From f93d850e09635d625db4ab33a5908234af827265 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christer=20War=C3=A9n?= Date: Thu, 18 Apr 2024 15:45:37 +0300 Subject: [PATCH] Deployer Tasks: Add Nginx --- files/nginx/conf/000-default.conf | 69 +++++++++++++++++++++++++++++++ files/nginx/config.conf | 31 ++++++++++++++ files/nginx/index.html | 59 ++++++++++++++++++++++++++ tasks/deployer.yml | 55 ++++++++++++++++++++++++ 4 files changed, 214 insertions(+) create mode 100644 files/nginx/conf/000-default.conf create mode 100644 files/nginx/config.conf create mode 100644 files/nginx/index.html diff --git a/files/nginx/conf/000-default.conf b/files/nginx/conf/000-default.conf new file mode 100644 index 0000000..d40160a --- /dev/null +++ b/files/nginx/conf/000-default.conf @@ -0,0 +1,69 @@ +server { + + listen 80 default_server; + listen [::]:80 default_server; + + server_name _; + + expires off; + etag off; + if_modified_since off; + + gzip on; + gzip_min_length 1000; + gzip_proxied any; + gzip_types *; + gunzip on; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + + return 301 https://$host$request_uri/; + } + + if ($request_method !~ ^(GET|HEAD|POST)$ ) + { + return 405; + } +} + +server { + + listen 443 ssl http2 default_server; + listen [::]:443 ssl http2 default_server; + + server_name _; + + ssl_certificate /etc/nginx/certs/mpp/fullchain.pem; + ssl_certificate_key /etc/nginx/certs/mpp/privkey.pem; + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:ECDHE-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ECDHE-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM'; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:20m; + ssl_session_timeout 180m; + + ssl_stapling on; + ssl_stapling_verify on; + ssl_trusted_certificate /etc/nginx/certs/mpp/chain.pem; + + expires off; + etag off; + if_modified_since off; + + gzip on; + gzip_min_length 1000; + gzip_proxied any; + gzip_types *; + gunzip on; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + if ($request_method !~ ^(GET|HEAD|POST)$ ) + { + return 405; + } +} diff --git a/files/nginx/config.conf b/files/nginx/config.conf new file mode 100644 index 0000000..c3c0a8f --- /dev/null +++ b/files/nginx/config.conf @@ -0,0 +1,31 @@ +user nginx; +worker_processes 1; + +error_log /var/log/nginx/error.log error; +pid /var/run/nginx.pid; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '[$time_local] $host - $remote_addr - $remote_user "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + server_tokens off; + + sendfile off; + #tcp_nopush on; + + keepalive_timeout 65; + + resolver 1.1.1.1; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/files/nginx/index.html b/files/nginx/index.html new file mode 100644 index 0000000..7839b9c --- /dev/null +++ b/files/nginx/index.html @@ -0,0 +1,59 @@ + + + + {{ ansible_facts.fqdn }} + + + + + + + +
+

Musix Org

+ + +
+

{{ ansible_facts.fqdn }}

+
+
+ + + diff --git a/tasks/deployer.yml b/tasks/deployer.yml index b1f684c..f181fa3 100644 --- a/tasks/deployer.yml +++ b/tasks/deployer.yml @@ -119,6 +119,61 @@ tags: - mariadb +- name: "Deployer - Nginx - Configure - Create Folder" + file: + path: "/root/nginx/" + state: directory + tags: + - nginx + +- name: "Deployer - Nginx - Configure - Create Subfolders" + file: + dest: '/root/nginx/{{ item.path }}' + state: directory + with_filetree: './files/nginx/' + loop_control: + label: "{{ item.path }}" + when: + - item.state == 'directory' + tags: + - nginx + +- name: "Deployer - Nginx - Configure - Generating & Transferring Files" + template: + src: '{{ item.src }}' + dest: '/root/nginx/{{ item.path }}' + with_filetree: './files/nginx/' + loop_control: + label: "{{ item.path }}" + when: + - item.state == 'file' + tags: + - nginx + +- name: "Deployer - Nginx - Pull Image" + containers.podman.podman_image: + name: docker.io/nginx + tag: latest + register: deployerTask3 + +- name: "Deployer - Nginx - Run Container" + containers.podman.podman_container: + name: nginx + image: docker.io/nginx + state: started + recreate: on + network: host + volumes: + - "/root/nginx/index.html:/usr/share/nginx/html/index.html:ro" + - "/root/nginx/config.conf:/etc/nginx/nginx.conf:ro" + - "/root/nginx/conf/:/etc/nginx/conf.d/:ro" + - "/root/certs/:/etc/nginx/certs/:ro" + restart_policy: always + when: + - (deployerTask3 is defined and deployerTask3.changed) or deployerTask3 is undefined + tags: + - nginx + - name: "Deployer - Backend - Git Operations" git: repo: git@github.com:MetroHege/MPP-Backend.git