From 6c781bb8b9b5dea1f3cdb75a6cbde2b9e8942e8c Mon Sep 17 00:00:00 2001 From: Dmitry Ilvokhin Date: Sat, 6 Jan 2024 18:53:54 +0000 Subject: Make nginx a role --- playbooks/web.yml | 4 +++ roles/nginx/files/nginx.conf | 55 +++++++++++++++++++++++++++++++++++ roles/nginx/files/nginx.logrotate | 12 ++++++++ roles/nginx/handlers/main.yml | 4 +++ roles/nginx/tasks/main.yml | 44 ++++++++++++++++++++++++++++ roles/web/files/nginx/nginx.conf | 55 ----------------------------------- roles/web/files/nginx/nginx.logrotate | 12 -------- roles/web/handlers/nginx.yml | 4 --- roles/web/tasks/nginx.yml | 40 ------------------------- 9 files changed, 119 insertions(+), 111 deletions(-) create mode 100644 playbooks/web.yml create mode 100644 roles/nginx/files/nginx.conf create mode 100644 roles/nginx/files/nginx.logrotate create mode 100644 roles/nginx/handlers/main.yml create mode 100644 roles/nginx/tasks/main.yml delete mode 100644 roles/web/files/nginx/nginx.conf delete mode 100644 roles/web/files/nginx/nginx.logrotate delete mode 100644 roles/web/handlers/nginx.yml delete mode 100644 roles/web/tasks/nginx.yml diff --git a/playbooks/web.yml b/playbooks/web.yml new file mode 100644 index 0000000..51a7a14 --- /dev/null +++ b/playbooks/web.yml @@ -0,0 +1,4 @@ +- name: Essential setup for all hosts + hosts: web + roles: + - { role: nginx } diff --git a/roles/nginx/files/nginx.conf b/roles/nginx/files/nginx.conf new file mode 100644 index 0000000..ce8302d --- /dev/null +++ b/roles/nginx/files/nginx.conf @@ -0,0 +1,55 @@ +# Run workers under http user. +user http; + +# Set number of worker processes to number of available CPU cores. +worker_processes 1; + +# Log errors in a separate file. +error_log /var/log/nginx/error.log; + +# Write a PID-file. +pid /run/nginx.pid; + + +events { + # Maximum number of simultaneous connections that can be opened by a worker + # process. + # worker_connections 512; +} + + +http { + include mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + # Use log_format defined above. + access_log /var/log/nginx/access.log main; + + # Enable use of sendfile. + sendfile on; + + # Set keepalive timeout to 65 seconds. + keepalive_timeout 65; + + # Set types_hash_max_size to 2048 to avoid warning in logs. + types_hash_max_size 4096; + + # Load configs for all enabled sites. + include /etc/nginx/sites-enabled/*; + + server { + # Listen on port 80 and become a default server. + listen 80; + listen [::]:80 default_server; + + # Serve as a default server block. + server_name _; + + # Redirect any non-matched request to default page. + return 301 https://ilvokhin.com$request_uri; + } +} diff --git a/roles/nginx/files/nginx.logrotate b/roles/nginx/files/nginx.logrotate new file mode 100644 index 0000000..da8ba47 --- /dev/null +++ b/roles/nginx/files/nginx.logrotate @@ -0,0 +1,12 @@ +/var/log/nginx/*log { + missingok + notifempty + create 640 http root + daily + rotate 14 + sharedscripts + compress + postrotate + test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid` + endscript +} diff --git a/roles/nginx/handlers/main.yml b/roles/nginx/handlers/main.yml new file mode 100644 index 0000000..c10ab50 --- /dev/null +++ b/roles/nginx/handlers/main.yml @@ -0,0 +1,4 @@ +- name: Reload nginx + ansible.builtin.service: + name: nginx + state: reloaded diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml new file mode 100644 index 0000000..82eb9ea --- /dev/null +++ b/roles/nginx/tasks/main.yml @@ -0,0 +1,44 @@ +- name: Install nginx + ansible.builtin.package: + name: + - nginx + state: present + +- name: Enable nginx systemd service + ansible.builtin.service: + name: nginx + enabled: yes + state: started + +- name: Setup sites directories to serve by nginx + ansible.builtin.file: + path: '{{ item }}' + state: directory + owner: root + group: root + mode: u+rw,g+r,o+r + loop: + - /etc/nginx/sites-available + - /etc/nginx/sites-enabled + +- name: Configure nginx + ansible.builtin.copy: + src: files/nginx.conf + dest: /etc/nginx/nginx.conf + owner: root + group: root + mode: u+rw,g+r,o+r + notify: + - Reload nginx + +- name: Install logrotate + ansible.builtin.include_role: + name: logrotate + +- name: Configure nginx logrotate + ansible.builtin.copy: + src: files/nginx.logrotate + dest: /etc/logrotate.d/nginx + owner: root + group: root + mode: u+rw,g+r,o+r diff --git a/roles/web/files/nginx/nginx.conf b/roles/web/files/nginx/nginx.conf deleted file mode 100644 index ce8302d..0000000 --- a/roles/web/files/nginx/nginx.conf +++ /dev/null @@ -1,55 +0,0 @@ -# Run workers under http user. -user http; - -# Set number of worker processes to number of available CPU cores. -worker_processes 1; - -# Log errors in a separate file. -error_log /var/log/nginx/error.log; - -# Write a PID-file. -pid /run/nginx.pid; - - -events { - # Maximum number of simultaneous connections that can be opened by a worker - # process. - # worker_connections 512; -} - - -http { - include mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - # Use log_format defined above. - access_log /var/log/nginx/access.log main; - - # Enable use of sendfile. - sendfile on; - - # Set keepalive timeout to 65 seconds. - keepalive_timeout 65; - - # Set types_hash_max_size to 2048 to avoid warning in logs. - types_hash_max_size 4096; - - # Load configs for all enabled sites. - include /etc/nginx/sites-enabled/*; - - server { - # Listen on port 80 and become a default server. - listen 80; - listen [::]:80 default_server; - - # Serve as a default server block. - server_name _; - - # Redirect any non-matched request to default page. - return 301 https://ilvokhin.com$request_uri; - } -} diff --git a/roles/web/files/nginx/nginx.logrotate b/roles/web/files/nginx/nginx.logrotate deleted file mode 100644 index da8ba47..0000000 --- a/roles/web/files/nginx/nginx.logrotate +++ /dev/null @@ -1,12 +0,0 @@ -/var/log/nginx/*log { - missingok - notifempty - create 640 http root - daily - rotate 14 - sharedscripts - compress - postrotate - test ! -r /run/nginx.pid || kill -USR1 `cat /run/nginx.pid` - endscript -} diff --git a/roles/web/handlers/nginx.yml b/roles/web/handlers/nginx.yml deleted file mode 100644 index c10ab50..0000000 --- a/roles/web/handlers/nginx.yml +++ /dev/null @@ -1,4 +0,0 @@ -- name: Reload nginx - ansible.builtin.service: - name: nginx - state: reloaded diff --git a/roles/web/tasks/nginx.yml b/roles/web/tasks/nginx.yml deleted file mode 100644 index 43f7058..0000000 --- a/roles/web/tasks/nginx.yml +++ /dev/null @@ -1,40 +0,0 @@ -- name: Install nginx - ansible.builtin.package: - name: - - nginx - state: present - -- name: Enable nginx systemd service - ansible.builtin.service: - name: nginx - enabled: yes - state: started - -- name: Setup sites directories to serve by nginx - ansible.builtin.file: - path: '{{ item }}' - state: directory - owner: root - group: root - mode: u+rw,g+r,o+r - loop: - - /etc/nginx/sites-available - - /etc/nginx/sites-enabled - -- name: Configure nginx - ansible.builtin.copy: - src: roles/web/files/nginx/nginx.conf - dest: /etc/nginx/nginx.conf - owner: root - group: root - mode: u+rw,g+r,o+r - notify: - - Reload nginx - -- name: Configure nginx logrotate - ansible.builtin.copy: - src: roles/web/files/nginx/nginx.logrotate - dest: /etc/logrotate.d/nginx - owner: root - group: root - mode: u+rw,g+r,o+r -- cgit v1.2.3-70-g09d2