0.9.0

👾 Help make the NGINX App Protect Ansible role better by participating in our survey! 👾

What's new in NGINX's App Protect Ansible role 0.9.0!

🚀 Features

• Validate role variables (#236) @alessfg
• Update list of supported platforms (#234) @alessfg
• Refactor how supported distributions are checked (#233) @alessfg

🎉 Enhancements

• Refactor Ansible facts from dot to array notation (#237) @alessfg

🐛 Bug Fixes

• Replace non-existent GitHub actions key (#238) @alessfg

🧪 Tests

• Use amd64 platform for Molecule tests (#231) @alessfg
• Update GitHub actions to use Ubuntu 22.04 (#229) @alessfg

⬆️ Dependencies

• Bump ansible-core from 2.13.4 to 2.14.1 in /.github/workflows/requirements (#226, #214) @dependabot
• Bump ansible-lint from 6.7.0 to 6.11.0 in /.github/workflows/requirements (#235, #228, #216) @dependabot
• Bump yamllint from 1.28.0 to 1.29.0 in /.github/workflows/requirements (#232) @dependabot
• Bump molecule[docker] from 4.0.1 to 4.0.4 in /.github/workflows/requirements (#225, #215) @dependabot
• Bump docker from 6.0.0 to 6.0.1 in /.github/workflows/requirements (#220) @dependabot
• Bump Ansible collections (#230) @alessfg

Install & Upgrade

• To install the Ansible NGINX App Protect role on a fresh environment, run ansible-galaxy install nginxinc.nginx_app_protect.
• To upgrade the Ansible NGINX App Protect role to the latest release, run ansible-galaxy install -f nginxinc.nginx_app_protect.
• To install or upgrade to this specific Ansible NGINX App Protect role release (0.9.0), run ansible-galaxy install -f nginxinc.nginx_app_protect,v0.9.0.

Resources

• Functional configuration examples (check converge.yml under each molecule scenario) -- github.com/nginxinc/ansible-role-nginx-app-protect/tree/0.9.0/molecule.
• Ansible Galaxy repository -- galaxy.ansible.com/nginxinc/nginx_app_protect.
• NGINX Ansible role & collection introductory blog -- nginx.com/blog/announcing-nginx-core-collection-ansible.
• NGINX: Better with Ansible demo -- github.com/alessfg/nginx-ansible-demo.

0.8.1

👾 Help make the NGINX App Protect Ansible role better by participating in our survey! 👾

What's new in NGINX's App Protect Ansible role 0.8.1!

🚀 Features

• Add support for RHEL 8.6 (#212) @alessfg
• Add support for new NAP DoS distros (Alpine Linux and Debian bullseye) (#209) @alessfg
• Check NGINX App Protect license is valid before trying to install NGINX App Protect (#209) @alessfg

🧪 Tests

• Skip GH action plus tests only when secrets aren't present (#204) @alessfg
• Remove Yamllint check from Molecule (#198) @alessfg

⬆️ Dependencies

• Bump ansible-core from 2.12.4 to 2.13.4 in /.github/workflows/requirements (#207, #200, #197, #194, #187, #184) @dependabot
• Bump jinja2 from 3.1.1 to 3.1.2 in /.github/workflows/requirements (#185) @dependabot
• Bump ansible-lint from 6.0.2 to 6.7.0 in /.github/workflows/requirements (#211, #203, #199, #192, #189, #188) @dependabot
• Bump yamllint from 1.26.3 to 1.28.0 in /.github/workflows/requirements (#206, #195) @dependabot
• Bump molecule[docker] from 3.6.1 to 4.0.1 in /.github/workflows/requirements (#196, #193) @dependabot
• Bump docker from 5.0.3 to 6.0.0 in /.github/workflows/requirements (#201) @dependabot
• Bump Ansible collections (#205, #190) @alessfg

Install & Upgrade

• To install the Ansible NGINX App Protect role on a fresh environment, run ansible-galaxy install nginxinc.nginx_app_protect.
• To upgrade the Ansible NGINX App Protect role to the latest release, run ansible-galaxy install -f nginxinc.nginx_app_protect.
• To install or upgrade to this specific Ansible NGINX App Protect role release (0.8.1), run ansible-galaxy install -f nginxinc.nginx_app_protect,v0.8.1.

Resources

• Functional configuration examples (check converge.yml under each molecule scenario) -- github.com/nginxinc/ansible-role-nginx-app-protect/tree/0.8.1/molecule.
• Ansible Galaxy repository -- galaxy.ansible.com/nginxinc/nginx_app_protect.
• NGINX Ansible role & collection introductory blog -- nginx.com/blog/announcing-nginx-core-collection-ansible.
• NGINX: Better with Ansible demo -- github.com/alessfg/nginx-ansible-demo.

0.8.0

👾 Help make the NGINX App Protect Ansible role better by participating in our survey! 👾

What's new in NGINX's App Protect Ansible role 0.8.0!

💣 Breaking Changes

• Add TimeoutStartSec parameter to set timeout for service starts (#182, #178) @alessfg
• Remove nginx_app_protect_configure parameter (#167) @alessfg

🚀 Features

• Add support for enabling SELinux on RHEL based systems (#180) @alessfg
• Add RHEL support for nap dos 2.1 release (#159) @aknot242

🎉 Enhancements

• Rename modules to use Ansible FQCNs (#174) @alessfg

🐛 Bug Fixes

• Ansible check mode fails if NGINX is not installed (#171) @alessfg

⬆️ Dependencies

• Bump Ansible collections (#183, #181) @alessfg
• Bump ansible-core from 2.12.2 to 2.12.4 in /.github/workflows/requirements (#177, #169) @dependabot
• Bump ansible-lint from 5.4.0 to 6.0.2 in /.github/workflows/requirements (#176, #173) @dependabot
• Bump jinja2 from 3.0.3 to 3.1.1 in /.github/workflows/requirements (#175) @dependabot
• Rename modules to use Ansible FQCNs (#174) @alessfg
• Bump actions/checkout from 2.4.0 to 3 (#170) @dependabot
• Bump actions/setup-python from 2.3.2 to 3.0.0 (#168) @dependabot

Install & Upgrade

• To install the Ansible NGINX App Protect role on a fresh environment, run ansible-galaxy install nginxinc.nginx_app_protect.
• To upgrade the Ansible NGINX App Protect role to the latest release, run ansible-galaxy install -f nginxinc.nginx_app_protect.
• To install or upgrade to this specific Ansible NGINX App Protect role release (0.8.0), run ansible-galaxy install -f nginxinc.nginx_app_protect,v0.8.0.

Resources

• Functional configuration examples (check converge.yml under each molecule scenario) -- github.com/nginxinc/ansible-role-nginx-app-protect/tree/0.8.0/molecule.
• Ansible Galaxy repository -- galaxy.ansible.com/nginxinc/nginx_app_protect.
• NGINX Ansible role & collection introductory blog -- nginx.com/blog/announcing-nginx-core-collection-ansible.
• NGINX: Better with Ansible demo -- github.com/alessfg/nginx-ansible-demo.

0.7.1

👾 Help make the NGINX App Protect Ansible role better by participating in our survey! 👾

What's new in NGINX's App Protect Ansible role 0.7.1!

🎉 Enhancements

Add signing keys to a unique NGINX keyring on Debian based systems (#158) @alessfg

🐛 Bug Fixes

License and keys should now be correctly setup when neither signatures or threat campaigns are installed (#158) @alessfg

⬆️ Dependencies

• Bump Ansible collections (#166) @alessfg
• Bump ansible-core from 2.11.6 to 2.12.2 in /.github/workflows/requirements (#162, #156, #152) @dependabot
• Bump jinja2 from 3.0.2 to 3.0.3 in /.github/workflows/requirements (#151) @dependabot
• Bump molecule[docker] from 3.5.2 to 3.6.1 in /.github/workflows/requirements (#165, #163) @dependabot
• Bump ansible-lint from 5.2.1 to 5.4.0 in /.github/workflows/requirements (#164, #160, #157, #155) @dependabot
• Bump actions/setup-python from 2.2.2 to 2.3.2 (#161, #154, #153) @dependabot
• Bump actions/checkout from 2.3.5 to 2.4.0 (#150) @dependabot

Install & Upgrade

• To install the Ansible NGINX App Protect role on a fresh environment, run ansible-galaxy install nginxinc.nginx_app_protect.
• To upgrade the Ansible NGINX App Protect role to the latest release, run ansible-galaxy install -f nginxinc.nginx_app_protect.
• To install or upgrade to this specific Ansible NGINX App Protect role release (0.7.1), run ansible-galaxy install -f nginxinc.nginx_app_protect,v0.7.1.

Resources

• Functional configuration examples (check converge.yml under each molecule scenario) -- github.com/nginxinc/ansible-role-nginx-app-protect/tree/0.7.1/molecule.
• Ansible Galaxy repository -- galaxy.ansible.com/nginxinc/nginx_app_protect.
• NGINX Ansible role & collection introductory blog -- nginx.com/blog/announcing-nginx-core-collection-ansible.
• NGINX: Better with Ansible demo -- github.com/alessfg/nginx-ansible-demo.

0.7.0

👾 Help make the NGINX App Protect Ansible role better by participating in our survey! 👾

What's new in NGINX's App Protect Ansible role 0.7.0!

💣 Breaking Changes

• Support multiple policy files for both NAP WAF & NAP DoS (#146) @alessfg

🐛 Bug Fixes

• Add NGINX App Protect DoS to the NAP uninstall tasks (#148) @alessfg
• Replace nginx_license_status with the correct variable (#147) @alessfg

Install & Upgrade

• To install the Ansible NGINX App Protect role on a fresh environment, run ansible-galaxy install nginxinc.nginx_app_protect.
• To upgrade the Ansible NGINX App Protect role to the latest release, run ansible-galaxy install -f nginxinc.nginx_app_protect.
• To install or upgrade to this specific Ansible NGINX App Protect role release (0.7.0), run ansible-galaxy install -f nginxinc.nginx_app_protect,v0.7.0.

Resources

• Functional configuration examples (check converge.yml under each molecule scenario) -- github.com/nginxinc/ansible-role-nginx-app-protect/tree/0.7.0/molecule.
• Ansible Galaxy repository -- galaxy.ansible.com/nginxinc/nginx_app_protect.
• NGINX Ansible role & collection introductory blog -- nginx.com/blog/announcing-nginx-core-collection-ansible.
• NGINX: Better with Ansible demo -- github.com/alessfg/nginx-ansible-demo.

0.6.2

👾 Help make the NGINX App Protect Ansible role better by participating in our survey! 👾

What's new in NGINX's App Protect Ansible role 0.6.2!

🎉 Enhancements

• Remove Alpine 3.10 from the list of supported platforms (#140) @alessfg
• Move non NGINX App Protect specific dependencies from the role into the Molecule Dockerfile (#133) @alessfg

🐛 Bug Fixes

Always update NAP dependencies to the latest available version (#133) @alessfg

⬆️ Dependencies

• Bump Ansible collections (#145) @alessfg
• Bump ansible-lint from 5.1.3 to 5.2.1 in /.github/workflows/requirements (#144, #131) @dependabot
• Bump ansible-core from 2.11.5 to 2.11.6 in /.github/workflows/requirements (#143) @dependabot
• Bump actions/checkout from 2.3.4 to 2.3.5 (#142) @dependabot
• Bump docker from 5.0.2 to 5.0.3 in /.github/workflows/requirements (#137) @dependabot
• Bump molecule[docker] from 3.5.1 to 3.5.2 in /.github/workflows/requirements (#135) @dependabot
• Bump jinja2 from 3.0.1 to 3.0.2 in /.github/workflows/requirements (#132) @dependabot

Install & Upgrade

• To install the Ansible NGINX App Protect role on a fresh environment, run ansible-galaxy install nginxinc.nginx_app_protect.
• To upgrade the Ansible NGINX App Protect role to the latest release, run ansible-galaxy install -f nginxinc.nginx_app_protect.
• To install or upgrade to this specific Ansible NGINX App Protect role release (0.6.2), run ansible-galaxy install -f nginxinc.nginx_app_protect,v0.6.2.

Resources

• Functional configuration examples (check converge.yml under each molecule scenario) -- github.com/nginxinc/ansible-role-nginx-app-protect/tree/0.6.2/molecule.
• Ansible Galaxy repository -- galaxy.ansible.com/nginxinc/nginx_app_protect.
• NGINX Ansible role & collection introductory blog -- nginx.com/blog/announcing-nginx-core-collection-ansible.
• NGINX: Better with Ansible demo -- github.com/alessfg/nginx-ansible-demo.

0.6.1

👾 Help make the NGINX App Protect Ansible role better by participating in our survey! 👾

What's new in NGINX's App Protect Ansible role 0.6.1!

🎉 Enhancements

• Remove Debian Stretch from supported platforms (#130) @alessfg

🐛 Bug Fixes

• Temporarily install NGINX Plus R24 in Molecule tests (#130) @alessfg
• Fix license removal step (#122) @aknot242

⬆️ Dependencies

• Bump Ansible collections (#128) @alessfg
• Bump molecule[docker] from 3.3.4 to 3.5.1 in /.github/workflows/requirements (#127, #118) @dependabot
• Bump ansible-core from 2.11.2 to 2.11.5 in /.github/workflows/requirements (#126, #120, #116) @dependabot
• Bump docker from 5.0.0 to 5.0.2 in /.github/workflows/requirements (#125) @dependabot
• Bump ansible-lint from 5.0.12 to 5.1.3 in /.github/workflows/requirements (#123, #115) @dependabot
• Bump yamllint from 1.26.1 to 1.26.3 in /.github/workflows/requirements (#121, #117) @dependabot

Install & Upgrade

• To install the Ansible NGINX App Protect role on a fresh environment, run ansible-galaxy install nginxinc.nginx_app_protect.
• To upgrade the Ansible NGINX App Protect role to the latest release, run ansible-galaxy install -f nginxinc.nginx_app_protect.
• To install or upgrade to this specific Ansible NGINX App Protect role release (0.6.1), run ansible-galaxy install -f nginxinc.nginx_app_protect,v0.6.1.

Resources

• Functional configuration examples (check converge.yml under each molecule scenario) -- github.com/nginxinc/ansible-role-nginx-app-protect/tree/0.6.1/molecule.
• Ansible Galaxy repository -- galaxy.ansible.com/nginxinc/nginx_app_protect.
• NGINX Ansible role & collection introductory blog -- nginx.com/blog/announcing-nginx-core-collection-ansible.
• NGINX: Better with Ansible demo -- github.com/alessfg/nginx-ansible-demo.

0.6.0

👾 Help make the NGINX App Protect Ansible role better by participating in our survey! 👾

What's new in NGINX's App Protect Ansible role 0.6.0!

💣 Breaking Changes

• Remove templating variables and features deprecated in release 0.5.0. Check the Changelog for more details. (#114) @alessfg

🚀 Features

• Add support for the NGINX App Protect DoS module (#111) @aknot242
• Add support for NGINX App Protect 3.3 (#112) @aknot242
• Add nginx_app_protect_manage_repo feature flag and defaults (#110, #108) @sjugge

🎉 Enhancements

• Replace "yes"/"no" boolean values with "true"/"false" (#103) @alessfg
• Replace Ansible base with Ansible core (#100) @alessfg
• Add manual trigger for Molecule test workflow (#97) @aknot242

⬆️ Dependencies

• Update nginx role requirement in Molecule tests to 0.20.0 (#107) @alessfg
• Bump Ansible collections (#113, #104) @alessfg
• Bump ansible-core from 2.11.1 to 2.11.2 in /.github/workflows/requirements (#109) @dependabot
• Bump molecule[docker] from 3.3.0 to 3.3.4 in /.github/workflows/requirements (#105, #102, #93) @dependabot
• Bump ansible-lint from 5.0.8 to 5.0.12 in /.github/workflows/requirements (#106, #101) @dependabot
• Bump jinja2 from 2.11.3 to 3.0.1 in /.github/workflows/requirements (#94, #92) @dependabot
• Bump actions/setup-python from 2 to 2.2.2 (#91) @dependabot
• Bump actions/checkout from 2 to 2.3.4 (#90) @dependabot

Install & Upgrade

• To install the Ansible NGINX App Protect role on a fresh environment, run ansible-galaxy install nginxinc.nginx_app_protect.
• To upgrade the Ansible NGINX App Protect role to the latest release, run ansible-galaxy install -f nginxinc.nginx_app_protect.
• To install or upgrade to this specific Ansible NGINX App Protect role release (0.6.0), run ansible-galaxy install -f nginxinc.nginx_app_protect,v0.6.0.

Resources

• Functional configuration examples (check converge.yml under each molecule scenario) -- github.com/nginxinc/ansible-role-nginx-app-protect/tree/0.6.0/molecule.
• Ansible Galaxy repository -- galaxy.ansible.com/nginxinc/nginx.
• NGINX Ansible role & collection introductory blog -- nginx.com/blog/announcing-nginx-core-collection-ansible.
• NGINX: Better with Ansible demo -- github.com/alessfg/nginx-ansible-demo.

0.5.0

BREAKING CHANGES:

The NGINX App Protect repository has been updated. This might cause some issues when running the role on an instance that already has NGINX Plus or NGINX App Protect installed. Starting with NGINX Plus R25, you will need to install NGINX Plus using release 0.5.0. If you are trying to install R23, please use release 0.4.3. NGINX Plus R24 should work with both release 0.4.3 and 0.5.0.

DEPRECATION WARNINGS:

• The ability to create an NGINX config including some basic App Protect directives will be removed in the upcoming 0.6.0 release at some stage after June 2021. Please instead use the NGINX config role for this (and much more) functionality. This will include the removal of the following variables: nginx_app_protect_conf_template_enable, nginx_app_protect_conf_template, nginx_app_protect_demo_workload_protocol, nginx_app_protect_demo_workload_host, nginx_app_protect_log_policy_syslog_target, nginx_app_protect_log_policy_target.

• The ability to dynamically create App Protect security and log policies via Jinja2 templates will be removed in the 0.6.0 release at some stage after June 2021 due to relative inflexibility. The nginx_app_protect_security_policy_file_enable, nginx_app_protect_security_policy_file_*, nginx_app_protect_log_policy_file_enable and nginx_app_protect_log_policy_file_* variables should be used instead of the following variables which are to be removed: nginx_app_protect_security_policy_template_enable, nginx_app_protect_security_policy_template, nginx_app_protect_security_policy_enforcement_mode, nginx_app_protect_log_policy_template_enable, nginx_app_protect_log_policy_template, nginx_app_protect_log_policy_filter_request_type.

FEATURES:

Implement Release Drafter.

ENHANCEMENTS:

• Changing the default policy directory from /etc/nginx to /etc/app_protect/conf to align with this change introduced in App Protect 3.2.
• Update Ansible base to 2.10.9, Ansible Lint to 5.0.8, yamllint to 1.26.1 and Docker Python SDK to 5.0.0.
• Update the Ansible community.general collection to 3.0.2 and community.docker collection to 1.6.0.

0.4.3

BREAKING CHANGES:

The nginx_app_protect_version variable has been removed, as it cannot be implemented fully on all platforms.

FEATURES:

• Add support for Dependabot.
• Replace Ansible community distribution with Ansible base and add the necessary extra collections as a dependency requirement. For reference, these are:

  ---
  collections:
    - name: community.general
      version: 3.0.0
    - name: ansible.posix
      version: 1.2.0

• Explicitly list Jinja2 2.11.3 as a requirement, as well as detail the minimum supported version (2.11.x).
• You can now specify an nginx_app_protect_repository for NGINX App Protect.
• You can now specify an nginx_app_protect_security_updates_repository for NGINX App Protect signatures and threat campaigns packages.
• You can now specify NGINX App Protect signatures and threat campaigns package versions using the nginx_app_protect_signatures_version and nginx_app_protect_threat_campaigns_version variables.

ENHANCEMENTS:

• Support for NGINX App Protect 3.1 -- Adds support for Debian 10, Ubuntu 20.04 and Alpine 3.10.
• Add test coverage for new platforms and testing scenario.
• Consolidate dependencies into a single tasks file.
• Remove requirement for package_facts module when using this role.
• Update Signatures repository URL.
• Update Ansible base to 2.10.7, Ansible Lint to 5.0.6, Molecule to 3.3.0, yamllint to 1.26.0 and Docker Python SDK to 4.4.4.
• Specify GitHub actions Ubuntu release.
• Minor GitHub template tweaks, including the creation of a SECURITY doc.
• Only run GitHub actions Galaxy CI/CD workflow when a new release is published.

KNOWN ISSUES:

Service manager support is not included in NGINX App Protect for Alpine. When using this role to install NGINX App Protect on Alpine, you will need to start the NGINX App Protect processes then reload NGINX Plus yourself in order for App Protect to function. You can use commands similar to what are contained in the entrypoint.sh script in the NGINX App Protect Administration Guide to accomplish this.