From a96a0cfce4080b7dbe9b7d5a966cb8a90df1d5b2 Mon Sep 17 00:00:00 2001
From: pa <pa@crans.org>
Date: Sat, 2 May 2020 15:43:26 +0200
Subject: [PATCH 1/5] [Framadate] log file creation
---
roles/framadate/tasks/main.yml | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/roles/framadate/tasks/main.yml b/roles/framadate/tasks/main.yml
index 02c698e7..1452702c 100644
--- a/roles/framadate/tasks/main.yml
+++ b/roles/framadate/tasks/main.yml
@@ -37,9 +37,12 @@
retries: 3
until: composer_result is succeeded
-# cd framadate
-# sudo -u www-data touch admin/stdout.log
-# sudo chmod 600 admin/stdout.log
+- name:
+ file:
+ path: "{{ framadate.path }}/admin/stdout.log"
+ owner: www-data
+ state: touch
+ mode: 0600
- name: Indicate role in motd
template:
From b51d53fe35a329dea6d8e87f0cf225f070f7b0a6 Mon Sep 17 00:00:00 2001
From: pa <pa@crans.org>
Date: Sat, 2 May 2020 15:56:27 +0200
Subject: [PATCH 2/5] [Framadate] Specify commit hash of develop branch
---
services_web.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/services_web.yml b/services_web.yml
index 17515e3f..283f4482 100755
--- a/services_web.yml
+++ b/services_web.yml
@@ -9,7 +9,7 @@
vars:
framadate:
repo: https://framagit.org/framasoft/framadate/framadate.git
- version: 1.1.10
+ version: "77bf2aaa0c344fd25535e2d0543d9a76bf35b5fd"
path: /var/www/framadate
roles:
- framadate
From bc932b06171d1e34d63bfe0720d85a3e1c5e4523 Mon Sep 17 00:00:00 2001
From: pa <pa@crans.org>
Date: Sat, 2 May 2020 16:47:28 +0200
Subject: [PATCH 3/5] [Framdate] nginx configuration
---
roles/framadate/tasks/main.yml | 18 +++++++++++++++---
1 file changed, 15 insertions(+), 3 deletions(-)
diff --git a/roles/framadate/tasks/main.yml b/roles/framadate/tasks/main.yml
index 1452702c..80de2318 100644
--- a/roles/framadate/tasks/main.yml
+++ b/roles/framadate/tasks/main.yml
@@ -4,8 +4,8 @@
apt:
update_cache: true
name:
- - apache2
- - libapache2-mod-php
+ - nginx
+ - php-fpm
- php-intl
- php-mbstring
- php-pgsql
@@ -37,15 +37,27 @@
retries: 3
until: composer_result is succeeded
-- name:
+- name: Create log file
file:
path: "{{ framadate.path }}/admin/stdout.log"
owner: www-data
state: touch
mode: 0600
+- name: Configure nginx site
+ template:
+ src: nginx-site.j2
+ dest: /etc/nginx/sites-available/framadate.conf
+
+- name: Enable nginx site
+ file:
+ src: /etc/nginx/sites-available/framadate.conf
+ dest: /etc/nginx/stes-enabled/framadate.conf
+ state: link
+
- name: Indicate role in motd
template:
src: update-motd.d/05-service.j2
dest: /etc/update-motd.d/05-framadate
mode: 0755
+
From 86d17dedfaca8184f435688c3fe6b3a143a421de Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 2 May 2020 16:54:42 +0200
Subject: [PATCH 4/5] [framadate] NGINX config
---
roles/framadate/tasks/main.yml | 6 +--
roles/framadate/templates/nginx-site.j2 | 60 +++++++++++++++++++++++++
2 files changed, 63 insertions(+), 3 deletions(-)
create mode 100644 roles/framadate/templates/nginx-site.j2
diff --git a/roles/framadate/tasks/main.yml b/roles/framadate/tasks/main.yml
index 80de2318..507b86e2 100644
--- a/roles/framadate/tasks/main.yml
+++ b/roles/framadate/tasks/main.yml
@@ -47,12 +47,12 @@
- name: Configure nginx site
template:
src: nginx-site.j2
- dest: /etc/nginx/sites-available/framadate.conf
+ dest: /etc/nginx/sites-available/framadate
- name: Enable nginx site
file:
- src: /etc/nginx/sites-available/framadate.conf
- dest: /etc/nginx/stes-enabled/framadate.conf
+ src: /etc/nginx/sites-available/framadate
+ dest: /etc/nginx/sites-enabled/framadate
state: link
- name: Indicate role in motd
diff --git a/roles/framadate/templates/nginx-site.j2 b/roles/framadate/templates/nginx-site.j2
new file mode 100644
index 00000000..ef963c3e
--- /dev/null
+++ b/roles/framadate/templates/nginx-site.j2
@@ -0,0 +1,60 @@
+{{ ansible_header | comment }}
+
+server {
+ listen 80;
+ listen [::]:80;
+
+ server_name framadate.crans.org;
+
+ add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; style-src 'self' 'unsafe-inline'; font-src 'self'; img-src 'self'";
+ add_header Referrer-Policy "strict-origin";
+
+ root {{ framadate.path }};
+
+ index index.php;
+
+ location ~^/(\.git)/{
+ deny all;
+ }
+
+ location ~ /\. {
+ deny all;
+ }
+
+ location ~ ^/composer\.json.*$|^/composer\.lock.*$|^/php\.ini.*$|^/.*\.sh {
+ deny all;
+ }
+
+ location /admin/ {
+ auth_basic "Restricted access";
+ auth_basic_user_file /etc/nginx/.htpasswd;
+
+ location ~ \.php$ {
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ include /etc/nginx/fastcgi_params;
+ fastcgi_pass unix:/run/php/php7.3-fpm.sock;
+ }
+ try_files $uri $uri/ =401;
+ }
+
+ location / {
+ rewrite "^/admin$" "/admin/" permanent;
+
+ # Clean URL
+ rewrite "^/([a-zA-Z0-9-]+)$" "/studs.php?poll=$1" last;
+ rewrite "^/([a-zA-Z0-9-]+)/action/([a-zA-Z_-]+)/(.+)$" "/studs.php?poll=$1&$2=$3" last;
+ rewrite "^/([a-zA-Z0-9-]+)/vote/([a-zA-Z0-9]{16})$" "/studs.php?poll=$1&vote=$2" last;
+ rewrite "^/([a-zA-Z0-9]{24})/admin$" "/adminstuds.php?poll=$1" last;
+ rewrite "^/([a-zA-Z0-9]{24})/admin/vote/([a-zA-Z0-9]{16})$" "/adminstuds.php?poll=$1&vote=$2" last;
+ rewrite "^/([a-zA-Z0-9]{24})/admin/action/([a-zA-Z_-]+)(/([A-Za-z0-9]+))?$" "/adminstuds.php?poll=$1&$2=$4" last;
+ try_files $uri /index.php;
+ }
+
+ location ~ \.php$ {
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_index index.php;
+ include /etc/nginx/fastcgi_params;
+ fastcgi_pass unix:/run/php/php7.3-fpm.sock;
+ }
+}
+
From c8504973a86fa147f21c7e0a1e2a4c7a3d1afcd3 Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Sat, 2 May 2020 18:00:09 +0200
Subject: [PATCH 5/5] Working FramaDate
---
network.yml | 1 +
roles/framadate/tasks/main.yml | 5 +++++
services_web.yml | 2 ++
3 files changed, 8 insertions(+)
diff --git a/network.yml b/network.yml
index a6ec7a1c..16865b78 100755
--- a/network.yml
+++ b/network.yml
@@ -100,6 +100,7 @@
- {from: autoconfig.crans.org, to: 10.231.136.46}
- {from: grafana.crans.org, to: 10.231.136.102}
- {from: webirc.crans.org, to: "10.231.136.1:9000"}
+ - {from: framadate.crans.org, to: 185.230.79.194}
# Zamok
- {from: install-party.crans.org, to: 10.231.136.1}
diff --git a/roles/framadate/tasks/main.yml b/roles/framadate/tasks/main.yml
index 507b86e2..4c39e3d5 100644
--- a/roles/framadate/tasks/main.yml
+++ b/roles/framadate/tasks/main.yml
@@ -44,6 +44,11 @@
state: touch
mode: 0600
+- name: Configure admin password
+ copy:
+ content: "{{ framadate.admin_username }}:{{ framadate.admin_password_hash }}\n"
+ dest: /etc/nginx/.htpasswd
+
- name: Configure nginx site
template:
src: nginx-site.j2
diff --git a/services_web.yml b/services_web.yml
index 283f4482..4c6f7d78 100755
--- a/services_web.yml
+++ b/services_web.yml
@@ -11,6 +11,8 @@
repo: https://framagit.org/framasoft/framadate/framadate.git
version: "77bf2aaa0c344fd25535e2d0543d9a76bf35b5fd"
path: /var/www/framadate
+ admin_username: framadate
+ admin_password_hash: "{{ vault_framadate_password_hash }}"
roles:
- framadate