Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nginx role improvements: use more h5bp configs #428

Merged
merged 3 commits into from
Nov 30, 2015
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
### HEAD
* Nginx role improvements: use more h5bp configs ([#428](https://github.com/roots/trellis/pull/428))
* Add global `deploy_before` and `deploy_after` hooks ([#427](https://github.com/roots/trellis/pull/427))
* Fix HSTS headers ([#424](https://github.com/roots/trellis/pull/424))
* Notify Windows users about SSH forwarding ([#423](https://github.com/roots/trellis/pull/423))
2 changes: 1 addition & 1 deletion group_vars/development/wordpress_sites.yml
Original file line number Diff line number Diff line change
@@ -13,7 +13,7 @@ wordpress_sites:
enabled: false
subdomains: false
ssl:
enabled: true
enabled: false
cache:
enabled: false
duration: 30s
1 change: 1 addition & 0 deletions roles/nginx/defaults/main.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
---
nginx_path: /etc/nginx
nginx_logs_root: /var/log/nginx
nginx_user: www-data
strip_www: true
50 changes: 35 additions & 15 deletions roles/nginx/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,43 +1,63 @@
---
- name: Add Nginx PPA
apt_repository: repo="ppa:nginx/stable" update_cache=yes
apt_repository:
repo: "ppa:nginx/stable"
update_cache: yes

- name: Install Nginx
apt: name=nginx state=present force=yes
apt:
name: nginx
state: present
force: yes

- name: Create SSL directory
file: dest=/etc/nginx/ssl state=directory
file:
dest: "{{ nginx_path }}/ssl"
state: directory

- name: Generate strong unique Diffie-Hellman group.
command: openssl dhparam -out dhparams.pem 2048
args:
chdir: /etc/nginx/ssl/
creates: /etc/nginx/ssl/dhparams.pem
chdir: "{{ nginx_path }}/ssl"
creates: "{{ nginx_path }}/ssl/dhparams.pem"
notify: reload nginx

- name: Grab h5bp/server-configs-nginx
git: repo="https://github.com/h5bp/server-configs-nginx.git"
dest=/etc/nginx/h5bp-server-configs
version=82181a672a7c26f9bc8744fead80318d8a2520b1
force=yes
git:
repo: "https://github.com/h5bp/server-configs-nginx.git"
dest: "{{ nginx_path }}/h5bp-server-configs"
version: 82181a672a7c26f9bc8744fead80318d8a2520b1
force: yes

- name: Move h5bp configs
command: creates=/etc/nginx/h5bp/ cp -R /etc/nginx/h5bp-server-configs/h5bp /etc/nginx/h5bp
command: cp -R {{ nginx_path }}/h5bp-server-configs/h5bp {{ nginx_path }}/h5bp
args:
creates: "{{ nginx_path }}/h5bp/"

- name: Create nginx.conf
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
template:
src: nginx.conf.j2
dest: "{{ nginx_path }}/nginx.conf"
notify: reload nginx

- name: Disable default server
file: path=/etc/nginx/sites-enabled/default state=absent
file:
path: "{{ nginx_path }}/sites-enabled/default"
state: absent
notify: reload nginx

- name: Enable better default site to drop unknown requests
command: creates=/etc/nginx/sites-enabled/no-default.conf cp /etc/nginx/h5bp-server-configs/sites-available/no-default /etc/nginx/sites-enabled/no-default.conf
command: cp {{ nginx_path }}/h5bp-server-configs/sites-available/no-default {{ nginx_path }}/sites-enabled/no-default.conf
args:
creates: "{{ nginx_path }}/sites-enabled/no-default.conf"
notify: reload nginx

- name: Create base WordPress config
template: src=wordpress.conf.j2 dest=/etc/nginx/wordpress.conf
template:
src: wordpress.conf.j2
dest: "{{ nginx_path }}/wordpress.conf"

- name: Create base WordPress subdirectory Multisite config
template: src=wordpress_multisite_subdirectories.conf.j2 dest=/etc/nginx/wordpress_multisite_subdirectories.conf
template:
src: wordpress_multisite_subdirectories.conf.j2
dest: "{{ nginx_path }}/wordpress_multisite_subdirectories.conf"