Add Nginx support to evoadmin-mail role
This commit is contained in:
parent
2a4a993f09
commit
00170127d9
|
@ -11,6 +11,7 @@ evoadminmail_scripts_dir: /usr/share/scripts/
|
||||||
evoadminmail_host: "evoadminmail.{{ ansible_fqdn }}"
|
evoadminmail_host: "evoadminmail.{{ ansible_fqdn }}"
|
||||||
|
|
||||||
evoadminmail_enable_vhost: True
|
evoadminmail_enable_vhost: True
|
||||||
|
evoadminmail_webserver: apache
|
||||||
|
|
||||||
evoadminmail_tpl_servername: "{{ ansible_fqdn }}"
|
evoadminmail_tpl_servername: "{{ ansible_fqdn }}"
|
||||||
evoadminmail_tpl_address: "{{ ansible_default_ipv4.address }}"
|
evoadminmail_tpl_address: "{{ ansible_default_ipv4.address }}"
|
||||||
|
|
14
webapps/evoadmin-mail/files/pool.evoadmin-mail.conf
Normal file
14
webapps/evoadmin-mail/files/pool.evoadmin-mail.conf
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
[evoadmin-mail]
|
||||||
|
|
||||||
|
user = www-evoadmin-mail
|
||||||
|
group = evoadmin-mail
|
||||||
|
|
||||||
|
listen = /run/php/php7.0-evoadmin-mail-fpm.sock
|
||||||
|
|
||||||
|
listen.owner = www-data
|
||||||
|
listen.group = www-data
|
||||||
|
;listen.mode = 0660
|
||||||
|
|
||||||
|
pm = ondemand
|
||||||
|
pm.max_children = 25
|
||||||
|
|
|
@ -3,3 +3,13 @@
|
||||||
service:
|
service:
|
||||||
name: apache2
|
name: apache2
|
||||||
state: reloaded
|
state: reloaded
|
||||||
|
|
||||||
|
- name: reload nginx
|
||||||
|
service:
|
||||||
|
name: nginx
|
||||||
|
state: reloaded
|
||||||
|
|
||||||
|
- name: reload php-fpm
|
||||||
|
service:
|
||||||
|
name: php7.0-fpm
|
||||||
|
state: reload
|
||||||
|
|
|
@ -11,7 +11,7 @@
|
||||||
|
|
||||||
- name: Install evoadminmail VHost
|
- name: Install evoadminmail VHost
|
||||||
template:
|
template:
|
||||||
src: evoadminmail.conf.j2
|
src: apache_evoadminmail.conf.j2
|
||||||
dest: /etc/apache2/sites-available/evoadminmail.conf
|
dest: /etc/apache2/sites-available/evoadminmail.conf
|
||||||
notify: reload apache2
|
notify: reload apache2
|
||||||
|
|
|
@ -8,7 +8,11 @@
|
||||||
|
|
||||||
- include: ssl.yml
|
- include: ssl.yml
|
||||||
|
|
||||||
- include: web.yml
|
- include: apache.yml
|
||||||
|
when: evoadminmail_webserver == "apache"
|
||||||
|
|
||||||
|
- include: nginx.yml
|
||||||
|
when: evoadminmail_webserver == "nginx"
|
||||||
|
|
||||||
- name: enable evoadmin-mail link in default site index
|
- name: enable evoadmin-mail link in default site index
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
|
35
webapps/evoadmin-mail/tasks/nginx.yml
Normal file
35
webapps/evoadmin-mail/tasks/nginx.yml
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: "Set custom values for PHP config (Debian 9 or later)"
|
||||||
|
ini_file:
|
||||||
|
dest: /etc/php/7.0/fpm/conf.d/zzz-evolinux-custom.ini
|
||||||
|
section: PHP
|
||||||
|
option: "disable_functions"
|
||||||
|
value: "shell-exec,system,passthru,putenv,popen,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority"
|
||||||
|
notify: reload nginx
|
||||||
|
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||||
|
|
||||||
|
- name: Copy php-fpm evoadmin-mail pool
|
||||||
|
copy:
|
||||||
|
src: pool.evoadmin-mail.conf
|
||||||
|
dest: /etc/php/7.0/fpm/pool.d/evoadmin-mail.conf
|
||||||
|
notify: reload php-fpm
|
||||||
|
|
||||||
|
- name: Install evoadminmail VHost
|
||||||
|
template:
|
||||||
|
src: nginx_evoadminmail.conf.j2
|
||||||
|
dest: /etc/nginx/sites-available/evoadminmail.conf
|
||||||
|
notify: reload nginx
|
||||||
|
|
||||||
|
- name: Active evoadminmail VHost
|
||||||
|
file:
|
||||||
|
src: "/etc/nginx/sites-available/evoadminmail.conf"
|
||||||
|
dest: "/etc/nginx/sites-enabled/evoadminmail.conf"
|
||||||
|
state: link
|
||||||
|
notify: reload nginx
|
||||||
|
when: evoadminmail_enable_vhost
|
||||||
|
|
||||||
|
- name: Disable evoadminmail vhost
|
||||||
|
command: "unlink /etc/nginx/sites-enabled/evoadminmail.conf"
|
||||||
|
notify: reload nginx
|
||||||
|
when: not evoadminmail_enable_vhost
|
|
@ -29,6 +29,13 @@
|
||||||
createhome: no
|
createhome: no
|
||||||
when: ansible_distribution_major_version | version_compare('9', '>=')
|
when: ansible_distribution_major_version | version_compare('9', '>=')
|
||||||
|
|
||||||
|
- name: Add www-data to app's group
|
||||||
|
user:
|
||||||
|
name: 'www-data'
|
||||||
|
groups: "{{ evoadminmail_username }}"
|
||||||
|
append: yes
|
||||||
|
when: evoadminmail_webserver == "nginx"
|
||||||
|
|
||||||
- name: Install Git
|
- name: Install Git
|
||||||
apt:
|
apt:
|
||||||
name: git
|
name: git
|
||||||
|
|
56
webapps/evoadmin-mail/templates/nginx_evoadminmail.conf.j2
Normal file
56
webapps/evoadmin-mail/templates/nginx_evoadminmail.conf.j2
Normal file
|
@ -0,0 +1,56 @@
|
||||||
|
server {
|
||||||
|
listen [::]:80;
|
||||||
|
listen 80;
|
||||||
|
server_name {{ evoadminmail_host }};
|
||||||
|
|
||||||
|
return 301 https://{{ evoadminmail_host }}$request_uri;
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
|
||||||
|
|
||||||
|
ssl_certificate /etc/ssl/certs/{{ evoadminmail_host }}.crt;
|
||||||
|
ssl_certificate_key /etc/ssl/private/{{ evoadminmail_host }}.key;
|
||||||
|
|
||||||
|
server_name {{ evoadminmail_host }};
|
||||||
|
index index.php;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log;
|
||||||
|
error_log /var/log/nginx/error.log;
|
||||||
|
|
||||||
|
root {{ evoadminmail_document_root }}/htdocs/;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
index index.html index.htm;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
fastcgi_pass unix:/run/php/php7.0-evoadmin-mail-fpm.sock;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
|
||||||
|
fastcgi_param DOCUMENT_ROOT $realpath_root;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /fpm-status {
|
||||||
|
fastcgi_pass unix:/run/php/php7.0-evoadmin-mail-fpm.sock;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
allow 127.0.0.1;
|
||||||
|
{% for ip in nginx_additional_ipaddr_whitelist_ips %}
|
||||||
|
allow {{ ip }};
|
||||||
|
{% endfor %}
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /nginx_status {
|
||||||
|
stub_status on;
|
||||||
|
access_log off;
|
||||||
|
allow 127.0.0.1;
|
||||||
|
{% for ip in nginx_additional_ipaddr_whitelist_ips %}
|
||||||
|
allow {{ ip }};
|
||||||
|
{% endfor %}
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in a new issue