Browse Source

+ install nginx via apt

+ add octobercms.conf to nginx
master
Sasha Ivanov 2 years ago
parent
commit
abc9e3c177
  1. 4
      anygroup.yml
  2. 4
      hosts
  3. 3
      requirements.yml
  4. 1
      roles/common/tasks/main.yml
  5. 8
      roles/composer/tasks/main.yml
  6. 51
      roles/nginx/files/octobercms.conf
  7. 32
      roles/nginx/tasks/files/20-envsubst-on-templates.sh
  8. 188
      roles/nginx/tasks/files/30-tune-worker-processes.sh
  9. 35
      roles/nginx/tasks/main.yml
  10. 3
      roles/php/tasks/main.yml
  11. 1
      site.yml

4
anygroup.yml

@ -1,8 +1,8 @@
--- ---
- hosts: debian10 - hosts: debian10
roles: roles:
- nginx
- php
- { role: 'nginx', tags: 'nginx' }
- { role: 'php', tags: 'php' }
# Associate further roles to servers in specific group in this file... # Associate further roles to servers in specific group in this file...

4
hosts

@ -9,8 +9,8 @@
# - You can enter hostnames or ip addresses # - You can enter hostnames or ip addresses
# - A hostname/ip can be a member of multiple groups # - A hostname/ip can be a member of multiple groups
[lxc-templates]
debian10 ansible_host=debian10.dedic106-dhcp.dimti.ru
[lxc_templates]
debian10 ansible_host=debian10.dedic106-dhcp.dimti.ru ansible_user=root
[anygroup] [anygroup]
server1 ansible_host=192.168.0.1 server1 ansible_host=192.168.0.1

3
requirements.yml

@ -1,4 +1,7 @@
--- ---
collections: collections:
- name: nginxinc.nginx_core - name: nginxinc.nginx_core
version: 0.8.0 version: 0.8.0
...

1
roles/common/tasks/main.yml

@ -1,4 +1,5 @@
--- ---
# #
# Tasks to be applied to all servers # Tasks to be applied to all servers
# #

8
roles/composer/tasks/main.yml

@ -0,0 +1,8 @@
---
- name: Update packages
shell: apt update
# TODO: установка композера
...

51
roles/nginx/files/octobercms.conf

@ -0,0 +1,51 @@
location / {
rewrite ^/.*$ /index.php last;
}
location ~ ^/combine.*\.(css|js) {
rewrite ^/.*$ /index.php last;
expires max;
}
# Whitelist
## Let October handle if static file does not exists
location = /favicon.ico { try_files $uri /index.php; }
location ~ ^/.*\.xml { try_files $uri /index.php; }
location = /robots.txt { try_files $uri /index.php; }
location = /humans.txt { try_files $uri /index.php; }
location ~ ^/(google|yandex).*\.html { try_files $uri /index.php; }
## Let nginx return 404 if static file does not exists
location /storage/app/uploads/public { try_files $uri /404; }
location /storage/app/media { try_files $uri /404; }
location /storage/app/yml { try_files $uri /404; }
location /storage/app/docx { try_files $uri /404; }
location /storage/app/resized { try_files $uri /404; }
location /storage/temp/public { try_files $uri /404; }
location /files { try_files $uri /404; }
location ~ ^/storage/app/.*\.xls { try_files $uri /404; }
location ~ ^/modules/.*/assets { try_files $uri /404; }
location ~ ^/modules/.*/resources { try_files $uri /404; }
location ~ ^/modules/.*/behaviors/.*/assets { try_files $uri /404; }
location ~ ^/modules/.*/behaviors/.*/resources { try_files $uri /404; }
location ~ ^/modules/.*/widgets/.*/assets { try_files $uri /404; }
location ~ ^/modules/.*/widgets/.*/resources { try_files $uri /404; }
location ~ ^/modules/.*/formwidgets/.*/assets { try_files $uri /404; }
location ~ ^/modules/.*/formwidgets/.*/resources { try_files $uri /404; }
location ~ ^/modules/.*/reportwidgets/.*/assets { try_files $uri /404; }
location ~ ^/modules/.*/reportwidgets/.*/resources { try_files $uri /404; }
location ~ ^/plugins/.*/.*/assets { try_files $uri /404; }
location ~ ^/plugins/.*/.*/resources { try_files $uri /404; }
location ~ ^/plugins/.*/.*/behaviors/.*/assets { try_files $uri /404; }
location ~ ^/plugins/.*/.*/behaviors/.*/resources { try_files $uri /404; }
location ~ ^/plugins/.*/.*/reportwidgets/.*/assets { try_files $uri /404; }
location ~ ^/plugins/.*/.*/reportwidgets/.*/resources { try_files $uri /404; }
location ~ ^/plugins/.*/.*/formwidgets/.*/assets { try_files $uri /404; }
location ~ ^/plugins/.*/.*/formwidgets/.*/resources { try_files $uri /404; }
location ~ ^/plugins/.*/.*/widgets/.*/assets { try_files $uri /404; }
location ~ ^/plugins/.*/.*/widgets/.*/resources { try_files $uri /404; }
location ~ ^/themes/.*/resources { try_files $uri /404; }

32
roles/nginx/tasks/files/20-envsubst-on-templates.sh

@ -1,32 +0,0 @@
#!/bin/sh
set -e
ME=$(basename $0)
auto_envsubst() {
local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}"
local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}"
local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}"
local template defined_envs relative_path output_path subdir
defined_envs=$(printf '${%s} ' $(env | cut -d= -f1))
[ -d "$template_dir" ] || return 0
if [ ! -w "$output_dir" ]; then
echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable"
return 0
fi
find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do
relative_path="${template#$template_dir/}"
output_path="$output_dir/${relative_path%$suffix}"
subdir=$(dirname "$relative_path")
# create a subdirectory where the template file exists
mkdir -p "$output_dir/$subdir"
echo >&3 "$ME: Running envsubst on $template to $output_path"
envsubst "$defined_envs" < "$template" > "$output_path"
done
}
auto_envsubst
exit 0

188
roles/nginx/tasks/files/30-tune-worker-processes.sh

@ -1,188 +0,0 @@
#!/bin/sh
# vim:sw=2:ts=2:sts=2:et
set -eu
LC_ALL=C
ME=$( basename "$0" )
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0
touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; }
ceildiv() {
num=$1
div=$2
echo $(( (num + div - 1) / div ))
}
get_cpuset() {
cpusetroot=$1
cpusetfile=$2
ncpu=0
[ -f "$cpusetroot/$cpusetfile" ] || return 1
for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do
case "$token" in
*-*)
count=$( seq $(echo "$token" | tr '-' ' ') | wc -l )
ncpu=$(( ncpu+count ))
;;
*)
ncpu=$(( ncpu+1 ))
;;
esac
done
echo "$ncpu"
}
get_quota() {
cpuroot=$1
ncpu=0
[ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1
[ -f "$cpuroot/cpu.cfs_period_us" ] || return 1
cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" )
cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" )
[ "$cfs_quota" = "-1" ] && return 1
[ "$cfs_period" = "0" ] && return 1
ncpu=$( ceildiv "$cfs_quota" "$cfs_period" )
[ "$ncpu" -gt 0 ] || return 1
echo "$ncpu"
}
get_quota_v2() {
cpuroot=$1
ncpu=0
[ -f "$cpuroot/cpu.max" ] || return 1
cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" )
cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" )
[ "$cfs_quota" = "max" ] && return 1
[ "$cfs_period" = "0" ] && return 1
ncpu=$( ceildiv "$cfs_quota" "$cfs_period" )
[ "$ncpu" -gt 0 ] || return 1
echo "$ncpu"
}
get_cgroup_v1_path() {
needle=$1
found=
foundroot=
mountpoint=
[ -r "/proc/self/mountinfo" ] || return 1
[ -r "/proc/self/cgroup" ] || return 1
while IFS= read -r line; do
case "$needle" in
"cpuset")
case "$line" in
*cpuset*)
found=$( echo "$line" | cut -d ' ' -f 4,5 )
break
;;
esac
;;
"cpu")
case "$line" in
*cpuset*)
;;
*cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*)
found=$( echo "$line" | cut -d ' ' -f 4,5 )
break
;;
esac
esac
done << __EOF__
$( grep -F -- '- cgroup ' /proc/self/mountinfo )
__EOF__
while IFS= read -r line; do
controller=$( echo "$line" | cut -d: -f 2 )
case "$needle" in
"cpuset")
case "$controller" in
cpuset)
mountpoint=$( echo "$line" | cut -d: -f 3 )
break
;;
esac
;;
"cpu")
case "$controller" in
cpu,cpuacct|cpuacct,cpu|cpuacct|cpu)
mountpoint=$( echo "$line" | cut -d: -f 3 )
break
;;
esac
;;
esac
done << __EOF__
$( grep -F -- 'cpu' /proc/self/cgroup )
__EOF__
case "${found%% *}" in
"/")
foundroot="${found##* }$mountpoint"
;;
"$mountpoint")
foundroot="${found##* }"
;;
esac
echo "$foundroot"
}
get_cgroup_v2_path() {
found=
foundroot=
mountpoint=
[ -r "/proc/self/mountinfo" ] || return 1
[ -r "/proc/self/cgroup" ] || return 1
while IFS= read -r line; do
found=$( echo "$line" | cut -d ' ' -f 4,5 )
done << __EOF__
$( grep -F -- '- cgroup2 ' /proc/self/mountinfo )
__EOF__
while IFS= read -r line; do
mountpoint=$( echo "$line" | cut -d: -f 3 )
done << __EOF__
$( grep -F -- '0::' /proc/self/cgroup )
__EOF__
case "${found%% *}" in
"")
return 1
;;
"/")
foundroot="${found##* }$mountpoint"
;;
"$mountpoint")
foundroot="${found##* }"
;;
esac
echo "$foundroot"
}
ncpu_online=$( getconf _NPROCESSORS_ONLN )
ncpu_cpuset=
ncpu_quota=
ncpu_cpuset_v2=
ncpu_quota_v2=
cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online
cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online
cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online
cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online
ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \
"$ncpu_online" \
"$ncpu_cpuset" \
"$ncpu_quota" \
"$ncpu_cpuset_v2" \
"$ncpu_quota_v2" \
| sort -n \
| head -n 1 )
sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf

35
roles/nginx/tasks/main.yml

@ -1,30 +1,21 @@
--- ---
- name: Set ENV vars
lineinfile:
dest: ~/.bashrc
line: "{{item}}"
loop:
- 'export NGINX_VERSION="1.21.3"'
- 'export NJS_VERSION="0.6.2"'
- 'export PKG_RELEASE="1~buster"'
- name: Install gnupg
shell: apt-get update && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 gnupg2 gnupg ca-certificates
- name: Update packages
shell: apt update
- name: Install nginx - name: Install nginx
environment:
NGINX_GPGKEY: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
shell: >-
set -x && addgroup --system --gid 101 nginx && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx && found=''; for server in ha.pool.sks-keyservers.net hkp://keyserver.ubuntu.com:80 hkp://p80.pool.sks-keyservers.net:80 pgp.mit.edu ; do echo "Fetching GPG key $NGINX_GPGKEY from $server"; apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; done; test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* && dpkgArch="$(dpkg --print-architecture)" && nginxPackages=" nginx=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} " && case "$dpkgArch" in amd64|i386|arm64) echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list && apt-get update ;; *) echo "deb-src https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list && tempDir="$(mktemp -d)" && chmod 777 "$tempDir" && savedAptMark="$(apt-mark showmanual)" && apt-get update && apt-get build-dep -y $nginxPackages && ( cd "$tempDir" && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" apt-get source --compile $nginxPackages ) && apt-mark showmanual | xargs apt-mark auto > /dev/null && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } && ls -lAFh "$tempDir" && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) && grep '^Package: ' "$tempDir/Packages" && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list && apt-get -o Acquire::GzipIndexes=false update ;; esac && apt-get install --no-install-recommends --no-install-suggests -y $nginxPackages gettext-base curl && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list && if [ -n "$tempDir" ]; then apt-get purge -y --auto-remove && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; fi && ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log
shell: apt install nginx -y
- name: Create dir for additional helper scripts /docker-entrypoint.d
shell: mkdir -p /docker-entrypoint.d
- name: Enable nginx
shell: systemctl enable nginx
- name: Copy envsubst and tune worker to /docker-entrypoint.d
- name: Copy nginx config
copy: copy:
src: "{{item}}"
dest: /docker-entrypoint.d
src: 'octobercms.conf'
dest: '/etc/nginx/includes.d'
mode: 0744 mode: 0744
loop:
- 20-envsubst-on-templates.sh
- 30-tune-worker-processes.sh
- name: Restart nginx
shell: systemctl restart nginx
...

3
roles/php/tasks/main.yml

@ -1,4 +1,5 @@
--- ---
- name: Copy docker-php-* helpers to /usr/local/bin/ - name: Copy docker-php-* helpers to /usr/local/bin/
copy: copy:
src: "{{item}}" src: "{{item}}"
@ -80,3 +81,5 @@
- name: Nerest php-fpm pool config - name: Nerest php-fpm pool config
shell: set -eux; cd /usr/local/etc; if [ -d php-fpm.d ]; then sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; cp php-fpm.d/www.conf.default php-fpm.d/www.conf; else mkdir php-fpm.d; cp php-fpm.conf.default php-fpm.d/www.conf; { echo '[global]'; echo 'include=etc/php-fpm.d/*.conf'; } | tee php-fpm.conf; fi; { echo '[global]'; echo 'error_log = /proc/self/fd/2'; echo; echo '; https://github.com/docker-library/php/pull/725#issuecomment-443540114'; echo 'log_limit = 8192'; echo; echo '[www]'; echo '; if we send this to /proc/self/fd/1, it never appears'; echo 'access.log = /proc/self/fd/2'; echo; echo 'clear_env = no'; echo; echo '; Ensure worker stdout and stderr are sent to the main error log.'; echo 'catch_workers_output = yes'; echo 'decorate_workers_output = no'; } | tee php-fpm.d/docker.conf; { echo '[global]'; echo 'daemonize = no'; echo; echo '[www]'; echo 'listen = 9000'; } | tee php-fpm.d/zz-docker.conf shell: set -eux; cd /usr/local/etc; if [ -d php-fpm.d ]; then sed 's!=NONE/!=!g' php-fpm.conf.default | tee php-fpm.conf > /dev/null; cp php-fpm.d/www.conf.default php-fpm.d/www.conf; else mkdir php-fpm.d; cp php-fpm.conf.default php-fpm.d/www.conf; { echo '[global]'; echo 'include=etc/php-fpm.d/*.conf'; } | tee php-fpm.conf; fi; { echo '[global]'; echo 'error_log = /proc/self/fd/2'; echo; echo '; https://github.com/docker-library/php/pull/725#issuecomment-443540114'; echo 'log_limit = 8192'; echo; echo '[www]'; echo '; if we send this to /proc/self/fd/1, it never appears'; echo 'access.log = /proc/self/fd/2'; echo; echo 'clear_env = no'; echo; echo '; Ensure worker stdout and stderr are sent to the main error log.'; echo 'catch_workers_output = yes'; echo 'decorate_workers_output = no'; } | tee php-fpm.d/docker.conf; { echo '[global]'; echo 'daemonize = no'; echo; echo '[www]'; echo 'listen = 9000'; } | tee php-fpm.d/zz-docker.conf
...

1
site.yml

@ -1,4 +1,5 @@
--- ---
- import_playbook: anygroup.yml - import_playbook: anygroup.yml
# Import all other group playbooks in this file... # Import all other group playbooks in this file...

Loading…
Cancel
Save