{% if nginx_config_main_template.http_settings.gzip %}
    gzip on;
{% if nginx_config_main_template.http_settings.gzip.vary %}
    gzip_vary on;
{% endif %}
{% if nginx_config_main_template.http_settings.gzip.min_length %}
    gzip_min_length {{ nginx_config_main_template.http_settings.gzip.min_length }};
{% endif %}
{% if nginx_config_main_template.http_settings.gzip.proxied is defined and nginx_config_main_template.http_settings.gzip.proxied | length %}
    gzip_proxied {{ nginx_config_main_template.http_settings.gzip.proxied }};
{% endif %}
{% if nginx_config_main_template.http_settings.gzip.types is defined and nginx_config_main_template.http_settings.gzip.types | length %}
    gzip_types {{ nginx_config_main_template.http_settings.gzip.types }};
{% endif %}
{% if nginx_config_main_template.http_settings.gzip.disable %}
    gzip_disable {{ nginx_config_main_template.http_settings.gzip.disable }}
{% endif %}
{% else %}
	#gzip on;
{% endif %}

nginx_config_cleanup     : '{{ my_cleanup }}'

    # this clean up only happens if the above variable is true
    nginx_config_cleanup_paths:
      - directory:
          - /etc/nginx/conf.d
        recurse: false
    nginx_config_cleanup_files:
      - /etc/nginx/conf.d/default.conf

TASK [nginxinc.nginx_config : Find NGINX config files] ************************************************************************************************************************************************************************************************************************
ok: [testing-snap05.MYDOMAIN.TLD] => (item={'directory': ['/etc/nginx/conf.d'], 'recurse': False}) => {"ansible_loop_var": "item", "changed": false, "examined": 13, "files": [{"atime": 1616512425.5879788, "ctime": 1616512425.0159645, "dev": 64780, "gid": 0, "gr_name": "root", "inode": 652034, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1616512424.6879563, "nlink": 1, "path": "/etc/nginx/conf.d/testing-snap05.staging.MYDOMAIN.TLDX.conf", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 508, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1616511920.0872648, "ctime": 1616511919.343246, "dev": 64780, "gid": 0, "gr_name": "root", "inode": 652037, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1616511918.9712367, "nlink": 1, "path": "/etc/nginx/conf.d/testing-snap05.staging.MYDOMAIN.TLD.conf", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 507, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1616512481.8013923, "ctime": 1616512481.229378, "dev": 64780, "gid": 0, "gr_name": "root", "inode": 652039, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1616512480.8773692, "nlink": 1, "path": "/etc/nginx/conf.d/testing-snap05.staging.MYDOMAIN.TLDZ.conf", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 508, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}, {"atime": 1616512450.800613, "ctime": 1616512450.1845973, "dev": 64780, "gid": 0, "gr_name": "root", "inode": 652038, "isblk": false, "ischr": false, "isdir": false, "isfifo": false, "isgid": false, "islnk": false, "isreg": true, "issock": false, "isuid": false, "mode": "0644", "mtime": 1616512449.8325884, "nlink": 1, "path": "/etc/nginx/conf.d/testing-snap05.staging.MYDOMAIN.TLDY.conf", "pw_name": "root", "rgrp": true, "roth": true, "rusr": true, "size": 508, "uid": 0, "wgrp": false, "woth": false, "wusr": true, "xgrp": false, "xoth": false, "xusr": false}], "item": {"directory": ["/etc/nginx/conf.d"], "recurse": false}, "matched": 4, "msg": ""}                                                                                                                                                                                          

TASK [nginxinc.nginx_config : Remove NGINX config files] **********************************************************************************************************************************************************************************************************************
ok: [testing-snap05.MYDOMAIN.TLD] => (item=/etc/nginx/conf.d/default.conf) => {"ansible_loop_var": "item", "changed": false, "item": "/etc/nginx/conf.d/default.conf", "path": "/etc/nginx/conf.d/default.conf", "state": "absent"}

FAILED! => {"msg": "The conditional check 'config.rc != 0' failed. The error was: error while evaluating conditional (config.rc != 0): 'dict object' has no attribute 'rc'\n\nThe error appears to be in '/Users/<myname>/.ansible/roles/nginxinc.nginx_config/handlers/main.yml': line 9, column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to be:\n\n\n- name: (Handler - NGINX Config) Print NGINX error if syntax check fails\n  ^ here\n"}

- name: (Handler - NGINX Config) Check NGINX
  command: nginx -t
  register: config
  ignore_errors: yes
  changed_when: false
  listen: (Handler - NGINX Config) Run NGINX

- name: (Handler - NGINX Config) Print NGINX error if syntax check fails
  debug:
    var: config.stderr_lines
  failed_when: config.rc != 0
  when: config.rc != 0
  listen: (Handler - NGINX Config) Run NGINX

location /docs {
     alias /some/path/to/_build
}

xxx

include /etc/nginx/modules-enabled/*.conf;

events {
        xxx
}

http {
        include /etc/nginx/mime.types;

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

    location / {
        root   /var/www/html;
        index  index.html index.htm;
    }

- hosts: testing
  become: true
  roles:
    - {role: nginxinc.nginx_config}
  vars:
    # nginx_config_debug_output: true
    nginx_config_http_template:
      - template_file: http/default.conf.j2
        conf_file_name: 50_example.com.conf
        conf_file_location: /etc/nginx/conf.d/
        servers:
          - listen:
              - port: 8080
              - 

TASK [Gathering Facts] *******************************************************************************************************************************************************************************************
ok: [dum-e]

TASK [nginxinc.nginx : Check whether you are using a supported NGINX distribution] *******************************************************************************************************************************
ok: [dum-e] => {
    "changed": false,
    "msg": "Your OS, Debian is supported by NGINX Open Source"
}

TASK [nginxinc.nginx : Set up prerequisites] *********************************************************************************************************************************************************************
included: /Users/rolandgroza/.ansible/roles/nginxinc.nginx/tasks/prerequisites/prerequisites.yml for dum-e

TASK [nginxinc.nginx : Install dependencies] *********************************************************************************************************************************************************************
included: /Users/rolandgroza/.ansible/roles/nginxinc.nginx/tasks/prerequisites/install-dependencies.yml for dum-e

TASK [nginxinc.nginx : (Alpine Linux) Install dependencies] ******************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : (Debian/Ubuntu) Install dependencies] *****************************************************************************************************************************************************
ok: [dum-e]

TASK [nginxinc.nginx : (Amazon Linux/CentOS/Oracle Linux/RHEL) Install dependencies] *****************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : (SLES) Install dependencies] **************************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : (FreeBSD) Install dependencies using package(s)] ******************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : (FreeBSD) Install dependencies using port(s)] *********************************************************************************************************************************************
skipping: [dum-e] => (item=security/ca_root_nss) 

TASK [nginxinc.nginx : Check if SELinux is enabled] **************************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : Configure SELinux] ************************************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : Set up signing keys] **********************************************************************************************************************************************************************
included: /Users/rolandgroza/.ansible/roles/nginxinc.nginx/tasks/keys/setup-keys.yml for dum-e

TASK [nginxinc.nginx : (Alpine Linux) Set up NGINX signing key URL] **********************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : (Alpine Linux) Download NGINX signing key] ************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : (Debian/Red Hat/SLES OSs) Set up NGINX signing key URL] ***********************************************************************************************************************************
ok: [dum-e]

TASK [nginxinc.nginx : (Debian/Ubuntu) Add NGINX signing key] ****************************************************************************************************************************************************
ok: [dum-e]

TASK [nginxinc.nginx : (Amazon Linux/CentOS/Oracle Linux/RHEL/SLES) Add NGINX signing key] ***********************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : Install NGINX Open Source] ****************************************************************************************************************************************************************
included: /Users/rolandgroza/.ansible/roles/nginxinc.nginx/tasks/opensource/install-oss.yml for dum-e

TASK [nginxinc.nginx : Install NGINX from repository] ************************************************************************************************************************************************************
included: /Users/rolandgroza/.ansible/roles/nginxinc.nginx/tasks/opensource/install-debian.yml for dum-e

TASK [nginxinc.nginx : (Debian/Ubuntu) Configure NGINX repository] ***********************************************************************************************************************************************
ok: [dum-e] => (item=deb [arch=amd64] https://nginx.org/packages/mainline/debian/ buster nginx)
ok: [dum-e] => (item=deb-src https://nginx.org/packages/mainline/debian/ buster nginx)

TASK [nginxinc.nginx : (Debian/Ubuntu) Install NGINX] ************************************************************************************************************************************************************
ok: [dum-e]

TASK [nginxinc.nginx : Install NGINX from source] ****************************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : Install NGINX from package] ***************************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : Install NGINX in Unix systems] ************************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : Set up NGINX Plus license] ****************************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : Install NGINX Plus] ***********************************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : Install NGINX modules] ********************************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : Remove NGINX Plus license] ****************************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : Modify systemd parameters] ****************************************************************************************************************************************************************
skipping: [dum-e]
[WARNING]: flush_handlers task does not support when conditional

TASK [nginxinc.nginx : Debug NGINX output] ***********************************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : Configure logrotate for NGINX] ************************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx : Install NGINX Amplify] ********************************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx_config : Set up SELinux] ********************************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx_config : Cleanup NGINX config] **************************************************************************************************************************************************************
included: /Users/rolandgroza/.ansible/roles/nginxinc.nginx_config/tasks/config/cleanup-config.yml for dum-e

TASK [nginxinc.nginx_config : Find NGINX config files] ***********************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx_config : Remove NGINX config files] *********************************************************************************************************************************************************
changed: [dum-e] => (item=/etc/nginx/conf.d/default.conf)

TASK [nginxinc.nginx_config : Upload NGINX config] ***************************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx_config : Create NGINX config] ***************************************************************************************************************************************************************
included: /Users/rolandgroza/.ansible/roles/nginxinc.nginx_config/tasks/config/template-config.yml for dum-e

TASK [nginxinc.nginx_config : Ensure HTML directory exists] ******************************************************************************************************************************************************
skipping: [dum-e] => (item={'key': 'default', 'value': {'template_file': 'www/index.html.j2', 'html_file_name': 'index.html', 'html_file_location': '/usr/share/nginx/html', 'web_server_name': 'Default'}}) 

TASK [nginxinc.nginx_config : Dynamically generate HTML files] ***************************************************************************************************************************************************
skipping: [dum-e] => (item={'key': 'default', 'value': {'template_file': 'www/index.html.j2', 'html_file_name': 'index.html', 'html_file_location': '/usr/share/nginx/html', 'web_server_name': 'Default'}}) 

TASK [nginxinc.nginx_config : Configure NGINX modules] ***********************************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx_config : Ensure NGINX main directory exists] ************************************************************************************************************************************************
ok: [dum-e]

TASK [nginxinc.nginx_config : Dynamically generate NGINX main configuration file] ********************************************************************************************************************************
ok: [dum-e]

TASK [nginxinc.nginx_config : Ensure NGINX HTTP directory exists] ************************************************************************************************************************************************
ok: [dum-e] => (item={'key': 'servers', 'value': [{'server_name': 'localhost', 'listen': [{'ip': 'localhost', 'port': 80}], 'gzip': {'enable': True}, 'root': '/home/pi/ui', 'index': 'index.html', 'try_files': '$uri $uri/index.html $uri.html =404', 'locations': [{'location': '/', 'root': '/home/pi/ui', 'index': 'index.html', 'try_files': '$uri $uri/index.html $uri.html =404'}]}]})

TASK [nginxinc.nginx_config : Ensure NGINX proxy cache directories exist] ****************************************************************************************************************************************

TASK [nginxinc.nginx_config : Dynamically generate NGINX HTTP config files] **************************************************************************************************************************************
changed: [dum-e] => (item={'key': 'servers', 'value': [{'server_name': 'localhost', 'listen': [{'ip': 'localhost', 'port': 80}], 'gzip': {'enable': True}, 'root': '/home/pi/ui', 'index': 'index.html', 'try_files': '$uri $uri/index.html $uri.html =404', 'locations': [{'location': '/', 'root': '/home/pi/ui', 'index': 'index.html', 'try_files': '$uri $uri/index.html $uri.html =404'}]}]})

TASK [nginxinc.nginx_config : Dynamically generate NGINX stub status config file] ********************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx_config : Dynamically generate NGINX API config file] ****************************************************************************************************************************************
skipping: [dum-e]

TASK [nginxinc.nginx_config : Ensure NGINX stream directory exists] **********************************************************************************************************************************************
skipping: [dum-e] => (item={'key': 'default', 'value': {'template_file': 'stream/default.conf.j2', 'conf_file_name': 'default.conf', 'conf_file_location': '/etc/nginx/conf.d/stream/', 'network_streams': {'default': {'listen': {'listen_localhost': {'ip': '0.0.0.0', 'port': 80, 'ssl': False, 'opts': []}}, 'ssl': {'cert': '/etc/ssl/certs/default.crt', 'key': '/etc/ssl/private/default.key', 'dhparam': '/etc/ssl/private/dh_param.pem', 'protocols': 'TLSv1 TLSv1.1 TLSv1.2', 'ciphers': 'HIGH:!aNULL:!MD5', 'prefer_server_ciphers': True, 'session_cache': 'none', 'session_timeout': '5m', 'disable_session_tickets': False, 'trusted_cert': '/etc/ssl/certs/root_CA_cert_plus_intermediates.crt', 'ecdh_curve': 'auto'}, 'include_files': [], 'proxy_pass': 'backend', 'proxy_timeout': '3s', 'proxy_connect_timeout': '1s', 'proxy_protocol': False, 'proxy_ssl': {'cert': '/etc/ssl/certs/proxy_default.crt', 'key': '/etc/ssl/private/proxy_default.key', 'trusted_cert': '/etc/ssl/certs/proxy_ca.crt', 'protocols': 'TLSv1 TLSv1.1 TLSv1.2', 'ciphers': 'HIGH:!aNULL:!MD5', 'verify': False, 'verify_depth': 1, 'session_reuse': True}, 'health_check_plus': False}}, 'upstreams': {'upstream1': {'name': 'backend', 'lb_method': 'least_conn', 'zone_name': 'backend', 'zone_size': '64k', 'sticky_cookie': False, 'servers': {'server1': {'address': 'localhost', 'port': 8080, 'weight': 1, 'health_check': 'max_fails=1 fail_timeout=10s'}}}}}}) 

TASK [nginxinc.nginx_config : Dynamically generate NGINX stream config files] ************************************************************************************************************************************
skipping: [dum-e] => (item={'key': 'default', 'value': {'template_file': 'stream/default.conf.j2', 'conf_file_name': 'default.conf', 'conf_file_location': '/etc/nginx/conf.d/stream/', 'network_streams': {'default': {'listen': {'listen_localhost': {'ip': '0.0.0.0', 'port': 80, 'ssl': False, 'opts': []}}, 'ssl': {'cert': '/etc/ssl/certs/default.crt', 'key': '/etc/ssl/private/default.key', 'dhparam': '/etc/ssl/private/dh_param.pem', 'protocols': 'TLSv1 TLSv1.1 TLSv1.2', 'ciphers': 'HIGH:!aNULL:!MD5', 'prefer_server_ciphers': True, 'session_cache': 'none', 'session_timeout': '5m', 'disable_session_tickets': False, 'trusted_cert': '/etc/ssl/certs/root_CA_cert_plus_intermediates.crt', 'ecdh_curve': 'auto'}, 'include_files': [], 'proxy_pass': 'backend', 'proxy_timeout': '3s', 'proxy_connect_timeout': '1s', 'proxy_protocol': False, 'proxy_ssl': {'cert': '/etc/ssl/certs/proxy_default.crt', 'key': '/etc/ssl/private/proxy_default.key', 'trusted_cert': '/etc/ssl/certs/proxy_ca.crt', 'protocols': 'TLSv1 TLSv1.1 TLSv1.2', 'ciphers': 'HIGH:!aNULL:!MD5', 'verify': False, 'verify_depth': 1, 'session_reuse': True}, 'health_check_plus': False}}, 'upstreams': {'upstream1': {'name': 'backend', 'lb_method': 'least_conn', 'zone_name': 'backend', 'zone_size': '64k', 'sticky_cookie': False, 'servers': {'server1': {'address': 'localhost', 'port': 8080, 'weight': 1, 'health_check': 'max_fails=1 fail_timeout=10s'}}}}}}) 

RUNNING HANDLER [nginxinc.nginx_config : (Handler - NGINX Config) Check NGINX] ***********************************************************************************************************************************
ok: [dum-e]

RUNNING HANDLER [nginxinc.nginx_config : (Handler - NGINX Config) Print NGINX error if syntax check fails] *******************************************************************************************************
skipping: [dum-e]

RUNNING HANDLER [nginxinc.nginx_config : (Handler - NGINX Config) Start/reload NGINX] ****************************************************************************************************************************
changed: [dum-e]

TASK [nginxinc.nginx_config : Debug output] **********************************************************************************************************************************************************************
included: /Users/rolandgroza/.ansible/roles/nginxinc.nginx_config/tasks/config/debug-output.yml for dum-e

TASK [nginxinc.nginx_config : Register NGINX config] *************************************************************************************************************************************************************
ok: [dum-e]

TASK [nginxinc.nginx_config : Print NGINX config] ****************************************************************************************************************************************************************
ok: [dum-e] => {
    "config_full.stdout_lines": [
        "# configuration file /etc/nginx/nginx.conf:",
        "#",
        "# Ansible managed",
        "#",
        "",
        "",
        "user pi;",
        "",
        "",
        "",
        "events {",
        "}",
        "",
        "http {",
        "    include       /etc/nginx/mime.types;",
        "    default_type  application/octet-stream;",
        "    log_format  main  '$remote_addr - $remote_user [$time_local] \"$request\" '",
        "'$status $body_bytes_sent \"$http_referer\" '",
        "'\"$http_user_agent\" \"$http_x_forwarded_for\"';",
        "    access_log  /var/log/nginx/access.log  main;",
        "    keepalive_timeout  65;",
        "    gzip on;",
        "",
        "    include /etc/nginx/conf.d/*.conf;",
        "}",
        "",
        "",
        "# configuration file /etc/nginx/mime.types:",
        "",
        "types {",
        "    text/html                             html htm shtml;",
        "    text/css                              css;",
        "    text/xml                              xml;",
        "    image/gif                             gif;",
        "    image/jpeg                            jpeg jpg;",
        "    application/javascript                js;",
        "    application/atom+xml                  atom;",
        "    application/rss+xml                   rss;",
        "",
        "    text/mathml                           mml;",
        "    text/plain                            txt;",
        "    text/vnd.sun.j2me.app-descriptor      jad;",
        "    text/vnd.wap.wml                      wml;",
        "    text/x-component                      htc;",
        "",
        "    image/png                             png;",
        "    image/tiff                            tif tiff;",
        "    image/vnd.wap.wbmp                    wbmp;",
        "    image/x-icon                          ico;",
        "    image/x-jng                           jng;",
        "    image/x-ms-bmp                        bmp;",
        "    image/svg+xml                         svg svgz;",
        "    image/webp                            webp;",
        "",
        "    application/font-woff                 woff;",
        "    application/java-archive              jar war ear;",
        "    application/json                      json;",
        "    application/mac-binhex40              hqx;",
        "    application/msword                    doc;",
        "    application/pdf                       pdf;",
        "    application/postscript                ps eps ai;",
        "    application/rtf                       rtf;",
        "    application/vnd.apple.mpegurl         m3u8;",
        "    application/vnd.ms-excel              xls;",
        "    application/vnd.ms-fontobject         eot;",
        "    application/vnd.ms-powerpoint         ppt;",
        "    application/vnd.wap.wmlc              wmlc;",
        "    application/vnd.google-earth.kml+xml  kml;",
        "    application/vnd.google-earth.kmz      kmz;",
        "    application/x-7z-compressed           7z;",
        "    application/x-cocoa                   cco;",
        "    application/x-java-archive-diff       jardiff;",
        "    application/x-java-jnlp-file          jnlp;",
        "    application/x-makeself                run;",
        "    application/x-perl                    pl pm;",
        "    application/x-pilot                   prc pdb;",
        "    application/x-rar-compressed          rar;",
        "    application/x-redhat-package-manager  rpm;",
        "    application/x-sea                     sea;",
        "    application/x-shockwave-flash         swf;",
        "    application/x-stuffit                 sit;",
        "    application/x-tcl                     tcl tk;",
        "    application/x-x509-ca-cert            der pem crt;",
        "    application/x-xpinstall               xpi;",
        "    application/xhtml+xml                 xhtml;",
        "    application/xspf+xml                  xspf;",
        "    application/zip                       zip;",
        "",
        "    application/octet-stream              bin exe dll;",
        "    application/octet-stream              deb;",
        "    application/octet-stream              dmg;",
        "    application/octet-stream              iso img;",
        "    application/octet-stream              msi msp msm;",
        "",
        "    application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;",
        "    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;",
        "    application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;",
        "",
        "    audio/midi                            mid midi kar;",
        "    audio/mpeg                            mp3;",
        "    audio/ogg                             ogg;",
        "    audio/x-m4a                           m4a;",
        "    audio/x-realaudio                     ra;",
        "",
        "    video/3gpp                            3gpp 3gp;",
        "    video/mp2t                            ts;",
        "    video/mp4                             mp4;",
        "    video/mpeg                            mpeg mpg;",
        "    video/quicktime                       mov;",
        "    video/webm                            webm;",
        "    video/x-flv                           flv;",
        "    video/x-m4v                           m4v;",
        "    video/x-mng                           mng;",
        "    video/x-ms-asf                        asx asf;",
        "    video/x-ms-wmv                        wmv;",
        "    video/x-msvideo                       avi;",
        "}",
        "",
        "# configuration file /etc/nginx/conf.d/default.conf:",
        "#",
        "# Ansible managed",
        "#"
    ]
}

---
roles:
  # https://github.com/nginxinc/ansible-role-nginx
  - src: nginxinc.nginx
    version: 0.19.1
  # https://github.com/nginxinc/ansible-role-nginx-config
  - src: nginxinc.nginx_config
    version: 0.3.3

❯ ansible --version                                                                            
ansible 2.10.2
  config file = /Users/rolandgroza/Work/jigs/ansible.cfg
  configured module search path = ['/Users/rolandgroza/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /Users/rolandgroza/.pyenv/versions/3.8.6/envs/python-3.8/lib/python3.8/site-packages/ansible
  executable location = /Users/rolandgroza/.pyenv/versions/python-3.8/bin/ansible
  python version = 3.8.6 (default, Nov  1 2020, 20:18:23) [Clang 11.0.3 (clang-1103.0.32.62)]

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

- name: NGINX
  hosts: nginx
  debugger: on_failed
  become: true

  pre_tasks:
  - name: Enabling nginx_config_main_template
    set_fact:
      nginx_config_main_template_enable: true
  roles:
  - role: nginxinc.nginx
  - role: nginxinc.nginx-config

TASK [nginxinc.nginx-config : Dynamically generate NGINX main configuration file] ***********************************************************************************************************
task path: /home/xxx/ansible/yyy/roles/nginxinc.nginx-config/tasks/config/template-config.yml:37
fatal: [nginx_0]: FAILED! => {
    "changed": false,
    "msg": "AnsibleUndefinedVariable: 'dict object' has no attribute 'dest'"
}

 server {
     listen 0.0.0.0:80;
     server_name documentation.old.domain;
     rewrite (.*).html(.*) $1$2;
     rewrite (.*)/en/stable(.*) $1$2;
     return 301 https://new.domain/uc-doc$uri;
 }

    listen 0.0.0.0:80;
    server_name documentation.old.domain;
    location ^ {
        proxy_pass https://new.domain/uc-doc;
        rewrite rewrite (.*).html(.*) $1$2;;
        rewrite rewrite (.*)/en/stable(.*) $1$2;;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

if ($request_method = POST) {
    return 405;
}

(cluster) joan@DESKTOP-OM8Q4NE:~/Abzu/cluster$ ansible-galaxy collection install git+https://github.com/nginxinc/ansible-role-nginx-config.git
Cloning into '/home/joan/.ansible/tmp/ansible-local-260469n7zryua/tmp5t1xuas1/ansible-role-nginx-confignf_aip1s'...
remote: Enumerating objects: 1193, done.
remote: Counting objects: 100% (405/405), done.
remote: Compressing objects: 100% (215/215), done.
remote: Total 1193 (delta 245), reused 296 (delta 176), pack-reused 788
Receiving objects: 100% (1193/1193), 296.46 KiB | 2.18 MiB/s, done.
Resolving deltas: 100% (673/673), done.
Your branch is up to date with 'origin/main'.
Starting galaxy collection install process
Process install dependency map
ERROR! Neither the collection requirement entry key 'name', nor 'source' point to a concrete resolvable collection artifact. Also 'name' is not an FQCN. A valid collection name must be in the format <namespace>.<collection>. Please
make sure that the namespace and the collection name  contain characters from [a-zA-Z0-9_] only.

Tip: Make sure you are pointing to the right subdirectory — `/home/joan/.ansible/tmp/ansible-local-260469n7zryua/tmp5t1xuas1/ansible-role-nginx-confignf_aip1s` looks like a directory but it is neither a collection, nor a namespace d
ir.

nginx_config_rest_api_access_log:  # Optional -- Set to 'false' and remove/comment nested variables to disable access log
  location: /var/log/nginx/api_access.log  # Required
  name: main  # Required

# ansible-galaxy collection install nginxinc.nginx_core
Starting galaxy collection install process
Process install dependency map
Starting collection install process
Downloading https://galaxy.ansible.com/download/nginxinc-nginx_core-0.4.0.tar.gz to ~/.ansible/tmp/ansible-local-138554ko34z3om/tmpbfjxdsv7/nginxinc-nginx_core-0.4.0-_7gl1uhk
Installing 'nginxinc.nginx_core:0.4.0' to '~/.ansible/collections/ansible_collections/nginxinc/nginx_core'
nginxinc.nginx_core:0.4.0 was installed successfully

ansible [core 2.11.6]
  python version = 3.6.8 (default, Sep 12 2021, 04:40:35) [GCC 8.4.1 20200928 (Red Hat 8.4.1-1)]
  jinja version = 2.10.1
  libyaml = True

NAME="CentOS Stream"
VERSION="8"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="CentOS Stream 8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:8"
HOME_URL="https://centos.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux 8"
REDHAT_SUPPORT_PRODUCT_VERSION="CentOS Stream"

nginx_main_template_enable: true
nginx_main_template:
  user: www-data

TASK [nginxinc.nginx : (Setup: All NGINX) Dynamically Generate NGINX Main Configuration File] ************************
fatal: [sandbox]: FAILED! => {"changed": false, "msg": "AnsibleUndefinedVariable: 'dict object' has no attribute 'worker_processes'"}

{% if item.value.servers[server].https_redirect is defined and item.value.servers[server].https_redirect %}
    return 301 https://{{ item.value.servers[server].https_redirect }}$request_uri;
{% endif %}

TASK [external-roles/nginxinc.nginx-config : Set SELinux mode to permissive] ***********************
ok: [targethost] => changed=false
  configfile: /etc/selinux/config
  msg: SELinux state changed from 'enforcing' to 'permissive', Config SELinux state changed from 'enforcing' to 'permissive'
  policy: targeted
  reboot_required: false
  state: permissive

...
...
TASK [external-roles/nginxinc.nginx-config : Set SELinux mode to enforcing] ************************
skipping: [targethost] => changed=false
  skip_reason: Conditional result was False

server {
  ...
  rewrite (.*).html(.*) $1$2 last;
  ...
}

{% for rewrite in rewrite['rewrites'] if (rewrite['rewrites'] is sequence and rewrite['rewrites'] is not string) %}

{% for rewrite in rewrite['rewrites'] if (rewrite['rewrites'] is not mapping and rewrite['rewrites'] is not string) %}

listen 1.2.3.4:80 default_server deferred;
listen 1.2.3.4:443 ssl http2 default_server deferred;
listen 1.2.3.4:5757 default_server;
listen [fe80::a00:abcd::aaaa]:80 default_server deferred;
listen [fe80::a00:abcd::bbbb]:80 default_server deferred;
listen [fe80::a00:abcd::aaaa]:443 ssl http2 default_server deferred;
listen [fe80::a00:abcd::bbbb]:443 ssl http2 default_server deferred;
listen [fe80::a00:abcd::cccc]:5757 default_server;

listen 1.2.3.4:80 default_server deferred;
listen [fe80::a00:abcd::cccc]:5757 default_server;
listen [fe80::a00:abcd::aaaa]:443 ssl http2 default_server deferred;
listen [fe80::a00:abcd::bbbb]:443 ssl http2 default_server deferred;
listen 1.2.3.4:443 ssl http2 default_server deferred;
listen [fe80::a00:abcd::bbbb]:80 default_server deferred;
listen [fe80::a00:abcd::aaaa]:80 default_server deferred;
listen 1.2.3.4:5757 default_server;

The error was: ansible.errors.AnsibleUndefinedVariable: the inline if-expression on line 71 in 'http/ssl.j2' evaluated to false and no else section was defined.

TASK [nginxinc.nginx_core.nginx_config : Dynamically generate NGINX HTTP config files] ********************************
An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ansible.errors.AnsibleUndefinedVariable: the inline if-expression on line 71 in 'http/ssl.j2' evaluated to false and no else section was defined.
failed: [gimci-vm15] (item={'template_file': 'http/default.conf.j2', 'deployment_location': '/etc/nginx/conf.d/default.conf', 'config': {'upstreams': [{'name': 'backend', 'servers': [{'address': 'localhost', 'weight': 1, 'max_conns': 0, 'max_fails': 1, 'fail_timeout': '10s', 'backup': False, 'down': False, 'resolve': False, 'service': 'http', 'route': 'a', 'slow_start': '0s', 'drain': False}], 'zone': {'name': 'backend_mem_zone', 'size': '64k'}, 'state': '/var/lib/nginx/state/servers.conf', 'hash': {'key': 'key', 'consistent': False}, 'ip_hash': False, 'least_conn': False, 'least_time': {'response': 'last_byte', 'inflight': False}, 'random': {'two': True, 'method': 'least_time=last_byte'}, 'queue': {'number': 10, 'timeout': '60s'}, 'keepalive': 32, 'keepalive_requests': 100, 'keepalive_time': '1h', 'keepalive_timeout': '60s', 'ntlm': False, 'resolver': {'address': [], 'valid': '30s', 'ipv6': False, 'status_zone': 'backend_mem_zone'}, 'resolver_timeout': '30s', 'sticky_cookie': {'name': 'cookie', 'expires': '1d', 'domain': 'example.com', 'httponly': False, 'samesite': 'none', 'secure': True, 'path': 'path'}, 'sticky_route': [], 'sticky_learn': {'create': [], 'lookup': [], 'zone': {'name': 'client_sessions', 'size': '1m'}, 'timeout': '10m', 'header': False, 'sync': False}}], 'core': {'absolute_redirect': True, 'aio': {'threads': True}, 'aio_write': False, 'alias': 'path', 'auth_delay': '0s', 'chunked_transfer_encoding': True, 'client_body_buffer_size': '8k', 'client_body_in_file_only': False, 'client_body_in_single_buffer': False, 'client_body_temp_path': {'path': '/var/cache/nginx', 'level': 2}, 'client_body_timeout': '60s', 'client_header_buffer_size': '1k', 'client_header_timeout': '60s', 'client_max_body_size': '1m', 'connection_pool_size': 256, 'default_type': 'text/plain', 'directio': False, 'directio_alignment': 512, 'disable_symlinks': {'check': 'on', 'from': '$document_root'}, 'error_page': [{'code': [404], 'response': 404, 'uri': '/404.html'}], 'etag': True, 'if_modified_since': 'exact', 'ignore_invalid_headers': True, 'include': 'path', 'internal': False, 'keepalive_disable': 'msie6', 'keepalive_requests': 1000, 'keepalive_time': '1h', 'keepalive_timeout': {'timeout': '75s', 'header_timeout': '75s'}, 'large_client_header_buffers': {'number': 4, 'size': '8k'}, 'limit_except': {'method': 'GET', 'directive': ['allow all']}, 'limit_rate': 0, 'limit_rate_after': 0, 'lingering_close': True, 'lingering_time': '30s', 'lingering_timeout': '5s', 'listen': [{'address': '0.0.0.0', 'port': 80, 'default_server': True, 'ssl': False, 'http2': False, 'spdy': False, 'proxy_protocol': False, 'fastopen': 12, 'backlog': 511, 'rcvbuf': 512, 'sndbuf': 512, 'deffered': False, 'bind': False, 'ipv6only': False, 'reuseport': False, 'so_keepalive': {'keepidle': '30m', 'keepintvl': 5, 'keepcnt': 10}}], 'log_not_found': True, 'log_subrequest': False, 'max_ranges': 0, 'merge_slashes': True, 'msie_padding': True, 'msie_refresh': False, 'open_file_cache': {'max': 10, 'inactive': '60s'}, 'open_file_cache_errors': False, 'open_file_cache_min_uses': 1, 'open_file_cache_valid': '60s', 'output_buffers': {'number': 2, 'size': '32k'}, 'port_in_redirect': True, 'postpone_output': 1460, 'read_ahead': 0, 'recursive_error_pages': False, 'request_pool_size': '4k', 'reset_timedout_connection': False, 'resolver': {'address': '127.0.0.1', 'valid': '60s', 'ipv6': False, 'status_zone': 'zone'}, 'resolver_timeout': '30s', 'root': 'html', 'index': 'path', 'satisfy': 'all', 'send_lowat': 0, 'send_timeout': '60s', 'sendfile': False, 'sendfile_max_chunk': 0, 'server_name': '', 'server_name_in_redirect': False, 'server_names_hash_bucket_size': 32, 'server_names_hash_max_size': 512, 'server_tokens': True, 'subrequest_output_buffer_size': '4k', 'tcp_nodelay': True, 'tcp_nopush': False, 'try_files': {'files': '$uri', 'uri': '/uri', 'code': 'code'}, 'types': [{'mime': 'text/html', 'extensions': 'html'}], 'types_hash_bucket_size': 64, 'types_hash_max_size': 1024, 'underscores_in_headers': False, 'variables_hash_bucket_size': 64, 'variables_hash_max_size': 1024}, 'ssl': {'buffer_size': '16k', 'certificate': '/path/to/file', 'certificate_key': '/path/to/file', 'ciphers': 'HIGH', 'client_certificate': '/path/to/file', 'conf_command': 'command', 'crl': '/path/to/file', 'dhparam': '/path/to/file', 'early_data': False, 'ecdh_curve': 'auto', 'ocsp': False, 'ocsp_cache': {'name': 'cache', 'size': '16k'}, 'ocsp_responder': '<url>', 'password_file': '/path/to/file', 'prefer_server_ciphers': False, 'protocols': 'TLSv1', 'reject_handshake': False, 'session_cache': {'builtin': {'enable': False, 'size': '16k'}}, 'session_ticket_key': '/path/to/file', 'session_tickets': True, 'session_timeout': '5m', 'stapling': False, 'stapling_file': '/path/to/file', 'stapling_responder': '<url>', 'stapling_verify': False, 'trusted_certificate': '/path/to/file', 'verify_client': False, 'verify_depth': 1}, 'app_protect_waf': {'physical_memory_util_thresholds': {'high': 100, 'low': 100}, 'cpu_thresholds': {'high': 100, 'low': 100}, 'failure_mode_action': 'pass', 'cookie_seed': 'encryptionseed', 'compressed_requests_action': 'drop', 'reconnect_period_seconds': 5, 'request_buffer_overflow_action': 'pass', 'user_defined_signatures': '/path/to/file', 'enable': False, 'policy_file': '/path/to/file', 'security_log_enable': False, 'security_log': [{'path': '/path/to/file', 'dest': 'dest'}]}, 'app_protect_dos': {'enable': True, 'policy_file': '/etc/app_protect/conf/BADOSDefaultPolicy.json', 'name': 'samplename', 'monitor': {'uri': 'http://10.1.1.1:5000/monitor', 'protocol': 'http2', 'timeout': 10}, 'security_log_enable': True, 'security_log': {'path': '/etc/app_protect_dos/log-default.json', 'dest': 'syslog:server=10.1.1.1:514'}, 'liveness': {'enable': True, 'uri': 'example.com', 'port': 80}, 'readiness': {'enable': True, 'uri': 'example.com', 'port': 80}}, 'proxy': {'bind': {'address': '0.0.0.0', 'transparent': False}, 'buffer_size': '4k', 'buffering': True, 'buffers': {'number': 8, 'size': '4k'}, 'busy_buffers_size': '8k', 'cache': False, 'cache_background_update': False, 'cache_bypass': '$cookie_seed', 'cache_convert_head': True, 'cache_key': '$scheme$proxy_host$request_uri', 'cache_lock': False, 'cache_lock_age': '5s', 'cache_lock_timeout': '5s', 'cache_max_range_offset': 1, 'cache_methods': 'GET', 'cache_min_uses': 1, 'cache_path': [{'path': '/var/cache/nginx/proxy/backend', 'levels': '1:1', 'use_temp_path': False, 'keys_zone': {'name': 'backend_proxy_cache', 'size': '10m'}, 'inactive': '10m', 'max_size': '2g', 'min_free': '1g', 'manager_files': 100, 'manager_sleep': '500ms', 'manager_threshold': '200ms', 'loader_files': 100, 'loader_sleep': '50ms', 'loader_threshold': '200ms', 'purger': False, 'purger_files': 10, 'purger_sleep': '50ms', 'purger_threshold': '50ms'}], 'cache_purge': 'sample', 'cache_revalidate': False, 'cache_use_stale': False, 'cache_valid': [{'code': 200, 'time': '10m'}, '2m'], 'connect_timeout': '60s', 'cookie_domain': [{'domain': 'localhost', 'replacement': 'example.org'}], 'cookie_flags': {'cookie': 'one', 'flag': ['httponly']}, 'cookie_path': [{'path': '$uri', 'replacement': '$someuri'}], 'force_ranges': False, 'headers_hash_bucket_size': 64, 'headers_hash_max_size': 512, 'hide_header': 'Date', 'http_version': 1.1, 'ignore_client_abort': False, 'ignore_headers': 'X-Accel-Redirect', 'intercept_errors': False, 'limit_rate': 0, 'max_temp_file_size': '1024m', 'method': 'GET', 'next_upstream': False, 'next_upstream_timeout': 0, 'next_upstream_tries': 0, 'no_cache': '$cookie_nocache', 'pass': 'http://127.0.0.1', 'pass_header': 'Date', 'pass_request_body': False, 'pass_request_headers': True, 'read_timeout': '60s', 'redirect': {'original': 'http://upstream:port/two/', 'replacement': '/one/'}, 'request_buffering': False, 'send_lowat': 0, 'send_timeout': '60s', 'set_body': 'body', 'set_header': {'field': 'Host', 'value': '$proxy_host'}, 'socket_keepalive': False, 'ssl_certificate': '/path/to/file', 'ssl_certificate_key': '/path/to/file', 'ssl_ciphers': 'DEFAULT', 'ssl_conf_command': 'command', 'ssl_crl': '/path/to/file', 'ssl_name': '$proxy_host', 'ssl_password_file': '/path/to/file', 'ssl_protocols': 'TLSv1', 'ssl_server_name': False, 'ssl_session_reuse': True, 'ssl_trusted_certificate': '/path/to/file', 'ssl_verify': False, 'ssl_verify_depth': 1, 'store': False, 'store_access': {'user': 'rw', 'group': 'rw', 'all': 'r'}, 'temp_file_write_size': '8k', 'temp_path': {'path': '/var/cache/nginx/proxy/temp', 'level': 2}}, 'grpc': {'bind': {'address': '$remote_addr', 'transparent': True}, 'buffer_size': '4k', 'connect_timeout': '60s', 'hide_header': [], 'ignore_headers': [], 'intercept_errors': False, 'next_upstream': [], 'next_upstream_timeout': 0, 'next_upstream_tries': 0, 'pass': 'uri', 'pass_header': [], 'read_timeout': '60s', 'send_timeout': '60s', 'set_header': [{'field': 'Accept-Encoding', 'value': '""'}], 'socket_keepalive': False, 'ssl_certificate': '/path/to/file', 'ssl_certificate_key': '/path/to/file', 'ssl_ciphers': 'DEFAULT', 'ssl_conf_command': 'command', 'ssl_crl': '/path/to/file', 'ssl_name': 'serverName', 'ssl_password_file': '/path/to/file', 'ssl_protocols': [], 'ssl_server_name': False, 'ssl_session_reuse': True, 'ssl_trusted_certificate': '/path/to/file', 'ssl_verify': False, 'ssl_verify_depth': 1}, 'access': {'allow': 'localhost', 'deny': '192.168.1.100'}, 'auth_basic': {'realm': False, 'user_file': '/path/to/file'}, 'auth_request': {'uri': False, 'set': {'variable': '$temp', 'value': 'auth'}}, 'auth_jwt': {'enable': {'realm': 'realm', 'token': '$cookie_auth_token'}, 'claim_set': [{'variable': '$email', 'name': ['info']}], 'header_set': [{'variable': '$job', 'name': 'info'}], 'key_file': '/path/to/file', 'key_request': '/path/to/file', 'leeway': '0s', 'type': 'signed', 'require': '$valid_jwt_iss'}, 'api': {'enable': {'write': True}, 'status_zone': 'one'}, 'stub_status': True, 'autoindex': {'enable': False, 'exact_size': True, 'format': 'html', 'localtime': False}, 'gzip': {'enable': True, 'buffers': {'number': 32, 'size': '4k'}, 'comp_level': 1, 'disable': [], 'http_version': 1.1, 'min_length': 20, 'proxied': [], 'types': [], 'vary': False}, 'headers': {'add_headers': [{'name': 'Strict-Transport-Security', 'value': '"max-age=15768000; includeSubDomains"', 'always': False}], 'add_trailers': [{'name': 'Strict-Transport-Security', 'value': '"max-age=15768000; includeSubDomains"', 'always': False}], 'expires': {'modified': True, 'time': '12h'}}, 'health_check': {'health_checks': [{'interval': '5s', 'jitter': 0, 'fails': 1, 'passes': 1, 'uri': '/', 'mandatory': False, 'persistent': False, 'match': 'match', 'port': 80, 'grpc_service': 'service', 'grpc_status': 12}], 'match': [{'name': 'name', 'conditions': []}]}, 'keyval': {'keyvals': [{'key': 'key', 'variable': '$var', 'zone': 'one'}], 'zones': [{'name': 'one', 'size': '32k', 'state': '/var/lib/nginx/state/one.keyval', 'timeout': '60m', 'type': 'string', 'sync': False}]}, 'limit_req': {'limit_reqs': [{'zone': 'one', 'burst': 5, 'delay': False}], 'dry_run': False, 'log_level': 'error', 'status': 503, 'zones': [{'key': '$binary_remote_addr', 'name': 'one', 'size': '1m', 'rate': '10r/s', 'sync': False}]}, 'log': {'format': [{'name': 'main', 'escape': 'default', 'format': '\'$remote_addr - $remote_user [$time_local] "$request" \'\n\'$status $body_bytes_sent "$http_referer" \'\n\'"$http_user_agent" "$http_x_forwarded_for"\'\n'}], 'access': [{'path': '/var/log/nginx/access.log', 'format': 'main', 'buffer': '1m', 'gzip': 5, 'flush': '10h', 'if': '$loggable'}], 'error': {'file': '/var/log/nginx/error.log', 'level': 'notice'}, 'open_log_file_cache': {'max': 1000, 'inactive': '20s', 'min_uses': 2, 'valid': '1m'}}, 'rewrite': {'return': {'code': 200, 'text': 'text', 'url': 'https://example.com'}, 'rewrites': [{'regex': '(.*).html(.*)', 'replacement': '$1$2', 'flag': 'last'}], 'log': False, 'set': [{'variable': '$var', 'value': 'var'}], 'uninitialized_variable_warn': True}, 'sub_filter': {'sub_filters': [{'string': 'server_hostname', 'replacement': '$hostname'}], 'last_modified': False, 'once': True, 'types': 'text/html'}, 'custom_directives': ['fastcgi_split_path_info ^(.+\\.php)(/.+)$;', 'fastcgi_pass unix:/run/php/php7.2-fpm.sock;'], 'servers': [{'core': None, 'proxy': None, 'locations': [{'location': '/', 'proxy': None}]}, {'core': None, 'ssl': None, 'locations': [{'location': '/backend', 'core': None}]}]}}) => {"ansible_loop_var": "item", "changed": false, "item": {"config": {"access": {"allow": "localhost", "deny": "192.168.1.100"}, "api": {"enable": {"write": true}, "status_zone": "one"}, "app_protect_dos": {"enable": true, "liveness": {"enable": true, "port": 80, "uri": "example.com"}, "monitor": {"protocol": "http2", "timeout": 10, "uri": "http://10.1.1.1:5000/monitor"}, "name": "samplename", "policy_file": "/etc/app_protect/conf/BADOSDefaultPolicy.json", "readiness": {"enable": true, "port": 80, "uri": "example.com"}, "security_log": {"dest": "syslog:server=10.1.1.1:514", "path": "/etc/app_protect_dos/log-default.json"}, "security_log_enable": true}, "app_protect_waf": {"compressed_requests_action": "drop", "cookie_seed": "encryptionseed", "cpu_thresholds": {"high": 100, "low": 100}, "enable": false, "failure_mode_action": "pass", "physical_memory_util_thresholds": {"high": 100, "low": 100}, "policy_file": "/path/to/file", "reconnect_period_seconds": 5, "request_buffer_overflow_action": "pass", "security_log": [{"dest": "dest", "path": "/path/to/file"}], "security_log_enable": false, "user_defined_signatures": "/path/to/file"}, "auth_basic": {"realm": false, "user_file": "/path/to/file"}, "auth_jwt": {"claim_set": [{"name": ["info"], "variable": "$email"}], "enable": {"realm": "realm", "token": "$cookie_auth_token"}, "header_set": [{"name": "info", "variable": "$job"}], "key_file": "/path/to/file", "key_request": "/path/to/file", "leeway": "0s", "require": "$valid_jwt_iss", "type": "signed"}, "auth_request": {"set": {"value": "auth", "variable": "$temp"}, "uri": false}, "autoindex": {"enable": false, "exact_size": true, "format": "html", "localtime": false}, "core": {"absolute_redirect": true, "aio": {"threads": true}, "aio_write": false, "alias": "path", "auth_delay": "0s", "chunked_transfer_encoding": true, "client_body_buffer_size": "8k", "client_body_in_file_only": false, "client_body_in_single_buffer": false, "client_body_temp_path": {"level": 2, "path": "/var/cache/nginx"}, "client_body_timeout": "60s", "client_header_buffer_size": "1k", "client_header_timeout": "60s", "client_max_body_size": "1m", "connection_pool_size": 256, "default_type": "text/plain", "directio": false, "directio_alignment": 512, "disable_symlinks": {"check": "on", "from": "$document_root"}, "error_page": [{"code": [404], "response": 404, "uri": "/404.html"}], "etag": true, "if_modified_since": "exact", "ignore_invalid_headers": true, "include": "path", "index": "path", "internal": false, "keepalive_disable": "msie6", "keepalive_requests": 1000, "keepalive_time": "1h", "keepalive_timeout": {"header_timeout": "75s", "timeout": "75s"}, "large_client_header_buffers": {"number": 4, "size": "8k"}, "limit_except": {"directive": ["allow all"], "method": "GET"}, "limit_rate": 0, "limit_rate_after": 0, "lingering_close": true, "lingering_time": "30s", "lingering_timeout": "5s", "listen": [{"address": "0.0.0.0", "backlog": 511, "bind": false, "default_server": true, "deffered": false, "fastopen": 12, "http2": false, "ipv6only": false, "port": 80, "proxy_protocol": false, "rcvbuf": 512, "reuseport": false, "sndbuf": 512, "so_keepalive": {"keepcnt": 10, "keepidle": "30m", "keepintvl": 5}, "spdy": false, "ssl": false}], "log_not_found": true, "log_subrequest": false, "max_ranges": 0, "merge_slashes": true, "msie_padding": true, "msie_refresh": false, "open_file_cache": {"inactive": "60s", "max": 10}, "open_file_cache_errors": false, "open_file_cache_min_uses": 1, "open_file_cache_valid": "60s", "output_buffers": {"number": 2, "size": "32k"}, "port_in_redirect": true, "postpone_output": 1460, "read_ahead": 0, "recursive_error_pages": false, "request_pool_size": "4k", "reset_timedout_connection": false, "resolver": {"address": "127.0.0.1", "ipv6": false, "status_zone": "zone", "valid": "60s"}, "resolver_timeout": "30s", "root": "html", "satisfy": "all", "send_lowat": 0, "send_timeout": "60s", "sendfile": false, "sendfile_max_chunk": 0, "server_name": "", "server_name_in_redirect": false, "server_names_hash_bucket_size": 32, "server_names_hash_max_size": 512, "server_tokens": true, "subrequest_output_buffer_size": "4k", "tcp_nodelay": true, "tcp_nopush": false, "try_files": {"code": "code", "files": "$uri", "uri": "/uri"}, "types": [{"extensions": "html", "mime": "text/html"}], "types_hash_bucket_size": 64, "types_hash_max_size": 1024, "underscores_in_headers": false, "variables_hash_bucket_size": 64, "variables_hash_max_size": 1024}, "custom_directives": ["fastcgi_split_path_info ^(.+\\.php)(/.+)$;", "fastcgi_pass unix:/run/php/php7.2-fpm.sock;"], "grpc": {"bind": {"address": "$remote_addr", "transparent": true}, "buffer_size": "4k", "connect_timeout": "60s", "hide_header": [], "ignore_headers": [], "intercept_errors": false, "next_upstream": [], "next_upstream_timeout": 0, "next_upstream_tries": 0, "pass": "uri", "pass_header": [], "read_timeout": "60s", "send_timeout": "60s", "set_header": [{"field": "Accept-Encoding", "value": "\"\""}], "socket_keepalive": false, "ssl_certificate": "/path/to/file", "ssl_certificate_key": "/path/to/file", "ssl_ciphers": "DEFAULT", "ssl_conf_command": "command", "ssl_crl": "/path/to/file", "ssl_name": "serverName", "ssl_password_file": "/path/to/file", "ssl_protocols": [], "ssl_server_name": false, "ssl_session_reuse": true, "ssl_trusted_certificate": "/path/to/file", "ssl_verify": false, "ssl_verify_depth": 1}, "gzip": {"buffers": {"number": 32, "size": "4k"}, "comp_level": 1, "disable": [], "enable": true, "http_version": 1.1, "min_length": 20, "proxied": [], "types": [], "vary": false}, "headers": {"add_headers": [{"always": false, "name": "Strict-Transport-Security", "value": "\"max-age=15768000; includeSubDomains\""}], "add_trailers": [{"always": false, "name": "Strict-Transport-Security", "value": "\"max-age=15768000; includeSubDomains\""}], "expires": {"modified": true, "time": "12h"}}, "health_check": {"health_checks": [{"fails": 1, "grpc_service": "service", "grpc_status": 12, "interval": "5s", "jitter": 0, "mandatory": false, "match": "match", "passes": 1, "persistent": false, "port": 80, "uri": "/"}], "match": [{"conditions": [], "name": "name"}]}, "keyval": {"keyvals": [{"key": "key", "variable": "$var", "zone": "one"}], "zones": [{"name": "one", "size": "32k", "state": "/var/lib/nginx/state/one.keyval", "sync": false, "timeout": "60m", "type": "string"}]}, "limit_req": {"dry_run": false, "limit_reqs": [{"burst": 5, "delay": false, "zone": "one"}], "log_level": "error", "status": 503, "zones": [{"key": "$binary_remote_addr", "name": "one", "rate": "10r/s", "size": "1m", "sync": false}]}, "log": {"access": [{"buffer": "1m", "flush": "10h", "format": "main", "gzip": 5, "if": "$loggable", "path": "/var/log/nginx/access.log"}], "error": {"file": "/var/log/nginx/error.log", "level": "notice"}, "format": [{"escape": "default", "format": "'$remote_addr - $remote_user [$time_local] \"$request\" '\n'$status $body_bytes_sent \"$http_referer\" '\n'\"$http_user_agent\" \"$http_x_forwarded_for\"'\n", "name": "main"}], "open_log_file_cache": {"inactive": "20s", "max": 1000, "min_uses": 2, "valid": "1m"}}, "proxy": {"bind": {"address": "0.0.0.0", "transparent": false}, "buffer_size": "4k", "buffering": true, "buffers": {"number": 8, "size": "4k"}, "busy_buffers_size": "8k", "cache": false, "cache_background_update": false, "cache_bypass": "$cookie_seed", "cache_convert_head": true, "cache_key": "$scheme$proxy_host$request_uri", "cache_lock": false, "cache_lock_age": "5s", "cache_lock_timeout": "5s", "cache_max_range_offset": 1, "cache_methods": "GET", "cache_min_uses": 1, "cache_path": [{"inactive": "10m", "keys_zone": {"name": "backend_proxy_cache", "size": "10m"}, "levels": "1:1", "loader_files": 100, "loader_sleep": "50ms", "loader_threshold": "200ms", "manager_files": 100, "manager_sleep": "500ms", "manager_threshold": "200ms", "max_size": "2g", "min_free": "1g", "path": "/var/cache/nginx/proxy/backend", "purger": false, "purger_files": 10, "purger_sleep": "50ms", "purger_threshold": "50ms", "use_temp_path": false}], "cache_purge": "sample", "cache_revalidate": false, "cache_use_stale": false, "cache_valid": [{"code": 200, "time": "10m"}, "2m"], "connect_timeout": "60s", "cookie_domain": [{"domain": "localhost", "replacement": "example.org"}], "cookie_flags": {"cookie": "one", "flag": ["httponly"]}, "cookie_path": [{"path": "$uri", "replacement": "$someuri"}], "force_ranges": false, "headers_hash_bucket_size": 64, "headers_hash_max_size": 512, "hide_header": "Date", "http_version": 1.1, "ignore_client_abort": false, "ignore_headers": "X-Accel-Redirect", "intercept_errors": false, "limit_rate": 0, "max_temp_file_size": "1024m", "method": "GET", "next_upstream": false, "next_upstream_timeout": 0, "next_upstream_tries": 0, "no_cache": "$cookie_nocache", "pass": "http://127.0.0.1", "pass_header": "Date", "pass_request_body": false, "pass_request_headers": true, "read_timeout": "60s", "redirect": {"original": "http://upstream:port/two/", "replacement": "/one/"}, "request_buffering": false, "send_lowat": 0, "send_timeout": "60s", "set_body": "body", "set_header": {"field": "Host", "value": "$proxy_host"}, "socket_keepalive": false, "ssl_certificate": "/path/to/file", "ssl_certificate_key": "/path/to/file", "ssl_ciphers": "DEFAULT", "ssl_conf_command": "command", "ssl_crl": "/path/to/file", "ssl_name": "$proxy_host", "ssl_password_file": "/path/to/file", "ssl_protocols": "TLSv1", "ssl_server_name": false, "ssl_session_reuse": true, "ssl_trusted_certificate": "/path/to/file", "ssl_verify": false, "ssl_verify_depth": 1, "store": false, "store_access": {"all": "r", "group": "rw", "user": "rw"}, "temp_file_write_size": "8k", "temp_path": {"level": 2, "path": "/var/cache/nginx/proxy/temp"}}, "rewrite": {"log": false, "return": {"code": 200, "text": "text", "url": "https://example.com"}, "rewrites": [{"flag": "last", "regex": "(.*).html(.*)", "replacement": "$1$2"}], "set": [{"value": "var", "variable": "$var"}], "uninitialized_variable_warn": true}, "servers": [{"core": null, "locations": [{"location": "/", "proxy": null}], "proxy": null}, {"core": null, "locations": [{"core": null, "location": "/backend"}], "ssl": null}], "ssl": {"buffer_size": "16k", "certificate": "/path/to/file", "certificate_key": "/path/to/file", "ciphers": "HIGH", "client_certificate": "/path/to/file", "conf_command": "command", "crl": "/path/to/file", "dhparam": "/path/to/file", "early_data": false, "ecdh_curve": "auto", "ocsp": false, "ocsp_cache": {"name": "cache", "size": "16k"}, "ocsp_responder": "<url>", "password_file": "/path/to/file", "prefer_server_ciphers": false, "protocols": "TLSv1", "reject_handshake": false, "session_cache": {"builtin": {"enable": false, "size": "16k"}}, "session_ticket_key": "/path/to/file", "session_tickets": true, "session_timeout": "5m", "stapling": false, "stapling_file": "/path/to/file", "stapling_responder": "<url>", "stapling_verify": false, "trusted_certificate": "/path/to/file", "verify_client": false, "verify_depth": 1}, "stub_status": true, "sub_filter": {"last_modified": false, "once": true, "sub_filters": [{"replacement": "$hostname", "string": "server_hostname"}], "types": "text/html"}, "upstreams": [{"hash": {"consistent": false, "key": "key"}, "ip_hash": false, "keepalive": 32, "keepalive_requests": 100, "keepalive_time": "1h", "keepalive_timeout": "60s", "least_conn": false, "least_time": {"inflight": false, "response": "last_byte"}, "name": "backend", "ntlm": false, "queue": {"number": 10, "timeout": "60s"}, "random": {"method": "least_time=last_byte", "two": true}, "resolver": {"address": [], "ipv6": false, "status_zone": "backend_mem_zone", "valid": "30s"}, "resolver_timeout": "30s", "servers": [{"address": "localhost", "backup": false, "down": false, "drain": false, "fail_timeout": "10s", "max_conns": 0, "max_fails": 1, "resolve": false, "route": "a", "service": "http", "slow_start": "0s", "weight": 1}], "state": "/var/lib/nginx/state/servers.conf", "sticky_cookie": {"domain": "example.com", "expires": "1d", "httponly": false, "name": "cookie", "path": "path", "samesite": "none", "secure": true}, "sticky_learn": {"create": [], "header": false, "lookup": [], "sync": false, "timeout": "10m", "zone": {"name": "client_sessions", "size": "1m"}}, "sticky_route": [], "zone": {"name": "backend_mem_zone", "size": "64k"}}]}, "deployment_location": "/etc/nginx/conf.d/default.conf", "template_file": "http/default.conf.j2"}, "msg": "AnsibleUndefinedVariable: the inline if-expression on line 71 in 'http/ssl.j2' evaluated to false and no else section was defined."}

# https://github.com/nginxinc/ansible-role-nginx
- name: Install NGINX
  include_role:
    name: nginxinc.nginx
  vars:
    nginx_install_from: os_repository
    nginx_start: false
    nginx_type: opensource
    nginx_state: present

# https://github.com/nginxinc/ansible-role-nginx-config
- name: Configure NGINX
  include_role:
    name: nginxinc.nginx_config
  vars:
    nginx_config_start: false
    nginx_config_cleanup: true
    nginx_config_debug_output: true
    nginx_config_debug_tasks: true

    # top level nginx configuration
    nginx_config_main_template_enable: true
    nginx_config_main_template:
      template_file: nginx.conf.j2
      conf_file_name: nginx.conf
      conf_file_location: /etc/nginx/
      worker_connections: 1024
      http_custom_includes:
        - "/etc/nginx/sites-enabled/*.conf"
      user: www-data
      worker_processes: auto
      pid: /var/run/nginx.pid

      # http configuration section
      http_enable: true
      http_settings:
        grpc_global:
          bind:
            address: $remote_addr
            transparent: false
          buffer_size: 4k
          connect_timeout: 60s
[...]