nginx und ffnord.net-Webseite
This commit is contained in:
parent
3df8b2a1ea
commit
30e39eca31
11 changed files with 184 additions and 0 deletions
7
roles/nginx/files/etc/nginx/include/no_dotfiles.conf
Normal file
7
roles/nginx/files/etc/nginx/include/no_dotfiles.conf
Normal file
|
@ -0,0 +1,7 @@
|
|||
# Do not serve dotfiles.
|
||||
location ~ /\. {
|
||||
deny all;
|
||||
access_log off;
|
||||
log_not_found off;
|
||||
}
|
||||
|
7
roles/nginx/files/etc/nginx/include/no_logging.conf
Normal file
7
roles/nginx/files/etc/nginx/include/no_logging.conf
Normal file
|
@ -0,0 +1,7 @@
|
|||
# Deaktiviert Logging
|
||||
|
||||
access_log off; # Bitte nicht aktivieren. Wir wollen ja nicht die IPs unserer Visitors loggen.
|
||||
|
||||
# Bitte nur zum Debuggen von schweren Fehlern das Log-File temporär setzen und dann anschließend die Logs löschen.
|
||||
# So stellen wir sicher, dass keine IPs geloggt werden.
|
||||
error_log /dev/null crit;
|
1
roles/nginx/files/etc/nginx/include/no_symlinks.conf
Normal file
1
roles/nginx/files/etc/nginx/include/no_symlinks.conf
Normal file
|
@ -0,0 +1 @@
|
|||
disable_symlinks on from=$document_root;
|
84
roles/nginx/files/etc/nginx/nginx.conf
Normal file
84
roles/nginx/files/etc/nginx/nginx.conf
Normal file
|
@ -0,0 +1,84 @@
|
|||
user www-data;
|
||||
worker_processes 4;
|
||||
pid /run/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 768;
|
||||
# multi_accept on;
|
||||
}
|
||||
|
||||
http {
|
||||
|
||||
##
|
||||
# Basic Settings
|
||||
##
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 65;
|
||||
types_hash_max_size 2048;
|
||||
# server_tokens off;
|
||||
|
||||
# server_names_hash_bucket_size 64;
|
||||
# server_name_in_redirect off;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
##
|
||||
# SSL Settings
|
||||
##
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
##
|
||||
# Logging Settings
|
||||
##
|
||||
|
||||
include /etc/nginx/include/no_logging.conf;
|
||||
|
||||
##
|
||||
# Gzip Settings
|
||||
##
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
|
||||
# gzip_vary on;
|
||||
# gzip_proxied any;
|
||||
# gzip_comp_level 6;
|
||||
# gzip_buffers 16 8k;
|
||||
# gzip_http_version 1.1;
|
||||
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||
|
||||
##
|
||||
# Virtual Host Configs
|
||||
##
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
||||
|
||||
|
||||
#mail {
|
||||
# # See sample authentication script at:
|
||||
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
|
||||
#
|
||||
# # auth_http localhost/auth.php;
|
||||
# # pop3_capabilities "TOP" "USER";
|
||||
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
|
||||
#
|
||||
# server {
|
||||
# listen localhost:110;
|
||||
# protocol pop3;
|
||||
# proxy on;
|
||||
# }
|
||||
#
|
||||
# server {
|
||||
# listen localhost:143;
|
||||
# protocol imap;
|
||||
# proxy on;
|
||||
# }
|
||||
#}
|
3
roles/nginx/handlers/main.yml
Normal file
3
roles/nginx/handlers/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
- name: restart nginx
|
||||
service: name=nginx state=restarted
|
36
roles/nginx/tasks/main.yml
Normal file
36
roles/nginx/tasks/main.yml
Normal file
|
@ -0,0 +1,36 @@
|
|||
---
|
||||
- name: be sure nginx is installed
|
||||
apt: name=nginx state=latest
|
||||
tags: nginx
|
||||
|
||||
- name: copy includes
|
||||
copy: >
|
||||
src=etc/nginx/include
|
||||
dest=/etc/nginx
|
||||
mode=0644
|
||||
owner=root
|
||||
group=root
|
||||
notify:
|
||||
- restart nginx
|
||||
tags: nginx
|
||||
|
||||
- name: remove default site
|
||||
file: path={{ item }} state=absent
|
||||
with_items:
|
||||
- /etc/nginx/sites-available/default
|
||||
- /etc/nginx/sites-enabled/default
|
||||
- /var/www/html
|
||||
notify:
|
||||
- restart nginx
|
||||
tags: nginx
|
||||
|
||||
- name: configure nginx
|
||||
copy: >
|
||||
src=etc/nginx/nginx.conf
|
||||
dest=/etc/nginx/nginx.conf
|
||||
mode=0644
|
||||
owner=root
|
||||
group=root
|
||||
notify:
|
||||
- restart nginx
|
||||
tags: nginx
|
|
@ -0,0 +1,13 @@
|
|||
server {
|
||||
include /etc/nginx/include/no_logging.conf;
|
||||
include /etc/nginx/include/no_dotfiles.conf;
|
||||
include /etc/nginx/include/no_symlinks.conf;
|
||||
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name ffnord.net www.ffnord.net nord.freifunk.net;
|
||||
|
||||
root /var/www/ffnord.net/site;
|
||||
}
|
||||
|
3
roles/website/ffnord/handlers/main.yml
Normal file
3
roles/website/ffnord/handlers/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
- name: reload ffnord
|
||||
service: name=nginx state=reloaded
|
3
roles/website/ffnord/meta/main.yml
Normal file
3
roles/website/ffnord/meta/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
dependencies:
|
||||
- { role: nginx }
|
26
roles/website/ffnord/tasks/main.yml
Normal file
26
roles/website/ffnord/tasks/main.yml
Normal file
|
@ -0,0 +1,26 @@
|
|||
---
|
||||
- name: configure ffnord.net site
|
||||
copy: >
|
||||
src=etc/nginx/sites-available/ffnord.net
|
||||
dest=/etc/nginx/sites-available/ffnord.net
|
||||
owner=root
|
||||
group=root
|
||||
mode=0644
|
||||
notify: reload ffnord
|
||||
tags: nginx
|
||||
|
||||
- name: enable ffnord.net site
|
||||
file: >
|
||||
src=/etc/nginx/sites-available/ffnord.net
|
||||
dest=/etc/nginx/sites-enabled/ffnord.net
|
||||
owner=root
|
||||
group=root
|
||||
mode=0644
|
||||
state=link
|
||||
notify: reload ffnord
|
||||
tags: nginx
|
||||
|
||||
- name: clone ffnord.net repository
|
||||
git: repo=https://github.com/ffnord/ffnord.net.git dest=/var/www/ffnord.net
|
||||
tags: nginx
|
||||
|
|
@ -2,4 +2,5 @@
|
|||
- hosts: services
|
||||
roles:
|
||||
- ntp-server
|
||||
- website/ffnord
|
||||
|
||||
|
|
Loading…
Reference in a new issue