Skip to content

Commit 4ffc614

Browse files
aknot242aknot242
authored
Merge pull request #7 from nginxinc/selinux-doc-updates
var and documentation updates
2 parents df73af5 + ecad82a commit 4ffc614

File tree

4 files changed

+13
-6
lines changed

4 files changed

+13
-6
lines changed

README.md

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -100,6 +100,13 @@ This is a sample playbook file for using the role to install NGINX App Protect o
100100
# Default is present.
101101
app_protect_state: present
102102

103+
# OPTIONAL: Installs a specific version of NGINX App Protect
104+
app_protect_version: 21
105+
106+
# Enable enforcing selinux (you may need to open ports on your own)
107+
# WARNING: If this is set to false and you are installing NGINX Protect on a system with SELinux enforced, NGINX App Protect may fail to load.
108+
app_protect_selinux: false
109+
103110
# The installation of NGINX App Protect includes a base signature set, which may be out of date.
104111
# This option installs the latest NGINX App Protect signatures.
105112
app_protect_install_signatures: true

defaults/main.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,12 @@
99
# Default is present.
1010
app_protect_state: present
1111

12-
# # OPTIONAL - Installs a specific version of NGINX App Protect
12+
# # OPTIONAL: Installs a specific version of NGINX App Protect
1313
# app_protect_version: 20
1414

15+
# Enable enforcing selinux (you may need to open ports on your own)
16+
app_protect_selinux: false
17+
1518
# The installation of NGINX App Protect includes a base signature set, which may be out of date.
1619
# This option installs the latest NGINX App Protect signatures.
1720
app_protect_install_signatures: true
@@ -84,6 +87,3 @@ log_policy_syslog_target: 127.0.0.1:514
8487

8588
nginx_demo_workload_protocol: http://
8689
nginx_demo_workload_host: 10.1.1.1:8080
87-
88-
# Enable enforcing selinux (you may need to open ports on your own)
89-
nginx_selinux: false

tasks/prerequisites/setup-centos.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,4 +6,4 @@
66

77
- name: "(Install: CentOS) Setup SELinux"
88
import_tasks: setup-selinux.yml
9-
when: nginx_selinux
9+
when: app_protect_selinux

tasks/prerequisites/setup-selinux.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
selinux:
99
state: permissive
1010
policy: targeted
11-
when: nginx_selinux
11+
when: app_protect_selinux
1212

1313
- name: "(Install: SELinux: Booleans) Allow HTTP network connection"
1414
seboolean:

0 commit comments

Comments
 (0)