+ non-www redirect nginx script (with todo)

+ domain_name & refactored nginx variables for resolve connect of www-domain logic and redirect to or from
* some installs have error after login to non-privileged user with starship $-symbol - correct escaped function for that
+ use separate domain for pma nginx config based on new domain_name variable (defined in nginx vars file)
* update database example vars (use inventory dir path and bz2 by default)

#861m7vaer Шаблон операционной системы на Debian 10

playbooks/apache-site.yml

@@ -9,7 +9,8 @@
 - import_playbook: debops/redis.yml
 - import_playbook: own/var-www-set-ownerships.yml
 - import_playbook: own/phpmyadmin.yml
-- import_playbook: own/libgd3-fix-for-php81.yml
+- import_playbook: own/libgd3-fix-for-php81.yml # Need only for php8.1
+- import_playbook: own/correct-paths-for-pct-enter.yml
 
 # Import all other group playbooks in this file...
 

playbooks/debops/files/etc/nginx-master-proxy/conf.d/website.conf.example

@@ -1,13 +1,16 @@
 server {
     listen 80;
+    listen 443 ssl;
+    ssl_certificate /etc/letsencrypt/tmp/domain/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/tmp/domain/privkey.pem;
+
     server_name domain;
+
     location / {
-        proxy_pass https://site_name;
+        proxy_pass https://lxc;
         proxy_set_header Host $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Real-IP $remote_addr;
     }
-    listen 443 ssl;
-    ssl_certificate /etc/letsencrypt/tmp/domain/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/tmp/domain/privkey.pem;
 }
+# TODO: example site.auth.conf

playbooks/debops/files/etc/nginx/includes.d/non-www.conf

@@ -0,0 +1,17 @@
+error_page 418 = @nonwww;
+set $nonwww "";
+if ( $http_host ~* "^www\.") {
+    set $nonwww "${nonwww}0";
+}
+if ( $nonwww ~* "^0+$" ) {
+    return 418;
+}
+# TODO: map need moved to conf.d
+map $host $tld {
+    default $host;
+    '~^www\.(?<domain>.*)$' $domain;
+}
+location @nonwww {
+    rewrite ^ https://$tld$request_uri permanent;
+}
+

playbooks/debops/nginx.yml

@@ -24,8 +24,10 @@
 #    nginx_webroot_create: False
     nginx_ocsp: False
     nginx_worker_processes: auto
+    nginx_manage_ipv6only: False
+    # TODO: Replace [::]:443 to 443 and [::]:80 to 80 in site nginx config
     nginx__servers:
-      - name: '{{ site_name }}'
+      - name: '{{ domain_name }}'
 
         type: php
 
@@ -64,7 +66,8 @@
         nginx_includes_begin: "{{ (nginx_includes_begin | default([])) | union([item]) }}"
       when: item != omit
       loop:
-          - "{{ (nginx_www_redirect | default(False)) | ternary('includes.d/www.conf', omit) }}"
+          - "{{ (nginx_www_domain and nginx_www_redirect == 'www') | ternary('includes.d/www.conf', omit) }}"
+          - "{{ (nginx_www_domain and nginx_www_redirect == 'non-www') | ternary('includes.d/non-www.conf', omit) }}"
           - includes.d/octobercms.conf
           - includes.d/staticfiles.conf
 

playbooks/debops/system_users.yml

@@ -21,7 +21,7 @@
   post_tasks:
     - name: Change starship character to dollar sign
       shell: |
-        sed -i 's/#/\\\\$/g' /home/{{ site_name }}/.config/starship.toml
+        sed -i 's/#/\\$/g' /home/{{ site_name }}/.config/starship.toml
       args:
         executable: /bin/bash
 

playbooks/dhcp.yml

@@ -1,7 +1,7 @@
 ---
-#- import_playbook: root-account.yml
+- import_playbook: root-account.yml
 - import_playbook: debops/dnsmasq.yml
-#- import_playbook: own/correct-paths-for-pct-enter.yml
+- import_playbook: own/correct-paths-for-pct-enter.yml
 
 # Import all other group playbooks in this file...
 

playbooks/nginx-site.yml

@@ -6,12 +6,13 @@
 - import_playbook: debops/mariadb-custom-db.yml
 - import_playbook: debops/php-prod.yml
 - import_playbook: debops/nginx.yml
-#- import_playbook: debops/nodejs.yml
 - import_playbook: debops/redis.yml
 - import_playbook: own/var-www-set-ownerships.yml
 - import_playbook: own/node-version-manager.yml
 - import_playbook: own/nginx-auth.yml
 - import_playbook: own/phpmyadmin.yml
+- import_playbook: own/phpmyadmin-nginx-auth.yml
+- import_playbook: own/correct-paths-for-pct-enter.yml
 
 # Import all other group playbooks in this file...
 

playbooks/own/correct-paths-for-pct-enter.yml

@@ -1,6 +1,7 @@
 ---
 - name: Nerest bash PATH var with set true paths after pct enter into lxc container from proxmox host
   hosts: [ 'debian10' ]
+  # TODO: Tmux create session not worked in pct enter - only work tmux attach (so..)
   tasks:
     - name: Append .shell-env
       ansible.builtin.lineinfile:

playbooks/own/phpmyadmin-nginx-auth.yml

@@ -8,6 +8,7 @@
   hosts: [ 'debian10' ]
 
   vars_files:
+    - ./../../vars/nginx.yml
     - ./../../vars/php.yml
 
   tasks:
@@ -20,8 +21,11 @@
         dest: '/etc/nginx/sites-available/pma.conf'
         content: |-
           server {
-              listen 81;
+              listen 80;
-              server_name {{ site_name }};
+              listen 443;
+              ssl_certificate           /etc/pki/realms/domain/default.crt;
+              ssl_certificate_key       /etc/pki/realms/domain/default.key;
+              server_name pma.{{ domain_name }};
               root /var/www/phpmyadmin;
               index index.php;
               include auth.d/pma-auth.conf;

playbooks/own/phpmyadmin.yml

@@ -10,6 +10,7 @@
   vars:
     - phpmyadmin_version: 5.2.1
 
+  # Create phpmyadmin config for apache2
   # TODO: Set blowfish_secret and make access rights for ./tmp directory
   tasks:
     - name: 'Download phpMyAdmin {{ phpmyadmin_version }} into var/www dir and uncompress'

vars/databases-example.yml

@@ -1,7 +1,7 @@
 mariadb__databases:
   - name: '{{ site_name }}'
-    source: ./data/db-dumps/dump.sql
+    source: '{{ inventory_dir }}//data/db-dumps/{{ site_name }}.sql.bz2'
-    target: /tmp/dump.sql
+    target: '/tmp/{{ site_name }}.sql.bz2'
 
 mariadb__users:
   - name: '{{ site_name }}'

vars/nginx-example.yml

@@ -1 +1,3 @@
-nginx_www_redirect: False
+domain_name: site.com
+nginx_www_domain: True
+nginx_www_redirect: www