|
@@ -913,12 +913,13 @@ The role implements the following:
|
|
|
* Creates a base directory where the website-specific code and data should be
|
|
|
stored at.
|
|
|
* Adds nginx to website's group, so nginx could read the necessary files.
|
|
|
* Adds website administrator to website's group, so administrator could manage
|
|
|
the code and data.
|
|
|
* Installs additional packages required for running the role (as configured).
|
|
|
* Deploys the HTTPS TLS private key and certificate (for website vhost).
|
|
|
* Configures PHP FPM and nginx to serve the website.
|
|
|
|
|
|
The role is implemented with the following layout/logic in mind:
|
|
|
|
|
|
* Website users are named after the ``FQDN`` (fully qualified domain name) of
|
|
|
website, in format of ``web-ESCAPEDFQDN``, where ``ESCAPEDFQDN`` is equal to
|
|
@@ -962,12 +963,20 @@ Parameters
|
|
|
**index** (string, optional)
|
|
|
Space-separated list of files which should be treated as index files by the
|
|
|
web server. The web server will attempt opening these index files, in
|
|
|
succession, until the first match, or until it runs out of matches, when a
|
|
|
client requests an URI pointing to directory. Default is ``index.php``.
|
|
|
|
|
|
**https_tls_certificate** (string, mandatory)
|
|
|
Path to file on Ansible host that contains the X.509 certificate used for TLS
|
|
|
for HTTPS service. The file will be copied to directory ``/etc/ssl/certs/``.
|
|
|
|
|
|
**https_tls_key** (string, mandatory)
|
|
|
Path to file on Ansible host that contains the private key used for TLS for
|
|
|
HTTPS service. The file will be copied to directory ``/etc/ssl/private/``.
|
|
|
|
|
|
**php_file_regex** (string, optional)
|
|
|
Regular expression used for determining which file should be interepted via
|
|
|
PHP. Default is ``\.php$``.
|
|
|
|
|
|
**php_rewrite_urls** (list, optional)
|
|
|
A list of rewrite rules that are applied to incoming requests. These rewrite
|
|
@@ -1017,21 +1026,24 @@ running *ownCloud* and *The Bug Genie* applications):
|
|
|
packages:
|
|
|
# For ownCloud
|
|
|
- php5-gd
|
|
|
- php5-json
|
|
|
- php5-mysql
|
|
|
- php5-curl
|
|
|
https_tls_key: "{{ inventory_dir }}/tls/cloud.example.com_https.key"
|
|
|
https_tls_certificate: "{{ inventory_dir }}/tls/cloud.example.com_https.pem"
|
|
|
- role: php_website
|
|
|
admin: admin
|
|
|
deny_files_regex:
|
|
|
- ^\..*
|
|
|
php_rewrite_urls:
|
|
|
- ^(.*) /index.php?url=$1
|
|
|
fqdn: tbg.example.com
|
|
|
uid: 2007
|
|
|
|
|
|
https_tls_key: "{{ inventory_dir }}/tls/tbg.example.com_https.key"
|
|
|
https_tls_certificate: "{{ inventory_dir }}/tls/tbg.example.com_https.pem"
|
|
|
|
|
|
|
|
|
WSGI Website
|
|
|
------------
|
|
|
|
|
|
The ``wsgi_website`` role can be used for setting-up a website powered by Python
|
|
@@ -1055,12 +1067,13 @@ The role implements the following:
|
|
|
* Installs additional packages required for running the role (as configured).
|
|
|
* Sets-up a dedicated Python virtual environment for website.
|
|
|
* Install Gunicorn in Python virtual environment.
|
|
|
* Installs additional packages required for running the role in Python virtual
|
|
|
environment (as configured).
|
|
|
* Configures systemd to run the website code (using Gunicorn)
|
|
|
* Deploys the HTTPS TLS private key and certificate (for website vhost).
|
|
|
* Configures nginx to serve the website (static files served directly, requests
|
|
|
passed on to Gunicorn).
|
|
|
|
|
|
The role is implemented with the following layout/logic in mind:
|
|
|
|
|
|
* Website users are named after the ``FQDN`` (fully qualified domain name) of
|
|
@@ -1100,12 +1113,20 @@ Parameters
|
|
|
|
|
|
**fqdn** (string, mandatory)
|
|
|
Fully-qualified domain name where the website is reachable. This value is used
|
|
|
for calculating the user/group name for dedicated website user, as well as
|
|
|
home directory of the website user (where data/code should be stored at).
|
|
|
|
|
|
**https_tls_certificate** (string, mandatory)
|
|
|
Path to file on Ansible host that contains the X.509 certificate used for TLS
|
|
|
for HTTPS service. The file will be copied to directory ``/etc/ssl/certs/``.
|
|
|
|
|
|
**https_tls_key** (string, mandatory)
|
|
|
Path to file on Ansible host that contains the private key used for TLS for
|
|
|
HTTPS service. The file will be copied to directory ``/etc/ssl/private/``.
|
|
|
|
|
|
**packages** (list, optional)
|
|
|
A list of additional packages to install for this particular WSGI
|
|
|
website. This is usually going to be development libraries for building Python
|
|
|
packages.
|
|
|
|
|
|
**rewrites** (list, optional)
|
|
@@ -1144,18 +1165,18 @@ Examples
|
|
|
|
|
|
Here is an example configuration for setting-up a (base) WSGI website (for
|
|
|
running a bare Django project):
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
---
|
|
|
|
|
|
- role: wsgi_website
|
|
|
admin: admin
|
|
|
fqdn: django.example.com
|
|
|
static_locations:
|
|
|
- /static
|
|
|
- /media
|
|
|
uid: 2004
|
|
|
virtualenv_packages:
|
|
|
- django
|
|
|
wsgi_application: django_example_com.wsgi:application
|
|
|
https_tls_key: "{{ inventory_dir }}/tls/wsgi.example.com_https.key"
|
|
|
https_tls_certificate: "{{ inventory_dir }}/tls/wsgi.example.com_https.pem"
|