Compare commits
9 Commits
85323d789c
...
0421807e4d
Author | SHA1 | Date | |
---|---|---|---|
0421807e4d | |||
d5eed5055e | |||
f8752bb3e7 | |||
170e591701 | |||
8d6c3c57c3 | |||
79b29f0c51 | |||
a4acc85704 | |||
f7b9aa67f5 | |||
0a39c4f0ef |
@ -4,7 +4,7 @@ Ansible playbook for base and initial configuration of the web server hosting my
|
||||
## Assumptions
|
||||
Before you can run this, a few things are assumed:
|
||||
|
||||
- You have a clean, minimal Ubuntu 18.04, Debian 10, or Ubuntu 20.04 host up and running
|
||||
- You have a clean, minimal Ubuntu 18.04/20.04 or Debian 10/11 host up and running
|
||||
- Python 3 is installed on the remote server (requirement of Ansible)
|
||||
- You have a user account with password-less SSH access to the machine
|
||||
- You have sudo privileges on the remote host
|
||||
|
85
host_vars/web23
Normal file
85
host_vars/web23
Normal file
@ -0,0 +1,85 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
34643866316432643663656661633339313239653763623430356538363761393162626338336433
|
||||
6535353761396539323630396230316637363536396631350a343338396638613636396364323762
|
||||
62306431363961393937633033373963623064333363633034623430613031383032363562663536
|
||||
3566646634303639340a366236343164666563366130636433383832656563376463333431303861
|
||||
34323164323161303762616164366632663761626665323832366166386166636130383830633065
|
||||
64646563396264303035636661663162393332613661663564316466313363656263646533633861
|
||||
30366136316131643734356431633064373062613539643937626539373536666663646331643862
|
||||
39366666386438373335396136616662346230363631326465373065333633313638303564336165
|
||||
62323164373933396166363236396461623432363931636637613235636663613432636136616664
|
||||
64643130373337353936663863356363653630633033343538623133616662386430343632303031
|
||||
61386331346561346138643735393162616135633333343135653238366533663733626361656666
|
||||
61616130313031646365613638633463353861353935623562646666393733656266643834396361
|
||||
38333363633162636561323331646262643139643135666261343364333634613138343431623637
|
||||
39383635393565656139666535386336616165623333386266383431663936313034393439626234
|
||||
30386263323630303563613334393538306430396537613436613264646664616261323336366432
|
||||
62333061333730393064666131346339623061306637633261333635336233363831353662653437
|
||||
33626333333130386161323038333465613737393835656632346436396361383761303865333339
|
||||
36613062353630316633336464336463633230633762366663396463303234343266323233326165
|
||||
30303637353163613464633930336463326535623662636638643066333733623032353564393164
|
||||
66363732393438393462353034626363636664316464356432363235366134326261326335306462
|
||||
61623330656538633364373561336436353362303638356539393031336531396139343539353936
|
||||
66323332336235393162376436346330386537336239636434346565386565373365343462323164
|
||||
63373462313861653561313762363338623664333233316632303562393736346665626530643061
|
||||
65353337623230643136616262623430323235346439626364376362653337303735646663326535
|
||||
63393937366232623663623165323965303563323137383462623339396163353433343836383666
|
||||
39633065373839646235326130633635316237366631333765343333613564333461326465356134
|
||||
37663735393537333532363062633161313437623831356332663765613936383338343634386239
|
||||
37303137623138396261663230303530343132346665386363346230663836656634316364373064
|
||||
61666262363638376162393339636138353634633630333435383437313433316564663963323532
|
||||
30383835336565346337613464343561343832653263663465393133343566333864633766613531
|
||||
39653238633237373736663635306563323631346331353362343031303636366439356362306138
|
||||
64656166653232633239633037373330343139636261646238613662613364656632643334343233
|
||||
31633438386433633736663564613230393662316534336132333636326137353831373335396666
|
||||
63636530633037643339326466386638323733363732323939323862326432303231393435616630
|
||||
63303461616338386230303933636161306238613861326633636331376464643531333939303735
|
||||
38653165303832313739363136616266363837613337306230336433643237326232356333343963
|
||||
62316139393661323965313066636530393433613438633430373864343438623631666564386639
|
||||
34656461643530636537383264313266653465333764623166383838373366323662653939613439
|
||||
38386339393164363863373838303839353532346238643163616635363064343435393933303234
|
||||
64306431623738656434333766343263653865393935626466353433386463623739393130386332
|
||||
32623762353665393863383762643035313266643863363062626332316439616639616333623730
|
||||
35373662316131393836333936656438316334363364323339343236376634323365386461373061
|
||||
38363335353965646563646231653434623531336465333231396530623365306137643931633238
|
||||
32663937616366393237623861323337623963353964313233353433643733313730666239373031
|
||||
62316338623734303839616639303539643439613062656438633563653337626364316535373661
|
||||
32313337366465656533653766356436623638316534623666346666646364633436656330663666
|
||||
38636439333834313639316663326630356531613432353837616465353763623335623464363734
|
||||
34366335656366323634636465353563633532616334636665396439326438656462386336326265
|
||||
32393131636362633230366330633564376165313830616134393931613566383433646632363536
|
||||
39636563313662656439613565353663613962653730313666636263373065613230313965336130
|
||||
30346637323565333139643332336239646636643037316436373134663232373738363564613633
|
||||
64396330316332616631346339323466376162336539656433353666643438323365663665623661
|
||||
33656162643163323161373931353963303934643532343561643838336236386139316334636161
|
||||
38316239356165373036306464313066623432383037613134633364373762313639366330306333
|
||||
66643139336436643535353466393830363136386431373962656165633465326135616430316634
|
||||
39333966373361613433333631353334343765643435353466626536636437333739353036346635
|
||||
64346235336132393030666531343761366562396233386236356332343963363438373535633065
|
||||
64643730333465316439363735396566636338303236623438393566316533613333396561353930
|
||||
66633631303336346333306332663639643138656636373266353061623234386339313266376564
|
||||
37376130336230366630396335343330663162396237366131306237663232316361633939333365
|
||||
36366234663735393664353934303930616566336133313664313538326136343363323530343865
|
||||
63663633383338323363353061393366353064346232623464333863666334616636333662323265
|
||||
35653761323965376364343362643734646439373237333632373736353436326133376663346132
|
||||
38373530333137323038653534623761353265313336303538376565626363626535663635313235
|
||||
35663765376334366661383764663066383232323431623262626662623138323431383863363736
|
||||
66366462303838656234373263653835373666623934633865353533316537363431646661636433
|
||||
30383862626636613636323639313063323632323731613134303863356166613137363538333466
|
||||
65666635666563616464616538343639363331336233663038616332663032616364393761343036
|
||||
61373636623331636136313038333661613339623763663132306131663665663237363730646339
|
||||
36363766376437643930663363333635666366343431376439613961353039663938303834316433
|
||||
34326235386164373130643533373566653061366636623565303361666234616530346561386239
|
||||
37346337336137663366353632323434343263636435313034646639376430633133626466343737
|
||||
61656334656639393239633361316635646665633532323461663432633135353264383666666438
|
||||
33306336343732643234623430653538613064653635363765303166303061316636393736663561
|
||||
66393935663835633437326265656239353730626262333038616633326138623261343864613161
|
||||
35333233613163666461323339663063646361646563653531356337373663343166613965366232
|
||||
65313839633730386436633962373434643636396264646431653639343361363335633633383062
|
||||
34356232366132346537313838663730323336613661376331636363353464316266633336383639
|
||||
30373564333265653839666161643366313163356161356237383133636130333330316430613632
|
||||
34376338383561613635323030613731636637653961646632363838316665313934646130663361
|
||||
65633232396539646337333061326234316534333866383830343632306331663631343864313236
|
||||
65613932643938313161353331613634656230303863653037343434373862353462336134646637
|
||||
32616266353730336663613865316164626364303262663461363436323133653663636665323134
|
||||
30306431336637663130
|
@ -1,4 +1,5 @@
|
||||
---
|
||||
# Debian 10 will use firewalld with the iptables backend.
|
||||
# Debian 11 will use nftables directly, with no firewalld.
|
||||
|
||||
- block:
|
||||
@ -24,6 +25,10 @@
|
||||
- name: Install firewall packages
|
||||
apt: pkg={{ debian_firewall_packages }} state=present cache_valid_time=3600
|
||||
|
||||
- name: Remove iptables on newer Debian
|
||||
when: ansible_distribution_major_version is version('11', '>=')
|
||||
apt: pkg=iptables state=absent
|
||||
|
||||
- name: Copy nftables.conf
|
||||
when: ansible_distribution_major_version is version('11', '>=')
|
||||
template: src=nftables.conf.j2 dest=/etc/nftables.conf owner=root mode=0644
|
||||
|
@ -24,6 +24,8 @@
|
||||
- apt-transport-https # for https support in apt
|
||||
- gnupg2
|
||||
- zstd
|
||||
- rsync
|
||||
- lsof
|
||||
|
||||
- name: Install base packages
|
||||
apt: name={{ base_packages }} state=present cache_valid_time=3600
|
||||
|
@ -26,6 +26,8 @@
|
||||
- unzip
|
||||
- apt-transport-https # for https support in apt
|
||||
- zstd
|
||||
- rsync
|
||||
- lsof
|
||||
|
||||
- name: Install base packages
|
||||
apt: pkg={{ ubuntu_base_packages }} state=present cache_valid_time=3600
|
||||
|
@ -22,6 +22,19 @@
|
||||
dest: "{{ letsencrypt_acme_script }}"
|
||||
mode: 0700
|
||||
|
||||
# Run the "install" for acme.sh so it creates the .acme.sh dir (currently I
|
||||
# have to chdir to the /root directory where the script exists or else it
|
||||
# fails. Ansible runs it, but the script can't find itself...).
|
||||
- name: Install acme.sh
|
||||
ansible.builtin.command:
|
||||
cmd: "{{ letsencrypt_acme_script }} --install --no-profile --no-cron"
|
||||
creates: "{{ letsencrypt_acme_home }}/acme.sh"
|
||||
chdir: /root
|
||||
|
||||
- name: Set default certificate authority for acme.sh
|
||||
ansible.builtin.command:
|
||||
cmd: "{{ letsencrypt_acme_script }} --set-default-ca --server letsencrypt"
|
||||
|
||||
- name: Prepare Let's Encrypt well-known directory
|
||||
file:
|
||||
state: directory
|
||||
|
@ -16,15 +16,8 @@
|
||||
add_nginx_apt_key is changed or
|
||||
add_nginx_apt_repository is changed
|
||||
|
||||
- name: Set nginx packages
|
||||
set_fact:
|
||||
nginx_packages:
|
||||
- nginx
|
||||
- ssl-cert # for ssl-cert-snakeoil.pem in nginx
|
||||
tags: nginx, packages
|
||||
|
||||
- name: Install nginx packages
|
||||
apt: pkg={{ nginx_packages }} cache_valid_time=3600 state=present
|
||||
- name: Install nginx
|
||||
apt: pkg=nginx cache_valid_time=3600 state=present
|
||||
tags: nginx, packages
|
||||
|
||||
- name: Copy nginx.conf
|
||||
|
@ -7,6 +7,11 @@
|
||||
notify:
|
||||
- reload nginx
|
||||
|
||||
- name: Generate self-signed TLS cert
|
||||
command: openssl req -x509 -nodes -sha256 -days 365 -subj "/C=SO/ST=SO/L=snakeoil/O=snakeoil/CN=snakeoil" -newkey rsa:2048 -keyout /etc/ssl/private/nginx-snakeoil.key -out /etc/ssl/certs/nginx-snakeoil.crt -extensions v3_ca creates=/etc/ssl/certs/nginx-snakeoil.crt
|
||||
notify:
|
||||
- reload nginx
|
||||
|
||||
- name: Download 4096-bit RFC 7919 dhparams
|
||||
get_url:
|
||||
url: https://raw.githubusercontent.com/internetstandards/dhe_groups/master/ffdhe4096.pem
|
||||
@ -15,6 +20,7 @@
|
||||
notify:
|
||||
- reload nginx
|
||||
|
||||
# TODO: this could break because we can override the document root in host vars
|
||||
- name: Create vhost document roots
|
||||
file: path={{ nginx_root_prefix }}/{{ item.domain_name }} state=directory mode=0755 owner=nginx group=nginx
|
||||
loop: "{{ nginx_vhosts }}"
|
||||
|
@ -16,9 +16,9 @@ server {
|
||||
listen [::]:443 ssl http2 default_server;
|
||||
server_name _;
|
||||
|
||||
# self-signed "snakeoil" certificate from ssl-cert package
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
# self-signed "snakeoil" certificate
|
||||
ssl_certificate /etc/ssl/certs/nginx-snakeoil.crt;
|
||||
ssl_certificate_key /etc/ssl/private/nginx-snakeoil.key;
|
||||
|
||||
ssl_session_timeout {{ nginx_ssl_session_timeout }};
|
||||
ssl_session_cache {{ nginx_ssl_session_cache }};
|
||||
|
5
roles/nginx/templates/gitea.j2
Normal file
5
roles/nginx/templates/gitea.j2
Normal file
@ -0,0 +1,5 @@
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:3000;
|
||||
}
|
||||
|
@ -7,6 +7,7 @@
|
||||
{% set enable_hsts = item.enable_hsts | default(False) %}
|
||||
{% set has_wordpress = item.has_wordpress | default(False) %}
|
||||
{% set needs_php = item.needs_php | default(False) %}
|
||||
{% set has_gitea = item.has_gitea | default(False) %}
|
||||
|
||||
# http -> https vhost
|
||||
server {
|
||||
@ -49,6 +50,10 @@ server {
|
||||
{% include 'wordpress.j2' %}
|
||||
{% endif %}
|
||||
|
||||
{% if has_gitea == True %}
|
||||
{% include 'gitea.j2' %}
|
||||
{% endif %}
|
||||
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
|
Loading…
Reference in New Issue
Block a user