You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
# Specify whether you want to maintain your version of NGINX App Protect, upgrade to the latest version, or remove NGINX App Protect.
3
+
# Can be used with `app_protect_version` to achieve fine grained control on which version of NGINX App Protect is installed/used on each playbook execution.
4
+
# Using 'present' will install the latest version (or 'app_protect_version') of NGINX App Protect on a fresh install.
5
+
# Using 'latest' will upgrade NGINX App Protect to the latest version (that matches your 'app_protect_version') of NGINX App Protect on every playbook execution.
6
+
# Using 'absent' will remove NGINX App Protect from your system.
7
+
# Default is present.
8
+
app_protect_state: present
9
+
10
+
# OPTIONAL: Installs a specific version of NGINX App Protect
11
+
#app_protect_version: 22
12
+
13
+
# The installation of NGINX App Protect includes a base signature set, which may be out of date.
14
+
# This option installs the latest NGINX App Protect signatures.
15
+
app_protect_install_signatures: true
16
+
17
+
# The installation of NGINX App Protect can include a page of frequently-updated, high-accuracy signatures called Threat Campaigns.
18
+
# This option installs the latest NGINX App Protect Threat Campaigns signatures.
19
+
app_protect_install_threat_campaigns: true
20
+
21
+
# Creates basic configuration files and enables NGINX App Protect on the target host
22
+
app_protect_configure: true
23
+
24
+
# Removes the license (certificate and key) for the NGINX App Protect repositories on the target host(s) when playbook run is complete.
25
+
app_protect_delete_license: true
26
+
27
+
# If you have a RHEL subscription, NGINX App Protect's dependencies will use subscription repos.
28
+
# Otherwise, it will source packages from CentOS' repositories.
29
+
app_protect_use_rhel_subscription_repos: false
30
+
31
+
# For use with the app_protect_configure option to determine if the default security policy will be written to the target host
32
+
# Used when `app_protect_configure: true`.
33
+
app_protect_security_policy_template_enable: true
34
+
35
+
# Default app protect enforcement mode. Values can be `blocking` or `transparent`.
36
+
# Used when `app_protect_configure: true` and `app_protect_security_policy_template_enable: true`.
37
+
security_policy_enforcement_mode: blocking
38
+
39
+
# For use with the app_protect_configure option to determine if the default log policy will be written to the target host.
40
+
# Used when `app_protect_configure: true`.
41
+
app_protect_log_policy_template_enable: true
42
+
43
+
# Which violation types to log. Possible values: all, illegal, blocked
44
+
# Used when `app_protect_configure: true` and `app_protect_log_policy_template_enable: true`.
45
+
log_policy_filter_request_type: all
46
+
47
+
# For use with the app_protect_configure option to determine if the sample nginx.conf will be written to the target host.
48
+
# Since this can be dangerous, this value is default to false in the role defaults.
49
+
# Used when `app_protect_configure: true`.
50
+
nginx_conf_template_enable: true
51
+
52
+
# For use with the app_protect_configure option to determine the syslog target to be injected
53
+
# into the default log policy that will be written to the target host.
54
+
# Used when `nginx_conf_template_enable: true`.
55
+
log_policy_syslog_target: 10.0.0.2:514
56
+
57
+
# DEPRECATED: A proxy pass workload used in the sample nginx.conf for demo purposes.
58
+
# Will be removed from this role in the future.
59
+
# Used when `nginx_conf_template_enable: true`.
60
+
nginx_demo_workload: http://10.0.0.3:88
61
+
62
+
# The location of the certificate and key to be used when downloading the packages onto the host
0 commit comments