mirror of
https://github.com/cgrates/cgrates.git
synced 2026-02-11 18:16:24 +05:00
Implement nginx role
This commit is contained in:
ionutboangiu
committed by
Dan Christian Bogos
Dan Christian Bogos
parent
bd68a65705
commit
9d964a3e4d
2
data/ansible/roles/nginx/defaults/main.yaml
Normal file
2
data/ansible/roles/nginx/defaults/main.yaml
Normal file
@@ -0,0 +1,2 @@
|
||||
---
|
||||
nginx_server_name: apt.cgrates.org
|
||||
37
data/ansible/roles/nginx/tasks/main.yaml
Normal file
37
data/ansible/roles/nginx/tasks/main.yaml
Normal file
@@ -0,0 +1,37 @@
|
||||
---
|
||||
- name: Add apt.cgrates.vhost in nginx
|
||||
template:
|
||||
src: nginx.conf.j2
|
||||
dest: "/etc/nginx/sites-available/{{ nginx_server_name }}.vhost"
|
||||
mode: '0600'
|
||||
owner: root
|
||||
register: nginx_config
|
||||
|
||||
- name: Create a symlink for apt.cgrates.org
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/{{ nginx_server_name }}.vhost"
|
||||
dest: "/etc/nginx/sites-enabled/{{ nginx_server_name }}.vhost"
|
||||
state: link
|
||||
|
||||
- name: Reload nginx configuration
|
||||
ansible.builtin.systemd:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
become: true
|
||||
when: nginx_config.changed
|
||||
|
||||
- name: Ensure nginx is started and enabled to start at boot
|
||||
ansible.builtin.systemd:
|
||||
name: nginx
|
||||
state: started
|
||||
enabled: yes
|
||||
become: true
|
||||
|
||||
# - name: Test Nginx configuration
|
||||
# command: nginx -t
|
||||
# register: result
|
||||
# ignore_errors: true
|
||||
|
||||
# - name: Report test results
|
||||
# debug:
|
||||
# msg: "{{ result.stdout }}"
|
||||
41
data/ansible/roles/nginx/templates/nginx.conf.j2
Normal file
41
data/ansible/roles/nginx/templates/nginx.conf.j2
Normal file
@@ -0,0 +1,41 @@
|
||||
user nginx nginx;
|
||||
worker_processes auto;
|
||||
error_log /var/log/nginx/error.log;
|
||||
pid /run/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
autoindex_localtime on;
|
||||
server_name {{ nginx_server_name }};
|
||||
|
||||
access_log /var/log/nginx/packages-error.log;
|
||||
error_log /var/log/nginx/packages-error.log;
|
||||
|
||||
root /var/packages;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
location / {
|
||||
index index.html;
|
||||
autoindex on;
|
||||
}
|
||||
|
||||
location ~ /(.*)/conf {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ /(.*)/db {
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user