Add Nginx support to evoadmin-mail role

2018-09-12 15:31:52 +02:00 · 2018-09-12 15:31:52 +02:00 · 00170127d9
parent 2a4a993f09
commit 00170127d9
9 changed files with 129 additions and 2 deletions
--- a/webapps/evoadmin-mail/defaults/main.yml
+++ b/webapps/evoadmin-mail/defaults/main.yml
@ -11,6 +11,7 @@ evoadminmail_scripts_dir: /usr/share/scripts/
 evoadminmail_host: "evoadminmail.{{ ansible_fqdn }}"

 evoadminmail_enable_vhost: True
+evoadminmail_webserver: apache

 evoadminmail_tpl_servername: "{{ ansible_fqdn }}"
 evoadminmail_tpl_address:  "{{ ansible_default_ipv4.address }}"
--- a/webapps/evoadmin-mail/files/pool.evoadmin-mail.conf
+++ b/webapps/evoadmin-mail/files/pool.evoadmin-mail.conf
@ -0,0 +1,14 @@
+[evoadmin-mail]
+
+user = www-evoadmin-mail
+group = evoadmin-mail
+
+listen = /run/php/php7.0-evoadmin-mail-fpm.sock
+
+listen.owner = www-data
+listen.group = www-data
+;listen.mode = 0660
+
+pm = ondemand
+pm.max_children = 25
+
--- a/webapps/evoadmin-mail/handlers/main.yml
+++ b/webapps/evoadmin-mail/handlers/main.yml
@ -3,3 +3,13 @@
  service:
    name: apache2
    state: reloaded
+
+- name: reload nginx
+  service:
+    name: nginx
+    state: reloaded
+
+- name: reload php-fpm
+  service:
+    name: php7.0-fpm 
+    state: reload 
--- a/webapps/evoadmin-mail/tasks/apache.yml
+++ b/webapps/evoadmin-mail/tasks/apache.yml
@ -11,7 +11,7 @@

 - name: Install evoadminmail VHost
  template:
-    src: evoadminmail.conf.j2
+    src: apache_evoadminmail.conf.j2
    dest: /etc/apache2/sites-available/evoadminmail.conf
  notify: reload apache2

--- a/webapps/evoadmin-mail/tasks/main.yml
+++ b/webapps/evoadmin-mail/tasks/main.yml
@ -8,7 +8,11 @@

 - include: ssl.yml

- include: web.yml
+- include: apache.yml
+  when: evoadminmail_webserver == "apache"
+
+- include: nginx.yml
+  when: evoadminmail_webserver == "nginx"

 - name: enable evoadmin-mail link in default site index
  lineinfile:
--- a/webapps/evoadmin-mail/tasks/nginx.yml
+++ b/webapps/evoadmin-mail/tasks/nginx.yml
@ -0,0 +1,35 @@
+---
+
+- name: "Set custom values for PHP config (Debian 9 or later)"
+  ini_file:
+    dest: /etc/php/7.0/fpm/conf.d/zzz-evolinux-custom.ini
+    section: PHP
+    option: "disable_functions"
+    value: "shell-exec,system,passthru,putenv,popen,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority"
+  notify: reload nginx
+  when: ansible_distribution_major_version | version_compare('9', '>=')
+
+- name: Copy php-fpm evoadmin-mail pool
+  copy:
+    src: pool.evoadmin-mail.conf
+    dest: /etc/php/7.0/fpm/pool.d/evoadmin-mail.conf
+  notify: reload php-fpm
+
+- name: Install evoadminmail VHost
+  template:
+    src: nginx_evoadminmail.conf.j2
+    dest: /etc/nginx/sites-available/evoadminmail.conf
+  notify: reload nginx
+
+- name: Active evoadminmail VHost     
+  file:
+    src: "/etc/nginx/sites-available/evoadminmail.conf"
+    dest: "/etc/nginx/sites-enabled/evoadminmail.conf"
+    state: link
+  notify: reload nginx
+  when: evoadminmail_enable_vhost
+
+- name: Disable evoadminmail vhost
+  command: "unlink /etc/nginx/sites-enabled/evoadminmail.conf"
+  notify: reload nginx
+  when: not evoadminmail_enable_vhost
--- a/webapps/evoadmin-mail/tasks/user.yml
+++ b/webapps/evoadmin-mail/tasks/user.yml
@ -29,6 +29,13 @@
    createhome: no
  when: ansible_distribution_major_version | version_compare('9', '>=')

+- name: Add www-data to app's group
+  user:
+    name: 'www-data'           
+    groups: "{{ evoadminmail_username }}"
+    append: yes                
+  when: evoadminmail_webserver == "nginx"
+
 - name: Install Git
  apt:
    name: git
--- a/webapps/evoadmin-mail/templates/apache_evoadminmail.conf.j2
+++ b/webapps/evoadmin-mail/templates/apache_evoadminmail.conf.j2
--- a/webapps/evoadmin-mail/templates/nginx_evoadminmail.conf.j2
+++ b/webapps/evoadmin-mail/templates/nginx_evoadminmail.conf.j2
@ -0,0 +1,56 @@
+server {
+    listen [::]:80;
+    listen 80;
+    server_name {{ evoadminmail_host }};
+
+    return 301 https://{{ evoadminmail_host }}$request_uri;
+} 
+server {
+    listen 443 ssl;            
+    # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 
+  
+    ssl_certificate /etc/ssl/certs/{{ evoadminmail_host }}.crt;
+    ssl_certificate_key /etc/ssl/private/{{ evoadminmail_host }}.key;
+  
+    server_name {{ evoadminmail_host }};
+    index index.php; 
+  
+    access_log  /var/log/nginx/access.log;
+    error_log  /var/log/nginx/error.log;
+    
+    root {{ evoadminmail_document_root }}/htdocs/;
+    
+    location / {
+        index  index.html index.htm;    
+    }   
+        
+    location ~ \.php$ {        
+        fastcgi_pass   unix:/run/php/php7.0-evoadmin-mail-fpm.sock;  
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
+        fastcgi_param DOCUMENT_ROOT $realpath_root;
+    }   
+        
+    location /fpm-status {     
+        fastcgi_pass   unix:/run/php/php7.0-evoadmin-mail-fpm.sock;  
+        fastcgi_index  index.php;       
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        allow 127.0.0.1;
+{% for ip in nginx_additional_ipaddr_whitelist_ips %}
+        allow {{ ip }};
+{% endfor %}
+        deny all;
+    }
+
+    location /nginx_status {
+        stub_status on;
+        access_log off;
+        allow 127.0.0.1;
+{% for ip in nginx_additional_ipaddr_whitelist_ips %}
+        allow {{ ip }};
+{% endfor %}
+        deny all;
+    }
+
+}