packetcat
/
ansible-playbooks
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Move webserver1's nginx config to its own YAML file

This commit is contained in:
staticsafe 2018-04-08 14:38:29 -04:00
parent bf36cacc89
commit a85dfac3fc
2 changed files with 253 additions and 253 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

253
ubuntu/site.yml
View File

@ -20,256 +20,3 @@
roles:
- icinga-client
- hosts: webservers
roles:
- role: jdauphant.nginx
nginx_user: "www-data"
nginx_http_params:
- sendfile "on"
- server_names_hash_bucket_size 512
nginx_sites:
asininetech.com.http:
- listen *:80
- listen [::]:80
- server_name asininetech.com
- return 301 "https://$host$request_uri"
asininetech.com.https:
- listen *:443 ssl http2
- listen [::]:443 ssl http2
- server_name asininetech.com
- root "/srv/www/asininetech.com"
- index index.php index.html
- access_log "/var/log/nginx/asininetech.com.access.log"
- error_log "/var/log/nginx/asininetech.com.error.log"
- client_max_body_size 10M
- ssl_certificate "/etc/ssl/letsencrypt/asininetech.com.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/asininetech.com.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- add_header Strict-Transport-Security max-age=31536000
- location / {
try_files $uri $uri/ /index.php?$args;
}
- location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 24h;
}
- location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php;
}
entropynet.net.http:
- listen *:80
- listen [::]:80
- server_name entropynet.net
- return 301 "https://$host$request_uri"
entropynet.net.https:
- listen *:443 ssl http2
- listen [::]:443 ssl http2
- server_name entropynet.net
- root "/srv/www/entropynet.net"
- error_page 404 /404.html
- index index.html
- access_log "/var/log/nginx/entropynet.net.access.log"
- error_log "/var/log/nginx/entropynet.net.error.log"
- ssl_certificate "/etc/ssl/letsencrypt/entropynet.net.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/entropynet.net.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- add_header Strict-Transport-Security max-age=31536000
i.asininetech.com.http:
- listen *:80
- listen [::]:80
- server_name i.asininetech.com
- return 301 "https://$host$request_uri"
i.asininetech.com.https:
- listen *:443 ssl http2
- listen [::]:443 ssl http2
- server_name i.asininetech.com
- root "/home/tenshi/public_html"
- index index.html
- access_log "/var/log/nginx/i.asininetech.com.access.log"
- error_log "/var/log/nginx/i.asininetech.com.error.log"
- ssl_certificate "/etc/ssl/letsencrypt/i.asininetech.com.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/i.asininetech.com.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- location / {
autoindex off;
autoindex_exact_size off;
}
- add_header Strict-Transport-Security max-age=31536000
sadiqsaif.ca:
- listen *:80
- listen *:443 ssl
- listen [::]:80
- listen [::]:443 ssl
- server_name sadiqsaif.ca
- access_log "/var/log/nginx/sadiqsaif.ca.access.log"
- error_log "/var/log/nginx/sadiqsaif.ca.error.log"
- ssl_certificate "/etc/ssl/letsencrypt/sadiqsaif.ca.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/sadiqsaif.ca.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- add_header Strict-Transport-Security max-age=31536000
- return 301 "https://sadiqsaif.com$request_uri"
staticsafe.ca:
- listen *:80
- listen *:443 ssl
- listen [::]:80
- listen [::]:443 ssl
- server_name staticsafe.ca
- access_log "/var/log/nginx/staticsafe.ca.access.log"
- error_log "/var/log/nginx/staticsafe.ca.error.log"
- ssl_certificate "/etc/ssl/letsencrypt/staticsafe.ca.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/staticsafe.ca.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- add_header Strict-Transport-Security max-age=31536000
- return 301 "https://sadiqsaif.com$request_uri"
twoshadesofbrown.com.http:
- listen *:80
- listen [::]:80
- server_name twoshadesofbrown.com
- return 301 "https://$host$request_uri"
twoshadesofbrown.com.https:
- listen *:443 ssl http2
- listen [::]:443 ssl http2
- server_name twoshadesofbrown.com
- root "/srv/www/twoshadesofbrown.com"
- index index.php index.html
- access_log "/var/log/nginx/twoshadesofbrown.com.access.log"
- error_log "/var/log/nginx/twoshadesofbrown.com.error.log"
- client_max_body_size 10M
- ssl_certificate "/etc/ssl/letsencrypt/twoshadesofbrown.com.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/twoshadesofbrown.com.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- add_header Strict-Transport-Security max-age=31536000
- location / {
try_files $uri $uri/ /index.php?$args;
}
- location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 24h;
}
- location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php;
}
wiki.staticsafe.ca.http:
- listen *:80
- listen [::]:80
- server_name wiki.staticsafe.ca
- return 301 "https://$host$request_uri"
wiki.staticsafe.ca.https:
- listen *:443 ssl http2
- listen [::]:443 ssl http2
- server_name wiki.staticsafe.ca
- root "/srv/www/wiki.staticsafe.ca"
- index index.php
- access_log "/var/log/nginx/wiki.staticsafe.ca.access.log"
- error_log "/var/log/nginx/wiki.staticsafe.ca.error.log"
- ssl_certificate "/etc/ssl/letsencrypt/wiki.staticsafe.ca.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/wiki.staticsafe.ca.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- add_header Strict-Transport-Security max-age=31536000
- location ~ /(data|conf|bin|inc)/ {
deny all;
}
- location / {
try_files $uri $uri/ /index.php?$args;
}
- location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php;
fastcgi_index index.php;
}
sadiqsaif.com.http:
- listen *:80
- listen [::]:80
- server_name sadiqsaif.com
- return 301 "https://$host$request_uri"
sadiqsaif.com.https:
- listen *:443 ssl http2
- listen [::]:443 ssl http2
- server_name sadiqsaif.com
- root "/srv/www/sadiqsaif.com"
- index index.html
- access_log "/var/log/nginx/sadiqsaif.com.access.log"
- error_log "/var/log/nginx/sadiqsaif.com.error.log"
- ssl_certificate "/etc/ssl/letsencrypt/sadiqsaif.com.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/sadiqsaif.com.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- add_header Strict-Transport-Security max-age=31536000
- error_page 404 /404.html
ttrss.sadiqsaif.com.http:
- listen *:80
- listen [::]:80
- server_name ttrss.sadiqsaif.com
- return 301 "https://$host$request_uri"
ttrss.sadiqsaif.com.https:
- listen *:443 ssl http2
- listen [::]:443 ssl http2
- server_name ttrss.sadiqsaif.com
- root "/srv/www/ttrss.sadiqsaif.com"
- index index.php index.html
- access_log "/var/log/nginx/ttrss.sadiqsaif.com.access.log"
- error_log "/var/log/nginx/ttrss.sadiqsaif.com.error.log"
- client_max_body_size 10M
- ssl_certificate "/etc/ssl/letsencrypt/ttrss.sadiqsaif.com.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/ttrss.sadiqsaif.com.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- add_header Strict-Transport-Security max-age=31536000
- location /cache {
deny all;
}
- location = /config.php {
deny all;
}
- location / {
try_files $uri $uri/ /index.php?$args;
}
- location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php;
}
nginx_configs:
gzip:
- gzip on
- gzip_disable msie6
- gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript
upstream:
- upstream php { server unix:/run/php/php7.0-fpm.sock; }
ssl:
- ssl_protocols TLSv1.2
- ssl_prefer_server_ciphers on
- ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'
- ssl_dhparam "/etc/nginx/dhparams.pem"
- ssl_session_timeout 1d
- ssl_session_cache shared:SSL:50m
- ssl_session_tickets off
fcgicache:
- fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:100m inactive=60m
- fastcgi_cache_key "$scheme$request_method$host$request_uri"
- fastcgi_cache_use_stale error timeout invalid_header http_500
- fastcgi_ignore_headers Cache-Control Expires Set-Cookie
- add_header rt-Fastcgi-Cache $upstream_cache_status

253
ubuntu/webserver1.asininetech.com.yml Normal file
View File

@ -0,0 +1,253 @@
---
- hosts: webservers
roles:
- role: jdauphant.nginx
nginx_user: "www-data"
nginx_http_params:
- sendfile "on"
- server_names_hash_bucket_size 512
nginx_sites:
asininetech.com.http:
- listen *:80
- listen [::]:80
- server_name asininetech.com
- return 301 "https://$host$request_uri"
asininetech.com.https:
- listen *:443 ssl http2
- listen [::]:443 ssl http2
- server_name asininetech.com
- root "/srv/www/asininetech.com"
- index index.php index.html
- access_log "/var/log/nginx/asininetech.com.access.log"
- error_log "/var/log/nginx/asininetech.com.error.log"
- client_max_body_size 10M
- ssl_certificate "/etc/ssl/letsencrypt/asininetech.com.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/asininetech.com.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- add_header Strict-Transport-Security max-age=31536000
- location / {
try_files $uri $uri/ /index.php?$args;
}
- location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 24h;
}
- location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php;
}
entropynet.net.http:
- listen *:80
- listen [::]:80
- server_name entropynet.net
- return 301 "https://$host$request_uri"
entropynet.net.https:
- listen *:443 ssl http2
- listen [::]:443 ssl http2
- server_name entropynet.net
- root "/srv/www/entropynet.net"
- error_page 404 /404.html
- index index.html
- access_log "/var/log/nginx/entropynet.net.access.log"
- error_log "/var/log/nginx/entropynet.net.error.log"
- ssl_certificate "/etc/ssl/letsencrypt/entropynet.net.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/entropynet.net.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- add_header Strict-Transport-Security max-age=31536000
i.asininetech.com.http:
- listen *:80
- listen [::]:80
- server_name i.asininetech.com
- return 301 "https://$host$request_uri"
i.asininetech.com.https:
- listen *:443 ssl http2
- listen [::]:443 ssl http2
- server_name i.asininetech.com
- root "/home/tenshi/public_html"
- index index.html
- access_log "/var/log/nginx/i.asininetech.com.access.log"
- error_log "/var/log/nginx/i.asininetech.com.error.log"
- ssl_certificate "/etc/ssl/letsencrypt/i.asininetech.com.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/i.asininetech.com.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- location / {
autoindex off;
autoindex_exact_size off;
}
- add_header Strict-Transport-Security max-age=31536000
sadiqsaif.ca:
- listen *:80
- listen *:443 ssl
- listen [::]:80
- listen [::]:443 ssl
- server_name sadiqsaif.ca
- access_log "/var/log/nginx/sadiqsaif.ca.access.log"
- error_log "/var/log/nginx/sadiqsaif.ca.error.log"
- ssl_certificate "/etc/ssl/letsencrypt/sadiqsaif.ca.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/sadiqsaif.ca.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- add_header Strict-Transport-Security max-age=31536000
- return 301 "https://sadiqsaif.com$request_uri"
staticsafe.ca:
- listen *:80
- listen *:443 ssl
- listen [::]:80
- listen [::]:443 ssl
- server_name staticsafe.ca
- access_log "/var/log/nginx/staticsafe.ca.access.log"
- error_log "/var/log/nginx/staticsafe.ca.error.log"
- ssl_certificate "/etc/ssl/letsencrypt/staticsafe.ca.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/staticsafe.ca.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- add_header Strict-Transport-Security max-age=31536000
- return 301 "https://sadiqsaif.com$request_uri"
twoshadesofbrown.com.http:
- listen *:80
- listen [::]:80
- server_name twoshadesofbrown.com
- return 301 "https://$host$request_uri"
twoshadesofbrown.com.https:
- listen *:443 ssl http2
- listen [::]:443 ssl http2
- server_name twoshadesofbrown.com
- root "/srv/www/twoshadesofbrown.com"
- index index.php index.html
- access_log "/var/log/nginx/twoshadesofbrown.com.access.log"
- error_log "/var/log/nginx/twoshadesofbrown.com.error.log"
- client_max_body_size 10M
- ssl_certificate "/etc/ssl/letsencrypt/twoshadesofbrown.com.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/twoshadesofbrown.com.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- add_header Strict-Transport-Security max-age=31536000
- location / {
try_files $uri $uri/ /index.php?$args;
}
- location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 24h;
}
- location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php;
}
wiki.staticsafe.ca.http:
- listen *:80
- listen [::]:80
- server_name wiki.staticsafe.ca
- return 301 "https://$host$request_uri"
wiki.staticsafe.ca.https:
- listen *:443 ssl http2
- listen [::]:443 ssl http2
- server_name wiki.staticsafe.ca
- root "/srv/www/wiki.staticsafe.ca"
- index index.php
- access_log "/var/log/nginx/wiki.staticsafe.ca.access.log"
- error_log "/var/log/nginx/wiki.staticsafe.ca.error.log"
- ssl_certificate "/etc/ssl/letsencrypt/wiki.staticsafe.ca.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/wiki.staticsafe.ca.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- add_header Strict-Transport-Security max-age=31536000
- location ~ /(data|conf|bin|inc)/ {
deny all;
}
- location / {
try_files $uri $uri/ /index.php?$args;
}
- location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php;
fastcgi_index index.php;
}
sadiqsaif.com.http:
- listen *:80
- listen [::]:80
- server_name sadiqsaif.com
- return 301 "https://$host$request_uri"
sadiqsaif.com.https:
- listen *:443 ssl http2
- listen [::]:443 ssl http2
- server_name sadiqsaif.com
- root "/srv/www/sadiqsaif.com"
- index index.html
- access_log "/var/log/nginx/sadiqsaif.com.access.log"
- error_log "/var/log/nginx/sadiqsaif.com.error.log"
- ssl_certificate "/etc/ssl/letsencrypt/sadiqsaif.com.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/sadiqsaif.com.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- add_header Strict-Transport-Security max-age=31536000
- error_page 404 /404.html
ttrss.sadiqsaif.com.http:
- listen *:80
- listen [::]:80
- server_name ttrss.sadiqsaif.com
- return 301 "https://$host$request_uri"
ttrss.sadiqsaif.com.https:
- listen *:443 ssl http2
- listen [::]:443 ssl http2
- server_name ttrss.sadiqsaif.com
- root "/srv/www/ttrss.sadiqsaif.com"
- index index.php index.html
- access_log "/var/log/nginx/ttrss.sadiqsaif.com.access.log"
- error_log "/var/log/nginx/ttrss.sadiqsaif.com.error.log"
- client_max_body_size 10M
- ssl_certificate "/etc/ssl/letsencrypt/ttrss.sadiqsaif.com.crt"
- ssl_certificate_key "/etc/ssl/letsencrypt/ttrss.sadiqsaif.com.pem"
- ssl_stapling on
- resolver [::1] valid=300s
- add_header Strict-Transport-Security max-age=31536000
- location /cache {
deny all;
}
- location = /config.php {
deny all;
}
- location / {
try_files $uri $uri/ /index.php?$args;
}
- location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php;
}
nginx_configs:
gzip:
- gzip on
- gzip_disable msie6
- gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript
upstream:
- upstream php { server unix:/run/php/php7.0-fpm.sock; }
ssl:
- ssl_protocols TLSv1.2
- ssl_prefer_server_ciphers on
- ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'
- ssl_dhparam "/etc/nginx/dhparams.pem"
- ssl_session_timeout 1d
- ssl_session_cache shared:SSL:50m
- ssl_session_tickets off
fcgicache:
- fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:100m inactive=60m
- fastcgi_cache_key "$scheme$request_method$host$request_uri"
- fastcgi_cache_use_stale error timeout invalid_header http_500
- fastcgi_ignore_headers Cache-Control Expires Set-Cookie
- add_header rt-Fastcgi-Cache $upstream_cache_status