Add Nginx support to evoadmin-mail role
This commit is contained in:
parent
2a4a993f09
commit
00170127d9
|
@ -11,6 +11,7 @@ evoadminmail_scripts_dir: /usr/share/scripts/
|
|||
evoadminmail_host: "evoadminmail.{{ ansible_fqdn }}"
|
||||
|
||||
evoadminmail_enable_vhost: True
|
||||
evoadminmail_webserver: apache
|
||||
|
||||
evoadminmail_tpl_servername: "{{ ansible_fqdn }}"
|
||||
evoadminmail_tpl_address: "{{ ansible_default_ipv4.address }}"
|
||||
|
|
14
webapps/evoadmin-mail/files/pool.evoadmin-mail.conf
Normal file
14
webapps/evoadmin-mail/files/pool.evoadmin-mail.conf
Normal file
|
@ -0,0 +1,14 @@
|
|||
[evoadmin-mail]
|
||||
|
||||
user = www-evoadmin-mail
|
||||
group = evoadmin-mail
|
||||
|
||||
listen = /run/php/php7.0-evoadmin-mail-fpm.sock
|
||||
|
||||
listen.owner = www-data
|
||||
listen.group = www-data
|
||||
;listen.mode = 0660
|
||||
|
||||
pm = ondemand
|
||||
pm.max_children = 25
|
||||
|
|
@ -3,3 +3,13 @@
|
|||
service:
|
||||
name: apache2
|
||||
state: reloaded
|
||||
|
||||
- name: reload nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
||||
- name: reload php-fpm
|
||||
service:
|
||||
name: php7.0-fpm
|
||||
state: reload
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
|
||||
- name: Install evoadminmail VHost
|
||||
template:
|
||||
src: evoadminmail.conf.j2
|
||||
src: apache_evoadminmail.conf.j2
|
||||
dest: /etc/apache2/sites-available/evoadminmail.conf
|
||||
notify: reload apache2
|
||||
|
|
@ -8,7 +8,11 @@
|
|||
|
||||
- include: ssl.yml
|
||||
|
||||
- include: web.yml
|
||||
- include: apache.yml
|
||||
when: evoadminmail_webserver == "apache"
|
||||
|
||||
- include: nginx.yml
|
||||
when: evoadminmail_webserver == "nginx"
|
||||
|
||||
- name: enable evoadmin-mail link in default site index
|
||||
lineinfile:
|
||||
|
|
35
webapps/evoadmin-mail/tasks/nginx.yml
Normal file
35
webapps/evoadmin-mail/tasks/nginx.yml
Normal file
|
@ -0,0 +1,35 @@
|
|||
---
|
||||
|
||||
- name: "Set custom values for PHP config (Debian 9 or later)"
|
||||
ini_file:
|
||||
dest: /etc/php/7.0/fpm/conf.d/zzz-evolinux-custom.ini
|
||||
section: PHP
|
||||
option: "disable_functions"
|
||||
value: "shell-exec,system,passthru,putenv,popen,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority"
|
||||
notify: reload nginx
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
- name: Copy php-fpm evoadmin-mail pool
|
||||
copy:
|
||||
src: pool.evoadmin-mail.conf
|
||||
dest: /etc/php/7.0/fpm/pool.d/evoadmin-mail.conf
|
||||
notify: reload php-fpm
|
||||
|
||||
- name: Install evoadminmail VHost
|
||||
template:
|
||||
src: nginx_evoadminmail.conf.j2
|
||||
dest: /etc/nginx/sites-available/evoadminmail.conf
|
||||
notify: reload nginx
|
||||
|
||||
- name: Active evoadminmail VHost
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/evoadminmail.conf"
|
||||
dest: "/etc/nginx/sites-enabled/evoadminmail.conf"
|
||||
state: link
|
||||
notify: reload nginx
|
||||
when: evoadminmail_enable_vhost
|
||||
|
||||
- name: Disable evoadminmail vhost
|
||||
command: "unlink /etc/nginx/sites-enabled/evoadminmail.conf"
|
||||
notify: reload nginx
|
||||
when: not evoadminmail_enable_vhost
|
|
@ -29,6 +29,13 @@
|
|||
createhome: no
|
||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
- name: Add www-data to app's group
|
||||
user:
|
||||
name: 'www-data'
|
||||
groups: "{{ evoadminmail_username }}"
|
||||
append: yes
|
||||
when: evoadminmail_webserver == "nginx"
|
||||
|
||||
- name: Install Git
|
||||
apt:
|
||||
name: git
|
||||
|
|
56
webapps/evoadmin-mail/templates/nginx_evoadminmail.conf.j2
Normal file
56
webapps/evoadmin-mail/templates/nginx_evoadminmail.conf.j2
Normal file
|
@ -0,0 +1,56 @@
|
|||
server {
|
||||
listen [::]:80;
|
||||
listen 80;
|
||||
server_name {{ evoadminmail_host }};
|
||||
|
||||
return 301 https://{{ evoadminmail_host }}$request_uri;
|
||||
}
|
||||
server {
|
||||
listen 443 ssl;
|
||||
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
|
||||
|
||||
ssl_certificate /etc/ssl/certs/{{ evoadminmail_host }}.crt;
|
||||
ssl_certificate_key /etc/ssl/private/{{ evoadminmail_host }}.key;
|
||||
|
||||
server_name {{ evoadminmail_host }};
|
||||
index index.php;
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
root {{ evoadminmail_document_root }}/htdocs/;
|
||||
|
||||
location / {
|
||||
index index.html index.htm;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
fastcgi_pass unix:/run/php/php7.0-evoadmin-mail-fpm.sock;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
||||
fastcgi_param DOCUMENT_ROOT $realpath_root;
|
||||
}
|
||||
|
||||
location /fpm-status {
|
||||
fastcgi_pass unix:/run/php/php7.0-evoadmin-mail-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
allow 127.0.0.1;
|
||||
{% for ip in nginx_additional_ipaddr_whitelist_ips %}
|
||||
allow {{ ip }};
|
||||
{% endfor %}
|
||||
deny all;
|
||||
}
|
||||
|
||||
location /nginx_status {
|
||||
stub_status on;
|
||||
access_log off;
|
||||
allow 127.0.0.1;
|
||||
{% for ip in nginx_additional_ipaddr_whitelist_ips %}
|
||||
allow {{ ip }};
|
||||
{% endfor %}
|
||||
deny all;
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in a new issue