The files for this blog post are hosted in my GitHub repository at: https://github.com/geektechdude/NGINX_Ansible_Playbook

NGINX

NGINX (pronounced “engine x“) is a web server which can also be used as a reverse proxy and/or load balancer. It is the reverse proxy options that NGINX offers that I will be utilising for use with my ELK stack.

Reverse Proxy

A reverse proxy can act as the bridge between the a client and web servers, retrieving resources from the web server (or web servers) and providing them to the client as if the resources have come from the reverse proxy directly.

Example of a reverse proxy
Example of a reverse proxy

Currently the Kibana server I set up uses IP address 192.***.**.72, however I may want to hide this from an end user that is connecting to Kibana. To do this I can use NGINX as a reverse proxy and can install / configure NGINX using an Ansible playbook.

The Ansible Playbook

NGINX Ansible Playbook on GitHub
NGINX Ansible Playbook on GitHub

The current files for this blog post are:

roles/
     nginx/
          tasks/
               main.yml
          meta/
               main.yml
Vagrantfile
ansible.cfg
inventory
playbook.yml

playbook.yml is the main playbook and is what Ansible calls on. Within playbook.yml is a few lines telling Ansible that it should apply the play against the nginx hosts, which are defined in the inventory file.

geektechstuff_nginx_ansible_2
playbook.yml contents

playbook.yml calls on the nginx role, which is defined under the /roles/ folder. You may ask why I am using a role. Currently I am installing NGINX just for the task of setting up a reverse proxy for Kibana, however in future I might my NGINX playbook to configure several different parts of NGINX (i.e. serve static web pages, or act as a reverse proxy for more than one system). If this happens I can modify the nginx role (maybe separate the install of NGINX from the Kibana settings) and rename it kibana_nginx, then have other roles for the other settings. I wrote a bit about Ansible roles previously here.

geektechstuff_nginx_ansible_3
The nginx role’s tasks

What The Tasks Are Doing

  • Install NGINX From Apt-Get

Calls on apt to install nginx, which is what the state: present does. If this is changed to state: absent then apt would try and remove nginx.

  • Disable NGINX Default Virtual Host

Disables the default virtual host for nginx via a command as I am amended it.

  • Create NGINX Conf File For Kibana

Uses the touch method to create an empty file.

  • Amend NGINX Conf File

Uses the “block in file” method to insert the configuration in the empty file created above. I’ve used the option of marker:”” so that Ansible does not wrap the inserted text in a comment / banner.

  • Link NGINX Kibana Reverse Proxy

Links the new configuration file to NGINX’s sites-enabled using a command. Ansible warns this is not the best method, so I need to make a little change here but it does currently work.

  • Make Sure NGINX Service Is Running

Using the service option this makes sure the NGINX service has restarted to make sure that the new configuration can take effect and also marks the NGINX service as enabled so that it starts after reboots.

The Vagrant File

geektechstuff_nginx_ansible_4
NGINX Vagrant File

I am using the official ubuntu/xenial64 (Ubuntu 16.04) for this project – it’s a little old but I’m currently playing around with different OS boxes. I’ve set the box to use 2GB of RAM.

The Before & After

Before using NGINX as a reverse proxy users would need to enter the IP address of my test Kibana server and enter port number (5601) at the end of the address.

geektechstuff_nginx_kibana_1
Kibana pre-NGINX reverse proxy

After the NGINX reverse proxy has been installed and set up users can enter the IP address of the NGINX machine and it brings them Kibana.

geektechstuff_nginx_kibana_2
Kibana post NGINX reverse proxy install

If hostnames are resolvable or a domain name is available then this could be used instead of the IP address.

geektechstuff_nginx_kibana_3
nginx reverse proxy with hostname resolvable

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.