Browse Source

+ non-www redirect nginx script (with todo)

+ domain_name & refactored nginx variables for resolve connect of www-domain logic and redirect to or from
* some installs have error after login to non-privileged user with starship $-symbol - correct escaped function for that
+ use separate domain for pma nginx config based on new domain_name variable (defined in nginx vars file)
* update database example vars (use inventory dir path and bz2 by default)

#861m7vaer Шаблон операционной системы на Debian 10
master
dimti 1 year ago
parent
commit
73647f855d
  1. 3
      playbooks/apache-site.yml
  2. 11
      playbooks/debops/files/etc/nginx-master-proxy/conf.d/website.conf.example
  3. 17
      playbooks/debops/files/etc/nginx/includes.d/non-www.conf
  4. 7
      playbooks/debops/nginx.yml
  5. 2
      playbooks/debops/system_users.yml
  6. 4
      playbooks/dhcp.yml
  7. 3
      playbooks/nginx-site.yml
  8. 1
      playbooks/own/correct-paths-for-pct-enter.yml
  9. 8
      playbooks/own/phpmyadmin-nginx-auth.yml
  10. 1
      playbooks/own/phpmyadmin.yml
  11. 4
      vars/databases-example.yml
  12. 4
      vars/nginx-example.yml

3
playbooks/apache-site.yml

@ -9,7 +9,8 @@
- import_playbook: debops/redis.yml - import_playbook: debops/redis.yml
- import_playbook: own/var-www-set-ownerships.yml - import_playbook: own/var-www-set-ownerships.yml
- import_playbook: own/phpmyadmin.yml - import_playbook: own/phpmyadmin.yml
- import_playbook: own/libgd3-fix-for-php81.yml
- import_playbook: own/libgd3-fix-for-php81.yml # Need only for php8.1
- import_playbook: own/correct-paths-for-pct-enter.yml
# Import all other group playbooks in this file... # Import all other group playbooks in this file...

11
playbooks/debops/files/etc/nginx-master-proxy/conf.d/sample-website.conf.example → playbooks/debops/files/etc/nginx-master-proxy/conf.d/website.conf.example

@ -1,13 +1,16 @@
server { server {
listen 80; listen 80;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/tmp/domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/tmp/domain/privkey.pem;
server_name domain; server_name domain;
location / { location / {
proxy_pass https://site_name;
proxy_pass https://lxc;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
} }
listen 443 ssl;
ssl_certificate /etc/letsencrypt/tmp/domain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/tmp/domain/privkey.pem;
} }
# TODO: example site.auth.conf

17
playbooks/debops/files/etc/nginx/includes.d/non-www.conf

@ -0,0 +1,17 @@
error_page 418 = @nonwww;
set $nonwww "";
if ( $http_host ~* "^www\.") {
set $nonwww "${nonwww}0";
}
if ( $nonwww ~* "^0+$" ) {
return 418;
}
# TODO: map need moved to conf.d
map $host $tld {
default $host;
'~^www\.(?<domain>.*)$' $domain;
}
location @nonwww {
rewrite ^ https://$tld$request_uri permanent;
}

7
playbooks/debops/nginx.yml

@ -24,8 +24,10 @@
# nginx_webroot_create: False # nginx_webroot_create: False
nginx_ocsp: False nginx_ocsp: False
nginx_worker_processes: auto nginx_worker_processes: auto
nginx_manage_ipv6only: False
# TODO: Replace [::]:443 to 443 and [::]:80 to 80 in site nginx config
nginx__servers: nginx__servers:
- name: '{{ site_name }}'
- name: '{{ domain_name }}'
type: php type: php
@ -64,7 +66,8 @@
nginx_includes_begin: "{{ (nginx_includes_begin | default([])) | union([item]) }}" nginx_includes_begin: "{{ (nginx_includes_begin | default([])) | union([item]) }}"
when: item != omit when: item != omit
loop: loop:
- "{{ (nginx_www_redirect | default(False)) | ternary('includes.d/www.conf', omit) }}"
- "{{ (nginx_www_domain and nginx_www_redirect == 'www') | ternary('includes.d/www.conf', omit) }}"
- "{{ (nginx_www_domain and nginx_www_redirect == 'non-www') | ternary('includes.d/non-www.conf', omit) }}"
- includes.d/octobercms.conf - includes.d/octobercms.conf
- includes.d/staticfiles.conf - includes.d/staticfiles.conf

2
playbooks/debops/system_users.yml

@ -21,7 +21,7 @@
post_tasks: post_tasks:
- name: Change starship character to dollar sign - name: Change starship character to dollar sign
shell: | shell: |
sed -i 's/#/\\\\$/g' /home/{{ site_name }}/.config/starship.toml
sed -i 's/#/\\$/g' /home/{{ site_name }}/.config/starship.toml
args: args:
executable: /bin/bash executable: /bin/bash

4
playbooks/dhcp.yml

@ -1,7 +1,7 @@
--- ---
#- import_playbook: root-account.yml
- import_playbook: root-account.yml
- import_playbook: debops/dnsmasq.yml - import_playbook: debops/dnsmasq.yml
#- import_playbook: own/correct-paths-for-pct-enter.yml
- import_playbook: own/correct-paths-for-pct-enter.yml
# Import all other group playbooks in this file... # Import all other group playbooks in this file...

3
playbooks/nginx-site.yml

@ -6,12 +6,13 @@
- import_playbook: debops/mariadb-custom-db.yml - import_playbook: debops/mariadb-custom-db.yml
- import_playbook: debops/php-prod.yml - import_playbook: debops/php-prod.yml
- import_playbook: debops/nginx.yml - import_playbook: debops/nginx.yml
#- import_playbook: debops/nodejs.yml
- import_playbook: debops/redis.yml - import_playbook: debops/redis.yml
- import_playbook: own/var-www-set-ownerships.yml - import_playbook: own/var-www-set-ownerships.yml
- import_playbook: own/node-version-manager.yml - import_playbook: own/node-version-manager.yml
- import_playbook: own/nginx-auth.yml - import_playbook: own/nginx-auth.yml
- import_playbook: own/phpmyadmin.yml - import_playbook: own/phpmyadmin.yml
- import_playbook: own/phpmyadmin-nginx-auth.yml
- import_playbook: own/correct-paths-for-pct-enter.yml
# Import all other group playbooks in this file... # Import all other group playbooks in this file...

1
playbooks/own/correct-paths-for-pct-enter.yml

@ -1,6 +1,7 @@
--- ---
- name: Nerest bash PATH var with set true paths after pct enter into lxc container from proxmox host - name: Nerest bash PATH var with set true paths after pct enter into lxc container from proxmox host
hosts: [ 'debian10' ] hosts: [ 'debian10' ]
# TODO: Tmux create session not worked in pct enter - only work tmux attach (so..)
tasks: tasks:
- name: Append .shell-env - name: Append .shell-env
ansible.builtin.lineinfile: ansible.builtin.lineinfile:

8
playbooks/own/phpmyadmin-nginx-auth.yml

@ -8,6 +8,7 @@
hosts: [ 'debian10' ] hosts: [ 'debian10' ]
vars_files: vars_files:
- ./../../vars/nginx.yml
- ./../../vars/php.yml - ./../../vars/php.yml
tasks: tasks:
@ -20,8 +21,11 @@
dest: '/etc/nginx/sites-available/pma.conf' dest: '/etc/nginx/sites-available/pma.conf'
content: |- content: |-
server { server {
listen 81;
server_name {{ site_name }};
listen 80;
listen 443;
ssl_certificate /etc/pki/realms/domain/default.crt;
ssl_certificate_key /etc/pki/realms/domain/default.key;
server_name pma.{{ domain_name }};
root /var/www/phpmyadmin; root /var/www/phpmyadmin;
index index.php; index index.php;
include auth.d/pma-auth.conf; include auth.d/pma-auth.conf;

1
playbooks/own/phpmyadmin.yml

@ -10,6 +10,7 @@
vars: vars:
- phpmyadmin_version: 5.2.1 - phpmyadmin_version: 5.2.1
# Create phpmyadmin config for apache2
# TODO: Set blowfish_secret and make access rights for ./tmp directory # TODO: Set blowfish_secret and make access rights for ./tmp directory
tasks: tasks:
- name: 'Download phpMyAdmin {{ phpmyadmin_version }} into var/www dir and uncompress' - name: 'Download phpMyAdmin {{ phpmyadmin_version }} into var/www dir and uncompress'

4
vars/databases-example.yml

@ -1,7 +1,7 @@
mariadb__databases: mariadb__databases:
- name: '{{ site_name }}' - name: '{{ site_name }}'
source: ./data/db-dumps/dump.sql
target: /tmp/dump.sql
source: '{{ inventory_dir }}//data/db-dumps/{{ site_name }}.sql.bz2'
target: '/tmp/{{ site_name }}.sql.bz2'
mariadb__users: mariadb__users:
- name: '{{ site_name }}' - name: '{{ site_name }}'

4
vars/nginx-example.yml

@ -1 +1,3 @@
nginx_www_redirect: False
domain_name: site.com
nginx_www_domain: True
nginx_www_redirect: www
Loading…
Cancel
Save