Today I am looking at installing and configuring NGINX with an Ansible playbook.
In my previous blog posts I have looked at using an Ansible playbook to install the ELK (Elasticsearch, Logstash, Kibana) stack across three different computers, and then how Ansible roles can be used to organise a playbook.
Note: The files for this blog post are hosted in my GitHub repository at: https://github.com/geektechdude/NGINX_Ansible_Playbook
NGINX (pronounced “engine x“) is a web server which can also be used as a reverse proxy and/or load balancer. It is the reverse proxy options that NGINX offers that I will be utilising for use with my ELK stack.
A reverse proxy can act as the bridge between the a client and web servers, retrieving resources from the web server (or web servers) and providing them to the client as if the resources have come from the reverse proxy directly.
Currently the Kibana server I set up uses IP address 192.***.**.72, however I may want to hide this from an end user that is connecting to Kibana. To do this I can use NGINX as a reverse proxy and can install / configure NGINX using an Ansible playbook.
The Ansible Playbook
The current files for this blog post are:
roles/ nginx/ tasks/ main.yml meta/ main.yml Vagrantfile ansible.cfg inventory playbook.yml
playbook.yml is the main playbook and is what Ansible calls on. Within playbook.yml is a few lines telling Ansible that it should apply the play against the nginx hosts, which are defined in the inventory file.
playbook.yml calls on the nginx role, which is defined under the /roles/ folder. You may ask why I am using a role. Currently I am installing NGINX just for the task of setting up a reverse proxy for Kibana, however in future I might my NGINX playbook to configure several different parts of NGINX (i.e. serve static web pages, or act as a reverse proxy for more than one system). If this happens I can modify the nginx role (maybe separate the install of NGINX from the Kibana settings) and rename it kibana_nginx, then have other roles for the other settings. I wrote a bit about Ansible roles previously here.
What The Tasks Are Doing
- Install NGINX From Apt-Get
Calls on apt to install nginx, which is what the state: present does. If this is changed to state: absent then apt would try and remove nginx.
- Disable NGINX Default Virtual Host
Disables the default virtual host for nginx via a command as I am amended it.
- Create NGINX Conf File For Kibana
Uses the touch method to create an empty file.
- Amend NGINX Conf File
Uses the “block in file” method to insert the configuration in the empty file created above. I’ve used the option of marker:”” so that Ansible does not wrap the inserted text in a comment / banner.
- Link NGINX Kibana Reverse Proxy
Links the new configuration file to NGINX’s sites-enabled using a command. Ansible warns this is not the best method, so I need to make a little change here but it does currently work.
- Make Sure NGINX Service Is Running
Using the service option this makes sure the NGINX service has restarted to make sure that the new configuration can take effect and also marks the NGINX service as enabled so that it starts after reboots.
The Vagrant File
I am using the official ubuntu/xenial64 (Ubuntu 16.04) for this project – it’s a little old but I’m currently playing around with different OS boxes. I’ve set the box to use 2GB of RAM.
The Before & After
Before using NGINX as a reverse proxy users would need to enter the IP address of my test Kibana server and enter port number (5601) at the end of the address.
After the NGINX reverse proxy has been installed and set up users can enter the IP address of the NGINX machine and it brings them Kibana.
If hostnames are resolvable or a domain name is available then this could be used instead of the IP address.