This commit is contained in:
VC
@@ -1,17 +1,3 @@
|
|||||||
---
|
---
|
||||||
php_modules: ['opcache', 'mysql', 'mbstring', 'gd', 'intl', 'xml', 'bcmath', 'curl', 'imagick']
|
|
||||||
|
|
||||||
web_hostname:
|
web_hostname:
|
||||||
- host: sebicomics.com
|
- host: tamerelol.giteu.be
|
||||||
- host: www.sebicomics.com
|
|
||||||
|
|
||||||
mariadb_root_pass: !vault |
|
|
||||||
$ANSIBLE_VAULT;1.1;AES256
|
|
||||||
66613630653961396639336136333837343866646263353135303233383336356166663466623438
|
|
||||||
6438653832313536363631336363306337366165616561370a316466353535313164623934626563
|
|
||||||
65343238333661333765636131323962316637613036393366343161343162393337376232633432
|
|
||||||
3233653232353534370a393962663766623237313166333638343561306134663062333230333635
|
|
||||||
63343339363833626136646134353365393734346561613262633531386135366634
|
|
||||||
|
|
||||||
# 283M of base memory + 20MB/connection -> 1267M of RAM max
|
|
||||||
mariadb_max_connections: 50
|
|
||||||
|
|||||||
25
roles/nginx/tasks/letsencrypt.yml
Normal file
25
roles/nginx/tasks/letsencrypt.yml
Normal file
@@ -0,0 +1,25 @@
|
|||||||
|
---
|
||||||
|
|
||||||
|
- name: Generate certificate
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: "/etc/x509/acme.sh --issue --domain {{ item.host }} --webroot {{ nginx_letsencrypt_dir }}"
|
||||||
|
creates: "/etc/x509/{{ item.host }}*"
|
||||||
|
environment:
|
||||||
|
LE_WORKING_DIR: /etc/x509
|
||||||
|
|
||||||
|
- name: Get ecc certificate dir
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: "/etc/x509/{{ item.host }}_ecc/"
|
||||||
|
register: _nginx_x509_ecc_current_dir
|
||||||
|
|
||||||
|
- name: Move ecc certificate
|
||||||
|
ansible.builtin.copy:
|
||||||
|
remote_src: true
|
||||||
|
src: "/etc/x509/{{ item.host }}_ecc/"
|
||||||
|
dest: "/etc/x509/{{ item.host }}/"
|
||||||
|
when: _nginx_x509_ecc_current_dir.stat.exists
|
||||||
|
|
||||||
|
- name: Remove ecc certificate
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "/etc/x509/{{ item.host }}_ecc"
|
||||||
|
state: absent
|
||||||
@@ -41,5 +41,12 @@
|
|||||||
mode: 'u+rwx,g+rs,o-rwx'
|
mode: 'u+rwx,g+rs,o-rwx'
|
||||||
state: directory
|
state: directory
|
||||||
|
|
||||||
|
- name: Flush handlers
|
||||||
|
ansible.builtin.meta: flush_handlers
|
||||||
|
|
||||||
|
- name: Handle letsencrypt cert
|
||||||
|
ansible.builtin.include_tasks: letsencrypt.yml
|
||||||
|
loop: "{{ web_hostname }}"
|
||||||
|
|
||||||
- name: Include vhosts
|
- name: Include vhosts
|
||||||
ansible.builtin.include_tasks: vhosts.yml
|
ansible.builtin.include_tasks: vhosts.yml
|
||||||
|
|||||||
19
roles/nginx/templates/vhosts/tamerelol.giteu.be.conf.j2
Normal file
19
roles/nginx/templates/vhosts/tamerelol.giteu.be.conf.j2
Normal file
@@ -0,0 +1,19 @@
|
|||||||
|
server {
|
||||||
|
{% include './templates/header.conf.j2' %}
|
||||||
|
|
||||||
|
root /srv/http/analyse.nintendojo.fr/;
|
||||||
|
index index.html index.htm index.php;
|
||||||
|
|
||||||
|
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
|
||||||
|
expires 2w;
|
||||||
|
log_not_found off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.htaccess$ {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/tmp {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
}
|
||||||
Reference in New Issue
Block a user