Sasha Ivanov
2 years ago
11 changed files with 86 additions and 248 deletions
-
4anygroup.yml
-
4hosts
-
3requirements.yml
-
1roles/common/tasks/main.yml
-
8roles/composer/tasks/main.yml
-
51roles/nginx/files/octobercms.conf
-
32roles/nginx/tasks/files/20-envsubst-on-templates.sh
-
188roles/nginx/tasks/files/30-tune-worker-processes.sh
-
35roles/nginx/tasks/main.yml
-
3roles/php/tasks/main.yml
-
1site.yml
@ -1,8 +1,8 @@ |
|||||
--- |
--- |
||||
- hosts: debian10 |
- hosts: debian10 |
||||
roles: |
roles: |
||||
- nginx |
|
||||
- php |
|
||||
|
- { role: 'nginx', tags: 'nginx' } |
||||
|
- { role: 'php', tags: 'php' } |
||||
|
|
||||
# Associate further roles to servers in specific group in this file... |
# Associate further roles to servers in specific group in this file... |
||||
|
|
@ -1,4 +1,7 @@ |
|||||
--- |
--- |
||||
|
|
||||
collections: |
collections: |
||||
- name: nginxinc.nginx_core |
- name: nginxinc.nginx_core |
||||
version: 0.8.0 |
version: 0.8.0 |
||||
|
|
||||
|
... |
@ -0,0 +1,8 @@ |
|||||
|
--- |
||||
|
|
||||
|
- name: Update packages |
||||
|
shell: apt update |
||||
|
|
||||
|
# TODO: установка композера |
||||
|
|
||||
|
... |
@ -0,0 +1,51 @@ |
|||||
|
location / { |
||||
|
rewrite ^/.*$ /index.php last; |
||||
|
} |
||||
|
|
||||
|
location ~ ^/combine.*\.(css|js) { |
||||
|
rewrite ^/.*$ /index.php last; |
||||
|
expires max; |
||||
|
} |
||||
|
|
||||
|
# Whitelist |
||||
|
|
||||
|
## Let October handle if static file does not exists |
||||
|
|
||||
|
location = /favicon.ico { try_files $uri /index.php; } |
||||
|
location ~ ^/.*\.xml { try_files $uri /index.php; } |
||||
|
location = /robots.txt { try_files $uri /index.php; } |
||||
|
location = /humans.txt { try_files $uri /index.php; } |
||||
|
location ~ ^/(google|yandex).*\.html { try_files $uri /index.php; } |
||||
|
|
||||
|
## Let nginx return 404 if static file does not exists |
||||
|
|
||||
|
location /storage/app/uploads/public { try_files $uri /404; } |
||||
|
location /storage/app/media { try_files $uri /404; } |
||||
|
location /storage/app/yml { try_files $uri /404; } |
||||
|
location /storage/app/docx { try_files $uri /404; } |
||||
|
location /storage/app/resized { try_files $uri /404; } |
||||
|
location /storage/temp/public { try_files $uri /404; } |
||||
|
location /files { try_files $uri /404; } |
||||
|
location ~ ^/storage/app/.*\.xls { try_files $uri /404; } |
||||
|
|
||||
|
location ~ ^/modules/.*/assets { try_files $uri /404; } |
||||
|
location ~ ^/modules/.*/resources { try_files $uri /404; } |
||||
|
location ~ ^/modules/.*/behaviors/.*/assets { try_files $uri /404; } |
||||
|
location ~ ^/modules/.*/behaviors/.*/resources { try_files $uri /404; } |
||||
|
location ~ ^/modules/.*/widgets/.*/assets { try_files $uri /404; } |
||||
|
location ~ ^/modules/.*/widgets/.*/resources { try_files $uri /404; } |
||||
|
location ~ ^/modules/.*/formwidgets/.*/assets { try_files $uri /404; } |
||||
|
location ~ ^/modules/.*/formwidgets/.*/resources { try_files $uri /404; } |
||||
|
location ~ ^/modules/.*/reportwidgets/.*/assets { try_files $uri /404; } |
||||
|
location ~ ^/modules/.*/reportwidgets/.*/resources { try_files $uri /404; } |
||||
|
location ~ ^/plugins/.*/.*/assets { try_files $uri /404; } |
||||
|
location ~ ^/plugins/.*/.*/resources { try_files $uri /404; } |
||||
|
location ~ ^/plugins/.*/.*/behaviors/.*/assets { try_files $uri /404; } |
||||
|
location ~ ^/plugins/.*/.*/behaviors/.*/resources { try_files $uri /404; } |
||||
|
location ~ ^/plugins/.*/.*/reportwidgets/.*/assets { try_files $uri /404; } |
||||
|
location ~ ^/plugins/.*/.*/reportwidgets/.*/resources { try_files $uri /404; } |
||||
|
location ~ ^/plugins/.*/.*/formwidgets/.*/assets { try_files $uri /404; } |
||||
|
location ~ ^/plugins/.*/.*/formwidgets/.*/resources { try_files $uri /404; } |
||||
|
location ~ ^/plugins/.*/.*/widgets/.*/assets { try_files $uri /404; } |
||||
|
location ~ ^/plugins/.*/.*/widgets/.*/resources { try_files $uri /404; } |
||||
|
location ~ ^/themes/.*/resources { try_files $uri /404; } |
@ -1,32 +0,0 @@ |
|||||
#!/bin/sh |
|
||||
|
|
||||
set -e |
|
||||
|
|
||||
ME=$(basename $0) |
|
||||
|
|
||||
auto_envsubst() { |
|
||||
local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" |
|
||||
local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" |
|
||||
local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" |
|
||||
|
|
||||
local template defined_envs relative_path output_path subdir |
|
||||
defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) |
|
||||
[ -d "$template_dir" ] || return 0 |
|
||||
if [ ! -w "$output_dir" ]; then |
|
||||
echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" |
|
||||
return 0 |
|
||||
fi |
|
||||
find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do |
|
||||
relative_path="${template#$template_dir/}" |
|
||||
output_path="$output_dir/${relative_path%$suffix}" |
|
||||
subdir=$(dirname "$relative_path") |
|
||||
# create a subdirectory where the template file exists |
|
||||
mkdir -p "$output_dir/$subdir" |
|
||||
echo >&3 "$ME: Running envsubst on $template to $output_path" |
|
||||
envsubst "$defined_envs" < "$template" > "$output_path" |
|
||||
done |
|
||||
} |
|
||||
|
|
||||
auto_envsubst |
|
||||
|
|
||||
exit 0 |
|
@ -1,188 +0,0 @@ |
|||||
#!/bin/sh |
|
||||
# vim:sw=2:ts=2:sts=2:et |
|
||||
|
|
||||
set -eu |
|
||||
|
|
||||
LC_ALL=C |
|
||||
ME=$( basename "$0" ) |
|
||||
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin |
|
||||
|
|
||||
[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 |
|
||||
|
|
||||
touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } |
|
||||
|
|
||||
ceildiv() { |
|
||||
num=$1 |
|
||||
div=$2 |
|
||||
echo $(( (num + div - 1) / div )) |
|
||||
} |
|
||||
|
|
||||
get_cpuset() { |
|
||||
cpusetroot=$1 |
|
||||
cpusetfile=$2 |
|
||||
ncpu=0 |
|
||||
[ -f "$cpusetroot/$cpusetfile" ] || return 1 |
|
||||
for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do |
|
||||
case "$token" in |
|
||||
*-*) |
|
||||
count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) |
|
||||
ncpu=$(( ncpu+count )) |
|
||||
;; |
|
||||
*) |
|
||||
ncpu=$(( ncpu+1 )) |
|
||||
;; |
|
||||
esac |
|
||||
done |
|
||||
echo "$ncpu" |
|
||||
} |
|
||||
|
|
||||
get_quota() { |
|
||||
cpuroot=$1 |
|
||||
ncpu=0 |
|
||||
[ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 |
|
||||
[ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 |
|
||||
cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) |
|
||||
cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) |
|
||||
[ "$cfs_quota" = "-1" ] && return 1 |
|
||||
[ "$cfs_period" = "0" ] && return 1 |
|
||||
ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) |
|
||||
[ "$ncpu" -gt 0 ] || return 1 |
|
||||
echo "$ncpu" |
|
||||
} |
|
||||
|
|
||||
get_quota_v2() { |
|
||||
cpuroot=$1 |
|
||||
ncpu=0 |
|
||||
[ -f "$cpuroot/cpu.max" ] || return 1 |
|
||||
cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) |
|
||||
cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) |
|
||||
[ "$cfs_quota" = "max" ] && return 1 |
|
||||
[ "$cfs_period" = "0" ] && return 1 |
|
||||
ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) |
|
||||
[ "$ncpu" -gt 0 ] || return 1 |
|
||||
echo "$ncpu" |
|
||||
} |
|
||||
|
|
||||
get_cgroup_v1_path() { |
|
||||
needle=$1 |
|
||||
found= |
|
||||
foundroot= |
|
||||
mountpoint= |
|
||||
|
|
||||
[ -r "/proc/self/mountinfo" ] || return 1 |
|
||||
[ -r "/proc/self/cgroup" ] || return 1 |
|
||||
|
|
||||
while IFS= read -r line; do |
|
||||
case "$needle" in |
|
||||
"cpuset") |
|
||||
case "$line" in |
|
||||
*cpuset*) |
|
||||
found=$( echo "$line" | cut -d ' ' -f 4,5 ) |
|
||||
break |
|
||||
;; |
|
||||
esac |
|
||||
;; |
|
||||
"cpu") |
|
||||
case "$line" in |
|
||||
*cpuset*) |
|
||||
;; |
|
||||
*cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) |
|
||||
found=$( echo "$line" | cut -d ' ' -f 4,5 ) |
|
||||
break |
|
||||
;; |
|
||||
esac |
|
||||
esac |
|
||||
done << __EOF__ |
|
||||
$( grep -F -- '- cgroup ' /proc/self/mountinfo ) |
|
||||
__EOF__ |
|
||||
|
|
||||
while IFS= read -r line; do |
|
||||
controller=$( echo "$line" | cut -d: -f 2 ) |
|
||||
case "$needle" in |
|
||||
"cpuset") |
|
||||
case "$controller" in |
|
||||
cpuset) |
|
||||
mountpoint=$( echo "$line" | cut -d: -f 3 ) |
|
||||
break |
|
||||
;; |
|
||||
esac |
|
||||
;; |
|
||||
"cpu") |
|
||||
case "$controller" in |
|
||||
cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) |
|
||||
mountpoint=$( echo "$line" | cut -d: -f 3 ) |
|
||||
break |
|
||||
;; |
|
||||
esac |
|
||||
;; |
|
||||
esac |
|
||||
done << __EOF__ |
|
||||
$( grep -F -- 'cpu' /proc/self/cgroup ) |
|
||||
__EOF__ |
|
||||
|
|
||||
case "${found%% *}" in |
|
||||
"/") |
|
||||
foundroot="${found##* }$mountpoint" |
|
||||
;; |
|
||||
"$mountpoint") |
|
||||
foundroot="${found##* }" |
|
||||
;; |
|
||||
esac |
|
||||
echo "$foundroot" |
|
||||
} |
|
||||
|
|
||||
get_cgroup_v2_path() { |
|
||||
found= |
|
||||
foundroot= |
|
||||
mountpoint= |
|
||||
|
|
||||
[ -r "/proc/self/mountinfo" ] || return 1 |
|
||||
[ -r "/proc/self/cgroup" ] || return 1 |
|
||||
|
|
||||
while IFS= read -r line; do |
|
||||
found=$( echo "$line" | cut -d ' ' -f 4,5 ) |
|
||||
done << __EOF__ |
|
||||
$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) |
|
||||
__EOF__ |
|
||||
|
|
||||
while IFS= read -r line; do |
|
||||
mountpoint=$( echo "$line" | cut -d: -f 3 ) |
|
||||
done << __EOF__ |
|
||||
$( grep -F -- '0::' /proc/self/cgroup ) |
|
||||
__EOF__ |
|
||||
|
|
||||
case "${found%% *}" in |
|
||||
"") |
|
||||
return 1 |
|
||||
;; |
|
||||
"/") |
|
||||
foundroot="${found##* }$mountpoint" |
|
||||
;; |
|
||||
"$mountpoint") |
|
||||
foundroot="${found##* }" |
|
||||
;; |
|
||||
esac |
|
||||
echo "$foundroot" |
|
||||
} |
|
||||
|
|
||||
ncpu_online=$( getconf _NPROCESSORS_ONLN ) |
|
||||
ncpu_cpuset= |
|
||||
ncpu_quota= |
|
||||
ncpu_cpuset_v2= |
|
||||
ncpu_quota_v2= |
|
||||
|
|
||||
cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online |
|
||||
cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online |
|
||||
cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online |
|
||||
cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online |
|
||||
|
|
||||
ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ |
|
||||
"$ncpu_online" \ |
|
||||
"$ncpu_cpuset" \ |
|
||||
"$ncpu_quota" \ |
|
||||
"$ncpu_cpuset_v2" \ |
|
||||
"$ncpu_quota_v2" \ |
|
||||
| sort -n \ |
|
||||
| head -n 1 ) |
|
||||
|
|
||||
sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf |
|
@ -1,30 +1,21 @@ |
|||||
--- |
--- |
||||
- name: Set ENV vars |
|
||||
lineinfile: |
|
||||
dest: ~/.bashrc |
|
||||
line: "{{item}}" |
|
||||
loop: |
|
||||
- 'export NGINX_VERSION="1.21.3"' |
|
||||
- 'export NJS_VERSION="0.6.2"' |
|
||||
- 'export PKG_RELEASE="1~buster"' |
|
||||
|
|
||||
- name: Install gnupg |
|
||||
shell: apt-get update && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 gnupg2 gnupg ca-certificates |
|
||||
|
- name: Update packages |
||||
|
shell: apt update |
||||
|
|
||||
- name: Install nginx |
- name: Install nginx |
||||
environment: |
|
||||
NGINX_GPGKEY: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 |
|
||||
shell: >- |
|
||||
set -x && addgroup --system --gid 101 nginx && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx && found=''; for server in ha.pool.sks-keyservers.net hkp://keyserver.ubuntu.com:80 hkp://p80.pool.sks-keyservers.net:80 pgp.mit.edu ; do echo "Fetching GPG key $NGINX_GPGKEY from $server"; apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; done; test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* && dpkgArch="$(dpkg --print-architecture)" && nginxPackages=" nginx=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} " && case "$dpkgArch" in amd64|i386|arm64) echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list && apt-get update ;; *) echo "deb-src https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list && tempDir="$(mktemp -d)" && chmod 777 "$tempDir" && savedAptMark="$(apt-mark showmanual)" && apt-get update && apt-get build-dep -y $nginxPackages && ( cd "$tempDir" && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" apt-get source --compile $nginxPackages ) && apt-mark showmanual | xargs apt-mark auto > /dev/null && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } && ls -lAFh "$tempDir" && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) && grep '^Package: ' "$tempDir/Packages" && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list && apt-get -o Acquire::GzipIndexes=false update ;; esac && apt-get install --no-install-recommends --no-install-suggests -y $nginxPackages gettext-base curl && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list && if [ -n "$tempDir" ]; then apt-get purge -y --auto-remove && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; fi && ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log |
|
||||
|
shell: apt install nginx -y |
||||
|
|
||||
- name: Create dir for additional helper scripts /docker-entrypoint.d |
|
||||
shell: mkdir -p /docker-entrypoint.d |
|
||||
|
- name: Enable nginx |
||||
|
shell: systemctl enable nginx |
||||
|
|
||||
- name: Copy envsubst and tune worker to /docker-entrypoint.d |
|
||||
|
- name: Copy nginx config |
||||
copy: |
copy: |
||||
src: "{{item}}" |
|
||||
dest: /docker-entrypoint.d |
|
||||
|
src: 'octobercms.conf' |
||||
|
dest: '/etc/nginx/includes.d' |
||||
mode: 0744 |
mode: 0744 |
||||
loop: |
|
||||
- 20-envsubst-on-templates.sh |
|
||||
- 30-tune-worker-processes.sh |
|
||||
|
|
||||
|
- name: Restart nginx |
||||
|
shell: systemctl restart nginx |
||||
|
|
||||
|
... |
@ -1,4 +1,5 @@ |
|||||
--- |
--- |
||||
|
|
||||
- import_playbook: anygroup.yml |
- import_playbook: anygroup.yml |
||||
|
|
||||
# Import all other group playbooks in this file... |
# Import all other group playbooks in this file... |
||||
|
Write
Preview
Loading…
Cancel
Save
Reference in new issue