nginx und ffnord.net-Webseite

This commit is contained in:
baldo 2015-08-29 23:44:14 +02:00
parent 3df8b2a1ea
commit 30e39eca31
11 changed files with 184 additions and 0 deletions

View file

@ -0,0 +1,7 @@
# Do not serve dotfiles.
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}

View file

@ -0,0 +1,7 @@
# Deaktiviert Logging
access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitors loggen.
# Bitte nur zum Debuggen von schweren Fehlern das Log-File temporär setzen und dann anschließend die Logs löschen.
# So stellen wir sicher, dass keine IPs geloggt werden.
error_log /dev/null crit;

View file

@ -0,0 +1 @@
disable_symlinks on from=$document_root;

View file

@ -0,0 +1,84 @@
user www-data;
worker_processes 4;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
include /etc/nginx/include/no_logging.conf;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

View file

@ -0,0 +1,3 @@
---
- name: restart nginx
service: name=nginx state=restarted

View file

@ -0,0 +1,36 @@
---
- name: be sure nginx is installed
apt: name=nginx state=latest
tags: nginx
- name: copy includes
copy: >
src=etc/nginx/include
dest=/etc/nginx
mode=0644
owner=root
group=root
notify:
- restart nginx
tags: nginx
- name: remove default site
file: path={{ item }} state=absent
with_items:
- /etc/nginx/sites-available/default
- /etc/nginx/sites-enabled/default
- /var/www/html
notify:
- restart nginx
tags: nginx
- name: configure nginx
copy: >
src=etc/nginx/nginx.conf
dest=/etc/nginx/nginx.conf
mode=0644
owner=root
group=root
notify:
- restart nginx
tags: nginx

View file

@ -0,0 +1,13 @@
server {
include /etc/nginx/include/no_logging.conf;
include /etc/nginx/include/no_dotfiles.conf;
include /etc/nginx/include/no_symlinks.conf;
listen 80;
listen [::]:80;
server_name ffnord.net www.ffnord.net nord.freifunk.net;
root /var/www/ffnord.net/site;
}

View file

@ -0,0 +1,3 @@
---
- name: reload ffnord
service: name=nginx state=reloaded

View file

@ -0,0 +1,3 @@
---
dependencies:
- { role: nginx }

View file

@ -0,0 +1,26 @@
---
- name: configure ffnord.net site
copy: >
src=etc/nginx/sites-available/ffnord.net
dest=/etc/nginx/sites-available/ffnord.net
owner=root
group=root
mode=0644
notify: reload ffnord
tags: nginx
- name: enable ffnord.net site
file: >
src=/etc/nginx/sites-available/ffnord.net
dest=/etc/nginx/sites-enabled/ffnord.net
owner=root
group=root
mode=0644
state=link
notify: reload ffnord
tags: nginx
- name: clone ffnord.net repository
git: repo=https://github.com/ffnord/ffnord.net.git dest=/var/www/ffnord.net
tags: nginx

View file

@ -2,4 +2,5 @@
- hosts: services
roles:
- ntp-server
- website/ffnord