Add nginx to playbook
This commit is contained in:
parent
a378447e1d
commit
a23c96d9f8
3 changed files with 123 additions and 44 deletions
|
|
@ -11,7 +11,7 @@ rcvar="blog_enable"
|
||||||
|
|
||||||
load_rc_config $name
|
load_rc_config $name
|
||||||
: ${blog_enable="NO"}
|
: ${blog_enable="NO"}
|
||||||
: ${blog_listen_addr="0.0.0.0:8000"}
|
: ${blog_listen_addr="127.0.0.1:8000"}
|
||||||
|
|
||||||
pidfile="/var/run/${name}.pid"
|
pidfile="/var/run/${name}.pid"
|
||||||
logfile="/var/log/${name}.log"
|
logfile="/var/log/${name}.log"
|
||||||
|
|
|
||||||
59
ansible/nginx.conf
Normal file
59
ansible/nginx.conf
Normal file
|
|
@ -0,0 +1,59 @@
|
||||||
|
worker_processes 1;
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 1024;
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
include mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
keepalive_timeout 65;
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name localhost:80;
|
||||||
|
|
||||||
|
client_max_body_size 10M;
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_types
|
||||||
|
application/javascript
|
||||||
|
application/x-javascript
|
||||||
|
application/json
|
||||||
|
application/rss+xml
|
||||||
|
application/xml
|
||||||
|
image/svg+xml
|
||||||
|
image/x-icon
|
||||||
|
application/vnd.ms-fontobject
|
||||||
|
application/font-sfnt
|
||||||
|
text/css
|
||||||
|
text/plain;
|
||||||
|
gzip_min_length 256;
|
||||||
|
gzip_comp_level 5;
|
||||||
|
gzip_http_version 1.1;
|
||||||
|
gzip_vary on;
|
||||||
|
|
||||||
|
location /static/ {
|
||||||
|
alias /srv/blog/staticfiles/;
|
||||||
|
expires 30d;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /media/ {
|
||||||
|
alias /srv/blog/media/;
|
||||||
|
expires 30d;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_pass http://localhost:8000;
|
||||||
|
proxy_redirect off;
|
||||||
|
}
|
||||||
|
|
||||||
|
listen [::]:80;
|
||||||
|
listen 80;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -6,46 +6,66 @@
|
||||||
PATH: /root/.poetry/bin:{{ ansible_env.PATH }}
|
PATH: /root/.poetry/bin:{{ ansible_env.PATH }}
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: install dependencies
|
- name: install system dependencies
|
||||||
pkgng:
|
pkgng:
|
||||||
name: git,python38,py38-sqlite3,jpeg-turbo,nginx,curl,vim
|
name: git,python38,py38-sqlite3,jpeg-turbo,nginx,curl,vim
|
||||||
- name: make python3.8 default
|
- name: make python3.8 default
|
||||||
file:
|
file:
|
||||||
path: /usr/local/bin/python3
|
path: /usr/local/bin/python3
|
||||||
src: /usr/local/bin/python3.8
|
src: /usr/local/bin/python3.8
|
||||||
state: link
|
state: link
|
||||||
- name: fetch code
|
- name: fetch code
|
||||||
git:
|
git:
|
||||||
repo: https://git.sr.ht/~crocmagnon/blog
|
repo: https://git.sr.ht/~crocmagnon/blog
|
||||||
dest: /srv/blog
|
dest: /srv/blog
|
||||||
force: yes
|
force: yes
|
||||||
- name: install poetry
|
- name: install poetry
|
||||||
shell:
|
shell:
|
||||||
cmd: POETRY_VERSION=1.1.4 curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python
|
cmd: POETRY_VERSION=1.1.4 curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python
|
||||||
creates: /root/.poetry/bin/poetry
|
creates: /root/.poetry/bin/poetry
|
||||||
- name: create venv
|
- name: create venv
|
||||||
shell:
|
shell:
|
||||||
cmd: python -m venv /srv/blogvenv
|
cmd: python -m venv /srv/blogvenv
|
||||||
creates: /srv/blogvenv/bin/python
|
creates: /srv/blogvenv/bin/python
|
||||||
- name: install deps
|
- name: install python dependencies
|
||||||
shell:
|
shell:
|
||||||
chdir: /srv/blog
|
chdir: /srv/blog
|
||||||
cmd: . /srv/blogvenv/bin/activate && poetry install --remove-untracked
|
cmd: . /srv/blogvenv/bin/activate && poetry install --remove-untracked
|
||||||
- name: install service
|
- name: install service
|
||||||
copy:
|
copy:
|
||||||
remote_src: yes
|
remote_src: yes
|
||||||
src: /srv/blog/ansible/blog.service
|
src: /srv/blog/ansible/blog.service
|
||||||
dest: /usr/local/etc/rc.d/blog
|
dest: /usr/local/etc/rc.d/blog
|
||||||
owner: root
|
owner: root
|
||||||
group: wheel
|
group: wheel
|
||||||
mode: 0755
|
mode: 0755
|
||||||
- name: enable and restart blog service
|
- name: enable and restart blog service
|
||||||
service:
|
service:
|
||||||
name: blog
|
name: blog
|
||||||
state: restarted
|
state: restarted
|
||||||
enabled: yes
|
enabled: yes
|
||||||
# - name: enable nginx service
|
- name: backup old nginx conf
|
||||||
# service:
|
copy:
|
||||||
# name: nginx
|
remote_src: yes
|
||||||
# state: started
|
src: /usr/local/etc/nginx/nginx.conf
|
||||||
# enabled: yes
|
dest: /usr/local/etc/nginx/nginx.conf.BKP
|
||||||
|
- name: install nginx conf
|
||||||
|
copy:
|
||||||
|
remote_src: yes
|
||||||
|
src: /srv/blog/ansible/nginx.conf
|
||||||
|
dest: /usr/local/etc/nginx/nginx.conf
|
||||||
|
owner: root
|
||||||
|
group: wheel
|
||||||
|
mode: 0644
|
||||||
|
notify:
|
||||||
|
- restart nginx
|
||||||
|
- name: enable nginx service
|
||||||
|
service:
|
||||||
|
name: nginx
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
handlers:
|
||||||
|
- name: restart nginx
|
||||||
|
service:
|
||||||
|
name: nginx
|
||||||
|
state: restarted
|
||||||
|
|
|
||||||
Reference in a new issue