Alan Orth
24ca33c605
roles/nginx: Disable rules for Yoast SEO
...
Not using Yoast anymore. Now using the much simpler SEO Framework:
https://github.com/sybrew/the-seo-framework
2016-06-02 11:03:35 +03:00
Alan Orth
1ed7d45c7f
roles/nginx: Fix comment about version numbers
2016-05-27 08:14:46 +03:00
Alan Orth
93451e6c5e
roles/nginx: Use mainline branch by default
...
Has all the good stuff:
http://nginx.org/en/CHANGES
2016-05-27 08:14:04 +03:00
Alan Orth
33f22b32a4
roles/common: Update sources for cron-apt
...
The system's apt configuration is using restricted and multiverse
so the security sources list should as well.
2016-05-05 12:16:37 +03:00
Alan Orth
6837b48fae
roles/nginx: Switch default version to 1.10.x (stable)
2016-04-27 15:05:19 +03:00
Alan Orth
447db17e33
roles/nginx: Update apt sources for Ubuntu now that nginx 1.10.0 is out
2016-04-27 15:04:17 +03:00
Alan Orth
81e6af8f2b
roles/nginx: Add IPv6 listener in default HTTPS vhost
2016-04-25 21:49:41 +03:00
Alan Orth
1ffc4eebc9
roles/nginx: Use default_server instead of default
...
Seems to be the new keyword for quite some time now, despite not
causing an error:
http://nginx.org/en/docs/http/server_names.html
2016-04-25 21:48:36 +03:00
Alan Orth
03519831cb
roles/nginx: Return HTTP 444 for requests to invalid hostnames
...
444 is a special nginx return code that means the request was
closed without a response, see:
http://nginx.org/en/docs/http/request_processing.html
2016-04-25 21:45:21 +03:00
Alan Orth
37b4809546
roles/nginx: Add IPv6 DNS resolvers for OCSP stapling
2016-04-25 13:25:05 +03:00
Alan Orth
cd77b088e9
Fix a few references to php5-fpm
...
Unless we really mean php5-fpm, let's just say php-fpm.
2016-04-25 12:33:12 +03:00
Alan Orth
6bf9aec64e
roles/php-fpm: Add some packages needed by Piwik on PHP7
2016-04-24 19:04:29 +03:00
Alan Orth
0bed8e4c0b
roles/nginx: Fix for path to PHP-FPM socket on Ubuntu 16.04
2016-04-22 18:19:30 +03:00
Alan Orth
4a99c73d62
roles/php-fpm: Add php.ini and pool.conf for PHP 7
2016-04-22 11:25:35 +03:00
Alan Orth
da63e67614
roles/php-fpm: Split up task for Debian and Ubuntu
...
Debian 8 and Ubuntu 16.04 use PHP 5.6 and 7.0, respectively, and
the php-fpm versions use slightly different configs and service
names.
2016-04-22 11:25:35 +03:00
Alan Orth
904bb9c094
roles/php-fpm: Rename tags from php5-fpm to php-fpm
2016-04-22 11:25:35 +03:00
Alan Orth
8d4ee6f430
Rename php5-fpm role to php-fpm
...
In Ubuntu 16.04 the package is now called just "php-fpm" and it
makes more sense to just have this role be called that.
2016-04-22 11:25:35 +03:00
Alan Orth
f90eff6b1a
roles/nginx: Update sources.list template for Ubuntu 16.04
...
Use Ubuntu 15.10 builds for now.
2016-04-22 11:25:35 +03:00
Alan Orth
419d0c7e9a
roles/mariadb: Remove old MariaDB sources.list
2016-04-22 11:25:35 +03:00
Alan Orth
35d0bee6cf
roles/mariadb: Use a template for sources
...
When you use the apt_repository module it adds a sources.list with
an annoying filename, and also it's just easier to use a template
when we have different distros/versions to support.
2016-04-22 11:25:35 +03:00
Alan Orth
a0bb4c2f57
roles/common: Add sshd_config for Ubuntu 16.04
2016-04-22 11:25:35 +03:00
Alan Orth
d265b522e8
roles/common: Update iptables for Ubuntu 16.04
...
Basically, anything after 15.04 is using firewalld.
2016-04-22 11:25:35 +03:00
Alan Orth
ad232a7a8b
roles/common: Remove old SSH key
2016-04-22 11:24:35 +03:00
Alan Orth
bedc820312
roles/mariadb: Manage /etc/mysql/my.cnf
...
Set some sane defaults and manage the config file with a template.
2016-04-22 10:08:32 +03:00
Alan Orth
ebf79c5b07
roles/nginx: Add missing nginx tag
...
The creation of the fastcgi cache dir is part of the nginx role and
should be labled as such. In situations where you only run nginx
tasks with `-t nginx` nginx will fail to start due to the missing
cache dir.
2016-04-15 12:29:35 +03:00
Alan Orth
c8d2783159
roles/php5-fpm: Update php.ini from latest upstream
...
Debian 8.4 shipped with a new php.ini. It's mostly just updates to
comments and default values.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-04-02 20:14:53 +03:00
Alan Orth
d50212c66c
roles/nginx: Remove extra semi colon in HSTS preload header
...
Google's preload check application pointed out that there was an
extra semi colon in the HTTP header:
$ hstspreload checkdomain alaninkenya.org
Warning:
1. Syntax warning: Header includes an empty directive or extra semicolon.
The tool can be downloaded here: https://github.com/chromium/hstspreload
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-31 13:35:44 +03:00
Alan Orth
fe6c733cae
roles/nginx: Turn on tcp_nopush in nginx.conf
...
It seems tcp_nopush is meant to be used with sendfile in newer
versions of nginx.
See: https://github.com/h5bp/server-configs-nginx/blob/master/nginx.conf
See: https://t37.net/nginx-optimization-understanding-sendfile-tcp_nodelay-and-tcp_nopush.html
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-14 00:07:35 +02:00
Alan Orth
250b196bf8
roles/nginx: Add comment for sendfile option
...
From: https://github.com/h5bp/server-configs-nginx/blob/master/nginx.conf
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-12 19:27:56 +02:00
Alan Orth
89bee2e6db
roles/nginx: Add comment for gzip_vary
...
From: https://github.com/h5bp/server-configs-nginx/blob/master/nginx.conf
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-12 19:25:57 +02:00
Alan Orth
27a3ee9651
roles/nginx: Add cache control header for SVG images
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-12 19:17:40 +02:00
Alan Orth
c6cc1f57bb
roles/nginx: Add image/svg+xml to gzip types
...
Google's PageSpeed Insights tool pointed out that the Genericons
in WordPress' Jetpack module could be compressed.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-12 19:16:23 +02:00
Alan Orth
926cdf58cf
roles/nginx: keepalive_timeout is in seconds
...
See: http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-12 19:02:57 +02:00
Alan Orth
6a3b8f0918
Update some bare variables in with_items loops to use Ansible 2.0 syntax
...
See: https://docs.ansible.com/ansible/porting_guide_2.0.html
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-11 18:53:07 +02:00
Alan Orth
869d7f6c7e
roles/php5-fpm: Disable always_populate_raw_post_data
...
Deprecated in PHP 5.6 and causes problems with Piwik. I'm not sure
if WordPress needs this, but I did find some references in its code
to $HTTP_RAW_POST_DATA.
See: https://secure.php.net/manual/en/migration56.deprecated.php#migration56.deprecated.raw-post-data
See: https://www.bram.us/2014/10/26/php-5-6-automatically-populating-http_raw_post_data-is-deprecated-and-will-be-removed-in-a-future-version/
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2016-03-11 18:50:32 +02:00
Alan Orth
43a7039dc9
roles/nginx: Remove "enable_https" config logic
...
Everything is HTTPS now, whether self-signed or otherwise, so it
doesn't make sense to have a config switch for this.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-10 00:38:53 +02:00
Alan Orth
940b2720da
Rename nginx_* variables underneath nginx_vhosts
...
It's just deduplication, since it's already obvious that the dict
is for nginx-related vars:
- nginx_domain_name→domain_name
- nginx_domain_aliases→domain_aliases
- nginx_enable_https→enable_https
- nginx_enable_hsts→enable_hsts
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-10 00:25:44 +02:00
Alan Orth
41547defb9
Finish moving logic and variables from nginx_tls_vhosts to nginx_vhosts
...
Everything is TLS now (whether self-signed or not), so it's pointless
to distinguish.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-10 00:14:47 +02:00
Alan Orth
7b9536838c
roles/nginx: Move nginx tls_vhosts.yml to vhosts.yml
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-09 23:56:50 +02:00
Alan Orth
dc5c09036c
Change pattern from nginx_tls_vhosts→nginx_vhosts
...
All hosts should have TLS now, whether self-signed "snakeoil" certs
or otherwise.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-09 23:54:18 +02:00
Alan Orth
27a4abfcfd
roles/nginx: Add comments about defaults in templates
...
It would be bettwe to set these defaults in the role's defaults, but
we can't because they exist in dicts for each of the host's sites.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-09 23:29:33 +02:00
Alan Orth
86ee36da77
roles/nginx: Clean up template spacing
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-09 23:25:38 +02:00
Alan Orth
a8005404f1
roles/nginx: Use more consistent naming for per-host nginx options
...
The `enable_https` option in host_vars becomes `nginx_enable_https`
to be more consistent with other nginx options used in host_vars.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-09 23:21:19 +02:00
Alan Orth
d80399d152
roles/php5-fpm: Increase memory allocation
...
I added another WordPress blog so I need more memory for caching
now. Eventually I wonder if I should deduplicate these somehow...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-08 21:08:34 +02:00
Alan Orth
805db6a9ef
roles/mariadb: Create utf8mb4 databases by default
...
This is better for supporting Unicode values in the database, see:
https://mathiasbynens.be/notes/mysql-utf8mb4
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-08 17:27:37 +02:00
Alan Orth
a7094e0964
roles/nginx: Adjust spacing in template
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-08 17:19:46 +02:00
Alan Orth
98afeddbbf
roles/nginx: Allow using self-signed TLS certs with dev hosts
...
Set `use_snakeoil_cert: 'yes'` in host_vars. This is good for dev
hosts where we don't have real domains or real certs. But everything
should have TLS.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-08 17:18:21 +02:00
Alan Orth
4507e20155
roles/nginx: Change owner/group of WordPress folder to nginx after cloning
...
Otherwise stuff like theme and plugin installs won't work.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-12-08 16:58:54 +02:00
Alan Orth
60c37821d6
roles/nginx: Only use Linode DNS resolvers for OCSP if it's a linode host
...
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-11-30 17:40:32 +02:00
Alan Orth
5f71991259
roles/common: Use httpredir.debian.org as default Debian mirror
...
Automatically uses the best mirror for your location, see:
http://httpredir.debian.org/demo.html
Should be much better than any hardcoded default for most hosts.
Signed-off-by: Alan Orth <alan.orth@gmail.com>
2015-11-30 09:34:16 +02:00