fix initial nginx ssl deployment in ansible playbook

2024-01-07 17:36:35 +01:00 · 2024-01-07 17:36:35 +01:00 · 258065eec3
commit 258065eec3
parent 8f7c037606
4 changed files with 50 additions and 16254 deletions
--- a/.gitignore
+++ b/.gitignore
@ -5,3 +5,4 @@

 staticfiles/
 userfiles/
+*.db
--- a/deploy/ansible/playbooks/deploy-c3lf-sys3.yml
+++ b/deploy/ansible/playbooks/deploy-c3lf-sys3.yml
@ -78,6 +78,7 @@
          - python3-certbot-nginx
          - mariadb-server
          - python3-dev
+          - python3-mysqldb
          - default-libmysqlclient-dev
          - build-essential
          - postfix
@ -133,18 +134,34 @@
        path: /etc/letsencrypt/live/{{web_domain}}/fullchain.pem
      register: certbot_cert_exists

+    - name: Check nginx ssl config
+      stat:
+        path: /etc/letsencrypt/options-ssl-nginx.conf
+      register: nginx_ssl_config_exists
+
    - block:
        - name: stop nginx
          service:
            name: nginx
            state: stopped
+        - name: disable c3lf-sys3 site
+          file:
+            path: /etc/nginx/sites-enabled/c3lf-sys3.conf
+            state: absent
        - name: add certbot domain
          command: "certbot certonly --standalone -d {{web_domain}} --non-interactive --agree-tos --email {{main_email}}"
+        - name: install letsencrypt ssl config
+          command: "certbot install --nginx --non-interactive"
+        - name: enable c3lf-sys3 site
+          file:
+            src: /etc/nginx/sites-available/c3lf-sys3.conf
+            dest: /etc/nginx/sites-enabled/c3lf-sys3.conf
+            state: link
        - name: start nginx
          service:
            name: nginx
            state: started
-      when: certbot_cert_exists.stat.exists == false
+      when: certbot_cert_exists.stat.exists == false or nginx_ssl_config_exists.stat.exists == false

    - name: Enable certbot auto renew
      cron:
@ -171,6 +188,12 @@
      notify:
        - restart nginx

+    - name: Initially start nginx
+      service:
+        name: nginx
+        state: started
+        enabled: yes
+
    - name: create database
      mysql_db:
        name: c3lf_sys3
@ -185,6 +208,14 @@
        state: present
        login_unix_socket: /var/run/mysqld/mysqld.sock

+    - name: configure webdir
+      file:
+        path: /var/www
+        state: directory
+        owner: www-data
+        group: www-data
+        mode: 0755
+
    - name: configure webdir
      file:
        path: /var/www/c3lf-sys3
@ -235,11 +266,19 @@
            dest: /var/www/c3lf-sys3/repo/core/.env

        - name: migrate database
-          command: "/var/www/c3lf-sys3/venv/bin/python /var/www/c3lf-sys3/repo/core/manage.py migrate"
+          shell: "/var/www/c3lf-sys3/venv/bin/python /var/www/c3lf-sys3/repo/core/manage.py migrate"
          when: git_repo.changed == true

+        - name: create superuser
+          shell: "/var/www/c3lf-sys3/venv/bin/python /var/www/c3lf-sys3/repo/core/manage.py createsuperuser --noinput || true"
+          when: git_repo.changed == true
+          environment:
+            DJANGO_SUPERUSER_USERNAME: admin
+            DJANGO_SUPERUSER_PASSWORD: "{{ django_password }}"
+            DJANGO_SUPERUSER_EMAIL: "{{ main_email }}"
+
        - name: collect static files
-          command: "/var/www/c3lf-sys3/venv/bin/python /var/www/c3lf-sys3/repo/core/manage.py collectstatic --noinput"
+          shell: "/var/www/c3lf-sys3/venv/bin/python /var/www/c3lf-sys3/repo/core/manage.py collectstatic --noinput"
          when: git_repo.changed == true

        - name: js config
@ -247,7 +286,7 @@
            src: templates/config.js.j2
            dest: /var/www/c3lf-sys3/repo/web/src/config.js

-        - name: build install dependencies
+        - name: install build dependencies
          command:
            cmd: "npm install"
            chdir: /var/www/c3lf-sys3/repo/web
--- a/deploy/ansible/playbooks/templates/nginx.conf.j2
+++ b/deploy/ansible/playbooks/templates/nginx.conf.j2
@ -12,9 +12,6 @@ server {
    server_name {{ web_domain }};
    client_max_body_size 1024M;

-    auth_basic C3LF;
-    auth_basic_user_file conf.d/lf-prod.htpasswd;
-
    location / {
        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT';
@ -32,7 +29,7 @@ server {
        proxy_pass http://c3lf-sys3;
    }

-    location /api {
+    location ~ ^/(api|media)/ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
@ -41,6 +38,11 @@ server {
        proxy_redirect off;
        proxy_buffering off;
        proxy_pass http://c3lf-sys3;
+
+        location ~ ^/api/1 {
+            auth_basic C3LF;
+            auth_basic_user_file conf.d/lf-prod.htpasswd;
+        }
    }

    location /djangoadmin {
--- a/web/package-lock.json
+++ b/web/package-lock.json