1ffc4eebc9
roles/nginx: Use default_server instead of default
...
Seems to be the new keyword for quite some time now, despite not
causing an error:
http://nginx.org/en/docs/http/server_names.html
2016-04-25 21:48:36 +03:00
03519831cb
roles/nginx: Return HTTP 444 for requests to invalid hostnames
...
444 is a special nginx return code that means the request was
closed without a response, see:
http://nginx.org/en/docs/http/request_processing.html
2016-04-25 21:45:21 +03:00
37b4809546
roles/nginx: Add IPv6 DNS resolvers for OCSP stapling
2016-04-25 13:25:05 +03:00
cd77b088e9
Fix a few references to php5-fpm
...
Unless we really mean php5-fpm, let's just say php-fpm.
2016-04-25 12:33:12 +03:00
336ff4c2e5
Add web07
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-04-24 19:04:55 +03:00
6bf9aec64e
roles/php-fpm: Add some packages needed by Piwik on PHP7
2016-04-24 19:04:29 +03:00
0bed8e4c0b
roles/nginx: Fix for path to PHP-FPM socket on Ubuntu 16.04
2016-04-22 18:19:30 +03:00
4a99c73d62
roles/php-fpm: Add php.ini and pool.conf for PHP 7
2016-04-22 11:25:35 +03:00
da63e67614
roles/php-fpm: Split up task for Debian and Ubuntu
...
Debian 8 and Ubuntu 16.04 use PHP 5.6 and 7.0, respectively, and
the php-fpm versions use slightly different configs and service
names.
2016-04-22 11:25:35 +03:00
904bb9c094
roles/php-fpm: Rename tags from php5-fpm to php-fpm
2016-04-22 11:25:35 +03:00
8d4ee6f430
Rename php5-fpm role to php-fpm
...
In Ubuntu 16.04 the package is now called just "php-fpm" and it
makes more sense to just have this role be called that.
2016-04-22 11:25:35 +03:00
f90eff6b1a
roles/nginx: Update sources.list template for Ubuntu 16.04
...
Use Ubuntu 15.10 builds for now.
2016-04-22 11:25:35 +03:00
419d0c7e9a
roles/mariadb: Remove old MariaDB sources.list
2016-04-22 11:25:35 +03:00
35d0bee6cf
roles/mariadb: Use a template for sources
...
When you use the apt_repository module it adds a sources.list with
an annoying filename, and also it's just easier to use a template
when we have different distros/versions to support.
2016-04-22 11:25:35 +03:00
a0bb4c2f57
roles/common: Add sshd_config for Ubuntu 16.04
2016-04-22 11:25:35 +03:00
d265b522e8
roles/common: Update iptables for Ubuntu 16.04
...
Basically, anything after 15.04 is using firewalld.
2016-04-22 11:25:35 +03:00
ad232a7a8b
roles/common: Remove old SSH key
2016-04-22 11:24:35 +03:00
a107f44ee8
Merge pull request #25 from alanorth/maridb-template
...
roles/mariadb: Manage /etc/mysql/my.cnf
2016-04-22 10:11:48 +03:00
bedc820312
roles/mariadb: Manage /etc/mysql/my.cnf
...
Set some sane defaults and manage the config file with a template.
2016-04-22 10:08:32 +03:00
ebf79c5b07
roles/nginx: Add missing nginx tag
...
The creation of the fastcgi cache dir is part of the nginx role and
should be labled as such. In situations where you only run nginx
tasks with `-t nginx` nginx will fail to start due to the missing
cache dir.
2016-04-15 12:29:35 +03:00
fc66f8c354
host_vars/web06: Update WordPress to 4.5
2016-04-13 08:25:04 +03:00
c8d2783159
roles/php5-fpm: Update php.ini from latest upstream
...
Debian 8.4 shipped with a new php.ini. It's mostly just updates to
comments and default values.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-04-02 20:14:53 +03:00
d50212c66c
roles/nginx: Remove extra semi colon in HSTS preload header
...
Google's preload check application pointed out that there was an
extra semi colon in the HTTP header:
$ hstspreload checkdomain alaninkenya.org
Warning:
1. Syntax warning: Header includes an empty directive or extra semicolon.
The tool can be downloaded here: https://github.com/chromium/hstspreload
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-31 13:35:44 +03:00
fe6c733cae
roles/nginx: Turn on tcp_nopush in nginx.conf
...
It seems tcp_nopush is meant to be used with sendfile in newer
versions of nginx.
See: https://github.com/h5bp/server-configs-nginx/blob/master/nginx.conf
See: https://t37.net/nginx-optimization-understanding-sendfile-tcp_nodelay-and-tcp_nopush.html
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-14 00:07:35 +02:00
250b196bf8
roles/nginx: Add comment for sendfile option
...
From: https://github.com/h5bp/server-configs-nginx/blob/master/nginx.conf
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-12 19:27:56 +02:00
89bee2e6db
roles/nginx: Add comment for gzip_vary
...
From: https://github.com/h5bp/server-configs-nginx/blob/master/nginx.conf
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-12 19:25:57 +02:00
27a3ee9651
roles/nginx: Add cache control header for SVG images
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-12 19:17:40 +02:00
c6cc1f57bb
roles/nginx: Add image/svg+xml to gzip types
...
Google's PageSpeed Insights tool pointed out that the Genericons
in WordPress' Jetpack module could be compressed.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-12 19:16:23 +02:00
926cdf58cf
roles/nginx: keepalive_timeout is in seconds
...
See: http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-12 19:02:57 +02:00
b9a9d415f1
host_vars/web06: Add vars for new Piwik database
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-11 19:09:55 +02:00
6a3b8f0918
Update some bare variables in with_items loops to use Ansible 2.0 syntax
...
See: https://docs.ansible.com/ansible/porting_guide_2.0.html
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-11 18:53:07 +02:00
869d7f6c7e
roles/php5-fpm: Disable always_populate_raw_post_data
...
Deprecated in PHP 5.6 and causes problems with Piwik. I'm not sure
if WordPress needs this, but I did find some references in its code
to $HTTP_RAW_POST_DATA.
See: https://secure.php.net/manual/en/migration56.deprecated.php#migration56.deprecated.raw-post-data
See: https://www.bram.us/2014/10/26/php-5-6-automatically-populating-http_raw_post_data-is-deprecated-and-will-be-removed-in-a-future-version/
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-11 18:50:32 +02:00
c3dc5dc0aa
group_vars/all: Update TLS cipher suite to latest Mozilla "Intermediate" recommendations
...
See: https://wiki.mozilla.org/Security/Server_Side_TLS
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-08 12:45:58 +02:00
7d61262a76
README.md: Update copyright to 2016
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-02-27 18:45:36 +02:00
94abbc3cd0
README.md: Update playbook invocation for ansible become
...
See: https://docs.ansible.com/ansible/become.html
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-02-09 16:43:08 +02:00
237bf50ac7
host_vars/web06: Update to WordPress 4.4.2
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-02-04 18:17:19 +02:00
ee0621fc20
web.yml: sudo -> become for Ansible 2.0
...
Some language changed in Ansible 2.0.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-01-12 22:55:58 +02:00
2da8876caa
host_vars/web06: Update to WordPress 4.4.1
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-01-07 12:37:36 +02:00
65d4c28396
README.md: Grammar
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-10 00:44:14 +02:00
43a7039dc9
roles/nginx: Remove "enable_https" config logic
...
Everything is HTTPS now, whether self-signed or otherwise, so it
doesn't make sense to have a config switch for this.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-10 00:38:53 +02:00
940b2720da
Rename nginx_* variables underneath nginx_vhosts
...
It's just deduplication, since it's already obvious that the dict
is for nginx-related vars:
- nginx_domain_name→domain_name
- nginx_domain_aliases→domain_aliases
- nginx_enable_https→enable_https
- nginx_enable_hsts→enable_hsts
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-10 00:25:44 +02:00
41547defb9
Finish moving logic and variables from nginx_tls_vhosts to nginx_vhosts
...
Everything is TLS now (whether self-signed or not), so it's pointless
to distinguish.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-10 00:14:47 +02:00
7b9536838c
roles/nginx: Move nginx tls_vhosts.yml to vhosts.yml
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-09 23:56:50 +02:00
dc5c09036c
Change pattern from nginx_tls_vhosts→nginx_vhosts
...
All hosts should have TLS now, whether self-signed "snakeoil" certs
or otherwise.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-09 23:54:18 +02:00
27a4abfcfd
roles/nginx: Add comments about defaults in templates
...
It would be bettwe to set these defaults in the role's defaults, but
we can't because they exist in dicts for each of the host's sites.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-09 23:29:33 +02:00
86ee36da77
roles/nginx: Clean up template spacing
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-09 23:25:38 +02:00
a8005404f1
roles/nginx: Use more consistent naming for per-host nginx options
...
The `enable_https` option in host_vars becomes `nginx_enable_https`
to be more consistent with other nginx options used in host_vars.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-09 23:21:19 +02:00
1701937006
host_vars/web06: Update to WordPress 4.4
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-09 11:00:51 +02:00
178d633794
host_vars/web06: Add HSTS to englishbulgaria.net
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-08 22:42:41 +02:00
d80399d152
roles/php5-fpm: Increase memory allocation
...
I added another WordPress blog so I need more memory for caching
now. Eventually I wonder if I should deduplicate these somehow...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-08 21:08:34 +02:00