lulzette/ansible-pet
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fast fix 'cause of no ssl + pma installation

Browse Source
This commit is contained in:
lulzette 2021-02-26 18:42:30 +03:00
parent 60e58207b8
commit ca222e999d
7 changed files with 62 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
1/roles/nginx/files/sites-enabled/cloud.conf
View File

@ -1,19 +1,19 @@
server { server {
listen 80; listen 80;
listen 443 ssl http2; # listen 443 ssl http2;
server_name cloud.{{domain}}; server_name cloud.{{domain}};
index index.php; index index.php;
ssl_certificate /etc/letsencrypt/live/cloud.{{domain}}/fullchain.pem; # managed by Certbot # ssl_certificate /etc/letsencrypt/live/cloud.{{domain}}/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cloud.{{domain}}/privkey.pem; # managed by Certbot # ssl_certificate_key /etc/letsencrypt/live/cloud.{{domain}}/privkey.pem; # managed by Certbot
add_header X-Content-Type-Options nosniff; # add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-XSS-Protection "1; mode=block"; # add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; # add_header X-Robots-Tag none;
add_header X-Download-Options noopen; # add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; # add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer; # add_header Referrer-Policy no-referrer;
add_header X-Frame-Options SAMEORIGIN; # add_header X-Frame-Options SAMEORIGIN;
access_log /var/log/nginx/access.nextcloud.log main; access_log /var/log/nginx/access.nextcloud.log main;
root /var/www/nextcloud/; root /var/www/nextcloud/;

10
1/roles/nginx/files/sites-enabled/default_server.conf
View File

@ -1,10 +1,10 @@
server { server {
listen 80 default_server; listen 80 default_server;
listen 443 ssl default_server; # managed by Certbot # listen 443 ssl default_server; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/xz777.ru/fullchain.pem; # managed by Certbot # ssl_certificate /etc/letsencrypt/live/xz777.ru/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/xz777.ru/privkey.pem; # managed by Certbot # ssl_certificate_key /etc/letsencrypt/live/xz777.ru/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot # include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
access_log /var/log/nginx/ip_access.log verbose_llz; access_log /var/log/nginx/ip_access.log verbose_llz;

18
1/roles/nginx/files/sites-enabled/pma.conf
View File

@ -1,17 +1,17 @@
server { server {
listen 80; listen 80;
listen 443 ssl http2; # listen 443 ssl http2;
server_name pma.{{domain}}; server_name pma.{{domain}};
ssl_certificate /etc/letsencrypt/live/pma.{{domain}}/fullchain.pem; # managed by Certbot # ssl_certificate /etc/letsencrypt/live/pma.{{domain}}/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/pma.{{domain}}/privkey.pem; # managed by Certbot # ssl_certificate_key /etc/letsencrypt/live/pma.{{domain}}/privkey.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff; # add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; # add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; # add_header X-Robots-Tag none;
add_header X-Download-Options noopen; # add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; # add_header X-Permitted-Cross-Domain-Policies none;
root /var/www/pma; root /var/www/pma;

12
1/roles/nginx/files/sites-enabled/root.conf
View File

@ -1,12 +1,12 @@
server { server {
listen 80; listen 80;
listen 443 ssl http2; # listen 443 ssl http2;
server_name {{domain}}; server_name {{domain}};
ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem; # managed by Certbot # ssl_certificate /etc/letsencrypt/live/{{domain}}/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem; # managed by Certbot # ssl_certificate_key /etc/letsencrypt/live/{{domain}}/privkey.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff; # add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; # add_header X-XSS-Protection "1; mode=block";
root /var/www/root; root /var/www/root;
index index.html index.php; index index.html index.php;

18
1/roles/nginx/files/sites-enabled/wiki.conf
View File

@ -1,17 +1,17 @@
server { server {
listen 80; listen 80;
listen 443 ssl http2; # listen 443 ssl http2;
server_name wiki.{{domain}}; server_name wiki.{{domain}};
ssl_certificate /etc/letsencrypt/live/wiki.{{domain}}/fullchain.pem; # managed by Certbot # ssl_certificate /etc/letsencrypt/live/wiki.{{domain}}/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/wiki.{{domain}}/privkey.pem; # managed by Certbot # ssl_certificate_key /etc/letsencrypt/live/wiki.{{domain}}/privkey.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff; # add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; # add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; # add_header X-Robots-Tag none;
add_header X-Download-Options noopen; # add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; # add_header X-Permitted-Cross-Domain-Policies none;
root /var/www; root /var/www;

18
1/roles/webapps/tasks/main.yml Normal file
View File

@ -0,0 +1,18 @@
---
- name: install unzip
apt:
name: unzip
state: latest
- name: Download and unpack phpmyadmin
ansible.builtin.unarchive:
src: https://files.phpmyadmin.net/phpMyAdmin/5.1.0/phpMyAdmin-5.1.0-all-languages.zip
dest: /var/www/pma
remote_src: yes
owner: www-data
- name: move pma to pma dir
copy:
src: /var/www/pma/phpMyAdmin-5.1.0-all-languages/
dest: /var/www/pma/
remote_src: True

8
README.md
View File

@ -7,10 +7,10 @@
Web: Web:
- [x] mediawiki на поддомене wiki.xz777.ru - [x] mediawiki на поддомене wiki.xz777.ru
- [x] nextcloud на поддомене cloud.xz777.ru - [ ] nextcloud на поддомене cloud.xz777.ru
- [x] phpmyadmin на поддомене pma.xz777.ru - [ ] phpmyadmin на поддомене pma.xz777.ru
- [x] Тестовая (about) страница на домене xz777.ru - [ ] Тестовая (about) страница на домене xz777.ru
- [x] default_server ведет на тестовую страницу - [ ] default_server ведет на тестовую страницу
Для mediawiki и nextcloud свои php-fpm pool'ы Для mediawiki и nextcloud свои php-fpm pool'ы