Add roles apache-php and reverse_proxy
This commit is contained in:
polz
parent
d1cf462f64
commit
4ed3bc5d7f
5 changed files with 63 additions and 0 deletions
20
roles/apache-php/tasks/main.yml
Normal file
20
roles/apache-php/tasks/main.yml
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
- name: Install standard expected packages
|
||||
package:
|
||||
name: acl,php,php-apache2,php-session,php-iconv
|
||||
|
||||
- name: Get installed packages
|
||||
package_facts:
|
||||
|
||||
- name: Set PHP version
|
||||
set_fact:
|
||||
php_version: "{{ ansible_facts.packages | select('match', '^php[0-9]+$') | first | replace('php', '') }}"
|
||||
|
||||
- name: Set PHP settings
|
||||
lineinfile:
|
||||
path: '/etc/php{{ php_version }}/php.ini'
|
||||
regexp: '^{{ item.key }}\s*='
|
||||
line: '{{ item.key }} = {{ item.value }}'
|
||||
loop:
|
||||
- key: upload_max_filesize
|
||||
value: 200M
|
||||
|
||||
5
roles/reverse_proxy/README.md
Normal file
5
roles/reverse_proxy/README.md
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
Set up a basic nginx reverse proxy.
|
||||
|
||||
NetBox config context should contain a proxy_pass property with the server address.
|
||||
|
||||
Custom error page can be placed in /srv/http/error/index.html.
|
||||
2
roles/reverse_proxy/meta/main.yml
Normal file
2
roles/reverse_proxy/meta/main.yml
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
dependencies:
|
||||
- role: nginx
|
||||
5
roles/reverse_proxy/tasks/main.yml
Normal file
5
roles/reverse_proxy/tasks/main.yml
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
- name: Set up nginx site
|
||||
template:
|
||||
dest: '/etc/nginx/http.d/{{ inventory_hostname }}.conf'
|
||||
src: 'nginx.conf.j2'
|
||||
notify: reload nginx
|
||||
31
roles/reverse_proxy/templates/nginx.conf.j2
Normal file
31
roles/reverse_proxy/templates/nginx.conf.j2
Normal file
|
|
@ -0,0 +1,31 @@
|
|||
server {
|
||||
server_name {{ ([dns_name] + tls_domains|default([])) | join(" ") }};
|
||||
|
||||
listen [::]:443 ssl ipv6only=off;
|
||||
ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;
|
||||
|
||||
error_page 500 501 502 503 504 505 506 507 508 510 511 /error/;
|
||||
|
||||
location / {
|
||||
proxy_pass {{ proxy_pass }};
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
||||
proxy_connect_timeout 30s;
|
||||
proxy_read_timeout 800s;
|
||||
proxy_request_buffering off;
|
||||
proxy_max_temp_file_size 0;
|
||||
client_max_body_size 200M;
|
||||
|
||||
# TODO maybe
|
||||
#proxy_ssl_verify on;
|
||||
#proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
|
||||
}
|
||||
|
||||
location /error/ {
|
||||
root /srv/http;
|
||||
try_files $uri $uri/index.html =503;
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue