Nginx Proxy Manager

💡 Not to be confused with Nginx, the web server and reverse proxy.

This Ansible Playbook configures an existing virtual machine running within the European Weather Cloud (EWC), to operate as a Nginx Proxy Manager server.

Nginx Proxy Manager is full-featured tool that helps to lower the barriers to entry for users who are interested in learning and working with Nginx servers.

Functionality

Virtual host management
Ability to cache assets
Blocking of common exploits
Websocket support
Access list configuration
SSL and HTTP/2 support
Host redirection with HTTP code configuration
TCP and UDP stream support
User management
Nginx Proxy
Manager log auditing

Prerequisites

Install git (version 2.0 or higher )
Install python (version 3.9 or higher)
Install ansible (version 2.15 or higher)
Get OpenStack API credentials (see How to request OpenStack Application Credentials section of the EWC documentation)
If you plan to configure an existing VM, jump to the Usage section below
If you have not yet provisioned a VM, it is required to do so. You may choose one of the following approaches:
- A) Provision a new VM via UI:
  - Create an SSH keypair (see Creating the keys section of the EWC documentation)
  - Import the SSH public key into Morpheus (see Adding the keys in Morpheus section of the EWC documentation)
  - Provision a new VM through the web portal (see Provision a new Instance - Web section of the EWC) documentation
  OR
- B) Provision a new VM via CLI:
  - Create an SSH keypair (see Creating the keys section of the EWC documentation)
  - Add you SSH public key to OpenStack (see Import SSH Key section of the EWC documentation).
  - Provision a new VM via the OpenStack CLI (see How to create a VM using the OpenStack CLI section of the EWC documentation)

Usage

1. Clone the repository

git clone https://github.com/ewcloud/ewc-ansible-playbook-flavours-and-provisioning.git

1.1. Change to the specific Item's subdirectory

cd ewc-ansible-playbook-flavours-and-provisioning/playbooks/nginx-proxy-manager-flavour

1.2. (Optional) Checkout an specific Item's version

⚠️ Make sure to replace x.y.z in the command below, with your version of preference.

git checkout x.y.z

2. Download Ansible dependencies

💡 By default, Ansible Roles are installed under the ~/.ansible/roles directory within your working environment.

Download the correct version of the Ansible dependencies, if you haven't done so already:

ansible-galaxy role install -r requirements.yml

3. Specify the target host and SSH credentials

Create an inventory file to specify address/credentials that Ansible should use to reach the virtual machine you wish to configure:

# inventory.yml
---
ewcloud:
  hosts:
    nginx_proxy_manager:
      ansible_python_interpreter: /usr/bin/python3
      ansible_host: <add the IPV4 address of the target host>
      ansible_ssh_private_key_file: <add the path to local SSH private key file>
      ansible_user: ubuntu
      ansible_ssh_common_args: -o StrictHostKeyChecking=accept-new

4. Configure and apply the template

4.1. Interactive Mode

By running the following command, you can trigger an interactive session that prompts you for the necessary user inputs, and then applies changes to your target EWC environment:

ansible-playbook -i inventory.yml nginx-proxy-manager-flavour.yml

4.2. Non-Interactive Mode

💡 To learn more about defining variables at runtime, checkout the official Ansible documentation.

You can also run in non-interactive mode by passing the --extra-vars or -e flag, followed by a map of key-value pairs; one for each and every available input (see inputs section below). For example:

ansible-playbook \
  -i inventory.yml \
  -e "npm_admin_ui_port=8080" \
  -e "os_security_group_name=nginx-proxy-manager" \
  nginx-proxy-manager-flavour.yml

Inputs

⛔ If deploying to an instance on the ECMWF site, using a high port numbers such as in the example above will prevent you from accessing the Nginx Proxy Manager UI from the pubic internet, even when a valid security group is attached to the instance. This is due to the outer perimeter firewall of the ECMWF site. For details see EWC Security guidelines - Restrictive firewall (allow-listing).

Name	Description	Type	Default	Required
npm_admin_ui_port	port number at which the Nginx Proxy Manager admin UI is served	`number`	`8080`	yes
os_security_group_name	OpenStack security group containing all firewall rules required for Nginx Proxy Manager operation	`string`	`nginx-proxy-manager`	yes

Dependencies

⚠️ Only Ubuntu 22.04 images are currently supported. This is due to constrains imposed by the required ewc-ansible-role-nginx-proxy-manager Ansible Role.

💡 A VM plan with at least 8GB of RAM is recommended for successful setup and stable operation.

Name	Version	License	Home URL
ewc-ansible-role-nginx-proxy-manager	1.0	MIT	https://github.com/ewcloud/ewc-ansible-role-nginx-proxy-manager

Other

Deployable