🚀 Initial release: Complete Ansible LEMP WordPress automation

 Features:
- Complete LEMP stack automation
- WordPress with WP-CLI
- Redis Object Cache (50% performance boost)
- Multi-OS support
- SSL/Let's Encrypt integration
- Security hardening
- Enterprise features
- Docker testing environment
- GitHub Actions CI/CD
- Comprehensive documentation

🧪 Fully tested and production-ready

Copyright (c) 2025 Sebastian Palencsár
This commit is contained in:
Sebastian Palencsár
2025-06-18 18:24:03 +02:00
commit 573224a36b
61 changed files with 6629 additions and 0 deletions

155
templates/nginx.conf.j2 Normal file
View File

@@ -0,0 +1,155 @@
# Nginx main configuration for WordPress optimization
# Generated by Ansible
user {{ nginx_user }};
worker_processes {{ nginx_worker_processes | default('auto') }};
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
# Worker settings
worker_rlimit_nofile {{ nginx_worker_rlimit_nofile | default('65535') }};
events {
worker_connections {{ nginx_worker_connections | default('1024') }};
use epoll;
multi_accept on;
}
http {
# Basic Settings
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout {{ nginx_keepalive_timeout | default('65') }};
types_hash_max_size 2048;
server_tokens off;
# File upload settings
client_max_body_size {{ nginx_client_max_body_size | default('64M') }};
client_body_buffer_size {{ nginx_client_body_buffer_size | default('128k') }};
client_header_buffer_size {{ nginx_client_header_buffer_size | default('1k') }};
large_client_header_buffers {{ nginx_large_client_header_buffers | default('2 1k') }};
# Timeouts
client_body_timeout {{ nginx_client_body_timeout | default('12') }};
client_header_timeout {{ nginx_client_header_timeout | default('12') }};
send_timeout {{ nginx_send_timeout | default('10') }};
# MIME types
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Logging Settings
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" '
'$request_time $upstream_response_time';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
# Gzip Settings
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level {{ nginx_gzip_comp_level | default('6') }};
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
# Brotli compression (if available)
{% if nginx_brotli_enabled | default(false) %}
brotli on;
brotli_comp_level 6;
brotli_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-opentype
application/x-font-truetype
application/x-font-ttf
application/x-javascript
application/xhtml+xml
application/xml
font/eot
font/opentype
font/otf
font/truetype
image/svg+xml
image/vnd.microsoft.icon
image/x-icon
image/x-win-bitmap
text/css
text/javascript
text/plain
text/xml;
{% endif %}
# Rate Limiting Zones
limit_req_zone $binary_remote_addr zone=login:10m rate={{ nginx_login_rate_limit | default('1r/m') }};
limit_req_zone $binary_remote_addr zone=admin:10m rate={{ nginx_admin_rate_limit | default('5r/m') }};
limit_req_zone $binary_remote_addr zone=api:10m rate={{ nginx_api_rate_limit | default('10r/m') }};
limit_req_zone $binary_remote_addr zone=search:10m rate={{ nginx_search_rate_limit | default('3r/m') }};
# Connection limiting
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_conn_zone $server_name zone=conn_limit_per_server:10m;
# FastCGI Cache Settings
{% if nginx_fastcgi_cache_enabled | default(true) %}
fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=wordpress:{{ nginx_fastcgi_cache_size | default('100m') }}
max_size={{ nginx_fastcgi_cache_max_size | default('1g') }}
inactive={{ nginx_fastcgi_cache_inactive | default('60m') }}
use_temp_path=off;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
{% endif %}
# SSL Settings
{% if enable_ssl is defined and enable_ssl %}
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
{% endif %}
# Security Headers (include in server blocks)
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
~font/ max;
}
# Include additional configurations
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}