Skip to content

S
servers-config
Commit 8d8c8740 authored by Pietro Albini's avatar Pietro Albini
Browse files
Options

nginx: remove unused stuff and proxy requests to containers

parent 3963c7ec
Show whitespace changes
Inline Side-by-side
Showing with 65 additions and 80 deletions
playbooks/roadhouse.yml
View file @ 8d8c8740
...@@ -23,6 +23,11 @@ ...@@ -23,6 +23,11 @@
- role: nginx - role: nginx
proxy:
code.ubuntu-it.org: spock.lxd:80
wwwtest.ubuntu-it.org: bromuro.lxd:80
votantonio.ubuntu-it.org: bromuro.lxd:80
- role: lxd - role: lxd
subnet4: 10.0.0 subnet4: 10.0.0
......
roles/nginx/handlers/main.yml
View file @ 8d8c8740
--- ---
- name: web-server.reload-nginx - name: nginx.reload
service: service:
name: nginx name: nginx
state: reloaded state: reloaded
roles/nginx/tasks/main.yml
View file @ 8d8c8740
--- ---
- name: setup - include_tasks: setup.yml
include: setup.yml
- include_tasks: proxy.yml
when: proxy
roles/nginx/tasks/proxy.yml 0 → 100644
View file @ 8d8c8740
---
- name: Upload configuration for proxied sites
template:
src: sites/proxied.conf
dest: "/etc/nginx/sites-enabled/{{ item.key }}"
with_dict: "{{ proxy }}"
notify:
- nginx.reload
roles/nginx/tasks/setup.yml
View file @ 8d8c8740
--- ---
- name: install nginx - name: Install nginx
apt: apt:
name: "{{ item }}" name: "{{ item }}"
state: present state: present
...@@ -9,47 +9,33 @@ ...@@ -9,47 +9,33 @@
- nginx - nginx
- name: create directories for nginx - name: Upload nginx configuration files
file: template:
path: "/etc/nginx/{{ item }}" src: "conf.d/{{ item }}"
state: directory dest: "/etc/nginx/conf.d/{{ item }}"
mode: 0755
with_items:
- sites
- name: remove unused nginx directories mode: 0644
file:
path: "{{ item }}"
state: absent
with_items: with_items:
- /var/www/html - optimize.conf
- /etc/nginx/sites-available
- /etc/nginx/sites-enabled
- name: upload nginx configuration files notify:
template: - nginx.reload
src: "config/{{ item }}"
dest: "/etc/nginx/{{ item }}"
mode: 0644
with_items: - name: Upload default site
- nginx.conf template:
- conf.d/default-site.conf src: sites/default.conf
- conf.d/optimize.conf dest: /etc/nginx/sites-enabled/default
notify: notify:
- web-server.reload-nginx - nginx.reload
- name: allow http through the firewall - name: Allow http through the firewall
template: template:
src: firewall.sh src: firewall.sh
dest: /usr/local/share/firewall.d/web-server.sh dest: /usr/local/share/firewall.d/nginx.sh
mode: 0700 mode: 0700
notify: notify:
......
roles/nginx/templates/config/conf.d/optimize.conf roles/nginx/templates/conf.d/optimize.conf
View file @ 8d8c8740
#
# {{ ansible_managed }}
#
###################### ######################
# gzip compression # # gzip compression #
###################### ######################
gzip on;
gzip_disable "msie6";
gzip_vary on; gzip_vary on;
gzip_comp_level 6; gzip_comp_level 6;
......
roles/nginx/templates/config/nginx.conf deleted 100644 → 0
View file @ 3963c7ec
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
####################
# Basic Settings #
####################
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
#######################
# SSL configuration #
#######################
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
########################
# Logs configuration #
########################
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
#########################
# Extra configuration #
#########################
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites/*;
}
roles/nginx/templates/firewall.sh
View file @ 8d8c8740
#!/bin/bash
#
# {{ ansible_managed }}
#
# Allow incoming requests on port 80 # Allow incoming requests on port 80
command -A public_input_tcp -p tcp --dport 80 -j ACCEPT command -A public_input_tcp -p tcp --dport 80 -j ACCEPT
roles/nginx/templates/config/conf.d/default-site.conf roles/nginx/templates/sites/default.conf
View file @ 8d8c8740
#
# {{ ansible_managed }}
#
server { server {
listen 80 default; listen 80 default;
listen [::]:80 default; listen [::]:80 default;
......
roles/nginx/templates/sites/proxied.conf 0 → 100644
View file @ 8d8c8740
#
# {{ ansible_managed }}
#
server {
listen 80;
listen [::]:80;
server_name {{ item.key }};
location / {
proxy_pass http://{{ item.value }}/;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment