update nginx role
This commit is contained in:
parent
ee7216929a
commit
ebeaf6f533
9 changed files with 88 additions and 22 deletions
|
|
@ -1,9 +1,9 @@
|
|||
---
|
||||
## FRONTEND
|
||||
- name: Test backup
|
||||
hosts: gancio
|
||||
hosts: mastodon
|
||||
roles: ['stable/restic']
|
||||
vars:
|
||||
restic_databases:
|
||||
- {name: 'gancio', dump_command: sudo -Hiu postgres pg_dump -Fc gancio}
|
||||
restic_folders: ['/srv/gancio/uploads']
|
||||
- {name: 'mastodon', dump_command: sudo -Hiu postgres pg_dump -Fc mastodon}
|
||||
restic_folders: ['/var/lib/redis/dump.rdb','/home/mastodon/live/.env.production']
|
||||
|
|
@ -1,12 +1,18 @@
|
|||
paddone:
|
||||
hosts: cisti.pad
|
||||
|
||||
nuovo_pad:
|
||||
hosts: cisti.paddone
|
||||
|
||||
gancio:
|
||||
hosts: cisti.gancio
|
||||
|
||||
cicles:
|
||||
hosts: cisti.cicles
|
||||
|
||||
mastodon:
|
||||
hosts: cisti.mastodon
|
||||
|
||||
farma:
|
||||
hosts: cisti.farma
|
||||
|
||||
|
|
|
|||
0
roles/stable/etherpad/README.md
Normal file
0
roles/stable/etherpad/README.md
Normal file
4
roles/stable/nginx/defaults/main.yml
Normal file
4
roles/stable/nginx/defaults/main.yml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
reverse_services: []
|
||||
fpm_services: []
|
||||
with_certbot: false
|
||||
|
|
@ -18,5 +18,6 @@
|
|||
- name: Generate certificate if needed
|
||||
become: yes
|
||||
command: /snap/bin/certbot --nginx --non-interactive --agree-tos
|
||||
--domains {{ servers | items2dict(key_name='server_name', value_name='server_name') | join(',') }}
|
||||
--domains {{ fpm_services | items2dict(key_name='server_name', value_name='server_name') | join(',') }}
|
||||
{{ reverse_services | items2dict(key_name='server_name', value_name='server_name') | join(',') }}
|
||||
--email {{certbot_email}}
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@
|
|||
template:
|
||||
src: reverse_proxy.conf.j2
|
||||
dest: /etc/nginx/sites-available/{{item.server_name}}.conf
|
||||
loop: "{{ servers }}"
|
||||
loop: "{{ reverse_services }}"
|
||||
|
||||
- name: Link NGINX Reverse Proxies
|
||||
become: yes
|
||||
|
|
@ -30,8 +30,24 @@
|
|||
src: "/etc/nginx/sites-available/{{item.server_name}}.conf"
|
||||
dest: "/etc/nginx/sites-enabled/{{item.server_name}}.conf"
|
||||
state: link
|
||||
loop: "{{ servers }}"
|
||||
|
||||
loop: "{{ reverse_services }}"
|
||||
|
||||
- name: Configure FPM Services
|
||||
become: yes
|
||||
template:
|
||||
src: fpm_service.conf.j2
|
||||
dest: /etc/nginx/sites-available/{{item.server_name}}.conf
|
||||
loop: "{{ fpm_services }}"
|
||||
|
||||
|
||||
- name: Link NGINX FPM Services
|
||||
become: yes
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/{{item.server_name}}.conf"
|
||||
dest: "/etc/nginx/sites-enabled/{{item.server_name}}.conf"
|
||||
state: link
|
||||
loop: "{{ fpm_services }}"
|
||||
|
||||
- name: Make sure NGINX Service is running
|
||||
become: yes
|
||||
service:
|
||||
|
|
|
|||
|
|
@ -1,18 +1,26 @@
|
|||
# cache
|
||||
proxy_cache_path /tmp levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=10g use_temp_path=off;
|
||||
|
||||
# cache
|
||||
proxy_cache_path /tmp levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=10g use_temp_path=off;
|
||||
{% if with_certbot -%}
|
||||
# redirect all http traffic to https
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
server_name _;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
{%- endif %}
|
||||
|
||||
# redirect all http traffic to https
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
server_name _;
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name _server_name;
|
||||
root /var/www/html;
|
||||
}
|
||||
|
||||
# enable proxy websocket
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
# enable proxy websocket
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
|
|
|
|||
31
roles/stable/nginx/templates/fpm_service.conf.j2
Normal file
31
roles/stable/nginx/templates/fpm_service.conf.j2
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name {{item.server_name}};
|
||||
root {{item.root | default('/var/www/html/')}};
|
||||
index index.html index.html index.htm index.php;
|
||||
|
||||
# keepalive_timeout 200;
|
||||
{{item.custom_config | default('') | indent(2)}}
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php?$args;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
include snippets/fastcgi-php.conf;
|
||||
fastcgi_pass {{item.proxy_pass | default('unix:/run/php/php7.3-fpm.sock')}};
|
||||
{{item.custom_fastcgi_config | default('') | indent(2)}}
|
||||
}
|
||||
|
||||
# compression
|
||||
gzip on;
|
||||
gzip_types text/plain application/xml application/json;
|
||||
gzip_proxied no-cache no-store private expired auth;
|
||||
gzip_min_length 1000;
|
||||
|
||||
# cache
|
||||
proxy_cache STATIC;
|
||||
}
|
||||
|
||||
|
|
@ -73,4 +73,4 @@
|
|||
- restic_init.rc != 0
|
||||
- not 'config file already exists' in restic_init.stderr
|
||||
- not 'config already initialized' in restic_init.stderr
|
||||
- not 'config already exists' in restic_init.stderr
|
||||
- not 'config already exists' in restic_init.stderr
|
||||
|
|
|
|||
Loading…
Reference in a new issue