From 00df3e558122addf4f4cfa6905326f5cbbfafb5a Mon Sep 17 00:00:00 2001 From: Ivan Grynenko Date: Wed, 6 Jul 2016 08:00:42 +1000 Subject: [PATCH] Initial commit of Apache + Nginx reverse proxy. --- group_vars/all.yml | 48 +++++++++++++++++++---------- roles/common/tasks/main.yml | 4 ++- roles/common/tasks/setup-RedHat.yml | 8 +++++ site.yml | 1 + 4 files changed, 44 insertions(+), 17 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index 7296aed..43b13bd 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -56,6 +56,21 @@ mysql_innodb_log_buffer_size: "16M" nginx_port: 80 server_hostname: server.example.com +# Apache configuration behind Nginx reverse proxy. +apache_listen_ip: "127.0.0.1" +apache_listen_port: 82 +apache_create_vhosts: true +apache_vhosts_filename: "vhosts.conf" +apache_remove_default_vhost: false +apache_state: started +apache_vhosts_ssl: [] +- servername: "www.{{ server_hostname }}" + serveralias: "{{ server_hostname }}" + documentroot: "/var/www/html/{{ server_hostname }}" + extra_parameters: | + RewriteCond %{HTTP_HOST} !^www\. [NC] + RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] + # Disable All Updates # By default automatic updates are enabled, set this value to true to disable all automatic updates auto_up_disable: false @@ -110,9 +125,14 @@ php_packages: drush_keep_updated: yes drush_force_update: yes +# Listing Vhost domains, required to create docroot directories. +vhost_domains: + first: + name: '{{ server_hostname }}' + # Nginx vhosts configuration nginx_vhosts: - - listen: "{{ nginx_port }} default_server" + - listen: "{{ nginx_port }}" server_name: "{{ server_hostname }} www.{{ server_hostname }}" root: "/var/www/html/{{ server_hostname }}" open_file_cache: "max=2000 inactive=120s" @@ -126,21 +146,6 @@ nginx_vhosts: access_log: "/var/log/nginx/{{ server_hostname }}_access.log" error_log: "/var/log/nginx/{{ server_hostname }}_error.log" extra_parameters: | - location / { - index index.php; - try_files $uri $uri/ @rewrite; - expires max; - } - location @rewrite { - rewrite ^/(.*)$ /index.php?q=$1 last; - } - location ~ \.php$ { - fastcgi_split_path_info ^(.+\.php)(/.+)$; - fastcgi_pass 127.0.0.1:9000; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include fastcgi_params; - } location = /favicon.ico { log_not_found off; access_log off; @@ -150,6 +155,17 @@ nginx_vhosts: log_not_found off; access_log off; } + location / { + index index.php; + try_files $uri $uri/ /index.php; + expires max; + } + location ~ \.php$ { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://127.0.0.1:{{ apache_listen_port }}; + } location = /backup { deny all; } diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index a232594..b16fe11 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -6,5 +6,7 @@ - hostname: name={{ server_hostname }} - name: Creates custom users - user: name=vmuser comment=DefaultUser groups=vmuser,wheel password={{ default_user_password }} shell=/bin/bash createhome=yes + user: name=vmuser comment=DefaultUser groups=wheel password={{ default_user_password }} shell=/bin/bash createhome=yes + +- name: Creates custom PHP users user: name=www-php comment=DefaultPHPUser shell=/sbin/nologin createhome=no diff --git a/roles/common/tasks/setup-RedHat.yml b/roles/common/tasks/setup-RedHat.yml index e6a99ac..c7ab2e8 100644 --- a/roles/common/tasks/setup-RedHat.yml +++ b/roles/common/tasks/setup-RedHat.yml @@ -9,3 +9,11 @@ - name: Create the GPG key for EPEL copy: src=RPM-GPG-KEY-EPEL-7 dest=/etc/pki/rpm-gpg + +- name: Creates Docroot vhost directory + file: path=/var/www/html/{{ item.value.name }} state=directory owner={{ default_user_username }} group={{ php_fpm_pool_group }} mode=0755 recurse=yes + when: nginx_vhosts|length > 0 + with_dict: "{{ vhost_domains }}" + notify: + - reload nginx + - reload apache diff --git a/site.yml b/site.yml index 0b20776..20d4275 100644 --- a/site.yml +++ b/site.yml @@ -10,6 +10,7 @@ - ansible-role-nginx - ansible-role-memcached - ansible-role-php + - ansible-role-apache - ansible-role-postfix - ansible-role-git - ansible-role-composer