-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathdroid.yml
More file actions
137 lines (135 loc) · 4.4 KB
/
droid.yml
File metadata and controls
137 lines (135 loc) · 4.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
---
project:
name: "droid/nginx"
description: "Setup NGINX"
variables:
nginx:
worker_processes: "4"
error_log: "/var/log/nginx/error.log warn"
# Example extra main options, used within the main nginx's context:
# extra_options: |
# env VARIABLE;
# include /etc/nginx/main.d/*.conf;
events:
worker_connections: "1024"
multi_accept: "off"
http:
server_names_hash_bucket_size: "64"
client_max_body_size: "64m"
access_log: "/var/log/nginx/access.log main buffer=16k"
sendfile: "on"
tcp_nopush: "on"
tcp_nodelay: "on"
keepalive_timeout: "65"
keepalive_requests: "100"
proxy_cache_path: ""
extra_options: |
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
nginx_vhosts: ~
# Example vhost below, showing all available options:
# -
# listen:
# - "443 ssl"
# - "[::]:443 ssl"
# name: "example.com" # A name for the vhost
# servername: "example.com" # The server name
# index: "index.html index.htm" # default: "index.html index.htm"
#
# # Properties that are only added if defined:
# root: "/var/www/example.com"
# error_page: ""
# access_log: ""
# error_log: ""
# extra_options: | # Can be used to add extra config blocks (multiline).
# location / {
# proxy_pass http://myapp1;
# }
# # variables not directly used in the vhost config
# # - HTTPS Server private key
# https_private_key: "secure/example.com.key.pem"
# # - HTTPS Server certificate
# https_certificate: "secure/example.com.cert.pem"
# # - Certificate Authority certificate for Client Authentication
# auth_cacert: "secure/example.com.cacert.pem"
nginx_upstreams: ~
# Example upstream
# -
# name: myapp1
# strategy: "round_robin" # "least_conn", etc.
# servers:
# - "10.129.15.52"
# - "10.129.15.54 weight=3"
tasks:
-
name: "Install nginx package"
command: "apt-get:install"
sudo: true
arguments:
package: "nginx"
-
name: "Create main config"
command: "fs:copy"
sudo: true
arguments:
src: "!{{ mod_path }}/assets/nginx.conf.template"
dest: "/etc/nginx/nginx.conf"
-
name: "Create upstreams"
command: "fs:copy"
sudo: true
arguments:
src: "!{{ mod_path }}/assets/upstream.conf.template"
dest: "/etc/nginx/conf.d/upstream-{{ item.name }}.conf"
with_items: nginx_upstreams
-
name: "Copy Client Authentication CA Cert"
command: "fs:copy"
sudo: true
arguments:
src: "!{{ item.auth_cacert }}"
dest: "/etc/ssl/certs/{{ item.name }}.cacert.pem"
with_items: nginx_vhosts
with_items_filter: "item['auth_cacert']"
-
name: "Copy HTTPS private key"
command: "fs:copy"
sudo: true
arguments:
src: "!{{ item.https_private_key }}"
dest: "/etc/ssl/private/{{ item.name }}.key"
with_items: nginx_vhosts
with_items_filter: "item['https_private_key']"
-
name: "Copy HTTPS certificate"
command: "fs:copy"
sudo: true
arguments:
src: "!{{ item.https_certificate }}"
dest: "/etc/ssl/certs/{{ item.name }}.crt.pem"
with_items: nginx_vhosts
with_items_filter: "item['https_certificate']"
-
name: "Create vhosts"
command: "fs:copy"
sudo: true
arguments:
src: "!{{ mod_path }}/assets/vhost.conf.template"
dest: "/etc/nginx/sites-available/{{ item.name }}.conf"
with_items: nginx_vhosts
-
name: "Enable vhosts"
command: "nginx:ensite"
sudo: true
arguments:
site-name: "{{ item.name }}"
with_items: nginx_vhosts
-
name: "Reload the Nginx service"
command: "service:reload"
sudo: true
arguments:
name: "nginx"