c3lf/c3lf-system-3
7
0
Fork 0
Code Issues 51 Pull requests Projects 2 Releases Wiki Activity Actions

fix initial nginx ssl deployment in ansible playbook

Browse source
This commit is contained in:
j3d1 2024-01-07 17:36:35 +01:00
parent 8f7c037606
commit 258065eec3
4 changed files with 50 additions and 16254 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -5,3 +5,4 @@
staticfiles/ staticfiles/
userfiles/ userfiles/
*.db

47
deploy/ansible/playbooks/deploy-c3lf-sys3.yml
View file

@ -78,6 +78,7 @@
- python3-certbot-nginx - python3-certbot-nginx
- mariadb-server - mariadb-server
- python3-dev - python3-dev
- python3-mysqldb
- default-libmysqlclient-dev - default-libmysqlclient-dev
- build-essential - build-essential
- postfix - postfix
@ -133,18 +134,34 @@
path: /etc/letsencrypt/live/{{web_domain}}/fullchain.pem path: /etc/letsencrypt/live/{{web_domain}}/fullchain.pem
register: certbot_cert_exists register: certbot_cert_exists
- name: Check nginx ssl config
stat:
path: /etc/letsencrypt/options-ssl-nginx.conf
register: nginx_ssl_config_exists
- block: - block:
- name: stop nginx - name: stop nginx
service: service:
name: nginx name: nginx
state: stopped state: stopped
- name: disable c3lf-sys3 site
file:
path: /etc/nginx/sites-enabled/c3lf-sys3.conf
state: absent
- name: add certbot domain - name: add certbot domain
command: "certbot certonly --standalone -d {{web_domain}} --non-interactive --agree-tos --email {{main_email}}" command: "certbot certonly --standalone -d {{web_domain}} --non-interactive --agree-tos --email {{main_email}}"
- name: install letsencrypt ssl config
command: "certbot install --nginx --non-interactive"
- name: enable c3lf-sys3 site
file:
src: /etc/nginx/sites-available/c3lf-sys3.conf
dest: /etc/nginx/sites-enabled/c3lf-sys3.conf
state: link
- name: start nginx - name: start nginx
service: service:
name: nginx name: nginx
state: started state: started
when: certbot_cert_exists.stat.exists == false when: certbot_cert_exists.stat.exists == false or nginx_ssl_config_exists.stat.exists == false
- name: Enable certbot auto renew - name: Enable certbot auto renew
cron: cron:
@ -171,6 +188,12 @@
notify: notify:
- restart nginx - restart nginx
- name: Initially start nginx
service:
name: nginx
state: started
enabled: yes
- name: create database - name: create database
mysql_db: mysql_db:
name: c3lf_sys3 name: c3lf_sys3
@ -185,6 +208,14 @@
state: present state: present
login_unix_socket: /var/run/mysqld/mysqld.sock login_unix_socket: /var/run/mysqld/mysqld.sock
- name: configure webdir
file:
path: /var/www
state: directory
owner: www-data
group: www-data
mode: 0755
- name: configure webdir - name: configure webdir
file: file:
path: /var/www/c3lf-sys3 path: /var/www/c3lf-sys3
@ -235,11 +266,19 @@
dest: /var/www/c3lf-sys3/repo/core/.env dest: /var/www/c3lf-sys3/repo/core/.env
- name: migrate database - name: migrate database
command: "/var/www/c3lf-sys3/venv/bin/python /var/www/c3lf-sys3/repo/core/manage.py migrate" shell: "/var/www/c3lf-sys3/venv/bin/python /var/www/c3lf-sys3/repo/core/manage.py migrate"
when: git_repo.changed == true when: git_repo.changed == true
- name: create superuser
shell: "/var/www/c3lf-sys3/venv/bin/python /var/www/c3lf-sys3/repo/core/manage.py createsuperuser --noinput || true"
when: git_repo.changed == true
environment:
DJANGO_SUPERUSER_USERNAME: admin
DJANGO_SUPERUSER_PASSWORD: "{{ django_password }}"
DJANGO_SUPERUSER_EMAIL: "{{ main_email }}"
- name: collect static files - name: collect static files
command: "/var/www/c3lf-sys3/venv/bin/python /var/www/c3lf-sys3/repo/core/manage.py collectstatic --noinput" shell: "/var/www/c3lf-sys3/venv/bin/python /var/www/c3lf-sys3/repo/core/manage.py collectstatic --noinput"
when: git_repo.changed == true when: git_repo.changed == true
- name: js config - name: js config
@ -247,7 +286,7 @@
src: templates/config.js.j2 src: templates/config.js.j2
dest: /var/www/c3lf-sys3/repo/web/src/config.js dest: /var/www/c3lf-sys3/repo/web/src/config.js
- name: build install dependencies - name: install build dependencies
command: command:
cmd: "npm install" cmd: "npm install"
chdir: /var/www/c3lf-sys3/repo/web chdir: /var/www/c3lf-sys3/repo/web

10
deploy/ansible/playbooks/templates/nginx.conf.j2
View file

@ -12,9 +12,6 @@ server {
server_name {{ web_domain }}; server_name {{ web_domain }};
client_max_body_size 1024M; client_max_body_size 1024M;
auth_basic C3LF;
auth_basic_user_file conf.d/lf-prod.htpasswd;
location / { location / {
add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, DELETE, PUT';
@ -32,7 +29,7 @@ server {
proxy_pass http://c3lf-sys3; proxy_pass http://c3lf-sys3;
} }
location /api { location ~ ^/(api|media)/ {
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
@ -41,6 +38,11 @@ server {
proxy_redirect off; proxy_redirect off;
proxy_buffering off; proxy_buffering off;
proxy_pass http://c3lf-sys3; proxy_pass http://c3lf-sys3;
location ~ ^/api/1 {
auth_basic C3LF;
auth_basic_user_file conf.d/lf-prod.htpasswd;
}
} }
location /djangoadmin { location /djangoadmin {

16246
web/package-lock.json generated
View file

File diff suppressed because it is too large Load diff