Jonathan Cobb
před 5 roky
5 změnil soubory, kde provedl 77 přidání a 66 odebrání
-
+13 -0automation/roles/nginx/tasks/site.yml
-
+0 -32automation/roles/nginx/templates/site_node.conf.j2
-
+31 -0automation/roles/nginx/templates/site_node_alias.conf.j2
-
+1 -34automation/roles/nginx/templates/site_sage.conf.j2
-
+32 -0automation/roles/nginx/templates/site_sage_alias.conf.j2
+ 13
- 0
automation/roles/nginx/tasks/site.yml
Zobrazit soubor
| @@ -15,6 +15,11 @@ | |||
| src: "site_{{ install_type }}.conf.j2" | |||
| dest: "/etc/nginx/sites-available/{{ server_name }}.conf" | |||
| - name: Create alias nginx site (type={{ install_type }}) | |||
| template: | |||
| src: "site_{{ install_type }}_alias.conf.j2" | |||
| dest: "/etc/nginx/sites-available/{{ server_alias }}.conf" | |||
| - name: Symlink default site to site-enabled | |||
| file: | |||
| src: /etc/nginx/sites-available/{{ server_name }}.conf | |||
| @@ -22,3 +27,11 @@ | |||
| owner: root | |||
| group: root | |||
| state: link | |||
| - name: Symlink alias site to site-enabled | |||
| file: | |||
| src: /etc/nginx/sites-available/{{ server_alias }}.conf | |||
| dest: /etc/nginx/sites-enabled/{{ server_alias }}.conf | |||
| owner: root | |||
| group: root | |||
| state: link | |||
+ 0
- 32
automation/roles/nginx/templates/site_node.conf.j2
Zobrazit soubor
| @@ -29,35 +29,3 @@ server { | |||
| return 301 https://$host$request_uri; | |||
| } | |||
| } | |||
| server { | |||
| server_name {{ server_alias }}; | |||
| listen {{ ssl_port }} ssl http2; | |||
| location / { | |||
| proxy_pass http://127.0.0.1:{{ admin_port }}/; | |||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |||
| proxy_set_header X-Real-IP $remote_addr; | |||
| proxy_set_header X-Forwarded-Host {{ server_name }}; | |||
| proxy_set_header X-Forwarded-Proto https; | |||
| } | |||
| location ^~ /.well-known/acme-challenge/ { | |||
| default_type "text/plain"; | |||
| root /var/www/html; | |||
| } | |||
| ssl_certificate /etc/letsencrypt/live/{{ server_alias }}/fullchain.pem; | |||
| ssl_certificate_key /etc/letsencrypt/live/{{ server_alias }}/privkey.pem; | |||
| ssl_session_cache shared:le_nginx_SSL:1m; | |||
| ssl_session_timeout 1440m; | |||
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |||
| ssl_prefer_server_ciphers on; | |||
| ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA"; | |||
| if ($scheme != "https") { | |||
| return 301 https://$host$request_uri; | |||
| } | |||
| } | |||
+ 31
- 0
automation/roles/nginx/templates/site_node_alias.conf.j2
Zobrazit soubor
| @@ -0,0 +1,31 @@ | |||
| server { | |||
| server_name {{ server_alias }}; | |||
| listen {{ ssl_port }} ssl http2; | |||
| location / { | |||
| proxy_pass http://127.0.0.1:{{ admin_port }}/; | |||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |||
| proxy_set_header X-Real-IP $remote_addr; | |||
| proxy_set_header X-Forwarded-Host {{ server_name }}; | |||
| proxy_set_header X-Forwarded-Proto https; | |||
| } | |||
| location ^~ /.well-known/acme-challenge/ { | |||
| default_type "text/plain"; | |||
| root /var/www/html; | |||
| } | |||
| ssl_certificate /etc/letsencrypt/live/{{ server_alias }}/fullchain.pem; | |||
| ssl_certificate_key /etc/letsencrypt/live/{{ server_alias }}/privkey.pem; | |||
| ssl_session_cache shared:le_nginx_SSL:1m; | |||
| ssl_session_timeout 1440m; | |||
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |||
| ssl_prefer_server_ciphers on; | |||
| ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA"; | |||
| if ($scheme != "https") { | |||
| return 301 https://$host$request_uri; | |||
| } | |||
| } | |||
+ 1
- 34
automation/roles/nginx/templates/site_sage.conf.j2
Zobrazit soubor
| @@ -1,6 +1,6 @@ | |||
| server { | |||
| listen 80; | |||
| server_name {{ server_name }} {{ server_alias }}; | |||
| server_name {{ server_name }}; | |||
| location / { | |||
| proxy_pass http://127.0.0.1:{{ admin_port }}/; | |||
| @@ -30,36 +30,3 @@ server { | |||
| return 301 https://$host$request_uri; | |||
| } | |||
| } | |||
| server { | |||
| listen 80; | |||
| server_name {{ server_alias }}; | |||
| location / { | |||
| proxy_pass http://127.0.0.1:{{ admin_port }}/; | |||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |||
| proxy_set_header X-Real-IP $remote_addr; | |||
| proxy_set_header X-Forwarded-Host {{ server_name }}; | |||
| proxy_set_header X-Forwarded-Proto https; | |||
| } | |||
| location ^~ /.well-known/acme-challenge/ { | |||
| default_type "text/plain"; | |||
| root /var/www/html; | |||
| } | |||
| listen 443 ssl; | |||
| ssl_certificate /etc/letsencrypt/live/{{ server_alias }}/fullchain.pem; | |||
| ssl_certificate_key /etc/letsencrypt/live/{{ server_alias }}/privkey.pem; | |||
| ssl_session_cache shared:le_nginx_SSL:1m; | |||
| ssl_session_timeout 1440m; | |||
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |||
| ssl_prefer_server_ciphers on; | |||
| ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA"; | |||
| if ($scheme != "https") { | |||
| return 301 https://$host$request_uri; | |||
| } | |||
| } | |||
+ 32
- 0
automation/roles/nginx/templates/site_sage_alias.conf.j2
Zobrazit soubor
| @@ -0,0 +1,32 @@ | |||
| server { | |||
| listen 80; | |||
| server_name {{ server_alias }}; | |||
| location / { | |||
| proxy_pass http://127.0.0.1:{{ admin_port }}/; | |||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |||
| proxy_set_header X-Real-IP $remote_addr; | |||
| proxy_set_header X-Forwarded-Host {{ server_name }}; | |||
| proxy_set_header X-Forwarded-Proto https; | |||
| } | |||
| location ^~ /.well-known/acme-challenge/ { | |||
| default_type "text/plain"; | |||
| root /var/www/html; | |||
| } | |||
| listen 443 ssl; | |||
| ssl_certificate /etc/letsencrypt/live/{{ server_alias }}/fullchain.pem; | |||
| ssl_certificate_key /etc/letsencrypt/live/{{ server_alias }}/privkey.pem; | |||
| ssl_session_cache shared:le_nginx_SSL:1m; | |||
| ssl_session_timeout 1440m; | |||
| ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |||
| ssl_prefer_server_ciphers on; | |||
| ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA"; | |||
| if ($scheme != "https") { | |||
| return 301 https://$host$request_uri; | |||
| } | |||
| } | |||