From 4047894ab6e03d36a8fba9e683ad45af7ffa1a38 Mon Sep 17 00:00:00 2001
From: Jerry Vonau <jvonau3@gmail.com>
Date: Sun, 20 Oct 2019 06:38:59 -0500
Subject: [PATCH] nginx - group proxypass to apache together

---
 roles/elgg/tasks/main.yml                     |  6 ---
 roles/httpd/tasks/main.yml                    |  6 +--
 roles/lokole/tasks/install.yml                |  5 --
 roles/mediawiki/tasks/install.yml             |  6 ---
 roles/nextcloud/defaults/main.yml             |  1 -
 roles/nextcloud/tasks/enable_or_disable.yml   | 11 -----
 roles/nextcloud/tasks/main.yml                |  2 +-
 roles/nginx/tasks/main.yml                    | 47 +++++++++++++++++++
 .../{elgg => nginx}/templates/elgg-nginx.conf |  0
 .../templates/lokole-nginx.conf.j2            |  0
 .../templates/mediawiki-nginx.conf.j2         |  0
 .../templates/nextcloud-nginx.conf            |  0
 .../templates/nodered-nginx.conf.j2           |  0
 roles/{httpd => nginx}/templates/ports.conf   |  0
 .../templates/wordpress-nginx.conf            |  0
 roles/nodered/tasks/main.yml                  |  9 ----
 roles/wordpress/tasks/install.yml             | 12 -----
 17 files changed, 50 insertions(+), 55 deletions(-)
 rename roles/{elgg => nginx}/templates/elgg-nginx.conf (100%)
 rename roles/{lokole => nginx}/templates/lokole-nginx.conf.j2 (100%)
 rename roles/{mediawiki => nginx}/templates/mediawiki-nginx.conf.j2 (100%)
 rename roles/{nextcloud => nginx}/templates/nextcloud-nginx.conf (100%)
 rename roles/{nodered => nginx}/templates/nodered-nginx.conf.j2 (100%)
 rename roles/{httpd => nginx}/templates/ports.conf (100%)
 rename roles/{wordpress => nginx}/templates/wordpress-nginx.conf (100%)

diff --git a/roles/elgg/tasks/main.yml b/roles/elgg/tasks/main.yml
index a992fc184..6461ebca1 100644
--- a/roles/elgg/tasks/main.yml
+++ b/roles/elgg/tasks/main.yml
@@ -124,12 +124,6 @@
     src: elgg.conf
     dest: "/etc/{{ apache_config_dir }}/elgg.conf"
 
-- name: Install /etc/nginx/conf.d/elgg-nginx.conf from template, for http://box/elgg
-  template:
-    src: elgg-nginx.conf
-    dest: "/etc/nginx/conf.d/elgg-nginx.conf"
-  when: elgg_enabled and is_debuntu
-
 - name: Create symlink elgg.conf from sites-enabled to sites-available (debuntu, not nec for redhat)
   file:
     src: /etc/apache2/sites-available/elgg.conf
diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml
index 92122489a..669f5b6bd 100644
--- a/roles/httpd/tasks/main.yml
+++ b/roles/httpd/tasks/main.yml
@@ -66,12 +66,11 @@
   with_items:
     - { src: '010-iiab.conf.j2', dest: '/etc/{{ apache_config_dir }}/010-iiab.conf' }
     - { src: 'proxy_ajp.conf.j2', dest: '/etc/{{ apache_config_dir }}/proxy_ajp.conf' }
-    - { src: 'ports.conf' , dest: '/etc/{{ apache_service }}/' , mode: '0644' }
     #- { src: 'php.ini.j2', dest: '/etc/php.ini', mode: '0644' }    # @jvonau suggests removing this in https://github.com/iiab/iiab/issues/1147
 
 # For schools that use WordPress/Nextcloud/Moodle intensively.  iiab/iiab#1147
 # WARNING: Enabling this might cause excess use of RAM/disk or other resources!
-- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress and/or Moodle intensively
+- name: Enact high limits in /etc/php/{{ php_version }}/{{ apache_service }}/php.ini if using WordPress/Nextcloud/Moodle intensively
   lineinfile:
     path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini"
     regexp: "{{ item.regexp }}"
@@ -80,7 +79,7 @@
   with_items:
     - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M    ; default is 2M' }
     - { regexp: '^post_max_size', line: 'post_max_size = 500M    ; default is 8M' }
-    - { regexp: '^memory_limit', line: 'memory_limit = 256M    ; default is 128M' }
+    - { regexp: '^memory_limit', line: 'memory_limit = 256M    ; default is 128M / Nextcloud requests 512M' }
     - { regexp: '^max_execution_time', line: 'max_execution_time = 300    ; default is 30' }
     - { regexp: '^max_input_time', line: 'max_input_time = 300    ; default is 60' }
 
@@ -124,7 +123,6 @@
     - headers
     - proxy
     - proxy_html
-    - headers
     - proxy_http
     - rewrite
   when: is_debuntu | bool
diff --git a/roles/lokole/tasks/install.yml b/roles/lokole/tasks/install.yml
index 2b0f1e813..194472ac6 100644
--- a/roles/lokole/tasks/install.yml
+++ b/roles/lokole/tasks/install.yml
@@ -110,11 +110,6 @@
     src: lokole.conf.j2
     dest: "/etc/{{ apache_config_dir }}/lokole.conf"
 
-- name: Install /etc/nginx/lokole-nginx.conf from template, for http://box/lokole
-  template:
-    src: lokole-nginx.conf.j2
-    dest: "/etc/nginx/conf.d/lokole-nginx.conf"
-
 - name: Symlink /etc/apache2/sites-enabled/lokole.conf to /etc/{{ apache_config_dir }}/lokole.conf, if lokole_enabled (debuntu)
   file:
     src: "/etc/{{ apache_config_dir }}/lokole.conf"
diff --git a/roles/mediawiki/tasks/install.yml b/roles/mediawiki/tasks/install.yml
index 6c0da46c7..db90e1e6c 100644
--- a/roles/mediawiki/tasks/install.yml
+++ b/roles/mediawiki/tasks/install.yml
@@ -72,12 +72,6 @@
     state: link
   when: mediawiki_enabled and is_debuntu
 
-- name: Install nginx config file, if mediawiki_enabled (debuntu)
-  template:
-    src: mediawiki-nginx.conf.j2
-    dest: /etc/nginx/conf.d/mediawiki-nginx.conf
-  when: mediawiki_enabled and is_debuntu
-
 - name: Remove mediawiki.conf if not mediawiki_enabled (debuntu)
   file:
     path: /etc/apache2/sites-enabled/mediawiki.conf
diff --git a/roles/nextcloud/defaults/main.yml b/roles/nextcloud/defaults/main.yml
index b80d30be7..996567e4e 100644
--- a/roles/nextcloud/defaults/main.yml
+++ b/roles/nextcloud/defaults/main.yml
@@ -3,7 +3,6 @@
 
 # nextcloud_install: False
 # nextcloud_enabled: False
-nextcloud_force_install: False
 
 # nextcloud_allow_public_ips: False
 
diff --git a/roles/nextcloud/tasks/enable_or_disable.yml b/roles/nextcloud/tasks/enable_or_disable.yml
index fc1e3ae8a..ff753abf9 100644
--- a/roles/nextcloud/tasks/enable_or_disable.yml
+++ b/roles/nextcloud/tasks/enable_or_disable.yml
@@ -33,17 +33,6 @@
     state: absent
   when: not nextcloud_enabled and is_redhat
 
-- name: Enable the nginx proxying to apache
-  template: src=nextcloud-nginx.conf dest=/etc/nginx/conf.d/nextcloud-nginx.conf
-  when: nextcloud_enabled | bool
-
-- name: Restart apache, so it picks up the new aliases
-  service: name={{ apache_service }} state=restarted
-
-- name: Restart nnginx
-  service: name=nginx state=restarted
-  when: nginx_enabled | bool
-
 - name: Restart Apache, enabling/disabling http://box/nextcloud
   service:
     name: "{{ apache_service }}"
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
index b841bf5fa..13bd12b01 100644
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@@ -7,7 +7,7 @@
   #set_fact:
   #  nextcloud_force_install: True
   include_tasks: install.yml
-  when: (nextcloud_install and not nextcloud_page.stat.exists) or nextcloud_force_install
+  when: nextcloud_install and not nextcloud_page.stat.exists
 
 # - debug:
 #     var: nextcloud_force_install
diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml
index 6cbf698e5..bddf2f3b7 100644
--- a/roles/nginx/tasks/main.yml
+++ b/roles/nginx/tasks/main.yml
@@ -48,6 +48,53 @@
       name: uwsgi
       state: started
       enabled: True
+- name: Install ports.conf when nginx_enabled, from templates
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    owner: root
+    group: root
+    mode: 0644
+  with_items:
+    - { src: 'ports.conf' , dest: '/etc/{{ apache_service }}/' , mode: '0644' }
+  when: is_debuntu | bool and nginx_enabled | bool
+
+- name: Install /etc/nginx/conf.d/elgg-nginx.conf from template
+  template:
+    src: elgg-nginx.conf
+    dest: "/etc/nginx/conf.d/elgg-nginx.conf"
+  when: elgg_enabled | bool
+
+- name: Install /etc/nginx/lokole-nginx.conf from template
+  template:
+    src: lokole-nginx.conf.j2
+    dest: "/etc/nginx/conf.d/lokole-nginx.conf"
+  when: lokole_enabled | bool
+
+- name: Install MediaWiki's nginx conf.d file from template
+  template:
+    src: mediawiki-nginx.conf.j2
+    dest: /etc/nginx/conf.d/mediawiki-nginx.conf
+  when: mediawiki_enabled | bool
+
+- name: Install WordPress's nginx conf.d file from template
+  template: src=nextcloud-nginx.conf dest=/etc/nginx/conf.d/nextcloud-nginx.conf
+  when: nextcloud_enabled | bool
+
+- name: Install NodeRed's nginx conf.d file from template
+  template:
+    src: nodered-nginx.conf.j2
+    dest: /etc/nginx/conf.d/nodered-nginx.conf
+    owner: root
+    group: root
+    mode: 0666
+  when: nodered_enabled | bool
+
+- name: Install WordPress's nginx conf.d file from template
+  template:
+      src: wordpress-nginx.conf
+      dest: /etc/nginx/conf.d/
+  when: wordpress_enabled | bool
 
 - name: Make sure nginx picks up the config 
   service: 
diff --git a/roles/elgg/templates/elgg-nginx.conf b/roles/nginx/templates/elgg-nginx.conf
similarity index 100%
rename from roles/elgg/templates/elgg-nginx.conf
rename to roles/nginx/templates/elgg-nginx.conf
diff --git a/roles/lokole/templates/lokole-nginx.conf.j2 b/roles/nginx/templates/lokole-nginx.conf.j2
similarity index 100%
rename from roles/lokole/templates/lokole-nginx.conf.j2
rename to roles/nginx/templates/lokole-nginx.conf.j2
diff --git a/roles/mediawiki/templates/mediawiki-nginx.conf.j2 b/roles/nginx/templates/mediawiki-nginx.conf.j2
similarity index 100%
rename from roles/mediawiki/templates/mediawiki-nginx.conf.j2
rename to roles/nginx/templates/mediawiki-nginx.conf.j2
diff --git a/roles/nextcloud/templates/nextcloud-nginx.conf b/roles/nginx/templates/nextcloud-nginx.conf
similarity index 100%
rename from roles/nextcloud/templates/nextcloud-nginx.conf
rename to roles/nginx/templates/nextcloud-nginx.conf
diff --git a/roles/nodered/templates/nodered-nginx.conf.j2 b/roles/nginx/templates/nodered-nginx.conf.j2
similarity index 100%
rename from roles/nodered/templates/nodered-nginx.conf.j2
rename to roles/nginx/templates/nodered-nginx.conf.j2
diff --git a/roles/httpd/templates/ports.conf b/roles/nginx/templates/ports.conf
similarity index 100%
rename from roles/httpd/templates/ports.conf
rename to roles/nginx/templates/ports.conf
diff --git a/roles/wordpress/templates/wordpress-nginx.conf b/roles/nginx/templates/wordpress-nginx.conf
similarity index 100%
rename from roles/wordpress/templates/wordpress-nginx.conf
rename to roles/nginx/templates/wordpress-nginx.conf
diff --git a/roles/nodered/tasks/main.yml b/roles/nodered/tasks/main.yml
index 3f1fda91f..88ce8196d 100644
--- a/roles/nodered/tasks/main.yml
+++ b/roles/nodered/tasks/main.yml
@@ -171,15 +171,6 @@
     mode: 0666
   when: nodered_install | bool
 
-- name: Install nginx's conf.d file from template
-  template:
-    src: nodered-nginx.conf.j2
-    dest: /etc/nginx/conf.d/nodered-nginx.conf
-    owner: root
-    group: root
-    mode: 0666
-  when: nodered_install | bool
-
 - name: Create symlink nodered.conf from sites-enabled to sites-available, for short URL http://box/nodered (if nodered_enabled)
   file:
     src: /etc/apache2/sites-available/nodered.conf
diff --git a/roles/wordpress/tasks/install.yml b/roles/wordpress/tasks/install.yml
index 2c9c22d29..8da708789 100644
--- a/roles/wordpress/tasks/install.yml
+++ b/roles/wordpress/tasks/install.yml
@@ -118,18 +118,6 @@
     dest: "/etc/{{ apache_config_dir }}/wordpress.conf"
   when: apache_enabled
 
-- name: Copy the nginx location info
-  template: 
-      src: wordpress-nginx.conf 
-      dest: /etc/nginx/conf.d/
-  when: nginx_enabled
-
-- name: Notify nginx service of changes
-  service: 
-      name: nginx 
-      state: restarted
-  when: nginx_enabled
-
 - name: Create symlink wordpress.conf from sites-enabled to sites-available, if wordpress_enabled (debuntu)
   file:
     src: /etc/apache2/sites-available/wordpress.conf