diff options
Diffstat (limited to 'roles/web')
| -rw-r--r-- | roles/web/files/nginx.conf | 55 | ||||
| -rw-r--r-- | roles/web/handlers/main.yml | 1 | ||||
| -rw-r--r-- | roles/web/handlers/nginx.yml | 4 | ||||
| -rw-r--r-- | roles/web/tasks/main.yml | 1 | ||||
| -rw-r--r-- | roles/web/tasks/nginx.yml | 34 |
5 files changed, 95 insertions, 0 deletions
diff --git a/roles/web/files/nginx.conf b/roles/web/files/nginx.conf new file mode 100644 index 0000000..ce8302d --- /dev/null +++ b/roles/web/files/nginx.conf @@ -0,0 +1,55 @@ +# Run workers under http user. +user http; + +# Set number of worker processes to number of available CPU cores. +worker_processes 1; + +# Log errors in a separate file. +error_log /var/log/nginx/error.log; + +# Write a PID-file. +pid /run/nginx.pid; + + +events { + # Maximum number of simultaneous connections that can be opened by a worker + # process. + # worker_connections 512; +} + + +http { + include mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + # Use log_format defined above. + access_log /var/log/nginx/access.log main; + + # Enable use of sendfile. + sendfile on; + + # Set keepalive timeout to 65 seconds. + keepalive_timeout 65; + + # Set types_hash_max_size to 2048 to avoid warning in logs. + types_hash_max_size 4096; + + # Load configs for all enabled sites. + include /etc/nginx/sites-enabled/*; + + server { + # Listen on port 80 and become a default server. + listen 80; + listen [::]:80 default_server; + + # Serve as a default server block. + server_name _; + + # Redirect any non-matched request to default page. + return 301 https://ilvokhin.com$request_uri; + } +} diff --git a/roles/web/handlers/main.yml b/roles/web/handlers/main.yml new file mode 100644 index 0000000..58b30be --- /dev/null +++ b/roles/web/handlers/main.yml @@ -0,0 +1 @@ +- ansible.builtin.import_tasks: roles/web/handlers/nginx.yml diff --git a/roles/web/handlers/nginx.yml b/roles/web/handlers/nginx.yml new file mode 100644 index 0000000..c10ab50 --- /dev/null +++ b/roles/web/handlers/nginx.yml @@ -0,0 +1,4 @@ +- name: Reload nginx + ansible.builtin.service: + name: nginx + state: reloaded diff --git a/roles/web/tasks/main.yml b/roles/web/tasks/main.yml new file mode 100644 index 0000000..8fa22b1 --- /dev/null +++ b/roles/web/tasks/main.yml @@ -0,0 +1 @@ +- ansible.builtin.import_tasks: roles/web/tasks/nginx.yml diff --git a/roles/web/tasks/nginx.yml b/roles/web/tasks/nginx.yml new file mode 100644 index 0000000..6348b24 --- /dev/null +++ b/roles/web/tasks/nginx.yml @@ -0,0 +1,34 @@ +- name: Install nginx + ansible.builtin.package: + name: + - nginx + state: present + +- name: Enable nginx systemd unit + ansible.builtin.service: + name: nginx + enabled: yes + state: started + +- name: Setup sites directories to serve by nginx + ansible.builtin.file: + path: '{{ item }}' + state: directory + owner: root + group: root + mode: u+rw,g+r,o+r + loop: + - /etc/nginx/sites-available + - /etc/nginx/sites-enabled + +- name: Configure nginx + ansible.builtin.copy: + src: roles/web/files/nginx.conf + dest: /etc/nginx/nginx.conf + owner: root + group: root + mode: u+rw,g+,o+r + notify: + - Reload nginx + +# TODO: logrotate |