Home Explore Help
Register Sign In
six
/
infra
forked from cisti/infra
1
0
Fork 0
Files
Browse Source

improve nginx and certbot roles

les 3 years ago
parent
9a2ec6caab
commit
e932842b8d
6 changed files with 20 additions and 15 deletions
Split View Show Diff Stats
  1. 1 1
      inventory.yml
  2. 1 1
      roles/stable/nginx/tasks/certbot.yml
  3. 13 0
      roles/stable/nginx/tasks/main.yml
  4. 1 2
      roles/stable/nginx/templates/default.j2
  5. 3 6
      roles/stable/nginx/templates/reverse_proxy.conf.j2
  6. 1 5
      vars/frontend.yml

+ 1 - 1
inventory.yml
View File 

@@ -11,7 +11,7 @@ frontend:
 
   hosts: 172.172.0.3
 
 
 test:
 
-  hosts: jolly.roger
 
+  hosts: 45.156.24.144
 
   vars:
 
     ansible_user: debian

+ 1 - 1
roles/stable/nginx/tasks/certbot.yml
View File 

@@ -17,6 +17,6 @@
 
 
 - name: Generate certificate if needed
 
   become: yes
 
-  command: certbot-auto --nginx --non-interactive --agree-tos
 
+  command: /snap/bin/certbot --nginx --non-interactive --agree-tos
 
       --domains {{ servers | items2dict(key_name='server_name', value_name='server_name') | join(',') }}
 
       --email {{certbot_email}}

+ 13 - 0
roles/stable/nginx/tasks/main.yml
View File 

@@ -4,6 +4,19 @@
 
   apt:
 
     name: nginx
 
 
+- name: Default Configuration
 
+  become: yes
 
+  template:
 
+    src: default.j2
 
+    dest: /etc/nginx/sites-available/default
 
+
 
+- name: Link Default NGINX Configuration
 
+  become: yes
 
+  file:
 
+    src: "/etc/nginx/sites-available/default"
 
+    dest: "/etc/nginx/sites-enabled/default"
 
+    state: link
 
+
 
 - name: Configure Reverse Proxies
 
   become: yes
 
   template:

+ 1 - 2
roles/stable/nginx/templates/default.j2
View File 

@@ -1,7 +1,6 @@
 
 
 	# cache
 
-	# proxy_cache_path /tmp levels=1:2 keys_zone=STATIC:10m	inactive=24h  max_size=1g;
 
-  keepalive 30;
 
+	proxy_cache_path /tmp levels=1:2 keys_zone=STATIC:10m	inactive=24h  max_size=10g use_temp_path=off;
 
 
 	# redirect all http traffic to https
 
 	server {

+ 3 - 6
roles/stable/nginx/templates/reverse_proxy.conf.j2
View File 

@@ -1,4 +1,3 @@
 
-# nginx ssl file
 
 
 server {
 
   listen 80;
 
@@ -12,12 +11,10 @@ server {
 
     proxy_pass {{item.proxy_pass}};
 
     proxy_http_version 1.1;
 
 
-    # hide client ip to backend
 
-    proxy_set_header X-Real-IP         42.42.42.42;
 
 
-    # set host 
+    # set host
 
     proxy_set_header Host              $host;
 
-    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
 
+    proxy_set_header X-Forwarded-For   42.42.42.42;
 
     proxy_set_header X-Forwarded-Proto $scheme;
 
     proxy_set_header X-Forwarded-Host  $host;
 
     proxy_set_header X-Forwarded-Port  $server_port;
 
@@ -27,7 +24,7 @@ server {
 
     proxy_set_header Connection        "upgrade";
 
 
     # cache
 
-    # proxy_cache {{item.server_name}}
 
+    proxy_cache STATIC;
 
   }
 
 }

+ 1 - 5
vars/frontend.yml
View File 

@@ -7,8 +7,4 @@ servers:
 
     proxy_pass: http://192.168.199.105:8080
 
     custom_config: |
 
       sendfile             on;
 
-      client_max_body_size 80m;
 
-
 
-  - gancio:
 
-    server_name: sblinda.cisti.org
 
-    proxy_pass: http://192.168.199.104:8000
 
+      client_max_body_size 500m;