GitHub - nginxinc/ansible-role-nginx-app-protect: Ansible role to install and configure NGINX App Protect (WAF and DoS) for NGINX Plus on your target host (original) (raw)
👾 Help make the NGINX App Protect Ansible role better by participating in our survey! 👾
NGINX App Protect WAF and DoS Ansible Role 
This role installs and configures NGINX App Protect WAF or DoS for NGINX Plus on your target host.
Note: By default, this role will install NGINX App Protect WAF. To install NGINX App Protect DoS, you need to set the nginx_app_protect_dos_enable variable to true.
Note: This role is still in active development. There may be unidentified issues and the role variables may change as development continues.
Requirements
NGINX App Protect
If you wish to install NGINX App Protect WAF or NGINX App Protect DoS using this role, you will need to obtain the corresponding NGINX App Protect license beforehand.
Ansible
- This role is developed and tested with maintained versions of Ansible core (above
2.12). - When using Ansible core, you will also need to install the following collections:
collections:
- name: ansible.posix
version: 1.4.0 - name: community.crypto
version: 2.10.0 - name: community.general
version: 6.2.0 - name: community.docker # Only required if you plan to use Molecule (see below)
version: 3.4.0
Note: You can alternatively install the Ansible community distribution (what is known as the "old" Ansible) if you don't want to manage individual collections.
- Instructions on how to install Ansible can be found in the Ansible website.
Jinja2
- This role uses Jinja2 templates. Ansible core installs Jinja2 by default, but depending on your install and/or upgrade path, you might be running an outdated version of Jinja2. The minimum version of Jinja2 required for the role to properly function is
3.1. - Instructions on how to install Jinja2 can be found in the Jinja2 website.
Molecule (Optional)
- Molecule is used to test the various functionalities of the role. The recommended version of Molecule to test this role is
4.x. - Instructions on how to install Molecule can be found in the Molecule website. You will also need to install the Molecule Docker driver.
- To run the Molecule tests, you must copy your NGINX App Protect license to the role's files/license folder.
You can alternatively add your NGINX App Protect repository certificate and key to the local environment. Run the following commands to export these files as base64-encoded variables and execute the Molecule tests:
export NGINX_CRT=$( cat| base64 )
export NGINX_KEY=$( cat| base64 )
molecule test
Installation
Ansible Galaxy
To install the latest stable release of the role on your system, use:
ansible-galaxy install nginxinc.nginx_app_protect
Alternatively, if you have already installed the role, update the role to the latest release:
ansible-galaxy install -f nginxinc.nginx_app_protect
Git
To pull the latest edge commit of the role from GitHub, use:
git clone https://github.com/nginxinc/ansible-role-nginx-app-protect.git
Platforms
NGINX App Protect WAF
The NGINX App Protect Ansible role supports all platforms supported by NGINX Plus that intersect with the following list of distributions of App Protect WAF:
Amazon Linux 2:
- any Debian:
- buster (10) RHEL:
- 8.1+ Ubuntu:
- bionic (18.04)
- focal (20.04)
NGINX App Protect DoS
The NGINX App Protect Ansible role supports all platforms supported by NGINX Plus that intersect with the following list of distributions of App Protect DoS:
Debian:
- buster (10)
- bullseye (11) RHEL:
- 8.0+ Ubuntu:
- bionic (18.04)
- focal (20.04)
Role Variables
This role has multiple variables. The descriptions and defaults for all these variables can be found in the defaults/ folder in the following files:
| Name | Description |
|---|---|
| main.yml | NGINX App Protect installation and configuration variables |
Similarly, descriptions and defaults for preset variables can be found in the vars/ folder in the following files:
| Name | Description |
|---|---|
| main.yml | List of supported NGINX App Protect platforms |
Dependencies
If NGINX Plus is not already installed on the system, this role will install the version of NGINX Plus that is dependent on the version of NGINX App Protect that is being installed.
Example Playbook
A working functional playbook example can be found in the molecule/default/ folder in the following file:
| Name | Description |
|---|---|
| molecule/default/converge.yml | Install and configure NGINX App Protect WAF |
| molecule/advanced/converge.yml | Advanced integration test including NGINX App Protect WAF sending log data to a "remote" syslog server |
| molecule/dos/converge.yml | Install NGINX App Protect DoS |
| molecule/specific-version/converge.yml | Install a specific version of NGINX App Protect WAF signatures |
| molecule/uninstall/converge.yml | Uninstall NGINX App Protect WAF/DoS |
Other NGINX Ansible Collections and Roles
You can find the Ansible NGINX Core collection of roles to install and configure NGINX Open Source, NGINX Plus, and NGINX App Protect WAF and DoS products here.
You can find the Ansible NGINX role to install NGINX OSS and NGINX Plus here.
You can find the Ansible NGINX configuration role to configure NGINX here.
You can find the Ansible NGINX Unit role to install NGINX Unit here.
License
Author Information
© F5, Inc. 2020 - 2024