**enforce_https** (boolean, optional, ``True``)

  Specify if HTTPS should be enforced for the website or not. If enforced,

  clients connecting via plaintext will be redirected to HTTPS, and clients will

  be served with ``Strict-Transport-Security`` header with value of

  ``max-age=31536000; includeSubDomains``.

**fqdn** (string, mandatory)

  Fully-qualified domain name where the website is reachable. This value is used

  for calculating the user/group name for dedicated website user, as well as

  home directory of the website user (where data/code should be stored at).

**futures_version** (string, optional, ``3.0.5``)

        - /static

        - /media

      uid: 2004

      virtualenv_packages:

        - django

      wsgi_application: django_example_com.wsgi:application

      https_tls_key: "{{ lookup('file', inventory_dir + '/tls/wsgi.example.com_https.key') }}"

      https_tls_certificate: "{{ lookup('file', inventory_dir + '/tls/wsgi.example.com_https.pem') }}"

      futures_version: 3.0.5

      gunicorn_version: 19.6.0

      additional_nginx_config:

        - comment: Use custom page for forbidden files.

  ``admin-wiki_example_com``. Administrative user does not have a dedicated

  group, and instead belongs to same group as the application user. As

  convenience, whenever you switch to this user the Python virtual environment

  will be automatically activated for you.

* WSGI applications are executed via *Gunicorn*. The WSGI server listens on a

  Unix socket, making the socket accessible by *Nginx*.

* Static content is served directly by *Nginx*.

* Each web application gets distinct sub-directory under ``/var/www``, named

  after the FQDN. All sub-directories created under there are created with

  ``2750`` permissions, with ownership set to admin user, and group set to the

  application's group. In other words, all directories will have ``SGID`` bit

  set-up, allowing you to create files/directories that will have their group

enforce_https: True

packages: []

rewrites: []

static_locations: []

use_paste: False

virtualenv_packages: []

admin: "web-{{ fqdn | replace('.', '_') }}"

https_tls_certificate: "{{ lookup('file', tls_certificate_dir + '/' + fqdn + '_https.pem') }}"

https_tls_key: "{{ lookup('file', tls_private_key_dir + '/' + fqdn + '_https.key') }}"

gunicorn_version: "19.6.0"

futures_version: "3.0.5"

        owner="{{ admin }}" group="{{ user }}" mode=750

- name: Deploy profile configuration file for auto-activating the virtual environment

  copy: src="profile_virtualenv.sh" dest="{{ home }}/.profile.d/virtualenv.sh"

        owner="root" group="{{ user }}" mode="640"

- name: Create WSGI website user

  user: name="{{ user }}" uid="{{ uid | default(omit) }}" group="{{ user }}" comment="umask=0007"

        system=yes createhome=no state=present

- name: Add nginx user to website group

  user: name="www-data" groups="{{ user }}" append="yes"

[Service]

User={{ user }}

Group={{ user }}

WorkingDirectory={{ home }}/code

ExecStart={{ home }}/virtualenv/bin/gunicorn --bind unix:/run/wsgi/{{ fqdn }}.sock {% if use_paste %}--paste {{home}}/code/{{ wsgi_application }}{% else %}{{ wsgi_application }}{% endif %}

ExecReload=/bin/kill -s HUP $MAINPID

ExecStop=/bin/kill -s TERM $MAINPID

PrivateTmp=true

UMask=0007

[Install]

#!/usr/bin/env python

def application(environ, start_response):

    status = '200 OK'

    response_headers = [('Content-type', 'text/plain'),

                        ('Content-Length', str(len(output)))]

    start_response(status, response_headers)

    return [output]

    uid: 2001

    wsgi_application: wsgi:application

    static_locations:

      - /static/

    https_tls_key: "{{ lookup('file', inventory_dir + '/tls/wsgi.' + testsite_domain + '_https.key') }}"

    https_tls_certificate: "{{ lookup('file', inventory_dir + '/tls/wsgi.' + testsite_domain + '_https.pem') }}"

  - role: database

    db_name: wsgi_{{ testsite_domain_underscores }}

    db_password: wsgi_{{ testsite_domain_underscores }}