diff --git a/inventories/z9/host_vars/wiki.yml b/inventories/z9/host_vars/wiki.yml new file mode 100644 index 0000000..9469464 --- /dev/null +++ b/inventories/z9/host_vars/wiki.yml @@ -0,0 +1,5 @@ +nginx__version_spec: "" +nginx__deploy_redirect_conf: false +nginx__configurations: + - name: wiki.ccchh.net + content: "{{ lookup('ansible.builtin.file', 'configs/wiki/nginx/wiki.ccchh.net.conf') }}" diff --git a/inventories/z9/hosts.yml b/inventories/z9/hosts.yml index 76f9ad2..43285ab 100644 --- a/inventories/z9/hosts.yml +++ b/inventories/z9/hosts.yml @@ -18,3 +18,6 @@ all: public-reverse-proxy: ansible_host: public-reverse-proxy.z9.ccchh.net ansible_user: chaos + wiki: + ansible_host: wiki.z9.ccchh.net + ansible_user: chaos diff --git a/playbooks/deploy_dokuwiki.yml b/playbooks/deploy_dokuwiki.yml new file mode 100644 index 0000000..9dc3d23 --- /dev/null +++ b/playbooks/deploy_dokuwiki.yml @@ -0,0 +1,38 @@ +--- +- name: Configure wiki.z9 with dokuwiki + become: true + hosts: wiki + roles: + - nginx + tasks: + # TODO: make this a role + - name: Install php-fpm + ansible.builtin.apt: + name: + - php-fpm + - php-xml + - php-mbstring + - php-zip + - php-intl + - php-gd + diff: false + - name: Make sure php-fpm is enabled + ansible.builtin.systemd: + service: php7.4-fpm.service + enabled: true + + # place dokuwiki zip into /var/www/dokuwiki manually! + - name: Create www dir + become: true + ansible.builtin.file: + path: /var/www + state: directory + owner: nginx + group: nginx + mode: "0755" + - name: Custom php-fpm config + become: true + ansible.builtin.copy: + src: configs/wiki/php-fpm-dokuwiki.conf + dest: /etc/php/7.4/fpm/pool.d/dokuwiki.conf + mode: "0755" diff --git a/playbooks/files/configs/wiki/nginx/wiki.ccchh.net.conf b/playbooks/files/configs/wiki/nginx/wiki.ccchh.net.conf new file mode 100644 index 0000000..311385c --- /dev/null +++ b/playbooks/files/configs/wiki/nginx/wiki.ccchh.net.conf @@ -0,0 +1,42 @@ +# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration +# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6 +server { + listen [::]:80 ipv6only=off; + + server_name wiki.z9.ccchh.net; + + # Maximum file upload size is 4MB - change accordingly if needed + client_max_body_size 4M; + client_body_buffer_size 128k; + + root /var/www/dokuwiki; + index doku.php; + + #Remember to comment the below out when you're installing, and uncomment it when done. + location ~ /(conf/|bin/|inc/|vendor/|install.php) { deny all; } + + #Support for X-Accel-Redirect + location ~ ^/data/ { internal ; } + + location ~ ^/lib.*\.(js|css|gif|png|ico|jpg|jpeg)$ { + expires 365d; + } + + location / { try_files $uri $uri/ @dokuwiki; } + + location @dokuwiki { + # rewrites "doku.php/" out of the URLs if you set the userwrite setting to .htaccess in dokuwiki config page + rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last; + rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last; + rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last; + rewrite ^/(.*) /doku.php?id=$1&$args last; + } + + location ~ \.php$ { + try_files $uri $uri/ /doku.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param REDIRECT_STATUS 200; + fastcgi_pass unix:/var/run/php/php-fpm-dokuwiki.sock; + } +} diff --git a/playbooks/files/configs/wiki/php-fpm-dokuwiki.conf b/playbooks/files/configs/wiki/php-fpm-dokuwiki.conf new file mode 100644 index 0000000..2651f15 --- /dev/null +++ b/playbooks/files/configs/wiki/php-fpm-dokuwiki.conf @@ -0,0 +1,15 @@ +[dokuwiki] +user = www-data +group = www-data +listen = /var/run/php/php-fpm-dokuwiki.sock +listen.owner = nginx +listen.group = nginx +php_admin_value[disable_functions] = exec,passthru,shell_exec,system +php_admin_flag[allow_url_fopen] = off +; Choose how the process manager will control the number of child processes. +pm = dynamic +pm.max_children = 75 +pm.start_servers = 10 +pm.min_spare_servers = 5 +pm.max_spare_servers = 20 +pm.process_idle_timeout = 10s \ No newline at end of file