diff --git a/data/ansible/rpm_packages/main.yaml b/data/ansible/rpm_packages/main.yaml index 3c5911401..08c8c0e8d 100644 --- a/data/ansible/rpm_packages/main.yaml +++ b/data/ansible/rpm_packages/main.yaml @@ -69,11 +69,13 @@ - git - nginx - rpm + - rpm-build - rpm-sign - createrepo - wget - gnupg2 - sshpass + - tar state: present ########################################################################################################################### ########################################################################################################################### @@ -90,17 +92,25 @@ state: directory - name: Check if /var/packages/yum/{{ cgrates_distribution }} directory exists + become: true + file: + path: /var/packages/yum/{{ cgrates_distribution }} + state: directory + + - name: Nginx on CentOS needs additional permissions become: true - file: - path: /var/packages/yum/{{ cgrates_distribution }} - state: directory + shell: "sudo chcon -t httpd_sys_content_t /var/packages/ -R" + + - name: Nginx on CentOS needs additional permissions2 + become: true + shell: "sudo chcon -t httpd_sys_rw_content_t /var/packages/ -R" - name: Generate GPG Key include: gpg.yaml - name: Check if NGINX needs to be configured become: true - shell: "ls /etc/nginx/conf.d/ | grep 'yum.cgrates.org.vhost.conf'" + shell: "ls /etc/nginx/ | grep 'nginx.conf.original'" ignore_errors: true register: nginxConfig @@ -328,7 +338,7 @@ become: yes file: src: /var/packages/rpm/{{ cgrates_distribution }}/{{ item }} - dest: /var/packages/rpm/{{ cgrates_distribution }}/cgrates_current.rpm" + dest: /var/packages/rpm/{{ cgrates_distribution }}/cgrates_current.rpm state: link with_items: "{{ hostvars['yum']['rmpFileName']['stdout_lines'] }}" when : cgrates_distribution == "nightly" or hostvars['yum']['gitTagVar'].stdout_lines|length > 0 diff --git a/data/ansible/rpm_packages/nginx.conf.j2 b/data/ansible/rpm_packages/nginx.conf.j2 index 3981b1bc3..b93bab6d3 100644 --- a/data/ansible/rpm_packages/nginx.conf.j2 +++ b/data/ansible/rpm_packages/nginx.conf.j2 @@ -1,21 +1,29 @@ -server { - listen 80; - server_name yum.cgrates.org; +user nginx nginx; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /run/nginx.pid; - access_log /var/log/nginx/packages-error.log; - error_log /var/log/nginx/packages-error.log; - - location / { - root /var/packages; - index index.html; - autoindex on; - } - - location ~ /(.*)/conf { - deny all; - } - - location ~ /(.*)/db { - deny all; - } +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + server { + listen 80; + server_name yum.cgrates.org; + + access_log /var/log/nginx/yum.cgrates.org_access.log; + error_log /var/log/nginx/yum.cgrates.org_error.log; + + root /var/packages; + + location / { + root /var/packages; + index index.html; + autoindex on; + } + } } diff --git a/data/ansible/rpm_packages/nginx.yaml b/data/ansible/rpm_packages/nginx.yaml index 7893e6f80..90dc90db2 100644 --- a/data/ansible/rpm_packages/nginx.yaml +++ b/data/ansible/rpm_packages/nginx.yaml @@ -1,13 +1,23 @@ --- -- name: Add yum.cgrates.vhost in nginx +- name: Rename the default nginx.conf to nginx.conf.original + become: true + shell: "sudo mv -v /etc/nginx/nginx.conf /etc/nginx/nginx.conf.original" + +- name: Add nginx.conf in nginx become: true template: src: nginx.conf.j2 - dest: "/etc/nginx/conf.d/yum.cgrates.org.vhost.conf" - mode: '0600' + dest: "/etc/nginx/nginx.conf" + mode: '0666' owner: "{{ rootUser }}" +- name: Allow nginx in firewall + become: true + shell: "sudo firewall-cmd --permanent --zone=public --add-service=https --add-service=http" +- name: Restart the firewall + become: true + shell: "sudo firewall-cmd --reload" - name: Restart the nginx so the change take effects become: true