crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[nginx/cas] Factorize nginx configuration 

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
certbot_on_virtu
Yohann D'ANELLO 2021-02-22 19:11:47 +01:00 committed by ynerant
parent 82119c746e
commit d6f15d4210
7 changed files with 30 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
group_vars/django_cas.yml
View File

@ -2,13 +2,6 @@
glob_django_cas: glob_django_cas:
repo: 'http://gitlab.adm.crans.org/nounous/django-cas.git' repo: 'http://gitlab.adm.crans.org/nounous/django-cas.git'
path: '/var/local/django-cas' path: '/var/local/django-cas'
url:
- cas.crans.org
- cas.adm.crans.org
- login.crans.org
- login.adm.crans.org
- auth.crans.org
- auth.adm.crans.org
ldap: ldap:
dn: 'cn=Utilisateurs,dc=crans,dc=org' dn: 'cn=Utilisateurs,dc=crans,dc=org'
password: "{{ vault.cas_ldap_password }}" password: "{{ vault.cas_ldap_password }}"
@ -18,6 +11,30 @@ glob_django_cas:
host: tealc.adm.crans.org host: tealc.adm.crans.org
password: "{{ vault.cas_database_password }}" password: "{{ vault.cas_database_password }}"
secret_key: "{{ vault.cas_secret_key }}" secret_key: "{{ vault.cas_secret_key }}"
reverse_proxy:
- '10.231.136.0/24' loc_nginx:
- '2a0c:700:0:2::/64' service_name: "cas"
ssl: []
servers:
- server_name:
- cas.crans.org
- cas.adm.crans.org
- login.crans.org
- login.adm.crans.org
- auth.crans.org
- auth.adm.crans.org
default: true
locations:
- filter: "/cas"
params:
- "rewrite ^/cas$ / redirect"
- "rewrite ^/cas/(.*)$ /$1 redirect"
- filter: "/static"
params:
- "alias /var/local/django-cas/cas/local_static"
- filter: "/"
params:
- "uwsgi_pass unix:///var/run/uwsgi/app/cas/socket"
- "include uwsgi_params"

1
hosts
View File

@ -88,6 +88,7 @@ monitoring.adm.crans.org
charybde.adm.crans.org charybde.adm.crans.org
[nginx:children] [nginx:children]
django_cas
mailman mailman
reverseproxy reverseproxy
roundcube roundcube

2
plays/cas.yml
View File

@ -5,5 +5,7 @@
- hosts: django_cas - hosts: django_cas
vars: vars:
django_cas: "{{ glob_django_cas | default({}) | combine(loc_django_cas | default({})) }}" django_cas: "{{ glob_django_cas | default({}) | combine(loc_django_cas | default({})) }}"
nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
roles: roles:
- django-cas - django-cas
- nginx

5
roles/django-cas/handlers/main.yml
View File

@ -1,9 +1,4 @@
--- ---
- name: Restart nginx
service:
name: nginx
state: restarted
- name: Restart uwsgi - name: Restart uwsgi
service: service:
name: uwsgi name: uwsgi

15
roles/django-cas/tasks/main.yml
View File

@ -3,7 +3,6 @@
apt: apt:
update_cache: true update_cache: true
name: name:
- nginx
- uwsgi - uwsgi
- uwsgi-plugin-python3 - uwsgi-plugin-python3
- python3-django - python3-django
@ -30,20 +29,6 @@
owner: www-data owner: www-data
notify: Restart uwsgi notify: Restart uwsgi
- name: Configure NGINX site
template:
src: nginx/sites-available/cas.j2
dest: /etc/nginx/sites-available/cas
mode: 0644
notify: Restart nginx
- name: Enable nginx site
file:
src: /etc/nginx/sites-available/cas
dest: /etc/nginx/sites-enabled/cas
state: link
notify: Restart nginx
- name: Configure UWSGI app - name: Configure UWSGI app
template: template:
src: uwsgi/apps-available/cas.ini.j2 src: uwsgi/apps-available/cas.ini.j2

26
roles/django-cas/templates/nginx/sites-available/cas.j2
View File

@ -1,26 +0,0 @@
{{ ansible_header | comment }}
server {
server_name {{ django_cas.url | join(' ') }};
listen 80;
listen [::]:80;
location /cas {
rewrite ^/cas$ / redirect;
rewrite ^/cas/(.*)$ /$1 redirect;
}
location /static {
alias {{ django_cas.path }}/cas/local_static;
}
{% for ip in django_cas.reverse_proxy | default([]) %}
set_real_ip_from {{ ip }};
{% endfor %}
real_ip_header P-Real-Ip;
location / {
uwsgi_pass unix:///var/run/uwsgi/app/cas/socket;
include uwsgi_params;
}
}

5
roles/roundcube/handlers/main.yml
View File

@ -1,5 +0,0 @@
---
- name: Restart nginx
service:
name: nginx
state: restarted