mirror of
https://github.com/GeekOops/geekoops-nginx.git
synced 2024-05-19 21:22:21 +00:00
first commit
This commit is contained in:
commit
a7bc2ae71b
49
.githooks/pre-commit
Executable file
49
.githooks/pre-commit
Executable file
|
@ -0,0 +1,49 @@
|
||||||
|
#!/bin/bash
|
||||||
|
#
|
||||||
|
# Pre-commit script which checks the playbook for syntax errors
|
||||||
|
|
||||||
|
if git rev-parse --verify HEAD >/dev/null 2>&1
|
||||||
|
then
|
||||||
|
against=HEAD
|
||||||
|
else
|
||||||
|
# Initial commit: diff against an empty tree object
|
||||||
|
against=$(git hash-object -t tree /dev/null)
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If you want to allow non-ASCII filenames set this variable to true.
|
||||||
|
allownonascii=$(git config --type=bool hooks.allownonascii)
|
||||||
|
|
||||||
|
# Redirect output to stderr.
|
||||||
|
exec 1>&2
|
||||||
|
|
||||||
|
# Cross platform projects tend to avoid non-ASCII filenames; prevent
|
||||||
|
# them from being added to the repository. We exploit the fact that the
|
||||||
|
# printable range starts at the space character and ends with tilde.
|
||||||
|
if [ "$allownonascii" != "true" ] &&
|
||||||
|
# Note that the use of brackets around a tr range is ok here, (it's
|
||||||
|
# even required, for portability to Solaris 10's /usr/bin/tr), since
|
||||||
|
# the square bracket bytes happen to fall in the designated range.
|
||||||
|
test $(git diff --cached --name-only --diff-filter=A -z $against |
|
||||||
|
LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0
|
||||||
|
then
|
||||||
|
cat <<\EOF
|
||||||
|
Error: Attempt to add a non-ASCII file name.
|
||||||
|
|
||||||
|
This can cause problems if you want to work with people on other platforms.
|
||||||
|
|
||||||
|
To be portable it is advisable to rename the file.
|
||||||
|
|
||||||
|
If you know what you are doing you can disable this check using:
|
||||||
|
|
||||||
|
git config hooks.allownonascii true
|
||||||
|
EOF
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
# If there are whitespace errors, print the offending file names and fail.
|
||||||
|
git diff-index --check --cached $against --
|
||||||
|
|
||||||
|
# Run yamllint on yaml files
|
||||||
|
yamllint defaults/*.yml handlers/*.yml meta/*.yml tasks/*.yml vars/*.yml
|
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
# Python cache
|
||||||
|
__pycache__
|
61
README.md
Normal file
61
README.md
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
# geekoops-nginx
|
||||||
|
|
||||||
|
Configurable ansible role for setting up a nginx webserver on a Linux server. Works with
|
||||||
|
|
||||||
|
- openSUSE Leap 15.2
|
||||||
|
- Debian Buster
|
||||||
|
|
||||||
|
## Role Variables
|
||||||
|
--------------
|
||||||
|
|
||||||
|
You can set the following variables to configure the role. Here listed are the variables and their default settings.
|
||||||
|
|
||||||
|
Firewall configuration (disable by default)
|
||||||
|
|
||||||
|
config_firewall: false # Enable firewall configuration
|
||||||
|
firewall_zone: "public" # Firewall zone to configure
|
||||||
|
open_http: true # Enable http on the firewall_zone
|
||||||
|
open_https: true # Enable https on the firewall_zone
|
||||||
|
|
||||||
|
Custom `nginx` settings
|
||||||
|
|
||||||
|
nginx_user: "nginx" # Default nginx user (for permission ecc.)
|
||||||
|
nginx_group: "nginx" # Default nginx group (for permission ecc.)
|
||||||
|
|
||||||
|
|
||||||
|
## Example Playbook
|
||||||
|
|
||||||
|
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
|
||||||
|
|
||||||
|
- hosts: servers
|
||||||
|
roles:
|
||||||
|
- { role: geekoops-nginx, config_firewall: true }
|
||||||
|
|
||||||
|
A bit more advanced example for the imaginary `jellyfish` test server
|
||||||
|
|
||||||
|
- hosts: jellyfish
|
||||||
|
roles:
|
||||||
|
- role: geekoops-nginx
|
||||||
|
vars:
|
||||||
|
setup_default_page: true
|
||||||
|
default_page_hostname: "{{ansible_host}}"
|
||||||
|
config_firewall: true
|
||||||
|
firewall_zone: "public"
|
||||||
|
|
||||||
|
## License
|
||||||
|
|
||||||
|
MIT
|
||||||
|
|
||||||
|
## Author Information
|
||||||
|
|
||||||
|
phoenix
|
||||||
|
|
||||||
|
Have a lot of fun!
|
||||||
|
|
||||||
|
# Development
|
||||||
|
|
||||||
|
## Add githooks
|
||||||
|
|
||||||
|
This repository ships pre-commit git hooks that will check the yaml syntax. To configure them do
|
||||||
|
|
||||||
|
git config --local core.hooksPath .githooks/
|
16
defaults/main.yml
Normal file
16
defaults/main.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
# defaults file for geekoops-nginx
|
||||||
|
|
||||||
|
# Don't install default page by default
|
||||||
|
setup_default_page: false
|
||||||
|
default_page_hostname: "localhost"
|
||||||
|
|
||||||
|
# firewall configuration
|
||||||
|
config_firewall: false
|
||||||
|
firewall_zone: "public"
|
||||||
|
open_http: true
|
||||||
|
open_https: true
|
||||||
|
|
||||||
|
# nginx settings
|
||||||
|
nginx_user: "nginx"
|
||||||
|
nginx_group: "nginx"
|
7
handlers/main.yml
Normal file
7
handlers/main.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
# handlers file for geekoops-nginx
|
||||||
|
|
||||||
|
- name: restart nginx
|
||||||
|
service:
|
||||||
|
name: nginx
|
||||||
|
state: restarted
|
30
meta/main.yml
Normal file
30
meta/main.yml
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
---
|
||||||
|
galaxy_info:
|
||||||
|
author: Felix Niederwanger
|
||||||
|
description: Configurable nginx setup role
|
||||||
|
company: SUSE
|
||||||
|
|
||||||
|
# If the issue tracker for your role is not on github, uncomment the
|
||||||
|
# next line and provide a value
|
||||||
|
# issue_tracker_url: http://example.com/issue/tracker
|
||||||
|
|
||||||
|
license: license MIT
|
||||||
|
|
||||||
|
min_ansible_version: 2.9
|
||||||
|
|
||||||
|
# To view available platforms and versions (or releases), visit:
|
||||||
|
# https://galaxy.ansible.com/api/v1/platforms/
|
||||||
|
#
|
||||||
|
platforms:
|
||||||
|
- name: opensuse
|
||||||
|
versions:
|
||||||
|
- 15.2
|
||||||
|
- name: debian
|
||||||
|
versions:
|
||||||
|
- buster
|
||||||
|
|
||||||
|
galaxy_tags:
|
||||||
|
- nginx
|
||||||
|
- lemp
|
||||||
|
|
||||||
|
dependencies: []
|
42
molecule/default/converge.yml
Normal file
42
molecule/default/converge.yml
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
---
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
tasks:
|
||||||
|
- name: "Include geekoops-nginx"
|
||||||
|
include_role:
|
||||||
|
name: "geekoops-nginx"
|
||||||
|
## Setup test enviroment
|
||||||
|
# Deploy a test site and serve it
|
||||||
|
- name: Deploy test page
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
<html>Success! The test page is displayed correctly</html>
|
||||||
|
dest: "{{www_dir}}/index.html"
|
||||||
|
group: "{{nginxuser}}"
|
||||||
|
owner: "{{nginxgroup}}"
|
||||||
|
mode: 0754
|
||||||
|
- name: Deploy nginx configuration
|
||||||
|
copy:
|
||||||
|
content: |
|
||||||
|
server {
|
||||||
|
listen 80 default_server;
|
||||||
|
listen [::]:80 default_server;
|
||||||
|
root {{ www_dir }};
|
||||||
|
index index.html index.htm;
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
dest: "{{vhosts_dir}}/default.conf"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
when: deploy_nginx_config == true
|
||||||
|
- name: Rung nginx check
|
||||||
|
shell: nginx -t
|
||||||
|
|
||||||
|
# Restart of nginx is required for the new configuration
|
||||||
|
- name: Restart nginx
|
||||||
|
systemd:
|
||||||
|
name: nginx
|
||||||
|
state: restarted
|
48
molecule/default/molecule.yml
Normal file
48
molecule/default/molecule.yml
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
---
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
driver:
|
||||||
|
name: docker
|
||||||
|
platforms:
|
||||||
|
- name: leap15_2
|
||||||
|
image: grisu48/leap-ansible
|
||||||
|
pre_build_image: true
|
||||||
|
volumes:
|
||||||
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
|
capabilities:
|
||||||
|
- SYS_ADMIN
|
||||||
|
tmpfs:
|
||||||
|
- /run
|
||||||
|
- /tmp
|
||||||
|
- name: buster
|
||||||
|
image: grisu48/buster-ansible
|
||||||
|
pre_build_image: true
|
||||||
|
volumes:
|
||||||
|
- /sys/fs/cgroup:/sys/fs/cgroup:ro
|
||||||
|
capabilities:
|
||||||
|
- SYS_ADMIN
|
||||||
|
privileged: true
|
||||||
|
tmpfs:
|
||||||
|
- /run
|
||||||
|
- /tmp
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
inventory:
|
||||||
|
host_vars:
|
||||||
|
leap15_2:
|
||||||
|
vhosts_dir: "/etc/nginx/vhosts.d"
|
||||||
|
nginxuser: nginx
|
||||||
|
nginxgroup: nginx
|
||||||
|
deploy_nginx_config: true
|
||||||
|
buster:
|
||||||
|
vhosts_dir: "/etc/nginx/sites-enabled"
|
||||||
|
nginxuser: www-data
|
||||||
|
nginxgroup: www-data
|
||||||
|
deploy_nginx_config: false
|
||||||
|
verifier:
|
||||||
|
name: testinfra
|
||||||
|
lint:
|
||||||
|
name: flake8
|
||||||
|
lint: |
|
||||||
|
set -e
|
||||||
|
yamllint .
|
15
molecule/default/tests/test_default.py
Executable file
15
molecule/default/tests/test_default.py
Executable file
|
@ -0,0 +1,15 @@
|
||||||
|
#!/usr/bin/python3
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
|
|
||||||
|
import testinfra.utils.ansible_runner
|
||||||
|
import os
|
||||||
|
|
||||||
|
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
|
||||||
|
|
||||||
|
def test_phpinfo(host):
|
||||||
|
cmd = host.run("curl -v http://127.0.0.1/index.html")
|
||||||
|
print(cmd.stdout)
|
||||||
|
assert 'HTTP/1.1 200 OK' in cmd.stderr
|
||||||
|
assert "Success" in cmd.stdout
|
||||||
|
assert "The test page is displayed correctly" in cmd.stdout
|
10
molecule/default/verify.yml
Normal file
10
molecule/default/verify.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
# This is an example playbook to execute Ansible tests.
|
||||||
|
|
||||||
|
- name: Verify
|
||||||
|
hosts: all
|
||||||
|
gather_facts: false
|
||||||
|
tasks:
|
||||||
|
- name: Example assertion
|
||||||
|
assert:
|
||||||
|
that: true
|
30
tasks/default-page.yml
Normal file
30
tasks/default-page.yml
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
---
|
||||||
|
# setup a default page
|
||||||
|
|
||||||
|
- name: Ensure default page directory exists
|
||||||
|
file:
|
||||||
|
path: /srv/www/default
|
||||||
|
owner: "{{nginx_user}}"
|
||||||
|
group: "{{nginx_group}}"
|
||||||
|
mode: 0755
|
||||||
|
state: directory
|
||||||
|
tags: ['nginx']
|
||||||
|
- name: Ensure default page exists
|
||||||
|
template:
|
||||||
|
src: index.html.j2
|
||||||
|
dest: "{{www_dir}}/default/index.html"
|
||||||
|
owner: "{{nginx_user}}"
|
||||||
|
group: "{{nginx_group}}"
|
||||||
|
mode: 0755
|
||||||
|
force: false
|
||||||
|
tags: ['nginx']
|
||||||
|
- name: Ensure default page nginx template exists
|
||||||
|
template:
|
||||||
|
src: default-www.j2
|
||||||
|
dest: "{{vhosts_dir}}/default-www.conf"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
force: false
|
||||||
|
notify: restart nginx
|
||||||
|
tags: ['nginx']
|
22
tasks/firewall.yml
Normal file
22
tasks/firewall.yml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
---
|
||||||
|
# Configure firewall
|
||||||
|
|
||||||
|
- name: Ensure http port is open
|
||||||
|
firewalld:
|
||||||
|
zone: "{{firewall_zone}}"
|
||||||
|
service: http
|
||||||
|
permanent: true
|
||||||
|
state: enabled
|
||||||
|
notify: reload firewalld
|
||||||
|
tags: ['nginx', 'firewall']
|
||||||
|
when: open_http == true
|
||||||
|
|
||||||
|
- name: Ensure https port is open
|
||||||
|
firewalld:
|
||||||
|
zone: "{{firewall_zone}}"
|
||||||
|
service: https
|
||||||
|
permanent: true
|
||||||
|
state: enabled
|
||||||
|
notify: reload firewalld
|
||||||
|
tags: ['nginx', 'firewall']
|
||||||
|
when: open_https == true
|
13
tasks/main.yml
Normal file
13
tasks/main.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
# tasks file for geekoops-nginx
|
||||||
|
|
||||||
|
# Distribution specific vars are ALWAYS needed, so don't forget the tags here
|
||||||
|
- name: include distribution specific vars
|
||||||
|
include_vars: "{{ansible_distribution}}_{{ansible_distribution_version}}.yml"
|
||||||
|
tags: ['nginx', 'firewall', 'systemd']
|
||||||
|
|
||||||
|
- include: software.yml
|
||||||
|
- include: firewall.yml
|
||||||
|
when: config_firewall == true
|
||||||
|
- include: default-page.yml
|
||||||
|
when: setup_default_page == true
|
14
tasks/software.yml
Normal file
14
tasks/software.yml
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
# Install and configure nginx
|
||||||
|
|
||||||
|
- name: Ensure nginx is installed
|
||||||
|
package:
|
||||||
|
name: "{{ packages }}"
|
||||||
|
state: present
|
||||||
|
tags: ['nginx']
|
||||||
|
- name: Ensure nginx service is enabled
|
||||||
|
systemd:
|
||||||
|
name: "{{ nginx_service }}"
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
tags: ['nginx', 'systemd']
|
22
templates/default-www.j2
Normal file
22
templates/default-www.j2
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
## Default page handling for nginx
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
|
||||||
|
root /srv/www/default;
|
||||||
|
index index.php index.html index.htm;
|
||||||
|
|
||||||
|
server_name {{default_page_hostname}};
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
fastcgi_pass unix:{{php_socket}};
|
||||||
|
fastcgi_index index.php;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
include fastcgi_params;
|
||||||
|
}
|
||||||
|
}
|
13
templates/index.html.j2
Normal file
13
templates/index.html.j2
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
<!doctype html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<title>Lempo</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<h1>Default page for lempo</h1>
|
||||||
|
<p>Congratulations! Your LEMPO role has been successfully installed on this server</p>
|
||||||
|
<ul>
|
||||||
|
<li>Visit <a href="phpinfo.php">phpinfo.php</a>
|
||||||
|
</ul>
|
||||||
|
</body>
|
||||||
|
</html>
|
2
tests/inventory
Normal file
2
tests/inventory
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
localhost
|
||||||
|
|
5
tests/test.yml
Normal file
5
tests/test.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- hosts: localhost
|
||||||
|
remote_user: root
|
||||||
|
roles:
|
||||||
|
- lempo
|
12
vars/Debian_10.yml
Normal file
12
vars/Debian_10.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
# Debian Buster specific variables
|
||||||
|
|
||||||
|
## Software packages
|
||||||
|
|
||||||
|
packages: ['nginx', 'nginx-full']
|
||||||
|
nginx_service: "nginx"
|
||||||
|
|
||||||
|
## OS-Specific directories
|
||||||
|
|
||||||
|
www_dir: "/var/www/html"
|
||||||
|
vhosts_dir: "/etc/nginx/sites-enabled"
|
2
vars/main.yml
Normal file
2
vars/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
# vars file for lemp
|
12
vars/openSUSE Leap_15.2.yml
Normal file
12
vars/openSUSE Leap_15.2.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
---
|
||||||
|
# openSUSE Leap 15.2 specific variables
|
||||||
|
|
||||||
|
## Software packages
|
||||||
|
|
||||||
|
packages: ['nginx', 'nginx-module-brotli']
|
||||||
|
nginx_service: "nginx"
|
||||||
|
|
||||||
|
## OS-Specific directories
|
||||||
|
|
||||||
|
www_dir: "/srv/www/htdocs"
|
||||||
|
vhosts_dir: "/etc/nginx/vhosts.d"
|
Loading…
Reference in a new issue