Sasha Ivanov
2 years ago
11 changed files with 86 additions and 248 deletions
-
4anygroup.yml
-
4hosts
-
3requirements.yml
-
1roles/common/tasks/main.yml
-
8roles/composer/tasks/main.yml
-
51roles/nginx/files/octobercms.conf
-
32roles/nginx/tasks/files/20-envsubst-on-templates.sh
-
188roles/nginx/tasks/files/30-tune-worker-processes.sh
-
35roles/nginx/tasks/main.yml
-
3roles/php/tasks/main.yml
-
1site.yml
@ -1,8 +1,8 @@ |
|||
--- |
|||
- hosts: debian10 |
|||
roles: |
|||
- nginx |
|||
- php |
|||
- { role: 'nginx', tags: 'nginx' } |
|||
- { role: 'php', tags: 'php' } |
|||
|
|||
# Associate further roles to servers in specific group in this file... |
|||
|
@ -1,4 +1,7 @@ |
|||
--- |
|||
|
|||
collections: |
|||
- name: nginxinc.nginx_core |
|||
version: 0.8.0 |
|||
|
|||
... |
@ -0,0 +1,8 @@ |
|||
--- |
|||
|
|||
- name: Update packages |
|||
shell: apt update |
|||
|
|||
# TODO: установка композера |
|||
|
|||
... |
@ -0,0 +1,51 @@ |
|||
location / { |
|||
rewrite ^/.*$ /index.php last; |
|||
} |
|||
|
|||
location ~ ^/combine.*\.(css|js) { |
|||
rewrite ^/.*$ /index.php last; |
|||
expires max; |
|||
} |
|||
|
|||
# Whitelist |
|||
|
|||
## Let October handle if static file does not exists |
|||
|
|||
location = /favicon.ico { try_files $uri /index.php; } |
|||
location ~ ^/.*\.xml { try_files $uri /index.php; } |
|||
location = /robots.txt { try_files $uri /index.php; } |
|||
location = /humans.txt { try_files $uri /index.php; } |
|||
location ~ ^/(google|yandex).*\.html { try_files $uri /index.php; } |
|||
|
|||
## Let nginx return 404 if static file does not exists |
|||
|
|||
location /storage/app/uploads/public { try_files $uri /404; } |
|||
location /storage/app/media { try_files $uri /404; } |
|||
location /storage/app/yml { try_files $uri /404; } |
|||
location /storage/app/docx { try_files $uri /404; } |
|||
location /storage/app/resized { try_files $uri /404; } |
|||
location /storage/temp/public { try_files $uri /404; } |
|||
location /files { try_files $uri /404; } |
|||
location ~ ^/storage/app/.*\.xls { try_files $uri /404; } |
|||
|
|||
location ~ ^/modules/.*/assets { try_files $uri /404; } |
|||
location ~ ^/modules/.*/resources { try_files $uri /404; } |
|||
location ~ ^/modules/.*/behaviors/.*/assets { try_files $uri /404; } |
|||
location ~ ^/modules/.*/behaviors/.*/resources { try_files $uri /404; } |
|||
location ~ ^/modules/.*/widgets/.*/assets { try_files $uri /404; } |
|||
location ~ ^/modules/.*/widgets/.*/resources { try_files $uri /404; } |
|||
location ~ ^/modules/.*/formwidgets/.*/assets { try_files $uri /404; } |
|||
location ~ ^/modules/.*/formwidgets/.*/resources { try_files $uri /404; } |
|||
location ~ ^/modules/.*/reportwidgets/.*/assets { try_files $uri /404; } |
|||
location ~ ^/modules/.*/reportwidgets/.*/resources { try_files $uri /404; } |
|||
location ~ ^/plugins/.*/.*/assets { try_files $uri /404; } |
|||
location ~ ^/plugins/.*/.*/resources { try_files $uri /404; } |
|||
location ~ ^/plugins/.*/.*/behaviors/.*/assets { try_files $uri /404; } |
|||
location ~ ^/plugins/.*/.*/behaviors/.*/resources { try_files $uri /404; } |
|||
location ~ ^/plugins/.*/.*/reportwidgets/.*/assets { try_files $uri /404; } |
|||
location ~ ^/plugins/.*/.*/reportwidgets/.*/resources { try_files $uri /404; } |
|||
location ~ ^/plugins/.*/.*/formwidgets/.*/assets { try_files $uri /404; } |
|||
location ~ ^/plugins/.*/.*/formwidgets/.*/resources { try_files $uri /404; } |
|||
location ~ ^/plugins/.*/.*/widgets/.*/assets { try_files $uri /404; } |
|||
location ~ ^/plugins/.*/.*/widgets/.*/resources { try_files $uri /404; } |
|||
location ~ ^/themes/.*/resources { try_files $uri /404; } |
@ -1,32 +0,0 @@ |
|||
#!/bin/sh |
|||
|
|||
set -e |
|||
|
|||
ME=$(basename $0) |
|||
|
|||
auto_envsubst() { |
|||
local template_dir="${NGINX_ENVSUBST_TEMPLATE_DIR:-/etc/nginx/templates}" |
|||
local suffix="${NGINX_ENVSUBST_TEMPLATE_SUFFIX:-.template}" |
|||
local output_dir="${NGINX_ENVSUBST_OUTPUT_DIR:-/etc/nginx/conf.d}" |
|||
|
|||
local template defined_envs relative_path output_path subdir |
|||
defined_envs=$(printf '${%s} ' $(env | cut -d= -f1)) |
|||
[ -d "$template_dir" ] || return 0 |
|||
if [ ! -w "$output_dir" ]; then |
|||
echo >&3 "$ME: ERROR: $template_dir exists, but $output_dir is not writable" |
|||
return 0 |
|||
fi |
|||
find "$template_dir" -follow -type f -name "*$suffix" -print | while read -r template; do |
|||
relative_path="${template#$template_dir/}" |
|||
output_path="$output_dir/${relative_path%$suffix}" |
|||
subdir=$(dirname "$relative_path") |
|||
# create a subdirectory where the template file exists |
|||
mkdir -p "$output_dir/$subdir" |
|||
echo >&3 "$ME: Running envsubst on $template to $output_path" |
|||
envsubst "$defined_envs" < "$template" > "$output_path" |
|||
done |
|||
} |
|||
|
|||
auto_envsubst |
|||
|
|||
exit 0 |
@ -1,188 +0,0 @@ |
|||
#!/bin/sh |
|||
# vim:sw=2:ts=2:sts=2:et |
|||
|
|||
set -eu |
|||
|
|||
LC_ALL=C |
|||
ME=$( basename "$0" ) |
|||
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin |
|||
|
|||
[ "${NGINX_ENTRYPOINT_WORKER_PROCESSES_AUTOTUNE:-}" ] || exit 0 |
|||
|
|||
touch /etc/nginx/nginx.conf 2>/dev/null || { echo >&2 "$ME: error: can not modify /etc/nginx/nginx.conf (read-only file system?)"; exit 0; } |
|||
|
|||
ceildiv() { |
|||
num=$1 |
|||
div=$2 |
|||
echo $(( (num + div - 1) / div )) |
|||
} |
|||
|
|||
get_cpuset() { |
|||
cpusetroot=$1 |
|||
cpusetfile=$2 |
|||
ncpu=0 |
|||
[ -f "$cpusetroot/$cpusetfile" ] || return 1 |
|||
for token in $( tr ',' ' ' < "$cpusetroot/$cpusetfile" ); do |
|||
case "$token" in |
|||
*-*) |
|||
count=$( seq $(echo "$token" | tr '-' ' ') | wc -l ) |
|||
ncpu=$(( ncpu+count )) |
|||
;; |
|||
*) |
|||
ncpu=$(( ncpu+1 )) |
|||
;; |
|||
esac |
|||
done |
|||
echo "$ncpu" |
|||
} |
|||
|
|||
get_quota() { |
|||
cpuroot=$1 |
|||
ncpu=0 |
|||
[ -f "$cpuroot/cpu.cfs_quota_us" ] || return 1 |
|||
[ -f "$cpuroot/cpu.cfs_period_us" ] || return 1 |
|||
cfs_quota=$( cat "$cpuroot/cpu.cfs_quota_us" ) |
|||
cfs_period=$( cat "$cpuroot/cpu.cfs_period_us" ) |
|||
[ "$cfs_quota" = "-1" ] && return 1 |
|||
[ "$cfs_period" = "0" ] && return 1 |
|||
ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) |
|||
[ "$ncpu" -gt 0 ] || return 1 |
|||
echo "$ncpu" |
|||
} |
|||
|
|||
get_quota_v2() { |
|||
cpuroot=$1 |
|||
ncpu=0 |
|||
[ -f "$cpuroot/cpu.max" ] || return 1 |
|||
cfs_quota=$( cut -d' ' -f 1 < "$cpuroot/cpu.max" ) |
|||
cfs_period=$( cut -d' ' -f 2 < "$cpuroot/cpu.max" ) |
|||
[ "$cfs_quota" = "max" ] && return 1 |
|||
[ "$cfs_period" = "0" ] && return 1 |
|||
ncpu=$( ceildiv "$cfs_quota" "$cfs_period" ) |
|||
[ "$ncpu" -gt 0 ] || return 1 |
|||
echo "$ncpu" |
|||
} |
|||
|
|||
get_cgroup_v1_path() { |
|||
needle=$1 |
|||
found= |
|||
foundroot= |
|||
mountpoint= |
|||
|
|||
[ -r "/proc/self/mountinfo" ] || return 1 |
|||
[ -r "/proc/self/cgroup" ] || return 1 |
|||
|
|||
while IFS= read -r line; do |
|||
case "$needle" in |
|||
"cpuset") |
|||
case "$line" in |
|||
*cpuset*) |
|||
found=$( echo "$line" | cut -d ' ' -f 4,5 ) |
|||
break |
|||
;; |
|||
esac |
|||
;; |
|||
"cpu") |
|||
case "$line" in |
|||
*cpuset*) |
|||
;; |
|||
*cpu,cpuacct*|*cpuacct,cpu|*cpuacct*|*cpu*) |
|||
found=$( echo "$line" | cut -d ' ' -f 4,5 ) |
|||
break |
|||
;; |
|||
esac |
|||
esac |
|||
done << __EOF__ |
|||
$( grep -F -- '- cgroup ' /proc/self/mountinfo ) |
|||
__EOF__ |
|||
|
|||
while IFS= read -r line; do |
|||
controller=$( echo "$line" | cut -d: -f 2 ) |
|||
case "$needle" in |
|||
"cpuset") |
|||
case "$controller" in |
|||
cpuset) |
|||
mountpoint=$( echo "$line" | cut -d: -f 3 ) |
|||
break |
|||
;; |
|||
esac |
|||
;; |
|||
"cpu") |
|||
case "$controller" in |
|||
cpu,cpuacct|cpuacct,cpu|cpuacct|cpu) |
|||
mountpoint=$( echo "$line" | cut -d: -f 3 ) |
|||
break |
|||
;; |
|||
esac |
|||
;; |
|||
esac |
|||
done << __EOF__ |
|||
$( grep -F -- 'cpu' /proc/self/cgroup ) |
|||
__EOF__ |
|||
|
|||
case "${found%% *}" in |
|||
"/") |
|||
foundroot="${found##* }$mountpoint" |
|||
;; |
|||
"$mountpoint") |
|||
foundroot="${found##* }" |
|||
;; |
|||
esac |
|||
echo "$foundroot" |
|||
} |
|||
|
|||
get_cgroup_v2_path() { |
|||
found= |
|||
foundroot= |
|||
mountpoint= |
|||
|
|||
[ -r "/proc/self/mountinfo" ] || return 1 |
|||
[ -r "/proc/self/cgroup" ] || return 1 |
|||
|
|||
while IFS= read -r line; do |
|||
found=$( echo "$line" | cut -d ' ' -f 4,5 ) |
|||
done << __EOF__ |
|||
$( grep -F -- '- cgroup2 ' /proc/self/mountinfo ) |
|||
__EOF__ |
|||
|
|||
while IFS= read -r line; do |
|||
mountpoint=$( echo "$line" | cut -d: -f 3 ) |
|||
done << __EOF__ |
|||
$( grep -F -- '0::' /proc/self/cgroup ) |
|||
__EOF__ |
|||
|
|||
case "${found%% *}" in |
|||
"") |
|||
return 1 |
|||
;; |
|||
"/") |
|||
foundroot="${found##* }$mountpoint" |
|||
;; |
|||
"$mountpoint") |
|||
foundroot="${found##* }" |
|||
;; |
|||
esac |
|||
echo "$foundroot" |
|||
} |
|||
|
|||
ncpu_online=$( getconf _NPROCESSORS_ONLN ) |
|||
ncpu_cpuset= |
|||
ncpu_quota= |
|||
ncpu_cpuset_v2= |
|||
ncpu_quota_v2= |
|||
|
|||
cpuset=$( get_cgroup_v1_path "cpuset" ) && ncpu_cpuset=$( get_cpuset "$cpuset" "cpuset.effective_cpus" ) || ncpu_cpuset=$ncpu_online |
|||
cpu=$( get_cgroup_v1_path "cpu" ) && ncpu_quota=$( get_quota "$cpu" ) || ncpu_quota=$ncpu_online |
|||
cgroup_v2=$( get_cgroup_v2_path ) && ncpu_cpuset_v2=$( get_cpuset "$cgroup_v2" "cpuset.cpus.effective" ) || ncpu_cpuset_v2=$ncpu_online |
|||
cgroup_v2=$( get_cgroup_v2_path ) && ncpu_quota_v2=$( get_quota_v2 "$cgroup_v2" ) || ncpu_quota_v2=$ncpu_online |
|||
|
|||
ncpu=$( printf "%s\n%s\n%s\n%s\n%s\n" \ |
|||
"$ncpu_online" \ |
|||
"$ncpu_cpuset" \ |
|||
"$ncpu_quota" \ |
|||
"$ncpu_cpuset_v2" \ |
|||
"$ncpu_quota_v2" \ |
|||
| sort -n \ |
|||
| head -n 1 ) |
|||
|
|||
sed -i.bak -r 's/^(worker_processes)(.*)$/# Commented out by '"$ME"' on '"$(date)"'\n#\1\2\n\1 '"$ncpu"';/' /etc/nginx/nginx.conf |
@ -1,30 +1,21 @@ |
|||
--- |
|||
- name: Set ENV vars |
|||
lineinfile: |
|||
dest: ~/.bashrc |
|||
line: "{{item}}" |
|||
loop: |
|||
- 'export NGINX_VERSION="1.21.3"' |
|||
- 'export NJS_VERSION="0.6.2"' |
|||
- 'export PKG_RELEASE="1~buster"' |
|||
|
|||
- name: Install gnupg |
|||
shell: apt-get update && apt-get install --no-install-recommends --no-install-suggests -y gnupg1 gnupg2 gnupg ca-certificates |
|||
- name: Update packages |
|||
shell: apt update |
|||
|
|||
- name: Install nginx |
|||
environment: |
|||
NGINX_GPGKEY: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 |
|||
shell: >- |
|||
set -x && addgroup --system --gid 101 nginx && adduser --system --disabled-login --ingroup nginx --no-create-home --home /nonexistent --gecos "nginx user" --shell /bin/false --uid 101 nginx && found=''; for server in ha.pool.sks-keyservers.net hkp://keyserver.ubuntu.com:80 hkp://p80.pool.sks-keyservers.net:80 pgp.mit.edu ; do echo "Fetching GPG key $NGINX_GPGKEY from $server"; apt-key adv --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$NGINX_GPGKEY" && found=yes && break; done; test -z "$found" && echo >&2 "error: failed to fetch GPG key $NGINX_GPGKEY" && exit 1; apt-get remove --purge --auto-remove -y gnupg1 && rm -rf /var/lib/apt/lists/* && dpkgArch="$(dpkg --print-architecture)" && nginxPackages=" nginx=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-${PKG_RELEASE} nginx-module-njs=${NGINX_VERSION}+${NJS_VERSION}-${PKG_RELEASE} " && case "$dpkgArch" in amd64|i386|arm64) echo "deb https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list && apt-get update ;; *) echo "deb-src https://nginx.org/packages/mainline/debian/ buster nginx" >> /etc/apt/sources.list.d/nginx.list && tempDir="$(mktemp -d)" && chmod 777 "$tempDir" && savedAptMark="$(apt-mark showmanual)" && apt-get update && apt-get build-dep -y $nginxPackages && ( cd "$tempDir" && DEB_BUILD_OPTIONS="nocheck parallel=$(nproc)" apt-get source --compile $nginxPackages ) && apt-mark showmanual | xargs apt-mark auto > /dev/null && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark; } && ls -lAFh "$tempDir" && ( cd "$tempDir" && dpkg-scanpackages . > Packages ) && grep '^Package: ' "$tempDir/Packages" && echo "deb [ trusted=yes ] file://$tempDir ./" > /etc/apt/sources.list.d/temp.list && apt-get -o Acquire::GzipIndexes=false update ;; esac && apt-get install --no-install-recommends --no-install-suggests -y $nginxPackages gettext-base curl && apt-get remove --purge --auto-remove -y && rm -rf /var/lib/apt/lists/* /etc/apt/sources.list.d/nginx.list && if [ -n "$tempDir" ]; then apt-get purge -y --auto-remove && rm -rf "$tempDir" /etc/apt/sources.list.d/temp.list; fi && ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/nginx/error.log |
|||
shell: apt install nginx -y |
|||
|
|||
- name: Create dir for additional helper scripts /docker-entrypoint.d |
|||
shell: mkdir -p /docker-entrypoint.d |
|||
- name: Enable nginx |
|||
shell: systemctl enable nginx |
|||
|
|||
- name: Copy envsubst and tune worker to /docker-entrypoint.d |
|||
- name: Copy nginx config |
|||
copy: |
|||
src: "{{item}}" |
|||
dest: /docker-entrypoint.d |
|||
src: 'octobercms.conf' |
|||
dest: '/etc/nginx/includes.d' |
|||
mode: 0744 |
|||
loop: |
|||
- 20-envsubst-on-templates.sh |
|||
- 30-tune-worker-processes.sh |
|||
|
|||
- name: Restart nginx |
|||
shell: systemctl restart nginx |
|||
|
|||
... |
@ -1,4 +1,5 @@ |
|||
--- |
|||
|
|||
- import_playbook: anygroup.yml |
|||
|
|||
# Import all other group playbooks in this file... |
|||
|
Write
Preview
Loading…
Cancel
Save
Reference in new issue