|
@@ -916,6 +916,7 @@ The role implements the following:
|
|
|
* Adds website administrator to website's group, so administrator could manage
|
|
|
the code and data.
|
|
|
* Installs additional packages required for running the role (as configured).
|
|
|
* Deploys the HTTPS TLS private key and certificate (for website vhost).
|
|
|
* Configures PHP FPM and nginx to serve the website.
|
|
|
|
|
|
The role is implemented with the following layout/logic in mind:
|
|
@@ -965,6 +966,14 @@ Parameters
|
|
|
succession, until the first match, or until it runs out of matches, when a
|
|
|
client requests an URI pointing to directory. Default is ``index.php``.
|
|
|
|
|
|
**https_tls_certificate** (string, mandatory)
|
|
|
Path to file on Ansible host that contains the X.509 certificate used for TLS
|
|
|
for HTTPS service. The file will be copied to directory ``/etc/ssl/certs/``.
|
|
|
|
|
|
**https_tls_key** (string, mandatory)
|
|
|
Path to file on Ansible host that contains the private key used for TLS for
|
|
|
HTTPS service. The file will be copied to directory ``/etc/ssl/private/``.
|
|
|
|
|
|
**php_file_regex** (string, optional)
|
|
|
Regular expression used for determining which file should be interepted via
|
|
|
PHP. Default is ``\.php$``.
|
|
@@ -1020,6 +1029,8 @@ running *ownCloud* and *The Bug Genie* applications):
|
|
|
- php5-json
|
|
|
- php5-mysql
|
|
|
- php5-curl
|
|
|
https_tls_key: "{{ inventory_dir }}/tls/cloud.example.com_https.key"
|
|
|
https_tls_certificate: "{{ inventory_dir }}/tls/cloud.example.com_https.pem"
|
|
|
- role: php_website
|
|
|
admin: admin
|
|
|
deny_files_regex:
|
|
@@ -1028,7 +1039,8 @@ running *ownCloud* and *The Bug Genie* applications):
|
|
|
- ^(.*) /index.php?url=$1
|
|
|
fqdn: tbg.example.com
|
|
|
uid: 2007
|
|
|
|
|
|
https_tls_key: "{{ inventory_dir }}/tls/tbg.example.com_https.key"
|
|
|
https_tls_certificate: "{{ inventory_dir }}/tls/tbg.example.com_https.pem"
|
|
|
|
|
|
|
|
|
WSGI Website
|
|
@@ -1058,6 +1070,7 @@ The role implements the following:
|
|
|
* Installs additional packages required for running the role in Python virtual
|
|
|
environment (as configured).
|
|
|
* Configures systemd to run the website code (using Gunicorn)
|
|
|
* Deploys the HTTPS TLS private key and certificate (for website vhost).
|
|
|
* Configures nginx to serve the website (static files served directly, requests
|
|
|
passed on to Gunicorn).
|
|
|
|
|
@@ -1103,6 +1116,14 @@ Parameters
|
|
|
for calculating the user/group name for dedicated website user, as well as
|
|
|
home directory of the website user (where data/code should be stored at).
|
|
|
|
|
|
**https_tls_certificate** (string, mandatory)
|
|
|
Path to file on Ansible host that contains the X.509 certificate used for TLS
|
|
|
for HTTPS service. The file will be copied to directory ``/etc/ssl/certs/``.
|
|
|
|
|
|
**https_tls_key** (string, mandatory)
|
|
|
Path to file on Ansible host that contains the private key used for TLS for
|
|
|
HTTPS service. The file will be copied to directory ``/etc/ssl/private/``.
|
|
|
|
|
|
**packages** (list, optional)
|
|
|
A list of additional packages to install for this particular WSGI
|
|
|
website. This is usually going to be development libraries for building Python
|
|
@@ -1147,8 +1168,6 @@ running a bare Django project):
|
|
|
|
|
|
.. code-block:: yaml
|
|
|
|
|
|
---
|
|
|
|
|
|
- role: wsgi_website
|
|
|
admin: admin
|
|
|
fqdn: django.example.com
|
|
@@ -1159,3 +1178,5 @@ running a bare Django project):
|
|
|
virtualenv_packages:
|
|
|
- django
|
|
|
wsgi_application: django_example_com.wsgi:application
|
|
|
https_tls_key: "{{ inventory_dir }}/tls/wsgi.example.com_https.key"
|
|
|
https_tls_certificate: "{{ inventory_dir }}/tls/wsgi.example.com_https.pem"
|