mirror of
https://github.com/GeekOops/geekoops-nginx.git
synced 2024-05-09 01:07:55 +00:00
first commit
This commit is contained in:
commit
a7bc2ae71b
49
.githooks/pre-commit
Executable file
49
.githooks/pre-commit
Executable file
|
@ -0,0 +1,49 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Pre-commit script which checks the playbook for syntax errors
|
||||
|
||||
if git rev-parse --verify HEAD >/dev/null 2>&1
|
||||
then
|
||||
against=HEAD
|
||||
else
|
||||
# Initial commit: diff against an empty tree object
|
||||
against=$(git hash-object -t tree /dev/null)
|
||||
fi
|
||||
|
||||
# If you want to allow non-ASCII filenames set this variable to true.
|
||||
allownonascii=$(git config --type=bool hooks.allownonascii)
|
||||
|
||||
# Redirect output to stderr.
|
||||
exec 1>&2
|
||||
|
||||
# Cross platform projects tend to avoid non-ASCII filenames; prevent
|
||||
# them from being added to the repository. We exploit the fact that the
|
||||
# printable range starts at the space character and ends with tilde.
|
||||
if [ "$allownonascii" != "true" ] &&
|
||||
# Note that the use of brackets around a tr range is ok here, (it's
|
||||
# even required, for portability to Solaris 10's /usr/bin/tr), since
|
||||
# the square bracket bytes happen to fall in the designated range.
|
||||
test $(git diff --cached --name-only --diff-filter=A -z $against |
|
||||
LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0
|
||||
then
|
||||
cat <<\EOF
|
||||
Error: Attempt to add a non-ASCII file name.
|
||||
|
||||
This can cause problems if you want to work with people on other platforms.
|
||||
|
||||
To be portable it is advisable to rename the file.
|
||||
|
||||
If you know what you are doing you can disable this check using:
|
||||
|
||||
git config hooks.allownonascii true
|
||||
EOF
|
||||
exit 1
|
||||
fi
|
||||
|
||||
set -e
|
||||
|
||||
# If there are whitespace errors, print the offending file names and fail.
|
||||
git diff-index --check --cached $against --
|
||||
|
||||
# Run yamllint on yaml files
|
||||
yamllint defaults/*.yml handlers/*.yml meta/*.yml tasks/*.yml vars/*.yml
|
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
|||
# Python cache
|
||||
__pycache__
|
61
README.md
Normal file
61
README.md
Normal file
|
@ -0,0 +1,61 @@
|
|||
# geekoops-nginx
|
||||
|
||||
Configurable ansible role for setting up a nginx webserver on a Linux server. Works with
|
||||
|
||||
- openSUSE Leap 15.2
|
||||
- Debian Buster
|
||||
|
||||
## Role Variables
|
||||
--------------
|
||||
|
||||
You can set the following variables to configure the role. Here listed are the variables and their default settings.
|
||||
|
||||
Firewall configuration (disable by default)
|
||||
|
||||
config_firewall: false # Enable firewall configuration
|
||||
firewall_zone: "public" # Firewall zone to configure
|
||||
open_http: true # Enable http on the firewall_zone
|
||||
open_https: true # Enable https on the firewall_zone
|
||||
|
||||
Custom `nginx` settings
|
||||
|
||||
nginx_user: "nginx" # Default nginx user (for permission ecc.)
|
||||
nginx_group: "nginx" # Default nginx group (for permission ecc.)
|
||||
|
||||
|
||||
## Example Playbook
|
||||
|
||||
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
|
||||
|
||||
- hosts: servers
|
||||
roles:
|
||||
- { role: geekoops-nginx, config_firewall: true }
|
||||
|
||||
A bit more advanced example for the imaginary `jellyfish` test server
|
||||
|
||||
- hosts: jellyfish
|
||||
roles:
|
||||
- role: geekoops-nginx
|
||||
vars:
|
||||
setup_default_page: true
|
||||
default_page_hostname: "{{ansible_host}}"
|
||||
config_firewall: true
|
||||
firewall_zone: "public"
|
||||
|
||||
## License
|
||||
|
||||
MIT
|
||||
|
||||
## Author Information
|
||||
|
||||
phoenix
|
||||
|
||||
Have a lot of fun!
|
||||
|
||||
# Development
|
||||
|
||||
## Add githooks
|
||||
|
||||
This repository ships pre-commit git hooks that will check the yaml syntax. To configure them do
|
||||
|
||||
git config --local core.hooksPath .githooks/
|
16
defaults/main.yml
Normal file
16
defaults/main.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
# defaults file for geekoops-nginx
|
||||
|
||||
# Don't install default page by default
|
||||
setup_default_page: false
|
||||
default_page_hostname: "localhost"
|
||||
|
||||
# firewall configuration
|
||||
config_firewall: false
|
||||
firewall_zone: "public"
|
||||
open_http: true
|
||||
open_https: true
|
||||
|
||||
# nginx settings
|
||||
nginx_user: "nginx"
|
||||
nginx_group: "nginx"
|
7
handlers/main.yml
Normal file
7
handlers/main.yml
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
# handlers file for geekoops-nginx
|
||||
|
||||
- name: restart nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
30
meta/main.yml
Normal file
30
meta/main.yml
Normal file
|
@ -0,0 +1,30 @@
|
|||
---
|
||||
galaxy_info:
|
||||
author: Felix Niederwanger
|
||||
description: Configurable nginx setup role
|
||||
company: SUSE
|
||||
|
||||
# If the issue tracker for your role is not on github, uncomment the
|
||||
# next line and provide a value
|
||||
# issue_tracker_url: http://example.com/issue/tracker
|
||||
|
||||
license: license MIT
|
||||
|
||||
min_ansible_version: 2.9
|
||||
|
||||
# To view available platforms and versions (or releases), visit:
|
||||
# https://galaxy.ansible.com/api/v1/platforms/
|
||||
#
|
||||
platforms:
|
||||
- name: opensuse
|
||||
versions:
|
||||
- 15.2
|
||||
- name: debian
|
||||
versions:
|
||||
- buster
|
||||
|
||||
galaxy_tags:
|
||||
- nginx
|
||||
- lemp
|
||||
|
||||
dependencies: []
|
42
molecule/default/converge.yml
Normal file
42
molecule/default/converge.yml
Normal file
|
@ -0,0 +1,42 @@
|
|||
---
|
||||
- name: Converge
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: "Include geekoops-nginx"
|
||||
include_role:
|
||||
name: "geekoops-nginx"
|
||||
## Setup test enviroment
|
||||
# Deploy a test site and serve it
|
||||
- name: Deploy test page
|
||||
copy:
|
||||
content: |
|
||||
<html>Success! The test page is displayed correctly</html>
|
||||
dest: "{{www_dir}}/index.html"
|
||||
group: "{{nginxuser}}"
|
||||
owner: "{{nginxgroup}}"
|
||||
mode: 0754
|
||||
- name: Deploy nginx configuration
|
||||
copy:
|
||||
content: |
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80 default_server;
|
||||
root {{ www_dir }};
|
||||
index index.html index.htm;
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
||||
dest: "{{vhosts_dir}}/default.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
when: deploy_nginx_config == true
|
||||
- name: Rung nginx check
|
||||
shell: nginx -t
|
||||
|
||||
# Restart of nginx is required for the new configuration
|
||||
- name: Restart nginx
|
||||
systemd:
|
||||
name: nginx
|
||||
state: restarted
|
48
molecule/default/molecule.yml
Normal file
48
molecule/default/molecule.yml
Normal file
|
@ -0,0 +1,48 @@
|
|||
---
|
||||
dependency:
|
||||
name: galaxy
|
||||
driver:
|
||||
name: docker
|
||||
platforms:
|
||||
- name: leap15_2
|
||||
image: grisu48/leap-ansible
|
||||
pre_build_image: true
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
capabilities:
|
||||
- SYS_ADMIN
|
||||
tmpfs:
|
||||
- /run
|
||||
- /tmp
|
||||
- name: buster
|
||||
image: grisu48/buster-ansible
|
||||
pre_build_image: true
|
||||
volumes:
|
||||
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||
capabilities:
|
||||
- SYS_ADMIN
|
||||
privileged: true
|
||||
tmpfs:
|
||||
- /run
|
||||
- /tmp
|
||||
provisioner:
|
||||
name: ansible
|
||||
inventory:
|
||||
host_vars:
|
||||
leap15_2:
|
||||
vhosts_dir: "/etc/nginx/vhosts.d"
|
||||
nginxuser: nginx
|
||||
nginxgroup: nginx
|
||||
deploy_nginx_config: true
|
||||
buster:
|
||||
vhosts_dir: "/etc/nginx/sites-enabled"
|
||||
nginxuser: www-data
|
||||
nginxgroup: www-data
|
||||
deploy_nginx_config: false
|
||||
verifier:
|
||||
name: testinfra
|
||||
lint:
|
||||
name: flake8
|
||||
lint: |
|
||||
set -e
|
||||
yamllint .
|
15
molecule/default/tests/test_default.py
Executable file
15
molecule/default/tests/test_default.py
Executable file
|
@ -0,0 +1,15 @@
|
|||
#!/usr/bin/python3
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
|
||||
import testinfra.utils.ansible_runner
|
||||
import os
|
||||
|
||||
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
|
||||
|
||||
def test_phpinfo(host):
|
||||
cmd = host.run("curl -v http://127.0.0.1/index.html")
|
||||
print(cmd.stdout)
|
||||
assert 'HTTP/1.1 200 OK' in cmd.stderr
|
||||
assert "Success" in cmd.stdout
|
||||
assert "The test page is displayed correctly" in cmd.stdout
|
10
molecule/default/verify.yml
Normal file
10
molecule/default/verify.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
# This is an example playbook to execute Ansible tests.
|
||||
|
||||
- name: Verify
|
||||
hosts: all
|
||||
gather_facts: false
|
||||
tasks:
|
||||
- name: Example assertion
|
||||
assert:
|
||||
that: true
|
30
tasks/default-page.yml
Normal file
30
tasks/default-page.yml
Normal file
|
@ -0,0 +1,30 @@
|
|||
---
|
||||
# setup a default page
|
||||
|
||||
- name: Ensure default page directory exists
|
||||
file:
|
||||
path: /srv/www/default
|
||||
owner: "{{nginx_user}}"
|
||||
group: "{{nginx_group}}"
|
||||
mode: 0755
|
||||
state: directory
|
||||
tags: ['nginx']
|
||||
- name: Ensure default page exists
|
||||
template:
|
||||
src: index.html.j2
|
||||
dest: "{{www_dir}}/default/index.html"
|
||||
owner: "{{nginx_user}}"
|
||||
group: "{{nginx_group}}"
|
||||
mode: 0755
|
||||
force: false
|
||||
tags: ['nginx']
|
||||
- name: Ensure default page nginx template exists
|
||||
template:
|
||||
src: default-www.j2
|
||||
dest: "{{vhosts_dir}}/default-www.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
force: false
|
||||
notify: restart nginx
|
||||
tags: ['nginx']
|
22
tasks/firewall.yml
Normal file
22
tasks/firewall.yml
Normal file
|
@ -0,0 +1,22 @@
|
|||
---
|
||||
# Configure firewall
|
||||
|
||||
- name: Ensure http port is open
|
||||
firewalld:
|
||||
zone: "{{firewall_zone}}"
|
||||
service: http
|
||||
permanent: true
|
||||
state: enabled
|
||||
notify: reload firewalld
|
||||
tags: ['nginx', 'firewall']
|
||||
when: open_http == true
|
||||
|
||||
- name: Ensure https port is open
|
||||
firewalld:
|
||||
zone: "{{firewall_zone}}"
|
||||
service: https
|
||||
permanent: true
|
||||
state: enabled
|
||||
notify: reload firewalld
|
||||
tags: ['nginx', 'firewall']
|
||||
when: open_https == true
|
13
tasks/main.yml
Normal file
13
tasks/main.yml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
# tasks file for geekoops-nginx
|
||||
|
||||
# Distribution specific vars are ALWAYS needed, so don't forget the tags here
|
||||
- name: include distribution specific vars
|
||||
include_vars: "{{ansible_distribution}}_{{ansible_distribution_version}}.yml"
|
||||
tags: ['nginx', 'firewall', 'systemd']
|
||||
|
||||
- include: software.yml
|
||||
- include: firewall.yml
|
||||
when: config_firewall == true
|
||||
- include: default-page.yml
|
||||
when: setup_default_page == true
|
14
tasks/software.yml
Normal file
14
tasks/software.yml
Normal file
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
# Install and configure nginx
|
||||
|
||||
- name: Ensure nginx is installed
|
||||
package:
|
||||
name: "{{ packages }}"
|
||||
state: present
|
||||
tags: ['nginx']
|
||||
- name: Ensure nginx service is enabled
|
||||
systemd:
|
||||
name: "{{ nginx_service }}"
|
||||
state: started
|
||||
enabled: true
|
||||
tags: ['nginx', 'systemd']
|
22
templates/default-www.j2
Normal file
22
templates/default-www.j2
Normal file
|
@ -0,0 +1,22 @@
|
|||
## Default page handling for nginx
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
root /srv/www/default;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
server_name {{default_page_hostname}};
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
fastcgi_pass unix:{{php_socket}};
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
include fastcgi_params;
|
||||
}
|
||||
}
|
13
templates/index.html.j2
Normal file
13
templates/index.html.j2
Normal file
|
@ -0,0 +1,13 @@
|
|||
<!doctype html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Lempo</title>
|
||||
</head>
|
||||
<body>
|
||||
<h1>Default page for lempo</h1>
|
||||
<p>Congratulations! Your LEMPO role has been successfully installed on this server</p>
|
||||
<ul>
|
||||
<li>Visit <a href="phpinfo.php">phpinfo.php</a>
|
||||
</ul>
|
||||
</body>
|
||||
</html>
|
2
tests/inventory
Normal file
2
tests/inventory
Normal file
|
@ -0,0 +1,2 @@
|
|||
localhost
|
||||
|
5
tests/test.yml
Normal file
5
tests/test.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- hosts: localhost
|
||||
remote_user: root
|
||||
roles:
|
||||
- lempo
|
12
vars/Debian_10.yml
Normal file
12
vars/Debian_10.yml
Normal file
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
# Debian Buster specific variables
|
||||
|
||||
## Software packages
|
||||
|
||||
packages: ['nginx', 'nginx-full']
|
||||
nginx_service: "nginx"
|
||||
|
||||
## OS-Specific directories
|
||||
|
||||
www_dir: "/var/www/html"
|
||||
vhosts_dir: "/etc/nginx/sites-enabled"
|
2
vars/main.yml
Normal file
2
vars/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
|||
---
|
||||
# vars file for lemp
|
12
vars/openSUSE Leap_15.2.yml
Normal file
12
vars/openSUSE Leap_15.2.yml
Normal file
|
@ -0,0 +1,12 @@
|
|||
---
|
||||
# openSUSE Leap 15.2 specific variables
|
||||
|
||||
## Software packages
|
||||
|
||||
packages: ['nginx', 'nginx-module-brotli']
|
||||
nginx_service: "nginx"
|
||||
|
||||
## OS-Specific directories
|
||||
|
||||
www_dir: "/srv/www/htdocs"
|
||||
vhosts_dir: "/etc/nginx/vhosts.d"
|
Loading…
Reference in a new issue