mirror of
https://github.com/MatteZ02/infra.git
synced 2024-11-10 04:50:20 +00:00
Deployer Tasks: Add Nginx
This commit is contained in:
parent
4c43735016
commit
f93d850e09
69
files/nginx/conf/000-default.conf
Normal file
69
files/nginx/conf/000-default.conf
Normal file
@ -0,0 +1,69 @@
|
||||
server {
|
||||
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
|
||||
server_name _;
|
||||
|
||||
expires off;
|
||||
etag off;
|
||||
if_modified_since off;
|
||||
|
||||
gzip on;
|
||||
gzip_min_length 1000;
|
||||
gzip_proxied any;
|
||||
gzip_types *;
|
||||
gunzip on;
|
||||
|
||||
location / {
|
||||
root /usr/share/nginx/html;
|
||||
index index.html index.htm;
|
||||
|
||||
return 301 https://$host$request_uri/;
|
||||
}
|
||||
|
||||
if ($request_method !~ ^(GET|HEAD|POST)$ )
|
||||
{
|
||||
return 405;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
|
||||
listen 443 ssl http2 default_server;
|
||||
listen [::]:443 ssl http2 default_server;
|
||||
|
||||
server_name _;
|
||||
|
||||
ssl_certificate /etc/nginx/certs/mpp/fullchain.pem;
|
||||
ssl_certificate_key /etc/nginx/certs/mpp/privkey.pem;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:ECDHE-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ECDHE-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM';
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_session_cache shared:SSL:20m;
|
||||
ssl_session_timeout 180m;
|
||||
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
ssl_trusted_certificate /etc/nginx/certs/mpp/chain.pem;
|
||||
|
||||
expires off;
|
||||
etag off;
|
||||
if_modified_since off;
|
||||
|
||||
gzip on;
|
||||
gzip_min_length 1000;
|
||||
gzip_proxied any;
|
||||
gzip_types *;
|
||||
gunzip on;
|
||||
|
||||
location / {
|
||||
root /usr/share/nginx/html;
|
||||
index index.html index.htm;
|
||||
}
|
||||
|
||||
if ($request_method !~ ^(GET|HEAD|POST)$ )
|
||||
{
|
||||
return 405;
|
||||
}
|
||||
}
|
31
files/nginx/config.conf
Normal file
31
files/nginx/config.conf
Normal file
@ -0,0 +1,31 @@
|
||||
user nginx;
|
||||
worker_processes 1;
|
||||
|
||||
error_log /var/log/nginx/error.log error;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
log_format main '[$time_local] $host - $remote_addr - $remote_user "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
server_tokens off;
|
||||
|
||||
sendfile off;
|
||||
#tcp_nopush on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
resolver 1.1.1.1;
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
}
|
59
files/nginx/index.html
Normal file
59
files/nginx/index.html
Normal file
@ -0,0 +1,59 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="en">
|
||||
<head>
|
||||
<title>{{ ansible_facts.fqdn }}</title>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="robots" content="noindex">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
|
||||
<style>
|
||||
body {
|
||||
background-color: #333333;
|
||||
width: 100vw;
|
||||
height: 100vh;
|
||||
margin: 0;
|
||||
display: flex;
|
||||
align-items: center;
|
||||
justify-content: center;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
*, *:active, *:focus, *:hover, *:visited, *:link {
|
||||
color: #ffffff;
|
||||
font-family: sans-serif;
|
||||
}
|
||||
|
||||
p {
|
||||
margin-bottom: 0px;
|
||||
margin-top: 0px;
|
||||
}
|
||||
|
||||
.org {
|
||||
font-size: xx-large;
|
||||
}
|
||||
|
||||
.link {
|
||||
margin-top: 10px;
|
||||
}
|
||||
|
||||
.server {
|
||||
margin-top: 50px;
|
||||
}
|
||||
|
||||
.server * {
|
||||
color: #555555;
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div>
|
||||
<p class="org">Musix Org</p>
|
||||
<p class="link"><a href="https://musix-org.com">Visit website</a></p>
|
||||
|
||||
<div class="server">
|
||||
<p class="name">{{ ansible_facts.fqdn }}</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</body>
|
||||
</html>
|
@ -119,6 +119,61 @@
|
||||
tags:
|
||||
- mariadb
|
||||
|
||||
- name: "Deployer - Nginx - Configure - Create Folder"
|
||||
file:
|
||||
path: "/root/nginx/"
|
||||
state: directory
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: "Deployer - Nginx - Configure - Create Subfolders"
|
||||
file:
|
||||
dest: '/root/nginx/{{ item.path }}'
|
||||
state: directory
|
||||
with_filetree: './files/nginx/'
|
||||
loop_control:
|
||||
label: "{{ item.path }}"
|
||||
when:
|
||||
- item.state == 'directory'
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: "Deployer - Nginx - Configure - Generating & Transferring Files"
|
||||
template:
|
||||
src: '{{ item.src }}'
|
||||
dest: '/root/nginx/{{ item.path }}'
|
||||
with_filetree: './files/nginx/'
|
||||
loop_control:
|
||||
label: "{{ item.path }}"
|
||||
when:
|
||||
- item.state == 'file'
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: "Deployer - Nginx - Pull Image"
|
||||
containers.podman.podman_image:
|
||||
name: docker.io/nginx
|
||||
tag: latest
|
||||
register: deployerTask3
|
||||
|
||||
- name: "Deployer - Nginx - Run Container"
|
||||
containers.podman.podman_container:
|
||||
name: nginx
|
||||
image: docker.io/nginx
|
||||
state: started
|
||||
recreate: on
|
||||
network: host
|
||||
volumes:
|
||||
- "/root/nginx/index.html:/usr/share/nginx/html/index.html:ro"
|
||||
- "/root/nginx/config.conf:/etc/nginx/nginx.conf:ro"
|
||||
- "/root/nginx/conf/:/etc/nginx/conf.d/:ro"
|
||||
- "/root/certs/:/etc/nginx/certs/:ro"
|
||||
restart_policy: always
|
||||
when:
|
||||
- (deployerTask3 is defined and deployerTask3.changed) or deployerTask3 is undefined
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: "Deployer - Backend - Git Operations"
|
||||
git:
|
||||
repo: git@github.com:MetroHege/MPP-Backend.git
|
||||
|
Loading…
Reference in New Issue
Block a user