crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[nginx] Fix default configuration 

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
certbot_on_virtu
Yohann D'ANELLO 2021-01-13 22:13:15 +01:00 committed by ynerant
parent a16208b1c3
commit c3d58d9ca9
6 changed files with 30 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
group_vars/mailman.yml
View File

@ -1,5 +1,6 @@
--- ---
loc_nginx: loc_nginx:
service_name: mailman
default_server: lists.crans.org default_server: lists.crans.org
default_ssl_server: lists.crans.org default_ssl_server: lists.crans.org
auth_passwd: auth_passwd:

11
group_vars/nginx.yml
View File

@ -2,18 +2,23 @@
glob_nginx: glob_nginx:
contact: contact@crans.org contact: contact@crans.org
who: "L'équipe technique du Cr@ns" who: "L'équipe technique du Cr@ns"
service_name: service
ssl: ssl:
cert: /etc/letsencrypt/live/crans.org/fullchain.pem cert: /etc/letsencrypt/live/crans.org/fullchain.pem
cert_key: /etc/letsencrypt/live/crans.org/privkey.pem cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
default_server:
default_ssl_server:
servers: servers:
ssl: false - ssl: false
server_name: server_name:
- "default" - "default"
- "_" - "_"
root: "/var/www/html" root: "/var/www/html"
locations: locations:
- filter: "/" - filter: "/"
params: []
upstreams: [] upstreams: []
auth_passwd: []
default_server:
default_ssl_server:
deploy_robots_file: false

1
host_vars/charybde.adm.crans.org.yml
View File

@ -35,6 +35,7 @@ to_backup:
} }
loc_nginx: loc_nginx:
service_name: ftp
servers: servers:
server_name: server_name:
- "ftp" - "ftp"

2
hosts
View File

@ -23,6 +23,7 @@ belenios.adm.crans.org
[certbot:children] [certbot:children]
dovecot dovecot
git git
irc
radius # We use certbot to manage LE certificates radius # We use certbot to manage LE certificates
reverseproxy reverseproxy
@ -87,6 +88,7 @@ monitoring.adm.crans.org
charybde.adm.crans.org charybde.adm.crans.org
[nginx:children] [nginx:children]
irc
mailman mailman
reverseproxy reverseproxy

8
roles/nginx/tasks/main.yml
View File

@ -64,17 +64,17 @@
when: nginx.servers is defined and nginx.servers|length > 0 when: nginx.servers is defined and nginx.servers|length > 0
template: template:
src: "nginx/sites-available/service.j2" src: "nginx/sites-available/service.j2"
dest: "/etc/nginx/sites-available/service" dest: "/etc/nginx/sites-available/{{ nginx.service_name }}"
owner: root owner: root
group: root group: root
mode: 0644 mode: 0644
notify: Reload nginx notify: Reload nginx
- name: Activate local nginx service site - name: Activate local nginx service site
when: nginx.servers|bool when: nginx.servers is defined and nginx.servers|length > 0
file: file:
src: "/etc/nginx/sites-available/service" src: "/etc/nginx/sites-available/{{ nginx.service_name }}"
dest: "/etc/nginx/sites-enabled/service" dest: "/etc/nginx/sites-enabled/{{ nginx.service_name }}"
owner: root owner: root
group: root group: root
state: link state: link

9
roles/nginx/templates/nginx/sites-available/service.j2
View File

@ -1,5 +1,12 @@
{{ ansible_header | comment }} {{ ansible_header | comment }}
# Automatic Connection header for WebSocket support
# See http://nginx.org/en/docs/http/websocket.html
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
{% for upstream in nginx.upstreams -%} {% for upstream in nginx.upstreams -%}
upstream {{ upstream.name }} { upstream {{ upstream.name }} {
# Path of the server # Path of the server
@ -45,7 +52,7 @@ server {
{% endif -%} {% endif -%}
{% for server in nginx.servers %} {% for server in nginx.servers %}
{% if server.ssl -%} {% if server.ssl is defined and server.ssl -%}
# Redirect HTTP to HTTPS # Redirect HTTP to HTTPS
server { server {
listen 80 default; listen 80 default;