Deployer Tasks: Add Nginx

This commit is contained in:
Christer Warén 2024-04-18 15:45:37 +03:00
parent 4c43735016
commit f93d850e09
4 changed files with 214 additions and 0 deletions

View File

@ -0,0 +1,69 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
expires off;
etag off;
if_modified_since off;
gzip on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types *;
gunzip on;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
return 301 https://$host$request_uri/;
}
if ($request_method !~ ^(GET|HEAD|POST)$ )
{
return 405;
}
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name _;
ssl_certificate /etc/nginx/certs/mpp/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/mpp/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:ECDHE-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ECDHE-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 180m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/mpp/chain.pem;
expires off;
etag off;
if_modified_since off;
gzip on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types *;
gunzip on;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
if ($request_method !~ ^(GET|HEAD|POST)$ )
{
return 405;
}
}

31
files/nginx/config.conf Normal file
View File

@ -0,0 +1,31 @@
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log error;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '[$time_local] $host - $remote_addr - $remote_user "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server_tokens off;
sendfile off;
#tcp_nopush on;
keepalive_timeout 65;
resolver 1.1.1.1;
include /etc/nginx/conf.d/*.conf;
}

59
files/nginx/index.html Normal file
View File

@ -0,0 +1,59 @@
<!DOCTYPE html>
<html lang="en">
<head>
<title>{{ ansible_facts.fqdn }}</title>
<meta charset="UTF-8">
<meta name="robots" content="noindex">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<style>
body {
background-color: #333333;
width: 100vw;
height: 100vh;
margin: 0;
display: flex;
align-items: center;
justify-content: center;
text-align: center;
}
*, *:active, *:focus, *:hover, *:visited, *:link {
color: #ffffff;
font-family: sans-serif;
}
p {
margin-bottom: 0px;
margin-top: 0px;
}
.org {
font-size: xx-large;
}
.link {
margin-top: 10px;
}
.server {
margin-top: 50px;
}
.server * {
color: #555555;
}
</style>
</head>
<body>
<div>
<p class="org">Musix Org</p>
<p class="link"><a href="https://musix-org.com">Visit website</a></p>
<div class="server">
<p class="name">{{ ansible_facts.fqdn }}</p>
</div>
</div>
</body>
</html>

View File

@ -119,6 +119,61 @@
tags: tags:
- mariadb - mariadb
- name: "Deployer - Nginx - Configure - Create Folder"
file:
path: "/root/nginx/"
state: directory
tags:
- nginx
- name: "Deployer - Nginx - Configure - Create Subfolders"
file:
dest: '/root/nginx/{{ item.path }}'
state: directory
with_filetree: './files/nginx/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'directory'
tags:
- nginx
- name: "Deployer - Nginx - Configure - Generating & Transferring Files"
template:
src: '{{ item.src }}'
dest: '/root/nginx/{{ item.path }}'
with_filetree: './files/nginx/'
loop_control:
label: "{{ item.path }}"
when:
- item.state == 'file'
tags:
- nginx
- name: "Deployer - Nginx - Pull Image"
containers.podman.podman_image:
name: docker.io/nginx
tag: latest
register: deployerTask3
- name: "Deployer - Nginx - Run Container"
containers.podman.podman_container:
name: nginx
image: docker.io/nginx
state: started
recreate: on
network: host
volumes:
- "/root/nginx/index.html:/usr/share/nginx/html/index.html:ro"
- "/root/nginx/config.conf:/etc/nginx/nginx.conf:ro"
- "/root/nginx/conf/:/etc/nginx/conf.d/:ro"
- "/root/certs/:/etc/nginx/certs/:ro"
restart_policy: always
when:
- (deployerTask3 is defined and deployerTask3.changed) or deployerTask3 is undefined
tags:
- nginx
- name: "Deployer - Backend - Git Operations" - name: "Deployer - Backend - Git Operations"
git: git:
repo: git@github.com:MetroHege/MPP-Backend.git repo: git@github.com:MetroHege/MPP-Backend.git