Deployer Tasks: Add Nginx

2024-11-22 18:50:20 +00:00 · 2024-04-18 15:45:37 +03:00 · 2024-04-18 15:45:37 +03:00 · f93d850e09
commit f93d850e09
parent 4c43735016
4 changed files with 214 additions and 0 deletions
--- a/files/nginx/conf/000-default.conf
+++ b/files/nginx/conf/000-default.conf
@ -0,0 +1,69 @@
+server {
+
+    listen  80 default_server;
+    listen  [::]:80 default_server;
+
+    server_name _;
+
+    expires off;
+    etag off;
+    if_modified_since off;
+
+    gzip on;
+    gzip_min_length 1000;
+    gzip_proxied any;
+    gzip_types *;
+    gunzip on;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+
+        return 301 https://$host$request_uri/;
+    }
+
+    if ($request_method !~ ^(GET|HEAD|POST)$ )
+    {
+       return 405;
+    }
+}
+
+server {
+
+    listen  443 ssl http2 default_server;
+    listen  [::]:443 ssl http2 default_server;
+
+    server_name _;
+
+    ssl_certificate /etc/nginx/certs/mpp/fullchain.pem;
+    ssl_certificate_key /etc/nginx/certs/mpp/privkey.pem;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:ECDHE-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ECDHE-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM';
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:20m;
+    ssl_session_timeout 180m;
+
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    ssl_trusted_certificate /etc/nginx/certs/mpp/chain.pem;
+
+    expires off;
+    etag off;
+    if_modified_since off;
+
+    gzip on;
+    gzip_min_length 1000;
+    gzip_proxied any;
+    gzip_types *;
+    gunzip on;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    if ($request_method !~ ^(GET|HEAD|POST)$ )
+    {
+       return 405;
+    }
+}
--- a/files/nginx/config.conf
+++ b/files/nginx/config.conf
@ -0,0 +1,31 @@
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log error;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '[$time_local] $host - $remote_addr - $remote_user "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    server_tokens off;
+
+    sendfile        off;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    resolver 1.1.1.1;
+
+    include /etc/nginx/conf.d/*.conf;
+}
--- a/files/nginx/index.html
+++ b/files/nginx/index.html
@ -0,0 +1,59 @@
+<!DOCTYPE html>
+<html lang="en">
+    <head>
+        <title>{{ ansible_facts.fqdn }}</title>
+        <meta charset="UTF-8">
+        <meta name="robots" content="noindex">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+        <style>
+            body {
+                background-color: #333333;
+                width: 100vw;
+                height: 100vh;
+                margin: 0;
+                display: flex;
+                align-items: center;
+                justify-content: center;
+                text-align: center;
+            }
+
+            *, *:active, *:focus, *:hover, *:visited, *:link {
+                color: #ffffff;
+                font-family: sans-serif;
+            }
+
+            p {
+                margin-bottom: 0px;
+                margin-top: 0px;
+            }
+
+            .org {
+                font-size: xx-large;
+            }
+
+            .link {
+                margin-top: 10px;
+            }
+
+            .server {
+                margin-top: 50px;
+            }
+
+            .server * {
+                color: #555555;
+            }
+        </style>
+    </head>
+    <body>
+        <div>
+            <p class="org">Musix Org</p>
+            <p class="link"><a href="https://musix-org.com">Visit website</a></p>
+
+            <div class="server">
+                <p class="name">{{ ansible_facts.fqdn }}</p>
+            </div>
+        </div>
+
+    </body>
+</html>
--- a/tasks/deployer.yml
+++ b/tasks/deployer.yml
@ -119,6 +119,61 @@
  tags:
    - mariadb

+- name: "Deployer - Nginx - Configure - Create Folder"
+  file:
+    path: "/root/nginx/"
+    state: directory
+  tags:
+    - nginx
+
+- name: "Deployer - Nginx - Configure - Create Subfolders"
+  file:
+    dest: '/root/nginx/{{ item.path }}'
+    state: directory
+  with_filetree: './files/nginx/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'directory'
+  tags:
+    - nginx
+
+- name: "Deployer - Nginx - Configure - Generating & Transferring Files"
+  template:
+    src: '{{ item.src }}'
+    dest: '/root/nginx/{{ item.path }}'
+  with_filetree: './files/nginx/'
+  loop_control:
+    label: "{{ item.path }}"
+  when:
+    - item.state == 'file'
+  tags:
+    - nginx
+
+- name: "Deployer - Nginx - Pull Image"
+  containers.podman.podman_image:
+    name: docker.io/nginx
+    tag: latest
+  register: deployerTask3
+
+- name: "Deployer - Nginx - Run Container"
+  containers.podman.podman_container:
+    name: nginx
+    image: docker.io/nginx
+    state: started
+    recreate: on
+    network: host
+    volumes:
+      - "/root/nginx/index.html:/usr/share/nginx/html/index.html:ro"
+      - "/root/nginx/config.conf:/etc/nginx/nginx.conf:ro"
+      - "/root/nginx/conf/:/etc/nginx/conf.d/:ro"
+      - "/root/certs/:/etc/nginx/certs/:ro"
+    restart_policy: always
+  when:
+    - (deployerTask3 is defined and deployerTask3.changed) or deployerTask3 is undefined
+  tags:
+    - nginx
+
 - name: "Deployer - Backend - Git Operations"
  git:
    repo: git@github.com:MetroHege/MPP-Backend.git