new wordpress creation pipeline!
This commit is contained in:
parent
78efb7b7e2
commit
62af249e77
10 changed files with 359 additions and 96 deletions
|
@ -1,6 +1,23 @@
|
||||||
|
# Deployer: deploy your shit and make it run
|
||||||
|
|
||||||
|
So lame to have to configure nginx, MySQL, and your filesystem to install a stupid Wordpress instance.
|
||||||
|
|
||||||
|
**Deployer** does my config for me like the slave it is.
|
||||||
|
|
||||||
|
All the configuration is defined in `group_vars/all/vars.yml`, go check.
|
||||||
|
|
||||||
|
Create a side `group_vars/all/vault.yml` for your secrets, and encrypt it with Ansible Vault:
|
||||||
|
|
||||||
|
ansible-vault encrypt group_vars/all/vault.yml
|
||||||
|
# other sub-commands: edit, decrypt...
|
||||||
|
|
||||||
|
I usually run the following command:
|
||||||
|
|
||||||
|
ansible-playbook --ask-vault-pass sites.yml -i inventory -v
|
||||||
|
|
||||||
## Required packages on remote
|
## Required packages on remote
|
||||||
|
|
||||||
Python (installed with `pip` for user `adrien`):
|
Python modules:
|
||||||
|
|
||||||
* docker
|
* docker
|
||||||
* docker-compose
|
* docker-compose
|
||||||
|
@ -8,38 +25,33 @@ Python (installed with `pip` for user `adrien`):
|
||||||
|
|
||||||
TODO: Ansible task to install that before the rest
|
TODO: Ansible task to install that before the rest
|
||||||
|
|
||||||
## Configure mailing
|
# Features
|
||||||
|
|
||||||
When I send mails from the container with `php`, with current `msmtp` config, it fails if the recipient isn't `@luxeylab.net`.
|
* Creating Wordpress instances (yoohoo, da best)
|
||||||
|
|
||||||
Host `mail.log`:
|
* That send mail!!11!1!
|
||||||
|
|
||||||
# mail('adrien@yopmai.com'...) in container
|
|
||||||
Apr 2 09:07:56 Serenity postfix/smtpd[22617]: connect from unknown[172.27.1.2]
|
|
||||||
Apr 2 09:07:56 Serenity postfix/smtpd[22617]: NOQUEUE: reject: RCPT from unknown[172.27.1.2]: 454 4.7.1 <adrien@yopmail.com>: Relay access denied; from=<php@www.rennesdesbois.fr> to=<adrien@yopmail.com> proto=ESMTP helo=<localhost>
|
|
||||||
Apr 2 09:07:56 Serenity postfix/smtpd[22617]: lost connection after DATA from unknown[172.27.1.2]
|
|
||||||
Apr 2 09:07:56 Serenity postfix/smtpd[22617]: disconnect from unknown[172.27.1.2] ehlo=1 mail=1 rcpt=0/1 data=0/1 commands=2/4
|
|
||||||
|
|
||||||
# mail('adrien@yopmai.com'...) on host
|
### Does not support
|
||||||
Apr 2 09:10:33 Serenity postfix/cleanup[27364]: 5DB1D3CCDA: message-id=<20200402071033.5DB1D3CCDA@luxeylab.net>
|
|
||||||
Apr 2 09:10:33 Serenity postfix/qmgr[2066]: 5DB1D3CCDA: from=<adrien@luxeylab.net>, size=286, nrcpt=1 (queue active)
|
|
||||||
Apr 2 09:10:33 Serenity postfix/smtp[27366]: 5DB1D3CCDA: to=<adrien@yopmail.com>, relay=smtp.yopmail.com[87.98.164.155]:25, delay=0.68, delays=0.35/0/0.23/0.09, dsn=2.0.0, status=sent (250 mail saved)
|
|
||||||
Apr 2 09:10:33 Serenity postfix/qmgr[2066]: 5DB1D3CCDA: removed
|
|
||||||
|
|
||||||
# mail('adrien@luxeylab.net'...) in container
|
* Setting up the host
|
||||||
Apr 2 08:08:12 Serenity postfix/smtpd[2647]: connect from unknown[172.27.1.2]
|
|
||||||
Apr 2 08:08:12 Serenity postfix/smtpd[2647]: 6BA723CCD8: client=unknown[172.27.1.2]
|
|
||||||
Apr 2 08:08:12 Serenity postfix/cleanup[5829]: 6BA723CCD8: message-id=<>
|
|
||||||
Apr 2 08:08:12 Serenity postfix/smtpd[2647]: disconnect from unknown[172.27.1.2] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
|
|
||||||
Apr 2 08:08:12 Serenity postfix/qmgr[2066]: 6BA723CCD8: from=<php@www.rennesdesbois.fr>, size=290, nrcpt=1 (queue active)
|
|
||||||
Apr 2 08:08:13 Serenity postfix/smtp[5831]: 6BA723CCD8: to=<adrien.luxey@gmail.com>, orig_to=<adrien@luxeylab.net>, relay=gmail-smtp-in.l.google.com[74.125.133.26]:25, delay=0.79, delays=0.23/0.03/0.11/0.42, dsn=2.0.0, status=sent (250 2.0.0 OK 1585807693 130si4035771wma.123 - gsmtp)
|
|
||||||
Apr 2 08:08:13 Serenity postfix/qmgr[2066]: 6BA723CCD8: removed
|
|
||||||
|
|
||||||
Good docs on the topic:
|
* SSL certificate creation (bro, do it yourself!). That is:
|
||||||
|
|
||||||
* [Explains postfix on Host+ssmtp in Docker in detail, poorly written](https://medium.com/@thilinaviraj950/configure-and-use-host-base-postfix-to-send-emails-from-a-container-18cd279fc460)
|
```bash
|
||||||
* [Another one](https://www.michelebologna.net/2019/send-an-email-from-a-docker-container/)
|
# Make an nginx file for certbot
|
||||||
|
cat << EOF > /etc/nginx/sites-enabled/yoursite.com
|
||||||
I needed to add Docker's network (`172.0.0.0/8`) to `mynetworks` in `/etc/postfix/main.cf`. Also `inet_interfaces` would have had to be changed if Arthur didn't put it to `all`.
|
server {
|
||||||
|
listen 80;
|
||||||
**Now solved.**
|
server_name www.yoursite.com yoursite.com;
|
||||||
|
include snippets/letsencrypt.conf;
|
||||||
|
}
|
||||||
|
EOF
|
||||||
|
nginx -t # Is everything alright?
|
||||||
|
# If so, restart nginx
|
||||||
|
service nginx restart
|
||||||
|
# Create the certificate
|
||||||
|
certbot certonly --webroot -w /var/www/letsencrypt -d yoursite.com -d www.yoursite.com
|
||||||
|
# Remove the stupid file
|
||||||
|
rm /etc/nginx/sites-enabled/yoursite.com
|
||||||
|
service nginx restart
|
||||||
|
```
|
|
@ -3,7 +3,29 @@
|
||||||
www_path: /vault/www
|
www_path: /vault/www
|
||||||
sites_path: /vault/sites
|
sites_path: /vault/sites
|
||||||
|
|
||||||
|
wordpress:
|
||||||
|
version: 5.4
|
||||||
|
checksum: sha1:d5f1e6d7cadd72c11d086a2e1ede0a72f23d993e
|
||||||
|
|
||||||
sites:
|
sites:
|
||||||
|
- slug: test # Shorthand name to use as directory/file name
|
||||||
|
# The site URL (without www)
|
||||||
|
url: test.luxeylab.net
|
||||||
|
# Ask nginx to redirect url to www
|
||||||
|
# Else, we redirect www to url
|
||||||
|
redirect_to_www: no
|
||||||
|
# What kind of site is that?
|
||||||
|
type: wordpress
|
||||||
|
# Subnet addresses
|
||||||
|
subnet_cidr_address: 172.27.6.0/24
|
||||||
|
subnet_gateway_ip: 172.27.6.1
|
||||||
|
subnet_nginx_ip: 172.27.6.2
|
||||||
|
subnet_site_ip: 172.27.6.3
|
||||||
|
|
||||||
|
mysql_database: wp_test
|
||||||
|
mysql_username: wp_test
|
||||||
|
mysql_password: "{{ vault_wp_test_mysql_password }}"
|
||||||
|
|
||||||
# - slug: rdb # Shorthand name to use as directory/file name
|
# - slug: rdb # Shorthand name to use as directory/file name
|
||||||
# # The site URL (without www)
|
# # The site URL (without www)
|
||||||
# url: rennesdesbois.fr
|
# url: rennesdesbois.fr
|
||||||
|
@ -72,25 +94,25 @@ sites:
|
||||||
# mysql_username: lexperimental
|
# mysql_username: lexperimental
|
||||||
# mysql_password: "{{ vault_lexperimental_mysql_password }}"
|
# mysql_password: "{{ vault_lexperimental_mysql_password }}"
|
||||||
|
|
||||||
- slug: mts # Shorthand name to use as directory/file name
|
# - slug: mts # Shorthand name to use as directory/file name
|
||||||
# The site URL (without www)
|
# # The site URL (without www)
|
||||||
url: editionsmangetasoupe.fr
|
# url: editionsmangetasoupe.fr
|
||||||
# Ask nginx to redirect url to www
|
# # Ask nginx to redirect url to www
|
||||||
# Else, we redirect www to url
|
# # Else, we redirect www to url
|
||||||
redirect_to_www: no
|
# redirect_to_www: no
|
||||||
# What kind of site is that?
|
# # What kind of site is that?
|
||||||
type: drupal
|
# type: drupal
|
||||||
# Subnet addresses
|
# # Subnet addresses
|
||||||
subnet_cidr_address: 172.27.5.0/24
|
# subnet_cidr_address: 172.27.5.0/24
|
||||||
subnet_gateway_ip: 172.27.5.1
|
# subnet_gateway_ip: 172.27.5.1
|
||||||
subnet_site_ip: 172.27.5.2
|
# subnet_site_ip: 172.27.5.2
|
||||||
|
|
||||||
# This will allow setting up MySQL
|
# # This will allow setting up MySQL
|
||||||
# Configuration on Drupal's side must be done by hand:
|
# # Configuration on Drupal's side must be done by hand:
|
||||||
# Edit your <drupal_install>/sites/default/settings.php
|
# # Edit your <drupal_install>/sites/default/settings.php
|
||||||
mysql_database: mts8
|
# mysql_database: mts8
|
||||||
mysql_username: mts
|
# mysql_username: mts
|
||||||
mysql_password: "{{ vault_mts_mysql_password }}"
|
# mysql_password: "{{ vault_mts_mysql_password }}"
|
||||||
|
|
||||||
mysql_root_password: "{{ vault_mysql_root_password }}"
|
mysql_root_password: "{{ vault_mysql_root_password }}"
|
||||||
adrien_serenity_password: "{{ vault_adrien_serenity_password }}"
|
adrien_serenity_password: "{{ vault_adrien_serenity_password }}"
|
|
@ -1,30 +1,34 @@
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
30333835653963663535316564323735303838343861333835313232626632336635623361316534
|
34386539366237643636326332343434623662373561336536363338373535393662323663656535
|
||||||
3931353931336638626634643133343865363539633266660a646339376138346330336232373139
|
6431333031393336353139616535363739343763356163620a356164313063616231373634393963
|
||||||
65393937643136623530663130626664666466623930376462613237616230343165346163383563
|
30366366616539306438326563623832626666363562383334303961643862373736356337356635
|
||||||
3639336166373234360a306532306231333363333533373937613763626565353630626237373037
|
6461363664316566660a346539376262326438353933663333393137623438643166623335383236
|
||||||
66613537356339376131653239323330346530323137346430656635613331653261306234636432
|
38643631363032636138333739353337633839303562383664366163303537633463663331313362
|
||||||
61663539656166613338333336323962623434656532323037356336346439386130313936613864
|
30306132383465633434376236626562353935383463306333386538653436323832313063646162
|
||||||
39393466306635656532336162326266366361356530393264316437326335346439616136646665
|
35653934306631383633636132666534373537316137623961653566303463376433373561323166
|
||||||
36356633643434326364346564613562356637663463653935616665373966386335373530323333
|
38353034393830323165653130663063646135656137633434313066616663636635346431333138
|
||||||
30393138383365646438616265353165613233313039333538393634313330343565633161623266
|
65633663626266613039323264653738316564643563303764646330643837383639646131643639
|
||||||
35656330383065373966383132323235663866613139613830333435393438333761313438663763
|
36646664386138623565353864373235326362353537306133633663316238613862616464323732
|
||||||
66366166303462613666393936303966616338393166373539336464366361656530323335333934
|
66383733306166633466333833643162353261356565326232356132303062623936663731663136
|
||||||
66366462323665326465353731666264383431623637373330343039666538313063396263373066
|
36613261646130383632636165393061316235326435383064313233316639383830323165653265
|
||||||
38323366393738353763626436373830396462386566346535646663326233636462303164316561
|
31383063303463303561383434623832323536336438623265316264623661653333323133356231
|
||||||
37646230663131643936376135343462363839336431353564303564373233376132346139326535
|
64663734343333663130303565383466666436383964646564313932323637393136646165643634
|
||||||
33326165633239333864666233643466376164653835626262616264666434306530346462323464
|
66636261663561613139393333326663646464303339323933663061383736343536623164356566
|
||||||
37643962656336356436616138626531396665616235353263326265326236383739363130386262
|
36323534323666303532383333343363373666386565643566396636386265393232636233396133
|
||||||
65356238303437303232396639396563353836333937303836313637376139386239653465333962
|
35393338613166653931666536663336633364383735303361636366656666636433356262656262
|
||||||
62346236353934396236366535323262643161336366326432363539386664323766633561363232
|
34633534306239663563326566623161633363633466613764343836613331326265636439623530
|
||||||
30623364323035343830663362326466326433643165356435343965343162303965323063383732
|
37326138393738316536393464643131653537663434323664343237393165613039646232343835
|
||||||
33373639343038663931646262373164356563366531656432626232343762396661386338386165
|
34323036386232363437633966303861643962393337326332613334343431383231646465336334
|
||||||
35363666383164383031663532616563373735663565343130643638313739656266653336323339
|
65396465373163643163313466376334646436386463373232613663393663373139356234326165
|
||||||
61383834653032643335653866653338643035376366373238343435653632383338346566643132
|
64353633313832633335633830323337636130636431666263383061626231343138646665346136
|
||||||
39663234373637343565623431343366386635666635623838396163396137363465613438353737
|
36323232373338373734333436656435646163393961633366613735616537656638633034373965
|
||||||
39353561656239636533613161316634633035626338663433626131613461346439353061373765
|
38663662373736626561666239333733393630653439383265616433663934366435323136373963
|
||||||
65313632346339303164656561303538343937366264376665666364663762656435636166623861
|
66303836363764393363383833323066616234316666303934626638363734346663616661616664
|
||||||
61346562366235343437636337306163326365666463343038633861333265623135356439313264
|
36366635656534343738343234356363323032636435336433333135666232623231333739336262
|
||||||
32343036373433313331356566363636643237623835343033616338386336363465356233386431
|
30636561613938396631623365613535656666313334663665363037636534353030626262313134
|
||||||
38313536323661623165623662616162396363396436613838663864613165653635663638353839
|
62663931626661313231613235366364613635383638633265386330373731663738336435346537
|
||||||
30343333363633373338626535373034623738336463383266346464646434623731
|
30393137373636363237643365626437623734376162626437306364313564616530663934343137
|
||||||
|
33313065346465633933616134386434323031313239303736653564623833376563336361366164
|
||||||
|
37666635643334663665633966653738616131643237343063326430326263363461303966333032
|
||||||
|
64616336303361626336343930363666623565356431336461346132326636333636663730343934
|
||||||
|
3666
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
path: "{{ sites_path }}/{{ item.slug }}"
|
path: "{{ sites_path }}/{{ item.slug }}"
|
||||||
state: directory
|
state: directory
|
||||||
mode: '750'
|
mode: '750'
|
||||||
tags: [docker, nginx]
|
tags: [docker, nginx, mysql]
|
||||||
|
|
||||||
- name: Render sexy Dockerfile
|
- name: Render sexy Dockerfile
|
||||||
template:
|
template:
|
||||||
|
|
|
@ -1,3 +1,59 @@
|
||||||
|
|
||||||
|
|
||||||
|
- name: Is it a new install?
|
||||||
|
stat:
|
||||||
|
path: "{{ www_path }}/{{ item.slug }}_wp-content/index.php"
|
||||||
|
register: wpcontent
|
||||||
|
|
||||||
|
- name: Populate wp-content folder
|
||||||
|
block:
|
||||||
|
- name: "Clear folder {{ www_path }}/{{ item.slug }}_wp-content"
|
||||||
|
file:
|
||||||
|
path: "{{ www_path }}/{{ item.slug }}_wp-content"
|
||||||
|
state: absent
|
||||||
|
- name: "Download Wordpress v{{ wordpress.version }} archive"
|
||||||
|
get_url:
|
||||||
|
url: "https://wordpress.org/wordpress-{{ wordpress.version }}.tar.gz"
|
||||||
|
dest: "/tmp/wordpress.tgz"
|
||||||
|
checksum: "{{ wordpress.checksum }}"
|
||||||
|
- name: "Extract Wordpress v{{ wordpress.version }} archive"
|
||||||
|
unarchive:
|
||||||
|
src: "/tmp/wordpress.tgz"
|
||||||
|
dest: /tmp
|
||||||
|
remote_src: yes
|
||||||
|
- name: "Copy wp-content folder to destination"
|
||||||
|
copy:
|
||||||
|
src: /tmp/wordpress/wp-content/
|
||||||
|
dest: "{{ www_path }}/{{ item.slug }}_wp-content"
|
||||||
|
remote_src: yes
|
||||||
|
# group: www-data
|
||||||
|
# mode: '0660'
|
||||||
|
# directory_mode: '0770'
|
||||||
|
- name: Set proper access rights to wp-content tree
|
||||||
|
file:
|
||||||
|
path: "{{ www_path }}/{{ item.slug }}_wp-content"
|
||||||
|
state: directory
|
||||||
|
recurse: yes
|
||||||
|
group: www-data
|
||||||
|
mode: "u=rwX,g=rwX,o="
|
||||||
|
|
||||||
|
- name: "Remove downloaded content"
|
||||||
|
file:
|
||||||
|
path: "{{ toremove }}"
|
||||||
|
state: absent
|
||||||
|
loop:
|
||||||
|
- /tmp/wordpress.tgz
|
||||||
|
- /tmp/wordpress
|
||||||
|
loop_control:
|
||||||
|
loop_var: toremove
|
||||||
|
|
||||||
|
when: wpcontent.stat.exists is not defined or wpcontent.stat.exists == False
|
||||||
|
tags: [docker, nginx]
|
||||||
|
|
||||||
|
####################
|
||||||
|
# Render templates #
|
||||||
|
####################
|
||||||
|
|
||||||
- name: "Create folder {{ sites_path }}/{{ item.slug }}"
|
- name: "Create folder {{ sites_path }}/{{ item.slug }}"
|
||||||
file:
|
file:
|
||||||
path: "{{ sites_path }}/{{ item.slug }}"
|
path: "{{ sites_path }}/{{ item.slug }}"
|
||||||
|
@ -5,25 +61,39 @@
|
||||||
mode: '750'
|
mode: '750'
|
||||||
tags: [docker, nginx]
|
tags: [docker, nginx]
|
||||||
|
|
||||||
- name: Render sexy Dockerfile
|
- name: "Create {{ sites_path }}/{{ item.slug }} sub-directories"
|
||||||
template:
|
file:
|
||||||
src: wordpress/Dockerfile.j2
|
path: "{{ sites_path }}/{{ item.slug }}/{{ filetree_item.path }}"
|
||||||
dest: "{{ sites_path }}/{{ item.slug }}/Dockerfile"
|
state: directory
|
||||||
tags: docker
|
mode: "{{ filetree_item.mode }}"
|
||||||
|
with_filetree: "../templates/wordpress/"
|
||||||
|
loop_control:
|
||||||
|
loop_var: filetree_item
|
||||||
|
when: filetree_item.state == 'directory'
|
||||||
|
tags: [docker, nginx]
|
||||||
|
|
||||||
- name: Render marvelous docker-compose.yml
|
- name: Render template files
|
||||||
template:
|
template:
|
||||||
src: wordpress/docker-compose.yml.j2
|
src: "{{ filetree_item.src }}"
|
||||||
dest: "{{ sites_path }}/{{ item.slug }}/docker-compose.yml"
|
dest: "{{ sites_path }}/{{ item.slug }}/{{ filetree_item.path | regex_replace('.j2','') }}"
|
||||||
tags: docker
|
mode: "{{ filetree_item.mode }}"
|
||||||
|
with_filetree: "../templates/wordpress/"
|
||||||
|
loop_control:
|
||||||
|
loop_var: filetree_item
|
||||||
|
when: filetree_item.state == 'file'
|
||||||
|
tags: [docker, nginx]
|
||||||
|
|
||||||
- name: Render swell nginx site config
|
- name: Copy host config to /etc/nginx/sites-available
|
||||||
template:
|
copy:
|
||||||
src: wordpress/nginx.j2
|
remote_src: yes
|
||||||
|
src: "{{ sites_path }}/{{ item.slug }}/nginx.host"
|
||||||
dest: "/etc/nginx/sites-available/{{ item.url }}"
|
dest: "/etc/nginx/sites-available/{{ item.url }}"
|
||||||
become: yes
|
become: yes
|
||||||
tags: nginx
|
tags: nginx
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# - name: Create Let's Encrypt certificate
|
# - name: Create Let's Encrypt certificate
|
||||||
# This seems hard, see:
|
# This seems hard, see:
|
||||||
# https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module
|
# https://docs.ansible.com/ansible/latest/modules/acme_certificate_module.html#acme-certificate-module
|
||||||
|
|
|
@ -1,11 +1,13 @@
|
||||||
version: '3'
|
version: '3'
|
||||||
|
|
||||||
# Generated by ansible for site {{ item.url }}
|
# Generated by ansible for site {{ item.url }}
|
||||||
# At {{ item.subnet_site_ip }} on {{ item.subnet_cidr_address }}
|
# On network {{ item.subnet_cidr_address }}:
|
||||||
|
# - web server (nginx) at {{ item.subnet_nginx_ip }}
|
||||||
|
# - php-fpm (wordpress) at {{ item.subnet_site_ip }}
|
||||||
|
|
||||||
services:
|
services:
|
||||||
wp:
|
site:
|
||||||
build: .
|
build: site
|
||||||
restart: always
|
restart: always
|
||||||
environment:
|
environment:
|
||||||
WORDPRESS_DB_HOST: "{{ item.subnet_gateway_ip }}"
|
WORDPRESS_DB_HOST: "{{ item.subnet_gateway_ip }}"
|
||||||
|
@ -13,14 +15,31 @@ services:
|
||||||
WORDPRESS_DB_PASSWORD: "{{ item.mysql_password }}"
|
WORDPRESS_DB_PASSWORD: "{{ item.mysql_password }}"
|
||||||
WORDPRESS_DB_NAME: "{{ item.mysql_database }}"
|
WORDPRESS_DB_NAME: "{{ item.mysql_database }}"
|
||||||
volumes:
|
volumes:
|
||||||
|
- "html_data:/var/www/html"
|
||||||
- "{{ www_path }}/{{ item.slug }}_wp-content:/var/www/html/wp-content"
|
- "{{ www_path }}/{{ item.slug }}_wp-content:/var/www/html/wp-content"
|
||||||
networks:
|
networks:
|
||||||
net:
|
net:
|
||||||
ipv4_address: "{{ item.subnet_site_ip }}"
|
ipv4_address: "{{ item.subnet_site_ip }}"
|
||||||
|
|
||||||
|
nginx:
|
||||||
|
build: nginx
|
||||||
|
restart: always
|
||||||
|
depends_on:
|
||||||
|
- site
|
||||||
|
volumes:
|
||||||
|
- "html_data:/var/www/html"
|
||||||
|
- "{{ www_path }}/{{ item.slug }}_wp-content:/var/www/html/wp-content"
|
||||||
|
networks:
|
||||||
|
net:
|
||||||
|
ipv4_address: "{{ item.subnet_nginx_ip }}"
|
||||||
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
net:
|
net:
|
||||||
ipam:
|
ipam:
|
||||||
driver: default
|
driver: default
|
||||||
config:
|
config:
|
||||||
- subnet: "{{ item.subnet_cidr_address }}"
|
- subnet: "{{ item.subnet_cidr_address }}"
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
html_data:
|
||||||
|
|
|
@ -49,7 +49,7 @@ server {
|
||||||
location / {
|
location / {
|
||||||
include snippets/header-params_location.conf;
|
include snippets/header-params_location.conf;
|
||||||
|
|
||||||
proxy_pass http://{{ item.subnet_site_ip }}:80;
|
proxy_pass http://{{ item.subnet_nginx_ip }}:80;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
FROM nginx:latest
|
||||||
|
COPY nginx.conf /etc/nginx/nginx.conf
|
||||||
|
|
||||||
|
# Should be UID & GID=33
|
||||||
|
# USER www-data:www-data
|
128
ansible/roles/build/templates/wordpress/nginx/nginx.conf.j2
Normal file
128
ansible/roles/build/templates/wordpress/nginx/nginx.conf.j2
Normal file
|
@ -0,0 +1,128 @@
|
||||||
|
user www-data www-data;
|
||||||
|
worker_processes 1;
|
||||||
|
|
||||||
|
error_log /var/log/nginx/error.log warn;
|
||||||
|
pid /var/run/nginx.pid;
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
http {
|
||||||
|
charset utf-8;
|
||||||
|
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
|
||||||
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||||
|
'$status $body_bytes_sent "$http_referer" '
|
||||||
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log main;
|
||||||
|
|
||||||
|
##
|
||||||
|
# Basic Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
tcp_nopush on;
|
||||||
|
tcp_nodelay on;
|
||||||
|
keepalive_timeout 15s;
|
||||||
|
types_hash_max_size 2048;
|
||||||
|
server_tokens off;
|
||||||
|
client_max_body_size 10M;
|
||||||
|
client_body_timeout 60;
|
||||||
|
# server_names_hash_bucket_size 64;
|
||||||
|
server_name_in_redirect off;
|
||||||
|
|
||||||
|
|
||||||
|
##
|
||||||
|
# Gzip Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_disable "msie6";
|
||||||
|
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_proxied any;
|
||||||
|
gzip_comp_level 6;
|
||||||
|
gzip_buffers 16 8k;
|
||||||
|
gzip_http_version 1.1;
|
||||||
|
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||||
|
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80 default;
|
||||||
|
listen [::]:80 default;
|
||||||
|
server_name {{ item.url }} www.{{ item.url }};
|
||||||
|
|
||||||
|
root /var/www/html;
|
||||||
|
index index.php;
|
||||||
|
|
||||||
|
# Restrictions
|
||||||
|
location = /favicon.ico {
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
location = /robots.txt {
|
||||||
|
allow all;
|
||||||
|
log_not_found off;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
location ~ /\. {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
location = /_.gif {
|
||||||
|
expires max;
|
||||||
|
empty_gif;
|
||||||
|
}
|
||||||
|
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
|
||||||
|
expires max;
|
||||||
|
log_not_found off;
|
||||||
|
}
|
||||||
|
location ~* /(?:uploads|files)/.*\.php$ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
# XMLRPC is a great way to bruteforce passwords
|
||||||
|
location = /xmlrpc.php {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ /index.php?$args;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
# regex to split $uri to $fastcgi_script_name and $fastcgi_path
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
|
||||||
|
# Check that the PHP script exists before passing it
|
||||||
|
# Breaks site...
|
||||||
|
# try_files $fastcgi_script_name =404;
|
||||||
|
|
||||||
|
# Block httpoxy attacks. See https://httpoxy.org/ :
|
||||||
|
fastcgi_param HTTP_PROXY "";
|
||||||
|
|
||||||
|
# Bypass the fact that try_files resets $fastcgi_path_info
|
||||||
|
# see: http://trac.nginx.org/nginx/ticket/321
|
||||||
|
set $path_info $fastcgi_path_info;
|
||||||
|
fastcgi_param PATH_INFO $path_info;
|
||||||
|
|
||||||
|
# Do not diplay errors:
|
||||||
|
# fastcgi_intercept_errors on;
|
||||||
|
|
||||||
|
fastcgi_index index.php;
|
||||||
|
|
||||||
|
include fastcgi_params;
|
||||||
|
|
||||||
|
fastcgi_pass site:9000;
|
||||||
|
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,4 +1,4 @@
|
||||||
FROM wordpress:apache
|
FROM wordpress:{{ wordpress.version }}-fpm
|
||||||
|
|
||||||
RUN apt-get update; \
|
RUN apt-get update; \
|
||||||
apt-get install -y --no-install-recommends msmtp; \
|
apt-get install -y --no-install-recommends msmtp; \
|
||||||
|
@ -16,4 +16,7 @@ RUN echo "\
|
||||||
account default\n\
|
account default\n\
|
||||||
host {{ item.subnet_gateway_ip }}\n\
|
host {{ item.subnet_gateway_ip }}\n\
|
||||||
port 25\n\
|
port 25\n\
|
||||||
from php@{{ item.url }}\n" > /etc/msmtprc
|
from php@{{ item.url }}\n" > /etc/msmtprc
|
||||||
|
|
||||||
|
# Should be UID & GID=33
|
||||||
|
# USER www-data:www-data
|
Loading…
Reference in a new issue