commit d1c1e9d63c67c6a194548a2bd8568abc20eed252 Author: Yohann Dedy Date: Fri Apr 17 00:55:41 2020 +0200 Premier commit diff --git a/files/munin/nginx_status b/files/munin/nginx_status new file mode 100644 index 0000000..4e7033f --- /dev/null +++ b/files/munin/nginx_status @@ -0,0 +1,2 @@ +[nginx*] + env.url http://127.0.0.1/nginx_status diff --git a/files/nginx/nginx_status b/files/nginx/nginx_status new file mode 100644 index 0000000..26e430d --- /dev/null +++ b/files/nginx/nginx_status @@ -0,0 +1,11 @@ + server { + listen 127.0.0.1; + server_name localhost; + location /nginx_status { + stub_status on; + access_log off; + allow 127.0.0.1; + deny all; + } + } + diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..5a82900 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,6 @@ +--- +# handlers file for nginx +- name: restart nginx + service: + name: nginx + state: restarted diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..21f366e --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,70 @@ +--- +# tasks file for nginx +- name: Verifie si repo nginx disponbile pour cette version de Debian + uri: + url: "http://nginx.org/packages/debian/dists/{{ ansible_distribution_release }}" + method: HEAD + register: uri_result + failed_when: uri_result.status is undefined or uri_result.status <= 0 or uri_result.status > 400 + +- name: "Ajout clé nginx" + apt_key: + id: ABF5BD827BD9BF62 + url: https://nginx.org/keys/nginx_signing.key + state: present + +- name: "Ajout repo nginx" + apt_repository: + repo: 'deb http://nginx.org/packages/debian {{ ansible_distribution_release }} nginx' + +- name: Installation des paquets nginx et certbot + apt: + state: latest + pkg: + - nginx + - python3-certbot + - python3-certbot-nginx + - libwww-perl + +- name: Copier la config nginx + template: + src: nginx.conf.j2 + dest: "/etc/nginx/nginx.conf" + mode: 0644 + +- name: Suppression site par defaut + file: + path: "/etc/nginx/conf.d/default.conf" + state: absent + +- name: Verifie la presence de munin-node + package_facts: + manager: "auto" + +- name: Copier la conf nginx_status + copy: + src: "nginx/nginx_status.conf" + dest: "/etc/nginx/conf.d/nginx_status.conf" + notify: restart nginx + +- name: Ajouter les plugins nginx_status + file: + src: "/usr/share/munin/plugins/nginx_status" + dest: "/etc/munin/plugins/nginx_status" + state: link + +- name: Ajouter le plugin nginx_request + file: + src: "/usr/share/munin/plugins/nginx_request" + dest: "/etc/munin/plugins/nginx_request" + +- name: Copier la configuration du plugin nginx de munin + copy: + src: "munin/nginx_status" + dest: "/etc/munin/plugin-conf.d/nginx_status" + +- name: Activer le service + systemd: + name: nginx + state: started + enabled: yes diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 new file mode 100644 index 0000000..5473e4d --- /dev/null +++ b/templates/nginx.conf.j2 @@ -0,0 +1,39 @@ +user nginx; +worker_processes {{ ansible_processor_vcpus }}; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + + ## + # SSL Settings + ## + + ssl_protocols TLSv1.3 TLSv1.2; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + include /etc/nginx/conf.d/*.conf; +} +