Add owncloud and prevent nginx from dotdeb
parent
8fb3829860
commit
26c93c9315
|
@ -110,3 +110,10 @@ nginx_ssl_pairs: []
|
||||||
nginx_dh: null
|
nginx_dh: null
|
||||||
nginx_dh_path: '{{ nginx_ssl_dir }}/dhparam.pem'
|
nginx_dh_path: '{{ nginx_ssl_dir }}/dhparam.pem'
|
||||||
nginx_dh_length: 2048
|
nginx_dh_length: 2048
|
||||||
|
|
||||||
|
# Extra
|
||||||
|
|
||||||
|
# Note:
|
||||||
|
# - On Debian, if you use Owncloud from Upstream repository, you must set this var to "/var/www/owncloud"
|
||||||
|
# - TODO: force this var in vars/FreeBSD.yml
|
||||||
|
nginx_owncloud_root: '/usr/share/owncloud'
|
||||||
|
|
|
@ -41,6 +41,7 @@ Templates
|
||||||
- `_dokuwiki`
|
- `_dokuwiki`
|
||||||
- `_redirect`: should not be called explicitly
|
- `_redirect`: should not be called explicitly
|
||||||
- `_nagios3`: access to Nagios3 (be careful: you need to install [fcgiwrap](https://packages.debian.org/jessie/fcgiwrap))
|
- `_nagios3`: access to Nagios3 (be careful: you need to install [fcgiwrap](https://packages.debian.org/jessie/fcgiwrap))
|
||||||
|
- `_owncloud`: access to Owncloud (note: you must set `nginx_apt_package` to //nginx-extras//)
|
||||||
- `_phalcon`: Phalcon PHP Framework
|
- `_phalcon`: Phalcon PHP Framework
|
||||||
- `_php`: PHP base template. Can work with many frameworks/tools
|
- `_php`: PHP base template. Can work with many frameworks/tools
|
||||||
- `_php_index`: Same as above. But you can only run index.php
|
- `_php_index`: Same as above. But you can only run index.php
|
||||||
|
|
|
@ -50,11 +50,13 @@ server {
|
||||||
index {{ item.index | default('index.html index.htm') }};
|
index {{ item.index | default('index.html index.htm') }};
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block template_more %}
|
||||||
{% if item.more is defined and item.more is iterable %}
|
{% if item.more is defined and item.more is iterable %}
|
||||||
{% for line in item.more %}
|
{% for line in item.more %}
|
||||||
{{ line }}
|
{{ line }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
{% if item.htpasswd is defined %}
|
{% if item.htpasswd is defined %}
|
||||||
{{ htpasswd(item.htpasswd, 1) }}
|
{{ htpasswd(item.htpasswd, 1) }}
|
||||||
|
@ -81,6 +83,19 @@ server {
|
||||||
{% block template_custom_location %}
|
{% block template_custom_location %}
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
|
{% if __location is iterable and __location | length > 0 %}
|
||||||
|
# --> Custom locations
|
||||||
|
{% for location, opts in __location.iteritems() %}
|
||||||
|
location {{ location }} {
|
||||||
|
{% for opt in opts %}
|
||||||
|
{% if opt.htpasswd is defined %}{{ htpasswd(opt.htpasswd, 2) }}{% else %}
|
||||||
|
{{ opt }}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
{% endfor %} # <-- Custom locations
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% block template_local_content %}
|
{% block template_local_content %}
|
||||||
{% if item.manage_local_content is not defined or item.manage_local_content %}
|
{% if item.manage_local_content is not defined or item.manage_local_content %}
|
||||||
location ~ /\.ht {
|
location ~ /\.ht {
|
||||||
|
@ -100,19 +115,6 @@ server {
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% if __location is iterable and __location | length > 0 %}
|
|
||||||
# --> Custom locations
|
|
||||||
{% for location, opts in __location.iteritems() %}
|
|
||||||
location {{ location }} {
|
|
||||||
{% for opt in opts %}
|
|
||||||
{% if opt.htpasswd is defined %}{{ htpasswd(opt.htpasswd, 2) }}{% else %}
|
|
||||||
{{ opt }}
|
|
||||||
{% endif %}
|
|
||||||
{% endfor %}
|
|
||||||
}
|
|
||||||
{% endfor %} # <-- Custom locations
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if item.use_access_log is defined %}
|
{% if item.use_access_log is defined %}
|
||||||
{% if item.use_access_log %}
|
{% if item.use_access_log %}
|
||||||
access_log {{ nginx_log_dir }}/{{ __main_name }}_access.log combined;
|
access_log {{ nginx_log_dir }}/{{ __main_name }}_access.log combined;
|
||||||
|
|
|
@ -0,0 +1,69 @@
|
||||||
|
{% extends "_php.j2" %}
|
||||||
|
|
||||||
|
{% block root %}
|
||||||
|
root {{ nginx_owncloud_root }};
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block template_index %}
|
||||||
|
index index.php;
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block more %}
|
||||||
|
error_page 403 /core/templates/403.php;
|
||||||
|
error_page 404 /core/templates/404.php;
|
||||||
|
gzip off;
|
||||||
|
client_max_body_size 10G;
|
||||||
|
fastcgi_buffers 64 4K;
|
||||||
|
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
|
||||||
|
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
|
||||||
|
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block template_headers %}
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
add_header X-Robots-Tag none;
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
add_header X-Download-Options noopen;
|
||||||
|
add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
|
add_header X-Frame-Options SAMEORIGIN;
|
||||||
|
{% endblock %}
|
||||||
|
|
||||||
|
{% block template_upstream_location %}
|
||||||
|
location ~ /remote.php {
|
||||||
|
dav_methods PUT DELETE MKCOL COPY MOVE;
|
||||||
|
dav_ext_methods PROPFIND OPTIONS;
|
||||||
|
fastcgi_pass {{ php_upstream }};
|
||||||
|
fastcgi_param HOME /var/www/owncloud;
|
||||||
|
fastcgi_param HTTP_HOME /var/www/owncloud;
|
||||||
|
fastcgi_param PATH /usr/local/bin:/usr/bin:/bin;
|
||||||
|
fastcgi_param modHeadersAvailable true;
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
{% if nginx_version.stdout | version_compare('1.6.1', 'lt') %}
|
||||||
|
include fastcgi_params;
|
||||||
|
{% else %}
|
||||||
|
include fastcgi.conf;
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
fastcgi_pass {{ php_upstream }};
|
||||||
|
fastcgi_index index.php;
|
||||||
|
fastcgi_param HOME /var/www/owncloud;
|
||||||
|
fastcgi_param HTTP_HOME /var/www/owncloud;
|
||||||
|
fastcgi_param PATH /usr/local/bin:/usr/bin:/bin;
|
||||||
|
fastcgi_param modHeadersAvailable true;
|
||||||
|
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||||
|
{% if nginx_version.stdout | version_compare('1.6.1', 'lt') %}
|
||||||
|
include fastcgi_params;
|
||||||
|
{% else %}
|
||||||
|
include fastcgi.conf;
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~* \.(?:css|js)$ {
|
||||||
|
try_files $uri /index.php$uri$is_args$args;
|
||||||
|
add_header Cache-Control "public, max-age=7200";
|
||||||
|
expires 2h;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
{% endblock %}
|
|
@ -1,10 +1,11 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
- name: APT | Install web apps
|
- name: APT | Install web apps
|
||||||
apt: pkg={{ item }} state=present
|
apt: pkg={{ item }} state=present install_recommends=no
|
||||||
with_items:
|
with_items:
|
||||||
- nagios3
|
|
||||||
- backuppc
|
- backuppc
|
||||||
|
- nagios3
|
||||||
|
- owncloud
|
||||||
|
|
||||||
- name: SERVICE | Ensure backuppc is started
|
- name: SERVICE | Ensure backuppc is started
|
||||||
service: name=backuppc state=started
|
service: name=backuppc state=started
|
||||||
|
|
|
@ -8,6 +8,10 @@
|
||||||
apt_key: url='http://www.dotdeb.org/dotdeb.gpg' state=present
|
apt_key: url='http://www.dotdeb.org/dotdeb.gpg' state=present
|
||||||
- name: APT_REPOSITORY | Install dotdeb (PHP 7)
|
- name: APT_REPOSITORY | Install dotdeb (PHP 7)
|
||||||
apt_repository: repo='deb http://packages.dotdeb.org {{ ansible_distribution_release }} all' state=present
|
apt_repository: repo='deb http://packages.dotdeb.org {{ ansible_distribution_release }} all' state=present
|
||||||
|
- name: LINEFILEFILE | Dotdeb priority (prevent install nginx from dotdeb)
|
||||||
|
copy: >
|
||||||
|
content="Package: *\nPin: release o=packages.dotdeb.org\nPin-Priority: 100"
|
||||||
|
dest=/etc/apt/preferences
|
||||||
when: ansible_distribution_release == 'jessie'
|
when: ansible_distribution_release == 'jessie'
|
||||||
|
|
||||||
- name: APT | Install needed packages
|
- name: APT | Install needed packages
|
||||||
|
|
|
@ -15,6 +15,7 @@
|
||||||
int_ansible_ssl_dir: '/etc/ansible-ssl'
|
int_ansible_ssl_dir: '/etc/ansible-ssl'
|
||||||
# Role vars
|
# Role vars
|
||||||
nginx_worker_processes: 1 # Ansible+FreeBSD can't detect CPU number
|
nginx_worker_processes: 1 # Ansible+FreeBSD can't detect CPU number
|
||||||
|
nginx_apt_package: 'nginx-extras'
|
||||||
nginx_backports: true
|
nginx_backports: true
|
||||||
nginx_php5: true
|
nginx_php5: true
|
||||||
nginx_php7: true
|
nginx_php7: true
|
||||||
|
@ -189,6 +190,8 @@
|
||||||
template: '_base'
|
template: '_base'
|
||||||
ssl_name: 'test-ssl.local'
|
ssl_name: 'test-ssl.local'
|
||||||
redirect_https: true
|
redirect_https: true
|
||||||
|
- name: 'owncloud.local'
|
||||||
|
template: '_owncloud'
|
||||||
nginx_dh_length: 1024
|
nginx_dh_length: 1024
|
||||||
roles:
|
roles:
|
||||||
- ../../
|
- ../../
|
||||||
|
|
|
@ -28,9 +28,10 @@ nginx_dirs:
|
||||||
- "{{ nginx_helper_dir }}"
|
- "{{ nginx_helper_dir }}"
|
||||||
|
|
||||||
nginx_templates_no_dir:
|
nginx_templates_no_dir:
|
||||||
- '_proxy'
|
|
||||||
- '_nagios3'
|
|
||||||
- '_backuppc'
|
- '_backuppc'
|
||||||
|
- '_nagios3'
|
||||||
|
- '_owncloud'
|
||||||
|
- '_proxy'
|
||||||
|
|
||||||
nginx_upstream_php5: 'php5'
|
nginx_upstream_php5: 'php5'
|
||||||
nginx_upstream_php7: 'php7'
|
nginx_upstream_php7: 'php7'
|
||||||
|
|
Loading…
Reference in New Issue