commit
77a83a697a
@ -1,2 +0,0 @@ |
||||
wordpress-nginx/hosts |
||||
.DS_Store |
@ -0,0 +1,39 @@ |
||||
--- |
||||
sudo: required |
||||
language: python |
||||
python: "2.7" |
||||
|
||||
env: |
||||
- SITE=test.yml |
||||
|
||||
before_install: |
||||
- sudo apt-get update -qq |
||||
- sudo apt-get install -y curl |
||||
|
||||
install: |
||||
# Install Ansible. |
||||
- pip install ansible |
||||
|
||||
# Add ansible.cfg to pick up roles path. |
||||
- "{ echo '[defaults]'; echo 'roles_path = ../'; } >> ansible.cfg" |
||||
|
||||
script: |
||||
# Check the role/playbook's syntax. |
||||
- "ansible-playbook -i tests/inventory tests/$SITE --syntax-check" |
||||
|
||||
# Run the role/playbook with ansible-playbook. |
||||
- "ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo" |
||||
|
||||
# Run the role/playbook again, checking to make sure it's idempotent. |
||||
- > |
||||
ansible-playbook -i tests/inventory tests/$SITE --connection=local --sudo |
||||
| grep -q 'changed=0.*failed=0' |
||||
&& (echo 'Idempotence test: pass' && exit 0) |
||||
|| (echo 'Idempotence test: fail' && exit 1) |
||||
|
||||
# TODO - get the test working. Probably need to add a virtual host. |
||||
# Request a page via Nginx, to make sure Nginx is running and responds. |
||||
# - "curl http://localhost/" |
||||
|
||||
notifications: |
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/ |
@ -1,5 +0,0 @@ |
||||
Modified by David Beck (techiscool@gmail.com) 2015 |
||||
Copyright (C) 2015 Eugene Varnavsky (varnavruz@gmail.com) |
||||
|
||||
This work is licensed under the Creative Commons Attribution 3.0 Unported License. |
||||
To view a copy of this license, visit http://creativecommons.org/licenses/by/3.0/deed.en_US. |
@ -1,34 +1,122 @@ |
||||
## WordPress+Nginx+PHP-FPM+MariaDB Deployment |
||||
# Ansible Role: Nginx |
||||
|
||||
- Requires Ansible 1.2 or newer |
||||
- Expects CentOS/RHEL 7.x host/s |
||||
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-nginx.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-nginx) |
||||
|
||||
RHEL7 version reflects changes in Red Hat Enterprise Linux and CentOS 7: |
||||
1. Network device naming scheme has changed |
||||
2. iptables is replaced with firewalld |
||||
3. MySQL is replaced with MariaDB |
||||
Installs Nginx on RedHat/CentOS or Debian/Ubuntu Linux, or FreeBSD servers. |
||||
|
||||
These playbooks deploy a simple all-in-one configuration of the popular |
||||
WordPress blogging platform and CMS, frontend by the Nginx web server and the |
||||
PHP-FPM process manager. To use, copy the `hosts.example` file to `hosts` and |
||||
edit the `hosts` inventory file to include the names or URLs of the servers |
||||
you want to deploy. |
||||
This role installs and configures the latest version of Nginx from the Nginx yum repository (on RedHat-based systems) or via apt (on Debian-based systems) or pkgng (on FreeBSD systems). You will likely need to do extra setup work after this role has installed Nginx, like adding your own [virtualhost].conf file inside `/etc/nginx/conf.d/`, describing the location and options to use for your particular website. |
||||
|
||||
Then run the playbook, like this: |
||||
## Requirements |
||||
|
||||
ansible-playbook -i hosts site.yml |
||||
None. |
||||
|
||||
The playbooks will configure MariaDB, WordPress, Nginx, and PHP-FPM. When the run |
||||
is complete, you can hit access server to begin the WordPress configuration. |
||||
## Role Variables |
||||
|
||||
### Ideas for Improvement |
||||
Available variables are listed below, along with default values (see `defaults/main.yml`): |
||||
|
||||
Here are some ideas for ways that these playbooks could be extended: |
||||
nginx_vhosts: [] |
||||
|
||||
- Parameterize the WordPress deployment to handle multi-site configurations. |
||||
- Separate the components (PHP-FPM, MySQL, Nginx) onto separate hosts and |
||||
handle the configuration appropriately. |
||||
- Handle WordPress upgrades automatically. |
||||
A list of vhost definitions (server blocks) for Nginx virtual hosts. If left empty, you will need to supply your own virtual host configuration. See the commented example in `defaults/main.yml` for available server options. If you have a large number of customizations required for your server definition(s), you're likely better off managing the vhost configuration file yourself, leaving this variable set to `[]`. |
||||
|
||||
We would love to see contributions and improvements, so please fork this |
||||
repository on GitHub and send us your changes via pull requests. |
||||
nginx_vhosts: |
||||
- listen: "80 default_server" |
||||
server_name: "example.com" |
||||
root: "/var/www/example.com" |
||||
index: "index.php index.html index.htm" |
||||
error_page: "" |
||||
access_log: "" |
||||
error_log: "" |
||||
extra_parameters: | |
||||
location ~ \.php$ { |
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$; |
||||
fastcgi_pass unix:/var/run/php5-fpm.sock; |
||||
fastcgi_index index.php; |
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
||||
include fastcgi_params; |
||||
} |
||||
|
||||
An example of a fully-populated nginx_vhosts entry, using a `|` to declare a block of syntax for the `extra_parameters`. |
||||
|
||||
nginx_remove_default_vhost: false |
||||
|
||||
Whether to remove the 'default' virtualhost configuration supplied by Nginx. Useful if you want the base `/` URL to be directed at one of your own virtual hosts configured in a separate .conf file. |
||||
|
||||
nginx_upstreams: [] |
||||
|
||||
If you are configuring Nginx as a load balancer, you can define one or more upstream sets using this variable. In addition to defining at least one upstream, you would need to configure one of your server blocks to proxy requests through the defined upstream (e.g. `proxy_pass http://myapp1;`). See the commented example in `defaults/main.yml` for more information. |
||||
|
||||
nginx_user: "nginx" |
||||
|
||||
The user under which Nginx will run. Defaults to `nginx` for RedHat, and `www-data` for Debian. |
||||
|
||||
nginx_worker_processes: "1" |
||||
nginx_worker_connections: "1024" |
||||
nginx_multi_accept: "off" |
||||
|
||||
`nginx_worker_processes` should be set to the number of cores present on your machine. Connections (find this number with `grep processor /proc/cpuinfo | wc -l`). `nginx_worker_connections` is the number of connections per process. Set this higher to handle more simultaneous connections (and remember that a connection will be used for as long as the keepalive timeout duration for every client!). You can set `nginx_multi_accept` to `on` if you want Nginx to accept all connections immediately. |
||||
|
||||
nginx_error_log: "/var/log/nginx/error.log warn" |
||||
nginx_access_log: "/var/log/nginx/access.log main buffer=16k" |
||||
|
||||
Configuration of the default error and access logs. Set to `off` to disable a log entirely. |
||||
|
||||
nginx_sendfile: "on" |
||||
nginx_tcp_nopush: "on" |
||||
nginx_tcp_nodelay: "on" |
||||
|
||||
TCP connection options. See [this blog post](https://t37.net/nginx-optimization-understanding-sendfile-tcp_nodelay-and-tcp_nopush.html) for more information on these directives. |
||||
|
||||
nginx_keepalive_timeout: "65" |
||||
nginx_keepalive_requests: "100" |
||||
|
||||
Nginx keepalive settings. Timeout should be set higher (10s+) if you have more polling-style traffic (AJAX-powered sites especially), or lower (<10s) if you have a site where most users visit a few pages and don't send any further requests. |
||||
|
||||
nginx_client_max_body_size: "64m" |
||||
|
||||
This value determines the largest file upload possible, as uploads are passed through Nginx before hitting a backend like `php-fpm`. If you get an error like `client intended to send too large body`, it means this value is set too low. |
||||
|
||||
nginx_server_names_hash_bucket_size: "64" |
||||
|
||||
If you have many server names, or have very long server names, you might get an Nginx error on startup requiring this value to be increased. |
||||
|
||||
nginx_proxy_cache_path: "" |
||||
|
||||
Set as the `proxy_cache_path` directive in the `nginx.conf` file. By default, this will not be configured (if left as an empty string), but if you wish to use Nginx as a reverse proxy, you can set this to a valid value (e.g. `"/var/cache/nginx keys_zone=cache:32m"`) to use Nginx's cache (further proxy configuration can be done in individual server configurations). |
||||
|
||||
nginx_extra_http_options: "" |
||||
|
||||
Extra lines to be inserted in the top-level `http` block in `nginx.conf`. The value should be defined literally (as you would insert it directly in the `nginx.conf`, adhering to the Nginx configuration syntax - such as `;` for line termination, etc.), for example: |
||||
|
||||
nginx_extra_http_options: | |
||||
proxy_buffering off; |
||||
proxy_set_header X-Real-IP $remote_addr; |
||||
proxy_set_header X-Scheme $scheme; |
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
||||
proxy_set_header Host $http_host; |
||||
|
||||
nginx_default_release: "" |
||||
|
||||
(For Debian/Ubuntu only) Allows you to set a different repository for the installation of Nginx. As an example, if you are running Debian's wheezy release, and want to get a newer version of Nginx, you can install the `wheezy-backports` repository and set that value here, and Ansible will use that as the `-t` option while installing Nginx. |
||||
|
||||
nginx_ppa_use: false |
||||
nginx_ppa_version: stable |
||||
|
||||
(For Ubuntu only) Allows you to use the official Nginx PPA instead of the system's package. You can set the version to `stable` or `development`. |
||||
|
||||
## Dependencies |
||||
|
||||
None. |
||||
|
||||
## Example Playbook |
||||
|
||||
- hosts: server |
||||
roles: |
||||
- { role: geerlingguy.nginx } |
||||
|
||||
## License |
||||
|
||||
MIT / BSD |
||||
|
||||
## Author Information |
||||
|
||||
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). |
||||
|
@ -0,0 +1,68 @@ |
||||
--- |
||||
# Used only for Debian/Ubuntu installation, as the -t option for apt. |
||||
nginx_default_release: "" |
||||
|
||||
# Use the official Nginx PPA for Ubuntu, and the version to use if so. |
||||
nginx_ppa_use: false |
||||
nginx_ppa_version: stable |
||||
|
||||
# The name of the nginx apt/yum package to install. |
||||
nginx_package_name: "nginx" |
||||
|
||||
nginx_worker_processes: "auto" |
||||
nginx_worker_connections: "1024" |
||||
nginx_multi_accept: "off" |
||||
|
||||
nginx_error_log: "/var/log/nginx/error.log warn" |
||||
nginx_access_log: "/var/log/nginx/access.log main buffer=16k" |
||||
|
||||
nginx_sendfile: "on" |
||||
nginx_tcp_nopush: "on" |
||||
nginx_tcp_nodelay: "on" |
||||
|
||||
nginx_keepalive_timeout: "65" |
||||
nginx_keepalive_requests: "100" |
||||
|
||||
nginx_client_max_body_size: "64m" |
||||
|
||||
nginx_server_names_hash_bucket_size: "64" |
||||
|
||||
nginx_proxy_cache_path: "" |
||||
|
||||
nginx_extra_conf_options: "" |
||||
# Example extra main options, used within the main nginx's context: |
||||
# nginx_extra_conf_options: | |
||||
# env VARIABLE; |
||||
# include /etc/nginx/main.d/*.conf; |
||||
|
||||
nginx_extra_http_options: "" |
||||
# Example extra http options, printed inside the main server http config: |
||||
# nginx_extra_http_options: | |
||||
# proxy_buffering off; |
||||
# proxy_set_header X-Real-IP $remote_addr; |
||||
# proxy_set_header X-Scheme $scheme; |
||||
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
||||
# proxy_set_header Host $http_host; |
||||
|
||||
nginx_remove_default_vhost: false |
||||
nginx_vhosts: [] |
||||
# Example vhost below, showing all available options: |
||||
# - listen: "80 default_server" # default: "80 default_server" |
||||
# server_name: "example.com" # default: N/A |
||||
# root: "/var/www/example.com" # default: N/A |
||||
# index: "index.html index.htm" # default: "index.html index.htm" |
||||
# |
||||
# # Properties that are only added if defined: |
||||
# error_page: "" |
||||
# access_log: "" |
||||
# error_log: "" |
||||
# extra_parameters: "" # Can be used to add extra config blocks (multiline). |
||||
|
||||
nginx_upstreams: [] |
||||
# - name: myapp1 |
||||
# strategy: "ip_hash" # "least_conn", etc. |
||||
# servers: { |
||||
# "srv1.example.com", |
||||
# "srv2.example.com weight=3", |
||||
# "srv3.example.com" |
||||
# } |
@ -1,335 +0,0 @@ |
||||
--- |
||||
# Variables listed here are applicable to all host groups |
||||
server_hostname: web01.redyhost.com |
||||
mysql_root_password: Ff!2KDSUOs10[tXR*M</_#mgvlJCkz5W |
||||
mysql_databases: |
||||
- name: drupal8db |
||||
encoding: utf8 |
||||
collation: utf8_general_ci |
||||
mysql_users: |
||||
- name: drupal8user |
||||
host: "127.0.0.1" |
||||
password: "dcSEMWpH]O2P" |
||||
priv: "drupal8db.*:ALL" |
||||
- name: drupal8user |
||||
host: "localshot" |
||||
password: "dcSEMWpH]O2P" |
||||
priv: "drupal8db.*:ALL" |
||||
|
||||
php_date_timezone: "Australia/Melbourne" |
||||
|
||||
# Default user password for vmuser |
||||
default_user_username: "vmuser" |
||||
default_user_password: #uVOInGP&p<jfd}bkelLMEH!ZNRg$xiz |
||||
|
||||
# Whether to enable BigPipe. Put Yes to enable. |
||||
nginx_bigpipe_enable: "" |
||||
|
||||
# DO NOT MODIFY BELOW THIS LINE. |
||||
|
||||
ansible_ssh_private_key_file: /home/redyhost/.ssh/id_rsa_provisioning |
||||
|
||||
wp_version: 4.3 |
||||
wp_sha256sum: 3b0db3abe8504f15a33cf64188a493ec0de01eaa8d20e37c3d6a1d9fa0a40fb4 |
||||
|
||||
# These are the WordPress database settings |
||||
wp_db_name: wordpress |
||||
wp_db_user: wordpress |
||||
wp_db_password: secret |
||||
|
||||
# MySQL settings |
||||
mysql_root_password_update: yes |
||||
mysql_bind_address: '127.0.0.1' |
||||
mysql_slow_query_log_enabled: yes |
||||
mysql_slow_query_log_file: /var/log/mysql-slow.log |
||||
mysql_pid_file: /var/lib/mysql/mysql.pid |
||||
mysql_slow_query_time: 2 |
||||
mysql_max_allowed_packet: "256M" |
||||
mysql_innodb_buffer_pool_size: "1G" |
||||
mysql_innodb_log_buffer_size: "1G" |
||||
mysql_innodb_log_file_size: "1G" |
||||
mysql_innodb_flush_log_at_trx_commit: "2" |
||||
mysql_innodb_file_per_table: 1 |
||||
mysql_innodb_log_buffer_size: "16M" |
||||
|
||||
# This is used for the nginx server configuration, but access to the |
||||
# WordPress site is not restricted by a named host. |
||||
nginx_port: 80 |
||||
server_hostname: server.example.com |
||||
|
||||
# Listing Vhost domains, required to create docroot directories. |
||||
vhost_domains: |
||||
first: |
||||
name: '{{ server_hostname }}' |
||||
second: |
||||
name: '2-{{ server_hostname }}' |
||||
|
||||
# Apache configuration behind Nginx reverse proxy. |
||||
apache_listen_ip: "127.0.0.1" |
||||
apache_listen_port: 82 |
||||
apache_listen_port_ssl: 2443 |
||||
apache_create_vhosts: true |
||||
apache_vhosts_filename: "vhosts.conf" |
||||
apache_remove_default_vhost: false |
||||
apache_state: started |
||||
apache_vhosts_version: "2.4" |
||||
apache_enable_event_mpm: true |
||||
apache_packages: |
||||
- mod_ssl |
||||
- mod_security |
||||
apache_mods_disabled: |
||||
- php |
||||
- php7 |
||||
apache_vhosts_ssl: [] |
||||
apache_vhosts: |
||||
- servername: "www.{{ server_hostname }}" |
||||
serveralias: "{{ server_hostname }}" |
||||
documentroot: "/var/www/html/{{ server_hostname }}" |
||||
extra_parameters: | |
||||
RewriteCond %{HTTP_HOST} !^www\. [NC] |
||||
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] |
||||
ErrorLog "/var/log/httpd/{{ server_hostname }}_error.log" |
||||
ServerSignature Off |
||||
ProxyTimeout 600 |
||||
ProxyPassMatch ^/(.*\.php(/.*)?)$ "fcgi://127.0.0.1:9000/var/www/html/{{ server_hostname }}/$1" |
||||
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedlog |
||||
CustomLog "/var/log/httpd/{{ server_hostname }}_access.log" combinedlog |
||||
<Proxy fcgi://localhost:9000> |
||||
ProxySet timeout=600 |
||||
</Proxy> |
||||
- servername: "www.2{{ server_hostname }}" |
||||
serveralias: "2{{ server_hostname }}" |
||||
documentroot: "/var/www/html/2{{ server_hostname }}" |
||||
extra_parameters: | |
||||
RewriteCond %{HTTP_HOST} !^www\. [NC] |
||||
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] |
||||
ErrorLog "/var/log/httpd/2{{ server_hostname }}_error.log" |
||||
ServerSignature Off |
||||
ProxyTimeout 600 |
||||
ProxyPassMatch ^/(.*\.php(/.*)?)$ "fcgi://127.0.0.1:9000/var/www/html/2{{ server_hostname }}/$1" |
||||
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedlog |
||||
CustomLog "/var/log/httpd/2{{ server_hostname }}_access.log" combinedlog |
||||
<Proxy fcgi://localhost:9000> |
||||
ProxySet timeout=600 |
||||
</Proxy> |
||||
|
||||
# Disable All Updates |
||||
# By default automatic updates are enabled, set this value to true to disable all automatic updates |
||||
auto_up_disable: false |
||||
|
||||
#Define Core Update Level |
||||
# true = Development, minor, and major updates are all enabled |
||||
# false = Development, minor, and major updates are all disabled |
||||
# minor = Minor updates are enabled, development, and major updates are disabled |
||||
core_update_level: true |
||||
|
||||
# Defines PHP values |
||||
php_enablerepo: "remi-php70" |
||||
|
||||
# PHP-FPM configuration. |
||||
php_enable_php_fpm: true |
||||
php_fpm_pool_user: vmuser |
||||
php_fpm_pool_group: www-php |
||||
|
||||
php_apc_shm_size: "128M" |
||||
php_post_max_size: "256M" |
||||
php_upload_max_filesize: "1024M" |
||||
php_max_input_vars: "4000" |
||||
|
||||
# Interaction with which web server |
||||
php_webserver_daemon: "httpd" |
||||
|
||||
php_error_reporting: "E_ALL & ~E_DEPRECATED & ~E_STRICT & ~E_NOTICE & ~E_WARNING" |
||||
|
||||
php_packages: |
||||
- php |
||||
- php-cli |
||||
- php-common |
||||
- php-devel |
||||
- php-fpm |
||||
- php-gd |
||||
- php-imap |
||||
- php-ldap |
||||
- php-mbstring |
||||
- php-mcrypt |
||||
- php-memcached |
||||
- php-mysql |
||||
- php-opcache |
||||
- php-pdo |
||||
- php-pear |
||||
- php-pecl-apcu |
||||
- php-xml |
||||
- php-twig |
||||
- php-xmlrpc |
||||
- php-pecl-uploadprogress |
||||
|
||||
# Drush |
||||
drush_keep_updated: yes |
||||
drush_force_update: yes |
||||
|
||||
# Nginx vhosts configuration |
||||
nginx_vhosts: |
||||
- listen: "{{ nginx_port }}" |
||||
server_name: "{{ server_hostname }} www.{{ server_hostname }}" |
||||
root: "/var/www/html/{{ server_hostname }}" |
||||
open_file_cache: "max=2000 inactive=120s" |
||||
open_file_cache_valid: "240s" |
||||
open_file_cache_min_uses: "5" |
||||
open_file_cache_errors: "off" |
||||
client_max_body_size: "5m" |
||||
client_body_timeout: "60" |
||||
index: "index.php index.html index.htm" |
||||
error_page: "403 =404" |
||||
access_log: "/var/log/nginx/{{ server_hostname }}_access.log" |
||||
error_log: "/var/log/nginx/{{ server_hostname }}_error.log" |
||||
extra_parameters: | |
||||
location ~ ^/sites/.*/files/styles/ { |
||||
try_files $uri @rewrite; |
||||
} |
||||
location ~ ^/sites/default/files/ { |
||||
try_files $uri @rewrite; |
||||
} |
||||
location ~ \.(gif|jpg|jpeg|png|ico|bmp|js|css|pdf|doc|webp|woff|ico|js|css|svg)(\?[a-zA-Z0-9\.\-_,])?$ { |
||||
expires max; |
||||
log_not_found off; |
||||
add_header Cache-Control "public"; |
||||
add_header X-Cache $upstream_cache_status; |
||||
} |
||||
location = /favicon.ico { |
||||
log_not_found off; |
||||
access_log off; |
||||
} |
||||
location = /robots.txt { |
||||
allow all; |
||||
log_not_found off; |
||||
access_log off; |
||||
} |
||||
location / { |
||||
proxy_pass http://127.0.0.1:{{ apache_listen_port }}; |
||||
proxy_set_header Host $host; |
||||
proxy_set_header X-Real-IP $remote_addr; |
||||
proxy_set_header X-Forwarded-For $remote_addr; |
||||
add_header X-Cache $upstream_cache_status; |
||||
add_header X-Loaded "/"; |
||||
add_header X-Your-IP $remote_addr; |
||||
} |
||||
location ~ \.php$ { |
||||
proxy_set_header X-Real-IP $remote_addr; |
||||
proxy_set_header X-Forwarded-For $remote_addr; |
||||
proxy_set_header Host $host; |
||||
proxy_pass http://127.0.0.1:{{ apache_listen_port }}; |
||||
add_header X-Cache $upstream_cache_status; |
||||
add_header X-Loaded "php"; |
||||
add_header X-Your-IP $remote_addr; |
||||
} |
||||
location = /backup { |
||||
deny all; |
||||
} |
||||
location ~* \.(txt|log)$ { |
||||
allow 127.0.0.1; |
||||
deny all; |
||||
} |
||||
location ~ \..*/.*\.php$ { |
||||
return 403; |
||||
} |
||||
|
||||
location ~ /\. { |
||||
access_log off; |
||||
log_not_found off; |
||||
deny all; |
||||
} |
||||
location ~ ~$ { |
||||
access_log off; |
||||
log_not_found off; |
||||
deny all; |
||||
} |
||||
location ~ /\.ht { |
||||
deny all; |
||||
} |
||||
location @rewrite { |
||||
# Some modules enforce no slash (/) at the end of the URL |
||||
# Else this rewrite block wouldn't be needed (GlobalRedirect) |
||||
rewrite ^/(.*)$ /index.php?q=$1 last; |
||||
} |
||||
- listen: "{{ nginx_port }}" |
||||
server_name: "2{{ server_hostname }} www.2{{ server_hostname }}" |
||||
root: "/var/www/html/2{{ server_hostname }}" |
||||
open_file_cache: "max=2000 inactive=120s" |
||||
open_file_cache_valid: "240s" |
||||
open_file_cache_min_uses: "5" |
||||
open_file_cache_errors: "off" |
||||
client_max_body_size: "5m" |
||||
client_body_timeout: "60" |
||||
index: "index.php index.html index.htm" |
||||
error_page: "403 =404" |
||||
access_log: "/var/log/nginx/2{{ server_hostname }}_access.log" |
||||
error_log: "/var/log/nginx/2{{ server_hostname }}_error.log" |
||||
extra_parameters: | |
||||
location ~ ^/sites/.*/files/styles/ { |
||||
try_files $uri @rewrite; |
||||
} |
||||
location ~ ^/sites/default/files/ { |
||||
try_files $uri @rewrite; |
||||
} |
||||
location ~ \.(gif|jpg|jpeg|png|ico|bmp|js|css|pdf|doc|webp|woff|ico|js|css|svg)(\?[a-zA-Z0-9\.\-_,])?$ { |
||||
expires max; |
||||
log_not_found off; |
||||
add_header Cache-Control "public"; |
||||
add_header X-Cache $upstream_cache_status; |
||||
} |
||||
location = /favicon.ico { |
||||
log_not_found off; |
||||
access_log off; |
||||
} |
||||
location = /robots.txt { |
||||
allow all; |
||||
log_not_found off; |
||||
access_log off; |
||||
} |
||||
location / { |
||||
proxy_pass http://127.0.0.1:{{ apache_listen_port }}; |
||||
proxy_set_header Host $host; |
||||
proxy_set_header X-Real-IP $remote_addr; |
||||
proxy_set_header X-Forwarded-For $remote_addr; |
||||
add_header X-Cache $upstream_cache_status; |
||||
add_header X-Loaded "/"; |
||||
add_header X-Your-IP $remote_addr; |
||||
} |
||||
location ~ \.php$ { |
||||
proxy_set_header X-Real-IP $remote_addr; |
||||
proxy_set_header X-Forwarded-For $remote_addr; |
||||
proxy_set_header Host $host; |
||||
proxy_pass http://127.0.0.1:{{ apache_listen_port }}; |
||||
add_header X-Cache $upstream_cache_status; |
||||
add_header X-Loaded "php"; |
||||
add_header X-Your-IP $remote_addr; |
||||
} |
||||
location = /backup { |
||||
deny all; |
||||
} |
||||
location ~* \.(txt|log)$ { |
||||
allow 127.0.0.1; |
||||
deny all; |
||||
} |
||||
location ~ \..*/.*\.php$ { |
||||
return 403; |
||||
} |
||||
|
||||
location ~ /\. { |
||||
access_log off; |
||||
log_not_found off; |
||||
deny all; |
||||
} |
||||
location ~ ~$ { |
||||
access_log off; |
||||
log_not_found off; |
||||
deny all; |
||||
} |
||||
location ~ /\.ht { |
||||
deny all; |
||||
} |
||||
location @rewrite { |
||||
# Some modules enforce no slash (/) at the end of the URL |
||||
# Else this rewrite block wouldn't be needed (GlobalRedirect) |
||||
rewrite ^/(.*)$ /index.php?q=$1 last; |
||||
} |
@ -0,0 +1,10 @@ |
||||
--- |
||||
- name: restart nginx |
||||
service: name=nginx state=restarted |
||||
|
||||
- name: validate nginx configuration |
||||
command: nginx -t -c /etc/nginx/nginx.conf |
||||
changed_when: False |
||||
|
||||
- name: reload nginx |
||||
service: name=nginx state=reloaded |
@ -1,54 +0,0 @@ |
||||
--- |
||||
sudo: required |
||||
|
||||
env: |
||||
- distribution: centos |
||||
version: 6 |
||||
init: /sbin/init |
||||
run_opts: "" |
||||
- distribution: centos |
||||
version: 7 |
||||
init: /usr/lib/systemd/systemd |
||||
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro" |
||||
- distribution: ubuntu |
||||
version: 14.04 |
||||
init: /sbin/init |
||||
run_opts: "" |
||||
- distribution: ubuntu |
||||
version: 12.04 |
||||
init: /sbin/init |
||||
run_opts: "" |
||||
|
||||
services: |
||||
- docker |
||||
|
||||
before_install: |
||||
# - sudo apt-get update |
||||
# Pull container |
||||
- 'sudo docker pull ${distribution}:${version}' |
||||
# Customize container |
||||
- 'sudo docker build --rm=true --file=tests/Dockerfile.${distribution}-${version} --tag=${distribution}-${version}:ansible tests' |
||||
|
||||
script: |
||||
- container_id=$(mktemp) |
||||
# Run container in detached state |
||||
- 'sudo docker run --detach --volume="${PWD}":/etc/ansible/roles/role_under_test:ro ${run_opts} ${distribution}-${version}:ansible "${init}" > "${container_id}"' |
||||
|
||||
# Ansible syntax check. |
||||
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml --syntax-check' |
||||
|
||||
# Test role. |
||||
- 'sudo docker exec --tty "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml' |
||||
|
||||
# Test role idempotence. |
||||
- > |
||||
sudo docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/role_under_test/tests/test.yml |
||||
| grep -q 'changed=0.*failed=0' |
||||
&& (echo 'Idempotence test: pass' && exit 0) |
||||
|| (echo 'Idempotence test: fail' && exit 1) |
||||
|
||||
# Clean up |
||||
- 'sudo docker stop "$(cat ${container_id})"' |
||||
|
||||
notifications: |
||||
webhooks: https://galaxy.ansible.com/api/v1/notifications/ |
@ -1,124 +0,0 @@ |
||||
# Ansible Role: Apache 2.x |
||||
|
||||
[![Build Status](https://travis-ci.org/geerlingguy/ansible-role-apache.svg?branch=master)](https://travis-ci.org/geerlingguy/ansible-role-apache) |
||||
|
||||
An Ansible Role that installs Apache 2.x on RHEL/CentOS, Debian/Ubuntu, SLES and Solaris. |
||||
|
||||
## Requirements |
||||
|
||||
If you are using SSL/TLS, you will need to provide your own certificate and key files. You can generate a self-signed certificate with a command like `openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout example.key -out example.crt`. |
||||
|
||||
If you are using Apache with PHP, I recommend using the `geerlingguy.php` role to install PHP, and you can either use mod_php (by adding the proper package, e.g. `libapache2-mod-php5` for Ubuntu, to `php_packages`), or by also using `geerlingguy.apache-php-fpm` to connect Apache to PHP via FPM. See that role's README for more info. |
||||
|
||||
## Role Variables |
||||
|
||||
Available variables are listed below, along with default values (see `defaults/main.yml`): |
||||
|
||||
apache_enablerepo: "" |
||||
|
||||
The repository to use when installing Apache (only used on RHEL/CentOS systems). If you'd like later versions of Apache than are available in the OS's core repositories, use a repository like EPEL (which can be installed with the `geerlingguy.repo-epel` role). |
||||
|
||||
apache_listen_ip: "*" |
||||
apache_listen_port: 80 |
||||
apache_listen_port_ssl: 443 |
||||
|
||||
The IP address and ports on which apache should be listening. Useful if you have another service (like a reverse proxy) listening on port 80 or 443 and need to change the defaults. |
||||
|
||||
apache_create_vhosts: true |
||||
apache_vhosts_filename: "vhosts.conf" |
||||
|
||||
If set to true, a vhosts file, managed by this role's variables (see below), will be created and placed in the Apache configuration folder. If set to false, you can place your own vhosts file into Apache's configuration folder and skip the convenient (but more basic) one added by this role. |
||||
|
||||
apache_remove_default_vhost: false |
||||
|
||||
On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. Set this to `true` to remove that default virtualhost configuration file. |
||||
|
||||
apache_global_vhost_settings: | |
||||
DirectoryIndex index.php index.html |
||||
# Add other global settings on subsequent lines. |
||||
|
||||
You can add or override global Apache configuration settings in the role-provided vhosts file (assuming `apache_create_vhosts` is true) using this variable. By default it only sets the DirectoryIndex configuration. |
||||
|
||||
apache_vhosts: |
||||
# Additional optional properties: 'serveradmin, serveralias, extra_parameters'. |
||||
- servername: "local.dev" |
||||
documentroot: "/var/www/html" |
||||
|
||||
Add a set of properties per virtualhost, including `servername` (required), `documentroot` (required), `serveradmin` (optional), `serveralias` (optional) and `extra_parameters` (optional: you can add whatever additional configuration lines you'd like in here). |
||||
|
||||
Here's an example using `extra_parameters` to add a RewriteRule to redirect all requests to the `www.` site: |
||||
|
||||
- servername: "www.local.dev" |
||||
serveralias: "local.dev" |
||||
documentroot: "/var/www/html" |
||||
extra_parameters: | |
||||
RewriteCond %{HTTP_HOST} !^www\. [NC] |
||||
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] |
||||
|
||||
The `|` denotes a multiline scalar block in YAML, so newlines are preserved in the resulting configuration file output. |
||||
|
||||
apache_vhosts_ssl: [] |
||||
|
||||
No SSL vhosts are configured by default, but you can add them using the same pattern as `apache_vhosts`, with a few additional directives, like the following example: |
||||
|
||||
apache_vhosts_ssl: |
||||
- { |
||||
servername: "local.dev", |
||||
documentroot: "/var/www/html", |
||||
certificate_file: "/home/vagrant/example.crt", |
||||
certificate_key_file: "/home/vagrant/example.key", |
||||
certificate_chain_file: "/path/to/certificate_chain.crt" |
||||
} |
||||
|
||||
Other SSL directives can be managed with other SSL-related role variables. |
||||
|
||||
apache_ssl_protocol: "All -SSLv2 -SSLv3" |
||||
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" |
||||
|
||||
The SSL protocols and cipher suites that are used/allowed when clients make secure connections to your server. These are secure/sane defaults, but for maximum security, performand, and/or compatibility, you may need to adjust these settings. |
||||
|
||||
apache_mods_enabled: |
||||
- rewrite.load |
||||
- ssl.load |
||||
apache_mods_disabled: [] |
||||
|
||||
(Debian/Ubuntu ONLY) Which Apache mods to enable or disable (these will be symlinked into the appropriate location). See the `mods-available` directory inside the apache configuration directory (`/etc/apache2/mods-available` by default) for all the available mods. |
||||
|
||||
apache_packages: |
||||
- [platform-specific] |
||||
|
||||
The list of packages to be installed. This defaults to a set of platform-specific packages for RedHat or Debian-based systems (see `vars/RedHat.yml` and `vars/Debian.yml` for the default values). |
||||
|
||||
apache_state: started |
||||
|
||||
Set initial Apache daemon state to be enforced when this role is run. This should generally remain `started`, but you can set it to `stopped` if you need to fix the Apache config during a playbook run or otherwise would not like Apache started at the time this role is run. |
||||
|
||||
apache_ignore_missing_ssl_certificate: true |
||||
|
||||
If you would like to only create SSL vhosts when the vhost certificate is present (e.g. when using Let’s Encrypt), set `apache_ignore_missing_ssl_certificate` to `false`. When doing this, you might need to run your playbook more than once so all the vhosts are configured (if another part of the playbook generates the SSL certificates). |
||||
|
||||
## Dependencies |
||||
|
||||
None. |
||||
|
||||
## Example Playbook |
||||
|
||||
- hosts: webservers |
||||
vars_files: |
||||
- vars/main.yml |
||||
roles: |
||||
- { role: geerlingguy.apache } |
||||
|
||||
*Inside `vars/main.yml`*: |
||||
|
||||
apache_listen_port: 8080 |
||||
apache_vhosts: |
||||
- {servername: "example.com", documentroot: "/var/www/vhosts/example_com"} |
||||
|
||||
## License |
||||
|
||||
MIT / BSD |
||||
|
||||
## Author Information |
||||
|
||||
This role was created in 2014 by [Jeff Geerling](http://jeffgeerling.com/), author of [Ansible for DevOps](http://ansiblefordevops.com/). |
@ -1,44 +0,0 @@ |
||||
--- |
||||
apache_enablerepo: "" |
||||
|
||||
apache_listen_ip: "*" |
||||
apache_listen_port: 80 |
||||
apache_listen_port_ssl: 443 |
||||
|
||||
apache_create_vhosts: true |
||||
apache_vhosts_filename: "vhosts.conf" |
||||
|
||||
# On Debian/Ubuntu, a default virtualhost is included in Apache's configuration. |
||||
# Set this to `true` to remove that default. |
||||
apache_remove_default_vhost: false |
||||
|
||||
apache_global_vhost_settings: | |
||||
DirectoryIndex index.php index.html |
||||
|
||||
apache_vhosts: |
||||
# Additional properties: 'serveradmin, serveralias, extra_parameters'. |
||||
- servername: "local.dev" |
||||
documentroot: "/var/www/html" |
||||
|
||||
apache_vhosts_ssl: [] |
||||
# Additional properties: 'serveradmin, extra_parameters'. |
||||
# - servername: "local.dev", |
||||
# documentroot: "/var/www/html", |
||||
# certificate_file: "/path/to/certificate.crt", |
||||
# certificate_key_file: "/path/to/certificate.key", |
||||
# # Optional. |
||||
# certificate_chain_file: "/path/to/certificate_chain.crt" |
||||
|
||||
apache_ignore_missing_ssl_certificate: true |
||||
|
||||
apache_ssl_protocol: "All -SSLv2 -SSLv3" |
||||
apache_ssl_cipher_suite: "AES256+EECDH:AES256+EDH" |
||||
|
||||
# Only used on Debian/Ubuntu. |
||||
apache_mods_enabled: |
||||
- rewrite.load |
||||
- ssl.load |
||||
apache_mods_disabled: [] |
||||
|
||||
# Set initial apache state. Recommended values: `started` or `stopped` |
||||
apache_state: started |
@ -1,5 +0,0 @@ |
||||
--- |
||||
- name: restart apache |
||||
service: |
||||
name: "{{ apache_service }}" |
||||
state: restarted |
@ -1,54 +0,0 @@ |
||||
--- |
||||
- name: Configure Apache. |
||||
lineinfile: |
||||
dest: "{{ apache_server_root }}/ports.conf" |
||||
regexp: "{{ item.regexp }}" |
||||
line: "{{ item.line }}" |
||||
state: present |
||||
with_items: "{{ apache_ports_configuration_items }}" |
||||
notify: restart apache |
||||
|
||||
- name: Enable Apache mods. |
||||
file: |
||||
src: "{{ apache_server_root }}/mods-available/{{ item }}" |
||||
dest: "{{ apache_server_root }}/mods-enabled/{{ item }}" |
||||
state: link |
||||
with_items: "{{ apache_mods_enabled }}" |
||||
notify: restart apache |
||||
|
||||
- name: Disable Apache mods. |
||||
file: |
||||
path: "{{ apache_server_root }}/mods-enabled/{{ item }}" |
||||
state: absent |
||||
with_items: "{{ apache_mods_disabled }}" |
||||
notify: restart apache |
||||
|
||||
- name: Check whether certificates defined in vhosts exist. |
||||
stat: "path={{ item.certificate_file }}" |
||||
register: apache_ssl_certificates |
||||
with_items: "{{ apache_vhosts_ssl }}" |
||||
|
||||
- name: Add apache vhosts configuration. |
||||
template: |
||||
src: "vhosts.conf.j2" |
||||
dest: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" |
||||
owner: root |
||||
group: root |
||||
mode: 0644 |
||||
notify: restart apache |
||||
when: apache_create_vhosts |
||||
|
||||
- name: Add vhost symlink in sites-enabled. |
||||
file: |
||||
src: "{{ apache_conf_path }}/sites-available/{{ apache_vhosts_filename }}" |
||||
dest: "{{ apache_conf_path }}/sites-enabled/{{ apache_vhosts_filename }}" |
||||
state: link |
||||
notify: restart apache |
||||
when: apache_create_vhosts |
||||
|
||||
- name: Remove default vhost in sites-enabled. |
||||
file: |
||||
path: "{{ apache_conf_path }}/sites-enabled/{{ apache_default_vhost_filename }}" |
||||
state: absent |
||||
notify: restart apache |
||||
when: apache_remove_default_vhost |
@ -1,24 +0,0 @@ |
||||
--- |
||||
- name: Configure Apache. |
||||
lineinfile: |
||||
dest: "{{ apache_server_root }}/conf/{{ apache_daemon }}.conf" |
||||
regexp: "{{ item.regexp }}" |
||||
line: "{{ item.line }}" |
||||
state: present |
||||
with_items: "{{ apache_ports_configuration_items }}" |
||||
notify: restart apache |
||||
|
||||
- name: Check whether certificates defined in vhosts exist. |
||||
stat: path={{ item.certificate_file }} |
||||
register: apache_ssl_certificates |
||||
with_items: "{{ apache_vhosts_ssl }}" |
||||
|
||||
- name: Add apache vhosts configuration. |
||||
template: |
||||
src: "vhosts.conf.j2" |
||||
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" |
||||
owner: root |
||||
group: root |
||||
mode: 0644 |
||||
notify: restart apache |
||||
when: apache_create_vhosts |
@ -1,19 +0,0 @@ |
||||
--- |
||||
- name: Configure Apache. |
||||
lineinfile: |
||||
dest: "{{ apache_server_root }}/{{ apache_daemon }}.conf" |
||||
regexp: "{{ item.regexp }}" |
||||
line: "{{ item.line }}" |
||||
state: present |
||||
with_items: "{{ apache_ports_configuration_items }}" |
||||
notify: restart apache |
||||
|
||||
- name: Add apache vhosts configuration. |
||||
template: |
||||
src: "vhosts.conf.j2" |
||||
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" |
||||
owner: root |
||||
group: root |
||||
mode: 0644 |
||||
notify: restart apache |
||||
when: apache_create_vhosts |
@ -1,24 +0,0 @@ |
||||
--- |
||||
- name: Configure Apache. |
||||
lineinfile: |
||||
dest: "{{ apache_server_root }}/listen.conf" |
||||
regexp: "{{ item.regexp }}" |
||||
line: "{{ item.line }}" |
||||
state: present |
||||
with_items: "{{ apache_ports_configuration_items }}" |
||||
notify: restart apache |
||||
|
||||
- name: Check whether certificates defined in vhosts exist. |
||||
stat: path={{ item.certificate_file }} |
||||
register: apache_ssl_certificates |
||||
with_items: "{{ apache_vhosts_ssl }}" |
||||
|
||||
- name: Add apache vhosts configuration. |
||||
template: |
||||
src: "vhosts.conf.j2" |
||||
dest: "{{ apache_conf_path }}/{{ apache_vhosts_filename }}" |
||||
owner: root |
||||
group: root |
||||
mode: 0644 |
||||
notify: restart apache |
||||
when: apache_create_vhosts |
@ -1,58 +0,0 @@ |
||||
--- |
||||
# Include variables and define needed variables. |
||||
- name: Include OS-specific variables. |
||||
include_vars: "{{ ansible_os_family }}.yml" |
||||
|
||||
- name: Define apache_packages. |
||||
set_fact: |
||||
apache_packages: "{{ __apache_packages | list }}" |
||||
when: apache_packages is not defined |
||||
|
||||
# Setup/install tasks. |
||||
- include: setup-RedHat.yml |
||||
when: ansible_os_family == 'RedHat' |
||||
|
||||
- include: setup-Suse.yml |
||||
when: ansible_os_family == 'Suse' |
||||
|
||||
- include: setup-Debian.yml |
||||
when: ansible_os_family == 'Debian' |
||||
|
||||
- include: setup-Solaris.yml |
||||
when: ansible_os_family == 'Solaris' |
||||
|
||||
# Figure out what version of Apache is installed. |
||||
- name: Get installed version of Apache. |
||||
shell: "{{ apache_daemon_path }}{{ apache_daemon }} -v" |
||||
changed_when: false |
||||
always_run: yes |
||||
register: _apache_version |
||||
|
||||
- name: Create apache_version variable. |
||||
set_fact: |
||||
apache_version: "{{ _apache_version.stdout.split()[2].split('/')[1] }}" |
||||
|
||||
- include_vars: apache-22.yml |
||||
when: "apache_version.split('.')[1] == '2'" |
||||
|
||||
- include_vars: apache-24.yml |
||||
when: "apache_version.split('.')[1] == '4'" |
||||
|
||||
# Configure Apache. |
||||
- include: configure-RedHat.yml |
||||
when: ansible_os_family == 'RedHat' |
||||
|
||||
- include: configure-Suse.yml |
||||
when: ansible_os_family == 'Suse' |
||||
|
||||
- include: configure-Debian.yml |
||||
when: ansible_os_family == 'Debian' |
||||
|
||||
- include: configure-Solaris.yml |
||||
when: ansible_os_family == 'Solaris' |
||||
|
||||
- name: Ensure Apache has selected state and enabled on boot. |
||||
service: |
||||
name: "{{ apache_service }}" |
||||
state: "{{ apache_state }}" |
||||
enabled: yes |
@ -1,7 +0,0 @@ |
||||
--- |
||||
- name: Update apt cache. |
||||
apt: update_cache=yes cache_valid_time=86400 |
||||
|
||||
- name: Ensure Apache is installed on Debian. |
||||
apt: "name={{ item }} state=installed" |
||||
with_items: "{{ apache_packages }}" |
@ -1,7 +0,0 @@ |
||||
--- |
||||
- name: Ensure Apache is installed on RHEL. |
||||
yum: |
||||
name: "{{ item }}" |
||||
state: installed |
||||
enablerepo: "{{ apache_enablerepo }}" |
||||
with_items: "{{ apache_packages }}" |
@ -1,6 +0,0 @@ |
||||
--- |
||||
- name: Ensure Apache is installed on Solaris. |
||||
pkg5: |
||||
name: "{{ item }}" |
||||
state: installed |
||||
with_items: "{{ apache_packages }}" |
@ -1,6 +0,0 @@ |
||||
--- |
||||
- name: Ensure Apache is installed on Suse. |
||||
zypper: |
||||
name: "{{ item }}" |
||||
state: installed |
||||
with_items: "{{ apache_packages }}" |
@ -1,82 +0,0 @@ |
||||
{{ apache_global_vhost_settings }} |
||||
|
||||
{# Set up VirtualHosts #} |
||||
{% for vhost in apache_vhosts %} |
||||
<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}> |
||||
ServerName {{ vhost.servername }} |
||||
{% if vhost.serveralias is defined %} |
||||
ServerAlias {{ vhost.serveralias }} |
||||
{% endif %} |
||||
{% if vhost.documentroot is defined %} |
||||
DocumentRoot {{ vhost.documentroot }} |
||||
{% endif %} |
||||
|
||||
{% if vhost.serveradmin is defined %} |
||||
ServerAdmin {{ vhost.serveradmin }} |
||||
{% endif %} |
||||
{% if vhost.documentroot is defined %} |
||||
<Directory "{{ vhost.documentroot }}"> |
||||
AllowOverride All |
||||
Options -Indexes +FollowSymLinks |
||||
{% if apache_vhosts_version == "2.2" %} |
||||
Order allow,deny |
||||
Allow from all |
||||
{% else %} |
||||
Require all granted |
||||
{% endif %} |
||||
</Directory> |
||||
{% endif %} |
||||
{% if vhost.extra_parameters is defined %} |
||||
{{ vhost.extra_parameters }} |
||||
{% endif %} |
||||
</VirtualHost> |
||||
|
||||
{% endfor %} |
||||
|
||||
{# Set up SSL VirtualHosts #} |
||||
{% for vhost in apache_vhosts_ssl %} |
||||
{% if apache_ignore_missing_ssl_certificate or apache_ssl_certificates.results[loop.index0].stat.exists %} |
||||
<VirtualHost {{ apache_listen_ip }}:{{ apache_listen_port_ssl }}> |
||||
ServerName {{ vhost.servername }} |
||||
{% if vhost.serveralias is defined %} |
||||
ServerAlias {{ vhost.serveralias }} |
||||
{% endif %} |
||||
{% if vhost.documentroot is defined %} |
||||
DocumentRoot {{ vhost.documentroot }} |
||||
{% endif %} |
||||
|
||||
SSLEngine on |
||||
SSLCipherSuite {{ apache_ssl_cipher_suite }} |
||||
SSLProtocol {{ apache_ssl_protocol }} |
||||
SSLHonorCipherOrder On |
||||
{% if apache_vhosts_version == "2.4" %} |
||||
SSLCompression off |
||||
{% endif %} |
||||
SSLCertificateFile {{ vhost.certificate_file }} |
||||
SSLCertificateKeyFile {{ vhost.certificate_key_file }} |
||||
{% if vhost.certificate_chain_file is defined %} |
||||
SSLCertificateChainFile {{ vhost.certificate_chain_file }} |
||||
{% endif %} |
||||
|
||||
{% if vhost.serveradmin is defined %} |
||||
ServerAdmin {{ vhost.serveradmin }} |
||||
{% endif %} |
||||
{% if vhost.documentroot is defined %} |
||||
<Directory "{{ vhost.documentroot }}"> |
||||
AllowOverride All |
||||
Options -Indexes +FollowSymLinks |
||||
{% if apache_vhosts_version == "2.2" %} |
||||
Order allow,deny |
||||
Allow from all |
||||
{% else %} |
||||
Require all granted |
||||
{% endif %} |
||||
</Directory> |
||||
{% endif %} |
||||
{% if vhost.extra_parameters is defined %} |
||||
{{ vhost.extra_parameters }} |
||||
{% endif %} |
||||
</VirtualHost> |
||||
|
||||
{% endif %} |
||||
{% endfor %} |
@ -1,15 +0,0 @@ |
||||
FROM centos:6 |
||||
|
||||
# Install Ansible |
||||
RUN yum -y update; yum clean all; |
||||
RUN yum -y install epel-release |
||||
RUN yum -y install git ansible sudo |
||||
RUN yum clean all |
||||
|
||||
# Disable requiretty |
||||
RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers |
||||
|
||||
# Install Ansible inventory file |
||||
RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts |
||||
|
||||
CMD ["/usr/sbin/init"] |
@ -1,27 +0,0 @@ |
||||
FROM centos:7 |
||||
|
||||
# Install systemd -- See https://hub.docker.com/_/centos/ |
||||
RUN yum -y swap -- remove fakesystemd -- install systemd systemd-libs |
||||
RUN yum -y update; yum clean all; \ |
||||
(cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == systemd-tmpfiles-setup.service ] || rm -f $i; done); \ |
||||
rm -f /lib/systemd/system/multi-user.target.wants/*; \ |
||||
rm -f /etc/systemd/system/*.wants/*; \ |
||||
rm -f /lib/systemd/system/local-fs.target.wants/*; \ |
||||
rm -f /lib/systemd/system/sockets.target.wants/*udev*; \ |
||||
rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \ |
||||
rm -f /lib/systemd/system/basic.target.wants/*; \ |
||||
rm -f /lib/systemd/system/anaconda.target.wants/*; |
||||
|
||||
# Install Ansible |
||||
RUN yum -y install epel-release |
||||
RUN yum -y install git ansible sudo |
||||
RUN yum clean all |
||||
|
||||
# Disable requiretty |
||||
RUN sed -i -e 's/^\(Defaults\s*requiretty\)/#--- \1/' /etc/sudoers |
||||
|
||||
# Install Ansible inventory file |
||||
RUN echo -e '[local]\nlocalhost ansible_connection=local' > /etc/ansible/hosts |
||||
|
||||
VOLUME ["/sys/fs/cgroup"] |
||||
CMD ["/usr/sbin/init"] |
@ -1,11 +0,0 @@ |
||||
FROM ubuntu:12.04 |
||||
RUN apt-get update |
||||
|
||||
# Install Ansible |
||||
RUN apt-get install -y software-properties-common python-software-properties git |
||||
RUN apt-add-repository -y ppa:ansible/ansible |
||||
RUN apt-get update |
||||
RUN apt-get install -y ansible |
||||
|
||||
# Install Ansible inventory file |
||||
RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts |
@ -1,11 +0,0 @@ |
||||
FROM ubuntu:14.04 |
||||
RUN apt-get update |
||||
|
||||
# Install Ansible |
||||
RUN apt-get install -y software-properties-common git |
||||
RUN apt-add-repository -y ppa:ansible/ansible |
||||
RUN apt-get update |
||||
RUN apt-get install -y ansible |
||||
|
||||
# Install Ansible inventory file |
||||
RUN echo "[local]\nlocalhost ansible_connection=local" > /etc/ansible/hosts |
@ -1,13 +0,0 @@ |
||||
--- |
||||
- hosts: all |
||||
|
||||
vars: |
||||
apache_listen_port_ssl: 443 |
||||
apache_create_vhosts: true |
||||
apache_vhosts_filename: "vhosts.conf" |
||||
apache_vhosts: |
||||
- servername: "example.com" |
||||
documentroot: "/var/www/vhosts/example_com" |
||||
|
||||
roles: |
||||
- role_under_test |
@ -1,14 +0,0 @@ |
||||
--- |
||||
apache_service: apache2 |
||||
apache_daemon: apache2 |
||||
apache_daemon_path: /usr/sbin/ |
||||
apache_server_root: /etc/apache2 |
||||
apache_conf_path: /etc/apache2 |
||||
|
||||
__apache_packages: |
||||
- apache2 |
||||
- apache2-utils |
||||
|
||||
apache_ports_configuration_items: |
||||
- regexp: "^Listen " |
||||
line: "Listen {{ apache_listen_port }}" |
@ -1,20 +0,0 @@ |
||||
--- |
||||
apache_service: httpd |
||||
apache_daemon: httpd |
||||
apache_daemon_path: /usr/sbin/ |
||||
apache_server_root: /etc/httpd |
||||
apache_conf_path: /etc/httpd/conf.d |
||||
|
||||
apache_vhosts_version: "2.2" |
||||
|
||||
__apache_packages: |
||||
- httpd |
||||
- httpd-devel |
||||
- mod_ssl |
||||
- openssh |
||||
|
||||
apache_ports_configuration_items: |
||||
- regexp: "^Listen " |
||||
line: "Listen {{ apache_listen_port }}" |
||||
- regexp: "^#?NameVirtualHost " |
||||
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" |
@ -1,19 +0,0 @@ |
||||
--- |
||||
apache_service: apache24 |
||||
apache_daemon: httpd |
||||
apache_daemon_path: /usr/apache2/2.4/bin/ |
||||
apache_server_root: /etc/apache2/2.4/ |
||||
apache_conf_path: /etc/apache2/2.4/conf.d |
||||
|
||||
apache_vhosts_version: "2.2" |
||||
|
||||
__apache_packages: |
||||
- web/server/apache-24 |
||||
- web/server/apache-24/module/apache-ssl |
||||
- web/server/apache-24/module/apache-security |
||||
|
||||
apache_ports_configuration_items: |
||||
- regexp: "^Listen " |
||||
line: "Listen {{ apache_listen_port }}" |
||||
- regexp: "^#?NameVirtualHost " |
||||
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" |
@ -1,18 +0,0 @@ |
||||
--- |
||||
apache_service: apache2 |
||||
apache_daemon: httpd2 |
||||
apache_daemon_path: /usr/sbin/ |
||||
apache_server_root: /etc/apache2 |
||||
apache_conf_path: /etc/apache2/conf.d |
||||
|
||||
apache_vhosts_version: "2.2" |
||||
|
||||
__apache_packages: |
||||
- apache2 |
||||
- openssh |
||||
|
||||
apache_ports_configuration_items: |
||||
- regexp: "^Listen " |
||||
line: "Listen {{ apache_listen_port }}" |
||||
- regexp: "^#?NameVirtualHost " |
||||
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" |
@ -1,12 +0,0 @@ |
||||
--- |
||||
apache_vhosts_version: "2.2" |
||||
apache_default_vhost_filename: 000-default |
||||
apache_ports_configuration_items: |
||||
- { |
||||
regexp: "^Listen ", |
||||
line: "Listen {{ apache_listen_port }}" |
||||
} |
||||
- { |
||||
regexp: "^#?NameVirtualHost ", |
||||
line: "NameVirtualHost {{ apache_listen_ip }}:{{ apache_listen_port }}" |
||||
} |
@ -1,8 +0,0 @@ |
||||
--- |
||||
apache_vhosts_version: "2.4" |
||||
apache_default_vhost_filename: 000-default.conf |
||||
apache_ports_configuration_items: |
||||
- { |
||||
regexp: "^Listen ", |
||||
line: "Listen {{ apache_listen_port }}" |
||||
} |
@ -1,29 +0,0 @@ |
||||
-----BEGIN PGP PUBLIC KEY BLOCK----- |
||||
Version: GnuPG v1.4.11 (GNU/Linux) |
||||
|
||||
mQINBFKuaIQBEAC1UphXwMqCAarPUH/ZsOFslabeTVO2pDk5YnO96f+rgZB7xArB |
||||
OSeQk7B90iqSJ85/c72OAn4OXYvT63gfCeXpJs5M7emXkPsNQWWSju99lW+AqSNm |
||||
jYWhmRlLRGl0OO7gIwj776dIXvcMNFlzSPj00N2xAqjMbjlnV2n2abAE5gq6VpqP |
||||
vFXVyfrVa/ualogDVmf6h2t4Rdpifq8qTHsHFU3xpCz+T6/dGWKGQ42ZQfTaLnDM |
||||
jToAsmY0AyevkIbX6iZVtzGvanYpPcWW4X0RDPcpqfFNZk643xI4lsZ+Y2Er9Yu5 |
||||
S/8x0ly+tmmIokaE0wwbdUu740YTZjCesroYWiRg5zuQ2xfKxJoV5E+Eh+tYwGDJ |
||||
n6HfWhRgnudRRwvuJ45ztYVtKulKw8QQpd2STWrcQQDJaRWmnMooX/PATTjCBExB |
||||
9dkz38Druvk7IkHMtsIqlkAOQMdsX1d3Tov6BE2XDjIG0zFxLduJGbVwc/6rIc95 |
||||
T055j36Ez0HrjxdpTGOOHxRqMK5m9flFbaxxtDnS7w77WqzW7HjFrD0VeTx2vnjj |
||||
GqchHEQpfDpFOzb8LTFhgYidyRNUflQY35WLOzLNV+pV3eQ3Jg11UFwelSNLqfQf |
||||
uFRGc+zcwkNjHh5yPvm9odR1BIfqJ6sKGPGbtPNXo7ERMRypWyRz0zi0twARAQAB |
||||
tChGZWRvcmEgRVBFTCAoNykgPGVwZWxAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB |
||||
AgAiBQJSrmiEAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBqL66iNSxk |
||||
5cfGD/4spqpsTjtDM7qpytKLHKruZtvuWiqt5RfvT9ww9GUUFMZ4ZZGX4nUXg49q |
||||
ixDLayWR8ddG/s5kyOi3C0uX/6inzaYyRg+Bh70brqKUK14F1BrrPi29eaKfG+Gu |
||||
MFtXdBG2a7OtPmw3yuKmq9Epv6B0mP6E5KSdvSRSqJWtGcA6wRS/wDzXJENHp5re |
||||
9Ism3CYydpy0GLRA5wo4fPB5uLdUhLEUDvh2KK//fMjja3o0L+SNz8N0aDZyn5Ax |
||||
CU9RB3EHcTecFgoy5umRj99BZrebR1NO+4gBrivIfdvD4fJNfNBHXwhSH9ACGCNv |
||||
HnXVjHQF9iHWApKkRIeh8Fr2n5dtfJEF7SEX8GbX7FbsWo29kXMrVgNqHNyDnfAB |
||||
VoPubgQdtJZJkVZAkaHrMu8AytwT62Q4eNqmJI1aWbZQNI5jWYqc6RKuCK6/F99q |
||||
thFT9gJO17+yRuL6Uv2/vgzVR1RGdwVLKwlUjGPAjYflpCQwWMAASxiv9uPyYPHc |
||||
ErSrbRG0wjIfAR3vus1OSOx3xZHZpXFfmQTsDP7zVROLzV98R3JwFAxJ4/xqeON4 |
||||
vCPFU6OsT3lWQ8w7il5ohY95wmujfr6lk89kEzJdOTzcn7DBbUru33CQMGKZ3Evt |
||||
RjsC7FDbL017qxS+ZVA/HGkyfiu4cpgV8VUnbql5eAZ+1Ll6Dw== |
||||
=hdPa |
||||
-----END PGP PUBLIC KEY BLOCK----- |
@ -1,28 +0,0 @@ |
||||
-----BEGIN PGP PUBLIC KEY BLOCK----- |
||||
Version: GnuPG v1.4.11 (FreeBSD) |
||||
|
||||
mQENBE5OMmIBCAD+FPYKGriGGf7NqwKfWC83cBV01gabgVWQmZbMcFzeW+hMsgxH |
||||
W6iimD0RsfZ9oEbfJCPG0CRSZ7ppq5pKamYs2+EJ8Q2ysOFHHwpGrA2C8zyNAs4I |
||||
QxnZZIbETgcSwFtDun0XiqPwPZgyuXVm9PAbLZRbfBzm8wR/3SWygqZBBLdQk5TE |
||||
fDR+Eny/M1RVR4xClECONF9UBB2ejFdI1LD45APbP2hsN/piFByU1t7yK2gpFyRt |
||||
97WzGHn9MV5/TL7AmRPM4pcr3JacmtCnxXeCZ8nLqedoSuHFuhwyDnlAbu8I16O5 |
||||
XRrfzhrHRJFM1JnIiGmzZi6zBvH0ItfyX6ttABEBAAG0KW5naW54IHNpZ25pbmcg |
||||
a2V5IDxzaWduaW5nLWtleUBuZ2lueC5jb20+iQE+BBMBAgAoBQJOTjJiAhsDBQkJ |
||||
ZgGABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCr9b2Ce9m/YpvjB/98uV4t |
||||
94d0oEh5XlqEZzVMrcTgPQ3BZt05N5xVuYaglv7OQtdlErMXmRWaFZEqDaMHdniC |
||||
sF63jWMd29vC4xpzIfmsLK3ce9oYo4t9o4WWqBUdf0Ff1LMz1dfLG2HDtKPfYg3C |
||||
8NESud09zuP5NohaE8Qzj/4p6rWDiRpuZ++4fnL3Dt3N6jXILwr/TM/Ma7jvaXGP |
||||
DO3kzm4dNKp5b5bn2nT2QWLPnEKxvOg5Zoej8l9+KFsUnXoWoYCkMQ2QTpZQFNwF |
||||
xwJGoAz8K3PwVPUrIL6b1lsiNovDgcgP0eDgzvwLynWKBPkRRjtgmWLoeaS9FAZV |
||||
ccXJMmANXJFuCf26iQEcBBABAgAGBQJOTkelAAoJEKZP1bF62zmo79oH/1XDb29S |
||||
YtWp+MTJTPFEwlWRiyRuDXy3wBd/BpwBRIWfWzMs1gnCjNjk0EVBVGa2grvy9Jtx |
||||
JKMd6l/PWXVucSt+U/+GO8rBkw14SdhqxaS2l14v6gyMeUrSbY3XfToGfwHC4sa/ |
||||
Thn8X4jFaQ2XN5dAIzJGU1s5JA0tjEzUwCnmrKmyMlXZaoQVrmORGjCuH0I0aAFk |
||||
RS0UtnB9HPpxhGVbs24xXZQnZDNbUQeulFxS4uP3OLDBAeCHl+v4t/uotIad8v6J |
||||
SO93vc1evIje6lguE81HHmJn9noxPItvOvSMb2yPsE8mH4cJHRTFNSEhPW6ghmlf |
||||
Wa9ZwiVX5igxcvaIRgQQEQIABgUCTk5b0gAKCRDs8OkLLBcgg1G+AKCnacLb/+W6 |
||||
cflirUIExgZdUJqoogCeNPVwXiHEIVqithAM1pdY/gcaQZmIRgQQEQIABgUCTk5f |
||||
YQAKCRCpN2E5pSTFPnNWAJ9gUozyiS+9jf2rJvqmJSeWuCgVRwCcCUFhXRCpQO2Y |
||||
Va3l3WuB+rgKjsQ= |
||||
=A015 |
||||
-----END PGP PUBLIC KEY BLOCK----- |
@ -1,8 +0,0 @@ |
||||
[epel] |
||||
name=Extra Packages for Enterprise Linux 7 - $basearch |
||||
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch |
||||
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch |
||||
failovermethod=priority |
||||
enabled=1 |
||||
gpgcheck=1 |
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7 |
@ -1,7 +0,0 @@ |
||||
[nginx] |
||||
name=Nginx repo - $basearch |
||||
baseurl=http://nginx.org/packages/centos/7/$basearch |
||||
failovermethod=priority |
||||
gpgcheck=1 |
||||
enabled=1 |
||||
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-NGINX |
@ -1,12 +0,0 @@ |
||||
--- |
||||
# Setup/install tasks. |
||||
- include: setup-RedHat.yml |
||||
when: ansible_os_family == 'RedHat' |
||||
|
||||
- hostname: name={{ server_hostname }} |
||||
|
||||
- name: Creates custom users |
||||
user: name=vmuser comment=DefaultUser groups=wheel password={{ default_user_password }} shell=/bin/bash createhome=yes |
||||
|
||||
- name: Creates custom PHP users |
||||
user: name=www-php comment=DefaultPHPUser shell=/sbin/nologin createhome=no |
@ -1,19 +0,0 @@ |
||||
- name: Copy the NGINX repository definition |
||||
copy: src=nginx.repo dest=/etc/yum.repos.d/ |
||||
|
||||
- name: Copy the EPEL repository definition |
||||
copy: src=epel.repo dest=/etc/yum.repos.d/ |
||||
|
||||
- name: Create the GPG key for NGINX |
||||
copy: src=RPM-GPG-KEY-NGINX dest=/etc/pki/rpm-gpg |
||||
|
||||
- name: Create the GPG key for EPEL |
||||
copy: src=RPM-GPG-KEY-EPEL-7 dest=/etc/pki/rpm-gpg |
||||
|
||||
- name: Creates Docroot vhost directory |
||||
file: path=/var/www/html/{{ item.value.name }} state=directory owner={{ default_user_username }} group={{ php_fpm_pool_group }} mode=0755 recurse=yes |
||||
when: nginx_vhosts|length > 0 |
||||
with_dict: "{{ vhost_domains }}" |
||||
notify: |
||||
- reload nginx |
||||
- reload apache |
@ -1,60 +0,0 @@ |
||||
--- |
||||
- name: Download WordPress |
||||
get_url: url=http://wordpress.org/wordpress-{{ wp_version }}.tar.gz dest=/srv/wordpress-{{ wp_version }}.tar.gz |
||||
sha256sum="{{ wp_sha256sum }}" |
||||
|
||||
- name: Extract archive |
||||
command: chdir=/srv/ /bin/tar xvf wordpress-{{ wp_version }}.tar.gz creates=/srv/wordpress |
||||
|
||||
- name: Add group "wordpress" |
||||
group: name=wordpress |
||||
|
||||
- name: Add user "wordpress" |
||||
user: name=wordpress group=wordpress home=/srv/wordpress/ |
||||
|
||||
- name: Fetch random salts for WordPress config |
||||
local_action: command curl https://api.wordpress.org/secret-key/1.1/salt/ |
||||
register: "wp_salt" |
||||
sudo: no |
||||
|
||||
- name: Create WordPress database |
||||
mysql_db: name={{ wp_db_name }} state=present |
||||
|
||||
- name: Create WordPress database user |
||||
mysql_user: name={{ wp_db_user }} password={{ wp_db_password }} priv={{ wp_db_name }}.*:ALL host='localhost' state=present |
||||
|
||||
- name: Copy WordPress config file |
||||
template: src=wp-config.php dest=/srv/wordpress/ |
||||
|
||||
- name: Change ownership of WordPress installation |
||||
file: path=/srv/wordpress/ owner=wordpress group=wordpress state=directory recurse=yes |
||||
|
||||
- name: install SEManage |
||||
yum: pkg=policycoreutils-python state=present |
||||
|
||||
- name: set the SELinux policy for the Wordpress directory |
||||
command: semanage fcontext -a -t httpd_sys_content_t "/srv/wordpress(/.*)?" |
||||
|
||||
- name: set the SELinux policy for wp-config.php |
||||
command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/wp-config\.php" |
||||
|
||||
- name: set the SELinux policy for wp-content directory |
||||
command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content(/.*)?" |
||||
|
||||
- name: set the SELinux policy for the *.php files |
||||
command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/.*\.php" |
||||
|
||||
- name: set the SELinux policy for the Upgrade directory |
||||
command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content/upgrade(/.*)?" |
||||
|
||||
- name: set the SELinux policy for the Uploads directory |
||||
command: semanage fcontext -a -t httpd_sys_rw_content_t "/srv/wordpress/wp-content/uploads(/.*)?" |
||||
|
||||
- name: set the SELinux policy for the wp-includes php files |
||||
command: semanage fcontext -a -t httpd_sys_script_exec_t "/srv/wordpress/wp-includes/.*\.php" |
||||
|
||||
- name: set the SELinux on all the Files |
||||
command: restorecon -Rv /srv/wordpress |
||||
|
||||
- name: Start php-fpm Service |
||||
service: name=php-fpm state=started enabled=yes |
@ -1,90 +0,0 @@ |
||||
<?php |
||||
/** |
||||
* The base configurations of the WordPress. |
||||
* |
||||
* This file has the following configurations: MySQL settings, Table Prefix, |
||||
* Secret Keys, WordPress Language, and ABSPATH. You can find more information |
||||
* by visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing |
||||
* wp-config.php} Codex page. You can get the MySQL settings from your web host. |
||||
* |
||||
* This file is used by the wp-config.php creation script during the |
||||
* installation. You don't have to use the web site, you can just copy this file |
||||
* to "wp-config.php" and fill in the values. |
||||
* |
||||
* @package WordPress |
||||
*/ |
||||
|
||||
// ** MySQL settings - You can get this info from your web host ** // |
||||
/** The name of the database for WordPress */ |
||||
define('DB_NAME', '{{ wp_db_name }}'); |
||||
|
||||
/** MySQL database username */ |
||||
define('DB_USER', '{{ wp_db_user }}'); |
||||
|
||||
/** MySQL database password */ |
||||
define('DB_PASSWORD', '{{ wp_db_password }}'); |
||||
|
||||
/** MySQL hostname */ |
||||
define('DB_HOST', 'localhost'); |
||||
|
||||
/** Database Charset to use in creating database tables. */ |
||||
define('DB_CHARSET', 'utf8'); |
||||
|
||||
/** The Database Collate type. Don't change this if in doubt. */ |
||||
define('DB_COLLATE', ''); |
||||
|
||||
/**#@+ |
||||
* Authentication Unique Keys and Salts. |
||||
* |
||||
* Change these to different unique phrases! |
||||
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service} |
||||
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again. |
||||
* |
||||
* @since 2.6.0 |
||||
*/ |
||||
|
||||
{{ wp_salt.stdout }} |
||||
|
||||
/**#@-*/ |
||||
|
||||
/** |
||||
* WordPress Database Table prefix. |
||||
* |
||||
* You can have multiple installations in one database if you give each a unique |
||||
* prefix. Only numbers, letters, and underscores please! |
||||
*/ |
||||
$table_prefix = 'wp_'; |
||||
|
||||
/** |
||||
* WordPress Localized Language, defaults to English. |
||||
* |
||||
* Change this to localize WordPress. A corresponding MO file for the chosen |
||||
* language must be installed to wp-content/languages. For example, install |
||||
* de_DE.mo to wp-content/languages and set WPLANG to 'de_DE' to enable German |
||||
* language support. |
||||
*/ |
||||
define('WPLANG', ''); |
||||
|
||||
/** |
||||
* For developers: WordPress debugging mode. |
||||
* |
||||
* Change this to true to enable the display of notices during development. |
||||
* It is strongly recommended that plugin and theme developers use WP_DEBUG |
||||
* in their development environments. |
||||
*/ |
||||
define('WP_DEBUG', false); |
||||
|
||||
/** Disable Automatic Updates Completely */ |
||||
define( 'AUTOMATIC_UPDATER_DISABLED', {{auto_up_disable}} ); |
||||
|
||||
/** Define AUTOMATIC Updates for Components. */ |
||||
define( 'WP_AUTO_UPDATE_CORE', {{core_update_level}} ); |
||||
|
||||
/* That's all, stop editing! Happy blogging. */ |
||||
|
||||
/** Absolute path to the WordPress directory. */ |
||||
if ( !defined('ABSPATH') ) |
||||
define('ABSPATH', dirname(__FILE__) . '/'); |
||||
|
||||
/** Sets up WordPress vars and included files. */ |
||||
require_once(ABSPATH . 'wp-settings.php'); |
@ -1 +0,0 @@ |
||||
122.129.219.67 |
@ -1,19 +0,0 @@ |
||||
--- |
||||
- name: MariaDB, Nginx, and PHP-FPM |
||||
hosts: lemp-server |
||||
remote_user: root |
||||
# sudo: yes |
||||
|
||||
roles: |
||||
- common |
||||
- ansible-role-mysql |
||||
- ansible-role-nginx |
||||
- ansible-role-memcached |
||||
- ansible-role-php |
||||
- ansible-role-apache |
||||
- ansible-role-apache-php-fpm |
||||
- ansible-role-postfix |
||||
- ansible-role-git |
||||
- ansible-role-composer |
||||
- ansible-role-drush |
||||
- ansible-role-drupal-console |
@ -0,0 +1,49 @@ |
||||
--- |
||||
# Variable setup. |
||||
- name: Include OS-specific variables. |
||||
include_vars: "{{ ansible_os_family }}.yml" |
||||
|
||||
- name: Define nginx_user. |
||||
set_fact: |
||||
nginx_user: "{{ __nginx_user }}" |
||||
when: nginx_user is not defined |
||||
|
||||
# Setup/install tasks. |
||||
- include: setup-RedHat.yml |
||||
when: ansible_os_family == 'RedHat' |
||||
|
||||
- include: setup-Ubuntu.yml |
||||
when: ansible_distribution == 'Ubuntu' |
||||
|
||||
- include: setup-Debian.yml |
||||
when: ansible_os_family == 'Debian' |
||||
|
||||
- include: setup-FreeBSD.yml |
||||
when: ansible_os_family == 'FreeBSD' |
||||
|
||||
# Vhost configuration. |
||||
- include: vhosts.yml |
||||
|
||||
# Nginx setup. |
||||
- name: Copy nginx configuration in place. |
||||
template: |
||||
src: nginx.conf.j2 |
||||
dest: "{{ nginx_conf_file_path }}" |
||||
owner: root |
||||
group: "{{ root_group }}" |
||||
mode: 0644 |
||||
notify: |
||||
- reload nginx |
||||
|
||||
- name: Copy headers config file in place. |
||||
template: |
||||
src: headers.conf.j2 |
||||
dest: "{{ nginx_conf_path }}" |
||||
owner: root |
||||
group: "{{ root_group }}" |
||||
mode: 0644 |
||||
notify: |
||||
- reload nginx |
||||
|
||||
- name: Ensure nginx is started and enabled to start at boot. |
||||
service: name=nginx state=started enabled=yes |
@ -0,0 +1,9 @@ |
||||
--- |
||||
- name: Update apt cache. |
||||
apt: update_cache=yes cache_valid_time=86400 |
||||
|
||||
- name: Ensure nginx is installed. |
||||
apt: |
||||
name: "{{ nginx_package_name }}" |
||||
state: installed |
||||
default_release: "{{ nginx_default_release }}" |
@ -0,0 +1,13 @@ |
||||
--- |
||||
- name: Update pkg cache. |
||||
shell: pkg update -f |
||||
|
||||
- name: Ensure nginx is installed. |
||||
pkgng: |
||||
name: "{{ nginx_package_name }}" |
||||
state: present |
||||
|
||||
- name: Create logs directory. |
||||
file: |
||||
path: /var/log/nginx |
||||
state: directory |
@ -0,0 +1,14 @@ |
||||
--- |
||||
- name: Enable nginx repo. |
||||
template: |
||||
src: nginx.repo.j2 |
||||
dest: /etc/yum.repos.d/nginx.repo |
||||
owner: root |
||||
group: root |
||||
mode: 0644 |
||||
|
||||
- name: Ensure nginx is installed. |
||||
yum: |
||||
name: "{{ nginx_package_name }}" |
||||
state: installed |
||||
enablerepo: nginx |
@ -0,0 +1,14 @@ |
||||
--- |
||||
- name: Add PPA for Nginx. |
||||
apt_repository: |
||||
repo: 'ppa:nginx/{{ nginx_ppa_version }}' |
||||
state: present |
||||
update_cache: yes |
||||
register: nginx_ppa_added |
||||
when: nginx_ppa_use |
||||
|
||||
- name: Ensure nginx will reinstall if the PPA was just added. |
||||
apt: |
||||
name: nginx |
||||
state: absent |
||||
when: nginx_ppa_added.changed |
@ -0,0 +1,32 @@ |
||||
--- |
||||
- name: Remove default nginx vhost config file (if configured). |
||||
file: |
||||
path: "{{ nginx_default_vhost_path }}" |
||||
state: absent |
||||
when: nginx_remove_default_vhost |
||||
notify: |
||||
- reload nginx |
||||
|
||||
- name: Add managed vhost config file (if any vhosts are configured). |
||||
template: |
||||
src: vhosts.j2 |
||||
dest: "{{ nginx_vhost_path }}/vhosts.conf" |
||||
mode: 0644 |
||||
when: nginx_vhosts|length > 0 |
||||
notify: |
||||
- reload nginx |
||||
|
||||
- name: Creates Nginx vhost directory |
||||
file: path=/var/www/html/{{ server_hostname }} state=directory owner={{ php_fpm_pool_user }} group={{ php_fpm_pool_group }} mode=0755 recurse=yes |
||||
when: nginx_vhosts|length > 0 |
||||
notify: |
||||
- reload nginx |
||||
|
||||
- name: Remove managed vhost config file (if no vhosts are configured). |
||||
file: |
||||
path: "{{ nginx_vhost_path }}/vhosts.conf" |
||||
state: absent |
||||
when: nginx_vhosts|length == 0 |
||||
notify: |
||||
- reload nginx |
||||
|
@ -0,0 +1,7 @@ |
||||
{% if nginx_bigpipe_enable %} |
||||
add_header X-Accel-Buffering: no; |
||||
{% endif %} |
||||
add_header X-Frame-Options SAMEORIGIN; |
||||
add_header X-Content-Type-Options nosniff; |
||||
add_header X-XSS-Protection "1; mode=block"; |
||||
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; |
@ -0,0 +1,63 @@ |
||||
user {{ nginx_user }}; |
||||
|
||||
error_log {{ nginx_error_log }}; |
||||
pid {{ nginx_pidfile }}; |
||||
|
||||
worker_processes {{ nginx_worker_processes }}; |
||||
|
||||
events { |
||||
worker_connections {{ nginx_worker_connections }}; |
||||
multi_accept {{ nginx_multi_accept }}; |
||||
} |
||||
|
||||
{% if nginx_extra_conf_options %} |
||||
{{ nginx_extra_conf_options }} |
||||
{% endif %} |
||||
|
||||
http { |
||||
include {{ nginx_mime_file_path }}; |
||||
default_type application/octet-stream; |
||||
|
||||
server_names_hash_bucket_size {{ nginx_server_names_hash_bucket_size }}; |
||||
|
||||
client_max_body_size {{ nginx_client_max_body_size }}; |
||||
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' |
||||
'$status $body_bytes_sent "$http_referer" ' |
||||
'"$http_user_agent" "$http_x_forwarded_for"'; |
||||
|
||||
access_log {{ nginx_access_log }}; |
||||
|
||||
sendfile {{ nginx_sendfile }}; |
||||
tcp_nopush {{ nginx_tcp_nopush }}; |
||||
tcp_nodelay {{ nginx_tcp_nodelay }}; |
||||
|
||||
keepalive_timeout {{ nginx_keepalive_timeout }}; |
||||
keepalive_requests {{ nginx_keepalive_requests }}; |
||||
|
||||
gzip on; |
||||
|
||||
{% if nginx_proxy_cache_path %} |
||||
proxy_cache_path {{ nginx_proxy_cache_path }}; |
||||
{% endif %} |
||||
|
||||
{% if nginx_extra_http_options %} |
||||
{{ nginx_extra_http_options }} |
||||
{% endif %} |
||||
|
||||
{% for upstream in nginx_upstreams %} |
||||
upstream {{ upstream.name }} { |
||||
{% if upstream.strategy is defined %} |
||||
{{ upstream.strategy }}; |
||||
{% endif %} |
||||
{% for server in upstream.servers %} |
||||
server {{ server }}; |
||||
{% endfor %} |
||||
} |
||||
{% endfor %} |
||||
|
||||
include {{ nginx_conf_path }}/*.conf; |
||||
{% if nginx_conf_path != nginx_vhost_path %} |
||||
include {{ nginx_vhost_path }}/*; |
||||
{% endif %} |
||||
} |
@ -0,0 +1,5 @@ |
||||
[nginx] |
||||
name=nginx repo |
||||
baseurl=http://nginx.org/packages/centos/{{ ansible_distribution_major_version }}/$basearch/ |
||||
gpgcheck=0 |
||||
enabled=1 |
@ -0,0 +1,33 @@ |
||||
{% for vhost in nginx_vhosts %} |
||||
server { |
||||
listen {{ vhost.listen | default('80') }}; |
||||
|
||||
{% if vhost.server_name is defined %} |
||||
server_name {{ vhost.server_name }}; |
||||
{% endif %} |
||||
|
||||
{% if vhost.root is defined %} |
||||
root {{ vhost.root }}; |
||||
{% endif %} |
||||
|
||||
index {{ vhost.index | default('index.html index.htm') }}; |
||||
|
||||
{% if vhost.error_page is defined %} |
||||
error_page {{ vhost.error_page }}; |
||||
{% endif %} |
||||
{% if vhost.access_log is defined %} |
||||
access_log {{ vhost.access_log }}; |
||||
{% endif %} |
||||
{% if vhost.error_log is defined %} |
||||
error_log {{ vhost.error_log }} error; |
||||
{% endif %} |
||||
|
||||
{% if vhost.return is defined %} |
||||
return {{ vhost.return }}; |
||||
{% endif %} |
||||
|
||||
{% if vhost.extra_parameters is defined %} |
||||
{{ vhost.extra_parameters }} |
||||
{% endif %} |
||||
} |
||||
{% endfor %} |
@ -0,0 +1 @@ |
||||
localhost |
@ -0,0 +1,6 @@ |
||||
--- |
||||
- hosts: localhost |
||||
remote_user: root |
||||
roles: |
||||
- role: ansible-role-nginx |
||||
nginx_use_ppa: true |
@ -0,0 +1,9 @@ |
||||
--- |
||||
root_group: root |
||||
nginx_conf_path: /etc/nginx/conf.d |
||||
nginx_conf_file_path: /etc/nginx/nginx.conf |
||||
nginx_mime_file_path: /etc/nginx/mime.types |
||||
nginx_pidfile: /run/nginx.pid |
||||
nginx_vhost_path: /etc/nginx/sites-enabled |
||||
nginx_default_vhost_path: /etc/nginx/sites-enabled/default |
||||
__nginx_user: "www-data" |
@ -0,0 +1,9 @@ |
||||
--- |
||||
root_group: wheel |
||||
nginx_conf_path: /usr/local/etc/nginx/conf.d |
||||
nginx_conf_file_path: /usr/local/etc/nginx/nginx.conf |
||||
nginx_mime_file_path: /usr/local/etc/nginx/mime.types |
||||
nginx_pidfile: /var/run/nginx.pid |
||||
nginx_vhost_path: /usr/local/etc/nginx/sites-enabled |
||||
nginx_default_vhost_path: /usr/local/etc/nginx/sites-enabled/default |
||||
__nginx_user: "www" |
@ -0,0 +1,9 @@ |
||||
--- |
||||
root_group: root |
||||
nginx_conf_path: /etc/nginx/conf.d |
||||
nginx_conf_file_path: /etc/nginx/nginx.conf |
||||
nginx_mime_file_path: /etc/nginx/mime.types |
||||
nginx_pidfile: /var/run/nginx.pid |
||||
nginx_vhost_path: /etc/nginx/conf.d |
||||
nginx_default_vhost_path: /etc/nginx/conf.d/default.conf |
||||
__nginx_user: "nginx" |
Reference in new issue