2017-07-14 15:42:36 +02:00
|
|
|
---
|
|
|
|
|
2018-07-31 16:05:47 +02:00
|
|
|
- include: packages.yml
|
2017-07-14 15:42:36 +02:00
|
|
|
|
|
|
|
# TODO: find a way to override the main configuration
|
|
|
|
# without touching the main file
|
|
|
|
|
|
|
|
- name: customize worker_connections
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/nginx/nginx.conf
|
|
|
|
regexp: '^(\s*worker_connections)\s+.+;'
|
|
|
|
line: ' worker_connections 1024;'
|
|
|
|
insertafter: 'events \{'
|
|
|
|
tags:
|
2018-01-02 19:38:12 +01:00
|
|
|
- nginx
|
2017-07-14 15:42:36 +02:00
|
|
|
|
|
|
|
- name: use epoll
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/nginx/nginx.conf
|
|
|
|
regexp: '^(\s*use)\s+.+;'
|
|
|
|
line: ' use epoll;'
|
|
|
|
insertafter: 'events \{'
|
|
|
|
tags:
|
2018-01-02 19:38:12 +01:00
|
|
|
- nginx
|
2017-07-14 15:42:36 +02:00
|
|
|
|
|
|
|
- name: Install Nginx http configuration
|
|
|
|
copy:
|
|
|
|
src: nginx/evolinux-defaults.conf
|
|
|
|
dest: /etc/nginx/conf.d/z-evolinux-defaults.conf
|
|
|
|
mode: "0640"
|
|
|
|
# force: yes
|
|
|
|
notify: reload nginx
|
|
|
|
tags:
|
2018-01-02 19:38:12 +01:00
|
|
|
- nginx
|
2017-07-14 15:42:36 +02:00
|
|
|
|
2017-10-10 09:57:29 +02:00
|
|
|
# TODO: verify that those permissions are correct :
|
|
|
|
# not too strict for ipaddr_whitelist
|
|
|
|
# and not too loose for private_htpasswd
|
|
|
|
|
2017-10-07 13:48:04 +02:00
|
|
|
- name: Copy ipaddr_whitelist
|
2017-07-14 15:42:36 +02:00
|
|
|
copy:
|
2017-10-07 13:48:04 +02:00
|
|
|
src: nginx/snippets/ipaddr_whitelist
|
|
|
|
dest: /etc/nginx/snippets/ipaddr_whitelist
|
2017-07-14 15:42:36 +02:00
|
|
|
owner: www-data
|
|
|
|
group: www-data
|
|
|
|
directory_mode: "0640"
|
|
|
|
mode: "0640"
|
|
|
|
force: no
|
|
|
|
notify: reload nginx
|
|
|
|
tags:
|
2018-01-02 19:38:12 +01:00
|
|
|
- nginx
|
2018-10-19 10:31:45 +02:00
|
|
|
- ips
|
2018-10-29 21:53:46 +01:00
|
|
|
|
|
|
|
- name: Include IP address whitelist task
|
|
|
|
include: ip_whitelist.yml
|
2017-07-14 15:42:36 +02:00
|
|
|
tags:
|
2018-01-02 19:38:12 +01:00
|
|
|
- nginx
|
2018-10-19 10:31:45 +02:00
|
|
|
- ips
|
2017-07-14 15:42:36 +02:00
|
|
|
|
|
|
|
- name: remove IP addresses from private IP whitelist
|
|
|
|
lineinfile:
|
2017-10-07 13:48:04 +02:00
|
|
|
dest: /etc/nginx/snippets/ipaddr_whitelist
|
2017-07-14 15:42:36 +02:00
|
|
|
line: "allow {{ item }};"
|
|
|
|
state: absent
|
2017-10-07 13:48:04 +02:00
|
|
|
with_items: "{{ nginx_ipaddr_whitelist_absent }}"
|
2017-07-14 15:42:36 +02:00
|
|
|
notify: reload nginx
|
|
|
|
tags:
|
2018-01-02 19:38:12 +01:00
|
|
|
- nginx
|
2018-10-19 10:31:45 +02:00
|
|
|
- ips
|
2017-07-14 15:42:36 +02:00
|
|
|
|
|
|
|
- name: Copy private_htpasswd
|
|
|
|
copy:
|
|
|
|
src: nginx/snippets/private_htpasswd
|
|
|
|
dest: /etc/nginx/snippets/private_htpasswd
|
|
|
|
owner: www-data
|
|
|
|
group: www-data
|
|
|
|
directory_mode: "0640"
|
|
|
|
mode: "0640"
|
|
|
|
force: no
|
|
|
|
notify: reload nginx
|
|
|
|
tags:
|
2018-01-02 19:38:12 +01:00
|
|
|
- nginx
|
2017-07-14 15:42:36 +02:00
|
|
|
|
|
|
|
- name: add user:pwd to private htpasswd
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/nginx/snippets/private_htpasswd
|
|
|
|
line: "{{ item }}"
|
|
|
|
state: present
|
|
|
|
with_items: "{{ nginx_private_htpasswd_present }}"
|
|
|
|
notify: reload nginx
|
|
|
|
tags:
|
2018-01-02 19:38:12 +01:00
|
|
|
- nginx
|
2017-07-14 15:42:36 +02:00
|
|
|
|
|
|
|
- name: remove user:pwd from private htpasswd
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/nginx/snippets/private_htpasswd
|
|
|
|
line: "{{ item }}"
|
|
|
|
state: absent
|
|
|
|
with_items: "{{ nginx_private_htpasswd_absent }}"
|
|
|
|
notify: reload nginx
|
|
|
|
tags:
|
2018-01-02 19:38:12 +01:00
|
|
|
- nginx
|
2017-07-14 15:42:36 +02:00
|
|
|
|
2018-01-02 19:41:32 +01:00
|
|
|
- include: server_status.yml
|
|
|
|
tags:
|
|
|
|
- nginx
|
|
|
|
|
2017-07-14 15:42:36 +02:00
|
|
|
- name: nginx vhost is installed
|
|
|
|
template:
|
|
|
|
src: evolinux-default.conf.j2
|
|
|
|
dest: /etc/nginx/sites-available/evolinux-default.conf
|
|
|
|
mode: "0640"
|
2017-10-09 16:35:38 +02:00
|
|
|
force: no
|
2017-07-14 15:42:36 +02:00
|
|
|
notify: reload nginx
|
|
|
|
tags:
|
2018-01-02 19:38:12 +01:00
|
|
|
- nginx
|
2017-07-14 15:42:36 +02:00
|
|
|
|
|
|
|
- name: default vhost is enabled
|
|
|
|
file:
|
|
|
|
src: /etc/nginx/sites-available/evolinux-default.conf
|
2017-08-04 18:53:08 +02:00
|
|
|
dest: /etc/nginx/sites-enabled/default
|
2017-07-14 15:42:36 +02:00
|
|
|
state: link
|
|
|
|
force: yes
|
|
|
|
notify: reload nginx
|
|
|
|
when: nginx_evolinux_default_enabled
|
|
|
|
tags:
|
2018-01-02 19:38:12 +01:00
|
|
|
- nginx
|
2017-07-14 15:42:36 +02:00
|
|
|
|
|
|
|
# - block:
|
|
|
|
# - name: generate random string for phpmyadmin suffix
|
|
|
|
# command: "apg -a 1 -M N -n 1"
|
|
|
|
# changed_when: False
|
|
|
|
# register: random_phpmyadmin_suffix
|
|
|
|
#
|
|
|
|
# - name: overwrite nginx_phpmyadmin_suffix
|
|
|
|
# set_fact:
|
|
|
|
# nginx_phpmyadmin_suffix: "{{ random_phpmyadmin_suffix.stdout }}"
|
|
|
|
# when: nginx_phpmyadmin_suffix == ""
|
|
|
|
#
|
|
|
|
# - name: replace phpmyadmin suffix in default site index
|
|
|
|
# replace:
|
|
|
|
# dest: /var/www/index.html
|
|
|
|
# regexp: '__PHPMYADMIN_SUFFIX__'
|
|
|
|
# replace: "{{ nginx_phpmyadmin_suffix }}"
|
|
|
|
#
|
|
|
|
# - block:
|
|
|
|
# - name: generate random string for serverstatus suffix
|
|
|
|
# command: "apg -a 1 -M N -n 1"
|
|
|
|
# changed_when: False
|
|
|
|
# register: random_serverstatus_suffix
|
|
|
|
#
|
|
|
|
# - name: overwrite nginx_serverstatus_suffix
|
|
|
|
# set_fact:
|
|
|
|
# nginx_serverstatus_suffix: "{{ random_phpmyadmin_suffix.stdout }}"
|
|
|
|
# when: nginx_serverstatus_suffix == ""
|
|
|
|
#
|
|
|
|
# - name: replace server-status suffix in default site index
|
|
|
|
# replace:
|
|
|
|
# dest: /var/www/index.html
|
|
|
|
# regexp: '__SERVERSTATUS_SUFFIX__'
|
|
|
|
# replace: "{{ nginx_serverstatus_suffix }}"
|
|
|
|
|
|
|
|
- name: Verify that the service is enabled and started
|
|
|
|
service:
|
|
|
|
name: nginx
|
|
|
|
enabled: yes
|
|
|
|
state: started
|
|
|
|
tags:
|
2018-01-02 19:38:12 +01:00
|
|
|
- nginx
|
2017-07-14 15:42:36 +02:00
|
|
|
|
|
|
|
- name: Check if Munin is installed
|
|
|
|
stat:
|
|
|
|
path: /etc/munin/plugin-conf.d/munin-node
|
|
|
|
check_mode: no
|
|
|
|
register: stat_munin_node
|
|
|
|
tags:
|
2018-01-02 19:38:12 +01:00
|
|
|
- nginx
|
|
|
|
- munin
|
2017-07-14 15:42:36 +02:00
|
|
|
|
|
|
|
- include: munin_vhost.yml
|
|
|
|
when: stat_munin_node.stat.exists
|
|
|
|
tags:
|
2018-01-02 19:38:12 +01:00
|
|
|
- nginx
|
|
|
|
- munin
|
2017-07-14 15:42:36 +02:00
|
|
|
|
|
|
|
- include: munin_graphs.yml
|
|
|
|
when: stat_munin_node.stat.exists
|
|
|
|
tags:
|
2018-01-02 19:38:12 +01:00
|
|
|
- nginx
|
|
|
|
- munin
|
2017-07-14 15:42:36 +02:00
|
|
|
|
|
|
|
- include: logrotate.yml
|