alanorth
/
ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
287 Commits 2 Branches 0 Tags 4.5 MiB
Commit Graph

192 Commits

Author SHA1 Message Date
Alan Orth 24ca33c605
roles/nginx: Disable rules for Yoast SEO 
Not using Yoast anymore. Now using the much simpler SEO Framework:

https://github.com/sybrew/the-seo-framework
 2016-06-02 11:03:35 +03:00
Alan Orth 1ed7d45c7f
roles/nginx: Fix comment about version numbers 2016-05-27 08:14:46 +03:00
Alan Orth 93451e6c5e
roles/nginx: Use mainline branch by default 
Has all the good stuff:

    http://nginx.org/en/CHANGES
 2016-05-27 08:14:04 +03:00
Alan Orth 33f22b32a4
roles/common: Update sources for cron-apt 
The system's apt configuration is using restricted and multiverse
so the security sources list should as well.
 2016-05-05 12:16:37 +03:00
Alan Orth 6837b48fae
roles/nginx: Switch default version to 1.10.x (stable) 2016-04-27 15:05:19 +03:00
Alan Orth 447db17e33
roles/nginx: Update apt sources for Ubuntu now that nginx 1.10.0 is out 2016-04-27 15:04:17 +03:00
Alan Orth 81e6af8f2b
roles/nginx: Add IPv6 listener in default HTTPS vhost 2016-04-25 21:49:41 +03:00
Alan Orth 1ffc4eebc9
roles/nginx: Use default_server instead of default 
Seems to be the new keyword for quite some time now, despite not
causing an error:

    http://nginx.org/en/docs/http/server_names.html
 2016-04-25 21:48:36 +03:00
Alan Orth 03519831cb
roles/nginx: Return HTTP 444 for requests to invalid hostnames 
444 is a special nginx return code that means the request was
closed without a response, see:

    http://nginx.org/en/docs/http/request_processing.html
 2016-04-25 21:45:21 +03:00
Alan Orth 37b4809546 roles/nginx: Add IPv6 DNS resolvers for OCSP stapling 2016-04-25 13:25:05 +03:00
Alan Orth cd77b088e9
Fix a few references to php5-fpm 
Unless we really mean php5-fpm, let's just say php-fpm.
 2016-04-25 12:33:12 +03:00
Alan Orth 6bf9aec64e
roles/php-fpm: Add some packages needed by Piwik on PHP7 2016-04-24 19:04:29 +03:00
Alan Orth 0bed8e4c0b
roles/nginx: Fix for path to PHP-FPM socket on Ubuntu 16.04 2016-04-22 18:19:30 +03:00
Alan Orth 4a99c73d62 roles/php-fpm: Add php.ini and pool.conf for PHP 7 2016-04-22 11:25:35 +03:00
Alan Orth da63e67614 roles/php-fpm: Split up task for Debian and Ubuntu 
Debian 8 and Ubuntu 16.04 use PHP 5.6 and 7.0, respectively, and
the php-fpm versions use slightly different configs and service
names.
 2016-04-22 11:25:35 +03:00
Alan Orth 904bb9c094 roles/php-fpm: Rename tags from php5-fpm to php-fpm 2016-04-22 11:25:35 +03:00
Alan Orth 8d4ee6f430 Rename php5-fpm role to php-fpm 
In Ubuntu 16.04 the package is now called just "php-fpm" and it
makes more sense to just have this role be called that.
 2016-04-22 11:25:35 +03:00
Alan Orth f90eff6b1a roles/nginx: Update sources.list template for Ubuntu 16.04 
Use Ubuntu 15.10 builds for now.
 2016-04-22 11:25:35 +03:00
Alan Orth 419d0c7e9a roles/mariadb: Remove old MariaDB sources.list 2016-04-22 11:25:35 +03:00
Alan Orth 35d0bee6cf roles/mariadb: Use a template for sources 
When you use the apt_repository module it adds a sources.list with
an annoying filename, and also it's just easier to use a template
when we have different distros/versions to support.
 2016-04-22 11:25:35 +03:00
Alan Orth a0bb4c2f57 roles/common: Add sshd_config for Ubuntu 16.04 2016-04-22 11:25:35 +03:00
Alan Orth d265b522e8 roles/common: Update iptables for Ubuntu 16.04 
Basically, anything after 15.04 is using firewalld.
 2016-04-22 11:25:35 +03:00
Alan Orth ad232a7a8b
roles/common: Remove old SSH key 2016-04-22 11:24:35 +03:00
Alan Orth bedc820312
roles/mariadb: Manage /etc/mysql/my.cnf 
Set some sane defaults and manage the config file with a template.
 2016-04-22 10:08:32 +03:00
Alan Orth ebf79c5b07
roles/nginx: Add missing nginx tag 
The creation of the fastcgi cache dir is part of the nginx role and
should be labled as such. In situations where you only run nginx
tasks with `-t nginx` nginx will fail to start due to the missing
cache dir.
 2016-04-15 12:29:35 +03:00
Alan Orth c8d2783159
roles/php5-fpm: Update php.ini from latest upstream 
Debian 8.4 shipped with a new php.ini. It's mostly just updates to
comments and default values.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2016-04-02 20:14:53 +03:00
Alan Orth d50212c66c roles/nginx: Remove extra semi colon in HSTS preload header 
Google's preload check application pointed out that there was an
extra semi colon in the HTTP header:

    $ hstspreload checkdomain alaninkenya.org

    Warning:

    1. Syntax warning: Header includes an empty directive or extra semicolon.

The tool can be downloaded here: https://github.com/chromium/hstspreload

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2016-03-31 13:35:44 +03:00
Alan Orth fe6c733cae
roles/nginx: Turn on tcp_nopush in nginx.conf 
It seems tcp_nopush is meant to be used with sendfile in newer
versions of nginx.

See: https://github.com/h5bp/server-configs-nginx/blob/master/nginx.conf
See: https://t37.net/nginx-optimization-understanding-sendfile-tcp_nodelay-and-tcp_nopush.html

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2016-03-14 00:07:35 +02:00
Alan Orth 250b196bf8
roles/nginx: Add comment for sendfile option 
From: https://github.com/h5bp/server-configs-nginx/blob/master/nginx.conf

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2016-03-12 19:27:56 +02:00
Alan Orth 89bee2e6db
roles/nginx: Add comment for gzip_vary 
From: https://github.com/h5bp/server-configs-nginx/blob/master/nginx.conf

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2016-03-12 19:25:57 +02:00
Alan Orth 27a3ee9651
roles/nginx: Add cache control header for SVG images 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2016-03-12 19:17:40 +02:00
Alan Orth c6cc1f57bb
roles/nginx: Add image/svg+xml to gzip types 
Google's PageSpeed Insights tool pointed out that the Genericons
in WordPress' Jetpack module could be compressed.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2016-03-12 19:16:23 +02:00
Alan Orth 926cdf58cf
roles/nginx: keepalive_timeout is in seconds 
See: http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2016-03-12 19:02:57 +02:00
Alan Orth 6a3b8f0918
Update some bare variables in with_items loops to use Ansible 2.0 syntax 
See: https://docs.ansible.com/ansible/porting_guide_2.0.html

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2016-03-11 18:53:07 +02:00
Alan Orth 869d7f6c7e
roles/php5-fpm: Disable always_populate_raw_post_data 
Deprecated in PHP 5.6 and causes problems with Piwik. I'm not sure
if WordPress needs this, but I did find some references in its code
to $HTTP_RAW_POST_DATA.

See: https://secure.php.net/manual/en/migration56.deprecated.php#migration56.deprecated.raw-post-data
See: https://www.bram.us/2014/10/26/php-5-6-automatically-populating-http_raw_post_data-is-deprecated-and-will-be-removed-in-a-future-version/

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2016-03-11 18:50:32 +02:00
Alan Orth 43a7039dc9
roles/nginx: Remove "enable_https" config logic 
Everything is HTTPS now, whether self-signed or otherwise, so it
doesn't make sense to have a config switch for this.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-12-10 00:38:53 +02:00
Alan Orth 940b2720da
Rename nginx_* variables underneath nginx_vhosts 
It's just deduplication, since it's already obvious that the dict
is for nginx-related vars:

    - nginx_domain_name→domain_name
    - nginx_domain_aliases→domain_aliases
    - nginx_enable_https→enable_https
    - nginx_enable_hsts→enable_hsts

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-12-10 00:25:44 +02:00
Alan Orth 41547defb9
Finish moving logic and variables from nginx_tls_vhosts to nginx_vhosts 
Everything is TLS now (whether self-signed or not), so it's pointless
to distinguish.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-12-10 00:14:47 +02:00
Alan Orth 7b9536838c
roles/nginx: Move nginx tls_vhosts.yml to vhosts.yml 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-12-09 23:56:50 +02:00
Alan Orth dc5c09036c
Change pattern from nginx_tls_vhosts→nginx_vhosts 
All hosts should have TLS now, whether self-signed "snakeoil" certs
or otherwise.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-12-09 23:54:18 +02:00
Alan Orth 27a4abfcfd
roles/nginx: Add comments about defaults in templates 
It would be bettwe to set these defaults in the role's defaults, but
we can't because they exist in dicts for each of the host's sites.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-12-09 23:29:33 +02:00
Alan Orth 86ee36da77
roles/nginx: Clean up template spacing 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-12-09 23:25:38 +02:00
Alan Orth a8005404f1
roles/nginx: Use more consistent naming for per-host nginx options 
The `enable_https` option in host_vars becomes `nginx_enable_https`
to be more consistent with other nginx options used in host_vars.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-12-09 23:21:19 +02:00
Alan Orth d80399d152
roles/php5-fpm: Increase memory allocation 
I added another WordPress blog so I need more memory for caching
now. Eventually I wonder if I should deduplicate these somehow...

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-12-08 21:08:34 +02:00
Alan Orth 805db6a9ef
roles/mariadb: Create utf8mb4 databases by default 
This is better for supporting Unicode values in the database, see:

https://mathiasbynens.be/notes/mysql-utf8mb4

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-12-08 17:27:37 +02:00
Alan Orth a7094e0964
roles/nginx: Adjust spacing in template 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-12-08 17:19:46 +02:00
Alan Orth 98afeddbbf
roles/nginx: Allow using self-signed TLS certs with dev hosts 
Set `use_snakeoil_cert: 'yes'` in host_vars. This is good for dev
hosts where we don't have real domains or real certs. But everything
should have TLS.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-12-08 17:18:21 +02:00
Alan Orth 4507e20155 roles/nginx: Change owner/group of WordPress folder to nginx after cloning 
Otherwise stuff like theme and plugin installs won't work.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-12-08 16:58:54 +02:00
Alan Orth 60c37821d6
roles/nginx: Only use Linode DNS resolvers for OCSP if it's a linode host 
Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-11-30 17:40:32 +02:00
Alan Orth 5f71991259
roles/common: Use httpredir.debian.org as default Debian mirror 
Automatically uses the best mirror for your location, see:

    http://httpredir.debian.org/demo.html

Should be much better than any hardcoded default for most hosts.

Signed-off-by: Alan Orth <alan.orth@gmail.com>
 2015-11-30 09:34:16 +02:00