mirror of
https://github.com/iiab/iiab.git
synced 2025-03-09 15:40:17 +00:00
oversignts and corrections -- most now seem to work on rpi
This commit is contained in:
parent
4778ad5e3c
commit
cffb6afecc
23 changed files with 452 additions and 23 deletions
|
@ -119,6 +119,18 @@
|
||||||
# name: proxy_http
|
# name: proxy_http
|
||||||
|
|
||||||
- name: Start 'kolibri' systemd service, if kolibri_enabled
|
- name: Start 'kolibri' systemd service, if kolibri_enabled
|
||||||
|
template:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
mode: "{{ item.mode }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
with_items:
|
||||||
|
- { src: 'kolibri.service.j2', dest: '/etc/systemd/system/kolibri.service', mode: '0644' }
|
||||||
|
- { src: 'kolibri.conf.j2', dest: '/etc/apache2/sites-available/kolibri.conf', mode: '0644' }
|
||||||
|
- { src: 'kolibri-nginx.conf.j2', dest: '/etc/nginx/conf.d/kolibri-nginx.conf', mode: '0644' }
|
||||||
|
|
||||||
|
- name: Enable & (Re)Start kolibri service
|
||||||
systemd:
|
systemd:
|
||||||
name: kolibri
|
name: kolibri
|
||||||
state: started
|
state: started
|
||||||
|
|
9
roles/kolibri/templates/kolibri-nginx.conf.j2
Normal file
9
roles/kolibri/templates/kolibri-nginx.conf.j2
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
location /kolibri {
|
||||||
|
proxy_bind $server_addr;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Scheme $scheme;
|
||||||
|
proxy_set_header X-Script-Name /kolibri;
|
||||||
|
proxy_pass http://127.0.0.1:8009;
|
||||||
|
}
|
||||||
|
|
1
roles/nginx/defaults/main.yml
Normal file
1
roles/nginx/defaults/main.yml
Normal file
|
@ -0,0 +1 @@
|
||||||
|
nginx_log_dir: /var/log/nginx
|
21
roles/nginx/files/README.md
Normal file
21
roles/nginx/files/README.md
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
### Transition to NGINX
|
||||||
|
1. Initial testing strategy is to move nginx to port 80, and proxy everything to apache on port 8090-- creating a shim.
|
||||||
|
2. Without php available via fastcgi, any function at all for php based applications validates nginx.
|
||||||
|
3. Current state (7/15/19):
|
||||||
|
1. Principal functions migrated to nginx.
|
||||||
|
* Admin Console
|
||||||
|
* Awstats
|
||||||
|
* kiwix -- goes directly to port 3000
|
||||||
|
* kalite -- goes directly to port 8009
|
||||||
|
* calibre-web
|
||||||
|
* kolibri
|
||||||
|
* usb-lib
|
||||||
|
* maps
|
||||||
|
2. Still proxied to Apache
|
||||||
|
* mediawiki
|
||||||
|
* elgg
|
||||||
|
* nodered
|
||||||
|
* nextcloud
|
||||||
|
* wordpress
|
||||||
|
* moodle
|
||||||
|
* archive.org
|
62
roles/nginx/tasks/main.yml
Normal file
62
roles/nginx/tasks/main.yml
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
- name: Insure that apache2 is not running -- we may need port swap
|
||||||
|
service:
|
||||||
|
name: apache2
|
||||||
|
enabled: False
|
||||||
|
state: stopped
|
||||||
|
ignore_errors: True
|
||||||
|
|
||||||
|
- name: Install nginx required and helper packages
|
||||||
|
package: name={{ item }} state=present
|
||||||
|
with_items:
|
||||||
|
- nginx-extras
|
||||||
|
- uwsgi
|
||||||
|
- uwsgi-plugin-python
|
||||||
|
- php-fpm
|
||||||
|
- libnginx-mod-http-subs-filter
|
||||||
|
|
||||||
|
- name: Put the config file in place
|
||||||
|
template:
|
||||||
|
src: '{{ item.src}}'
|
||||||
|
dest: '{{ item.dest }}'
|
||||||
|
with_items:
|
||||||
|
- { src: "server.conf",dest: "/etc/nginx/" }
|
||||||
|
- { src: "nginx.conf",dest: "/etc/nginx/" }
|
||||||
|
- { src: "usb-lib.conf",dest: "/etc/nginx/conf.d/" }
|
||||||
|
- { src: "admin-console.ini",dest: "/etc/uwsgi/apps-enabled/" }
|
||||||
|
- { src: "uwsgi.unit",dest: "/etc/systemd/system/" }
|
||||||
|
# optional services
|
||||||
|
- { src: "kiwix.conf",dest: "/etc/nginx/conf.d/" }
|
||||||
|
|
||||||
|
- name: Add http server user to shadow group, so it can authenticate Admin Console
|
||||||
|
user:
|
||||||
|
name: "{{ apache_user }}"
|
||||||
|
groups: shadow
|
||||||
|
|
||||||
|
- name: Remove the nginx default config
|
||||||
|
file: path=/etc/nginx/sites-enabled/default state=absent
|
||||||
|
|
||||||
|
- name: Install config for Admin Console
|
||||||
|
template:
|
||||||
|
src: admin-console-nginx.conf
|
||||||
|
# Comment one or the other to revert from nginx back to apache2, if required
|
||||||
|
# src: admin-console-apache.conf
|
||||||
|
dest: /etc/nginx/conf.d/admin-console.conf
|
||||||
|
when: admin_console_enabled | bool
|
||||||
|
|
||||||
|
- name: Enable the uwsgi systemd service
|
||||||
|
service:
|
||||||
|
name: uwsgi
|
||||||
|
state: started
|
||||||
|
enabled: True
|
||||||
|
|
||||||
|
- name: Make sure nginx picks up the config
|
||||||
|
service:
|
||||||
|
name: nginx
|
||||||
|
state: restarted
|
||||||
|
when: nginx_enabled | bool
|
||||||
|
|
||||||
|
# it might not be installed yet, so ignore errors
|
||||||
|
- name: Since we stopped apache2, start it again
|
||||||
|
service: name=apache2 state=started enabled=True
|
||||||
|
when: apache_enabled | bool
|
||||||
|
ignore_errors: True
|
9
roles/nginx/templates/admin-console-apache.conf
Normal file
9
roles/nginx/templates/admin-console-apache.conf
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
location /admin {
|
||||||
|
proxy_pass http://127.0.0.1:{{ apache_port }}/admin;
|
||||||
|
}
|
||||||
|
location /cmd-service {
|
||||||
|
proxy_pass http://127.0.0.1:{{ apache_port }}/cmd-service;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
29
roles/nginx/templates/admin-console-nginx.conf
Normal file
29
roles/nginx/templates/admin-console-nginx.conf
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
location /admin {
|
||||||
|
# proxy_pass http://127.0.0.1:{{ apache_port }}/admin;
|
||||||
|
alias /opt/admin/console;
|
||||||
|
auth_pam "Secure zone";
|
||||||
|
auth_pam_service_name "nginx";
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ /admin/(.*)\.php$ {
|
||||||
|
alias /opt/admin/console/$1.php;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
fastcgi_pass php;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||||
|
include fastcgi_params;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /cmd-service {
|
||||||
|
# proxy_pass http://127.0.0.1:{{ apache_port }}/cmd-service;
|
||||||
|
include uwsgi_params;
|
||||||
|
uwsgi_pass unix:///tmp/admin-console.sock;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
8
roles/nginx/templates/admin-console.ini
Normal file
8
roles/nginx/templates/admin-console.ini
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
[uwsgi]
|
||||||
|
uid = www-data
|
||||||
|
gid = www-data
|
||||||
|
socket = /tmp/admin-console.sock
|
||||||
|
chdir = /opt/admin/console
|
||||||
|
wsgi-file = cmd-service.wsgi
|
||||||
|
master = true
|
||||||
|
plugins = python
|
59
roles/nginx/templates/kalite-nginx.conf
Normal file
59
roles/nginx/templates/kalite-nginx.conf
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
# NGINX configuration for KA Lite
|
||||||
|
#
|
||||||
|
# Upstream KA-Lite server uses port 7007
|
||||||
|
# Nginx proxy for KA-Lite uses port 8008
|
||||||
|
#
|
||||||
|
# If you want the website to be accessible at a different port, change
|
||||||
|
# PROXY_PORT = nnnn setting in /var/ka-lite/.kalite/settings.py
|
||||||
|
# and change the below accordingly.
|
||||||
|
|
||||||
|
|
||||||
|
upstream kalite {
|
||||||
|
server 127.0.0.1:7007;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
|
||||||
|
listen 8008;
|
||||||
|
|
||||||
|
# Default value, overwritten in nginx.d
|
||||||
|
set $kalite_home {{ kalite_root }};
|
||||||
|
include /etc/ka-lite/nginx.d/*.conf;
|
||||||
|
|
||||||
|
location /static {
|
||||||
|
alias $kalite_home/httpsrv/static/;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /media {
|
||||||
|
alias $kalite_home/httpsrv/media/;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /content {
|
||||||
|
alias $kalite_home/content/;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /favicon.ico {
|
||||||
|
empty_gif;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Scheme $scheme;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_pass http://kalite;
|
||||||
|
error_page 502 = @502;
|
||||||
|
}
|
||||||
|
|
||||||
|
location @502 {
|
||||||
|
types { }
|
||||||
|
default_type "text/html";
|
||||||
|
return 502 "
|
||||||
|
<BR>
|
||||||
|
<H1>KA-Lite might be busy - wait a few moments and then reload this page
|
||||||
|
<BR><BR>
|
||||||
|
<H2>If KA-Lite is still busy, get help from the system administrator
|
||||||
|
<H3>Error code: nginx 502 Bad Gateway (maybe the KA-Lite webserver is not working correctly)";
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
3
roles/nginx/templates/kiwix.conf
Normal file
3
roles/nginx/templates/kiwix.conf
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
location /kiwix {
|
||||||
|
proxy_pass http://127.0.0.1:3000;
|
||||||
|
}
|
80
roles/nginx/templates/nginx.conf
Normal file
80
roles/nginx/templates/nginx.conf
Normal file
|
@ -0,0 +1,80 @@
|
||||||
|
# IIAB notes: sites-enabled is for server declarations
|
||||||
|
# cond.d is for location declarations within the main server block
|
||||||
|
|
||||||
|
user www-data;
|
||||||
|
worker_processes auto;
|
||||||
|
pid /run/nginx.pid;
|
||||||
|
include /etc/nginx/modules-enabled/*.conf;
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 768;
|
||||||
|
# multi_accept on;
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
|
||||||
|
##
|
||||||
|
# Basic Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
tcp_nopush on;
|
||||||
|
tcp_nodelay on;
|
||||||
|
keepalive_timeout 65;
|
||||||
|
types_hash_max_size 2048;
|
||||||
|
# server_tokens off;
|
||||||
|
|
||||||
|
# server_names_hash_bucket_size 64;
|
||||||
|
# server_name_in_redirect off;
|
||||||
|
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type text/html;
|
||||||
|
|
||||||
|
##
|
||||||
|
# SSL Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
##
|
||||||
|
# Logging Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
access_log {{ apache_log_dir }}/access.log;
|
||||||
|
error_log {{ apache_log_dir }}/error.log;
|
||||||
|
log_format scripts '$request > $document_root$fastcgi_script_name $fastcgi_path_info';
|
||||||
|
|
||||||
|
|
||||||
|
##
|
||||||
|
# Gzip Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_disable "msie6";
|
||||||
|
|
||||||
|
# gzip_vary on;
|
||||||
|
# gzip_proxied any;
|
||||||
|
# gzip_comp_level 6;
|
||||||
|
# gzip_buffers 16 8k;
|
||||||
|
# gzip_http_version 1.1;
|
||||||
|
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||||
|
##
|
||||||
|
# Virtual Host Configs
|
||||||
|
##
|
||||||
|
|
||||||
|
|
||||||
|
# include a server file which in turn includes conf.d/*
|
||||||
|
include /etc/nginx/server.conf;
|
||||||
|
|
||||||
|
# include other sites
|
||||||
|
include /etc/nginx/sites-enabled/*.conf;
|
||||||
|
|
||||||
|
|
||||||
|
# define the upstream backend fastcgi for php
|
||||||
|
upstream php {
|
||||||
|
server unix:/run/php/php{{ php_version }}-fpm.sock;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
40
roles/nginx/templates/server.conf
Normal file
40
roles/nginx/templates/server.conf
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
server {
|
||||||
|
root {{ doc_root }};
|
||||||
|
server_name {{ iiab_hostname }};
|
||||||
|
listen 80;
|
||||||
|
|
||||||
|
access_log {{ apache_log_dir }}/access.log;
|
||||||
|
error_log {{ apache_log_dir }}/error.log;
|
||||||
|
access_log {{ apache_log_dir }}/scripts.log scripts;
|
||||||
|
|
||||||
|
index index.php index.html index.htm;
|
||||||
|
rewrite ^/$ $scheme://$server_addr/home/;
|
||||||
|
|
||||||
|
# let individual services drop location blocks in conf.d
|
||||||
|
include /etc/nginx/conf.d/*;
|
||||||
|
|
||||||
|
location ~ .*\.php$ {
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
fastcgi_pass php;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||||
|
include fastcgi_params;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /cgi-bin {
|
||||||
|
root /usr/lib;
|
||||||
|
}
|
||||||
|
|
||||||
|
# if you don't like seeing all the errors for missing favicon.ico in root
|
||||||
|
location = /favicon.ico { access_log off; log_not_found off; }
|
||||||
|
|
||||||
|
# if you don't like seeing errors for a missing robots.txt in root
|
||||||
|
location = /robots.txt { access_log off; log_not_found off; }
|
||||||
|
|
||||||
|
# this will prevent files like .htaccess .htpassword .secret etc from being served
|
||||||
|
location ~ /\. { deny all; }
|
||||||
|
}
|
7
roles/nginx/templates/usb-lib.conf
Normal file
7
roles/nginx/templates/usb-lib.conf
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
location /usb {
|
||||||
|
alias /library/www/html/local_content/;
|
||||||
|
autoindex on;
|
||||||
|
}
|
||||||
|
location /local_content/ {
|
||||||
|
autoindex on;
|
||||||
|
}
|
13
roles/nginx/templates/uwsgi.unit
Normal file
13
roles/nginx/templates/uwsgi.unit
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
Unit]
|
||||||
|
Description=uWSGI Service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
ExecStart=/usr/local/bin/uwsgi --ini /etc/uwsgi/admin_console_wsgi.ini
|
||||||
|
Restart=always
|
||||||
|
RestartSec=5
|
||||||
|
KillSignal=SIGQUIT
|
||||||
|
Type=notify
|
||||||
|
NotifyAccess=all
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
|
@ -171,6 +171,15 @@
|
||||||
mode: 0666
|
mode: 0666
|
||||||
when: nodered_install | bool
|
when: nodered_install | bool
|
||||||
|
|
||||||
|
- name: Install nginx's conf.d file from template
|
||||||
|
template:
|
||||||
|
src: nodered-nginx.conf.j2
|
||||||
|
dest: /etc/nginx/conf.d/nodered-nginx.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0666
|
||||||
|
when: nodered_install | bool
|
||||||
|
|
||||||
- name: Create symlink nodered.conf from sites-enabled to sites-available, for short URL http://box/nodered (if nodered_enabled)
|
- name: Create symlink nodered.conf from sites-enabled to sites-available, for short URL http://box/nodered (if nodered_enabled)
|
||||||
file:
|
file:
|
||||||
src: /etc/apache2/sites-available/nodered.conf
|
src: /etc/apache2/sites-available/nodered.conf
|
||||||
|
@ -187,6 +196,12 @@
|
||||||
when: not nodered_enabled
|
when: not nodered_enabled
|
||||||
|
|
||||||
# SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml
|
# SEE ALSO THE apache2_module SECTION IN roles/httpd/tasks/main.yml
|
||||||
|
- name: Remove symlink /etc/nginx/conf.d/nodered-nginx.conf (if not nodered_enabled)
|
||||||
|
file:
|
||||||
|
path: /etc/nginx/conf.d/nodered-nginx.conf
|
||||||
|
state: absent
|
||||||
|
when: not nodered_enabled
|
||||||
|
|
||||||
- name: Enable proxy_wstunnel apache2 module
|
- name: Enable proxy_wstunnel apache2 module
|
||||||
apache2_module:
|
apache2_module:
|
||||||
state: present
|
state: present
|
||||||
|
|
3
roles/nodered/templates/nodered-nginx.conf.j2
Normal file
3
roles/nodered/templates/nodered-nginx.conf.j2
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
location /nodered {
|
||||||
|
proxy_pass http://127.0.0.1:{{ apache_port }}/nodered;
|
||||||
|
}
|
|
@ -70,23 +70,17 @@
|
||||||
src: map_functions.js
|
src: map_functions.js
|
||||||
dest: '{{ vector_map_path }}/maplist/assets'
|
dest: '{{ vector_map_path }}/maplist/assets'
|
||||||
|
|
||||||
- name: Install /etc/{{ apache_config_dir }}/osm-vector-maps.conf from template
|
- name: Install /etc/nginx/conf.d/osm-vector-maps.conf from template
|
||||||
template:
|
template:
|
||||||
src: osm-vector-maps.conf
|
src: osm-vector-maps-nginx.conf
|
||||||
dest: "/etc/{{ apache_config_dir }}/osm-vector-maps.conf"
|
dest: "/etc/nginx/conf.d/osm-vector-maps-nginx.conf"
|
||||||
|
when: osm_vector_maps_enabled | bool
|
||||||
|
|
||||||
- name: Create symlink osm-vector-maps.conf from sites-enabled to sites-available (debuntu, not nec for redhat)
|
- name: Remove config /etc/nginx/conf,d/osm-vector-maps.conf (debuntu)
|
||||||
file:
|
file:
|
||||||
src: /etc/apache2/sites-available/osm-vector-maps.conf
|
path: /etc/nginx/conf.d/osm-vector-maps-nginx.conf
|
||||||
path: /etc/apache2/sites-enabled/osm-vector-maps.conf
|
|
||||||
state: link
|
|
||||||
when: osm_vector_maps_enabled and is_debuntu
|
|
||||||
|
|
||||||
- name: Remove symlink /etc/apache2/sites-enabled/osm-vector-maps.conf (debuntu)
|
|
||||||
file:
|
|
||||||
path: /etc/apache2/sites-enabled/osm-vector-maps.conf
|
|
||||||
state: absent
|
state: absent
|
||||||
when: not osm_vector_maps_enabled and is_debuntu
|
when: not osm_vector_maps_enabled | bool
|
||||||
|
|
||||||
#- name: Does the {{ vector_map_path }}/index.html redirect already exist?
|
#- name: Does the {{ vector_map_path }}/index.html redirect already exist?
|
||||||
# stat:
|
# stat:
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
# For downloadable regional vector tilesets
|
||||||
|
location /maps {
|
||||||
|
alias /library/www/osm-vector-maps;
|
||||||
|
}
|
||||||
|
location /osm-vector-maps {
|
||||||
|
alias /library/www/osm-vector-maps;
|
||||||
|
}
|
|
@ -138,7 +138,7 @@
|
||||||
|
|
||||||
# 5. CONFIG FILES
|
# 5. CONFIG FILES
|
||||||
|
|
||||||
- name: "Install from templates: sugarizer.service (systemd), sugarizer.conf (Apache)"
|
- name: "Install from templates: sugarizer.service (systemd), sugarizer-nginx.conf (nginx)"
|
||||||
template:
|
template:
|
||||||
src: "{{ item.src }}"
|
src: "{{ item.src }}"
|
||||||
dest: "{{ item.dest }}"
|
dest: "{{ item.dest }}"
|
||||||
|
@ -147,7 +147,7 @@
|
||||||
group: root
|
group: root
|
||||||
with_items:
|
with_items:
|
||||||
- { src: 'sugarizer.service', dest: '/etc/systemd/system/sugarizer.service' }
|
- { src: 'sugarizer.service', dest: '/etc/systemd/system/sugarizer.service' }
|
||||||
- { src: 'sugarizer.conf.j2', dest: '/etc/apache2/sites-available/sugarizer.conf' }
|
- { src: 'sugarizer-nginx.conf', dest: '/etc/nginx/conf.d/sugarizer-nginx.conf' }
|
||||||
#- { src: 'sugarizer.ini.j2', dest: '{{ iiab_base }}/sugarizer-server/env/sugarizer.ini' }
|
#- { src: 'sugarizer.ini.j2', dest: '{{ iiab_base }}/sugarizer-server/env/sugarizer.ini' }
|
||||||
#- { src: 'sugarizer.js', dest: '{{ iiab_base }}/sugarizer-server' }
|
#- { src: 'sugarizer.js', dest: '{{ iiab_base }}/sugarizer-server' }
|
||||||
|
|
||||||
|
@ -223,14 +223,7 @@
|
||||||
|
|
||||||
- name: Create symlink sugarizer.conf from sites-enabled to sites-available, for short URLs http://box/sugar & http://box/sugarizer (if sugarizer_enabled)
|
- name: Create symlink sugarizer.conf from sites-enabled to sites-available, for short URLs http://box/sugar & http://box/sugarizer (if sugarizer_enabled)
|
||||||
file:
|
file:
|
||||||
src: /etc/apache2/sites-available/sugarizer.conf
|
path: /etc/nginx/conf.d/sugarizer-nginx.conf
|
||||||
path: /etc/apache2/sites-enabled/sugarizer.conf
|
|
||||||
state: link
|
|
||||||
when: sugarizer_enabled and is_debuntu
|
|
||||||
|
|
||||||
- name: Remove symlink /etc/apache2/sites-enabled/sugarizer.conf (if not sugarizer_enabled)
|
|
||||||
file:
|
|
||||||
path: /etc/apache2/sites-enabled/sugarizer.conf
|
|
||||||
state: absent
|
state: absent
|
||||||
when: not sugarizer_enabled and is_debuntu
|
when: not sugarizer_enabled and is_debuntu
|
||||||
|
|
||||||
|
@ -277,6 +270,12 @@
|
||||||
# state: stopped
|
# state: stopped
|
||||||
# when: not sugarizer_enabled
|
# when: not sugarizer_enabled
|
||||||
|
|
||||||
|
- name: Restart nginx when enabled
|
||||||
|
service:
|
||||||
|
name: nginx
|
||||||
|
state: restarted
|
||||||
|
when: sugarizer_enabled and nginx_enabled
|
||||||
|
|
||||||
- name: Add 'sugarizer' variable values to {{ iiab_ini_file }}
|
- name: Add 'sugarizer' variable values to {{ iiab_ini_file }}
|
||||||
ini_file:
|
ini_file:
|
||||||
path: "{{ iiab_ini_file }}"
|
path: "{{ iiab_ini_file }}"
|
||||||
|
|
12
roles/sugarizer/templates/sugarizer-nginx.conf
Normal file
12
roles/sugarizer/templates/sugarizer-nginx.conf
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
# sugarizer_port is set to 8089 in /opt/iiab/iiab/vars/default_vars.yml
|
||||||
|
# If you need to change this, edit /etc/iiab/local_vars.yml prior to installing
|
||||||
|
|
||||||
|
|
||||||
|
location /sugarizer {
|
||||||
|
proxy_bind $server_addr;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Scheme $scheme;
|
||||||
|
proxy_set_header X-Script-Name /sugarizer;
|
||||||
|
proxy_pass http://127.0.0.1:8089;
|
||||||
|
}
|
|
@ -116,6 +116,19 @@
|
||||||
template:
|
template:
|
||||||
src: wordpress.conf.j2
|
src: wordpress.conf.j2
|
||||||
dest: "/etc/{{ apache_config_dir }}/wordpress.conf"
|
dest: "/etc/{{ apache_config_dir }}/wordpress.conf"
|
||||||
|
when: apache_enabled
|
||||||
|
|
||||||
|
- name: Copy the nginx location info
|
||||||
|
template:
|
||||||
|
src: wordpress-nginx.conf
|
||||||
|
dest: /etc/nginx/conf.d/
|
||||||
|
when: nginx_enabled
|
||||||
|
|
||||||
|
- name: Notify nginx service of changes
|
||||||
|
service:
|
||||||
|
name: nginx
|
||||||
|
state: restarted
|
||||||
|
when: nginx_enabled
|
||||||
|
|
||||||
- name: Create symlink wordpress.conf from sites-enabled to sites-available, if wordpress_enabled (debuntu)
|
- name: Create symlink wordpress.conf from sites-enabled to sites-available, if wordpress_enabled (debuntu)
|
||||||
file:
|
file:
|
||||||
|
|
11
roles/wordpress/templates/wordpress-nginx.conf
Normal file
11
roles/wordpress/templates/wordpress-nginx.conf
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
location /wordpress {
|
||||||
|
proxy_pass http://127.0.0.1:{{ apache_port }}/wordpress;
|
||||||
|
}
|
||||||
|
location ~ /wordpress/.*\.php$ {
|
||||||
|
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass http://127.0.0.1:{{ apache_port }};
|
||||||
|
|
||||||
|
}
|
|
@ -205,6 +205,10 @@ openvpn_server_real_ip: 3.89.148.185
|
||||||
openvpn_server_virtual_ip: 10.8.0.1
|
openvpn_server_virtual_ip: 10.8.0.1
|
||||||
openvpn_server_port: 1194
|
openvpn_server_port: 1194
|
||||||
|
|
||||||
|
# apache
|
||||||
|
apache_install: True
|
||||||
|
apache_enabled: True
|
||||||
|
allow_apache_sudo: False
|
||||||
# Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4.
|
# Some prefer 512MB for Zero W, others prefer 2048MB or higher for RPi 3 and 4.
|
||||||
# Please see recommendations at: https://itsfoss.com/swap-size/
|
# Please see recommendations at: https://itsfoss.com/swap-size/
|
||||||
pi_swap_file_size: 1024
|
pi_swap_file_size: 1024
|
||||||
|
@ -221,6 +225,24 @@ exFAT_enabled: True
|
||||||
|
|
||||||
|
|
||||||
# 3-BASE-SERVER
|
# 3-BASE-SERVER
|
||||||
|
# Variables fo Administrative Console
|
||||||
|
admin_console_install: True
|
||||||
|
admin_console_enabled: True
|
||||||
|
|
||||||
|
# variables related to introduction of nginx
|
||||||
|
# apache
|
||||||
|
apache_port: "8090"
|
||||||
|
apache_interface: "127.0.0.1"
|
||||||
|
apache_install: True
|
||||||
|
apache_enabled: True
|
||||||
|
# The following variable, if True, allows Admin Console to poweroff IIAB
|
||||||
|
allow_apache_sudo: False
|
||||||
|
|
||||||
|
nginx_port: "80"
|
||||||
|
nginx_interface: "0.0.0.0"
|
||||||
|
nginx_install: True
|
||||||
|
nginx_enabled: True
|
||||||
|
|
||||||
|
|
||||||
# See also Apache vars {default_language, language_priority} @ top of this file
|
# See also Apache vars {default_language, language_priority} @ top of this file
|
||||||
#
|
#
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue