Add owncloud and prevent nginx from dotdeb

pull/22/head
Emilien Mantel 2016-08-10 21:29:03 +02:00
parent 8fb3829860
commit 26c93c9315
8 changed files with 105 additions and 17 deletions

View File

@ -110,3 +110,10 @@ nginx_ssl_pairs: []
nginx_dh: null nginx_dh: null
nginx_dh_path: '{{ nginx_ssl_dir }}/dhparam.pem' nginx_dh_path: '{{ nginx_ssl_dir }}/dhparam.pem'
nginx_dh_length: 2048 nginx_dh_length: 2048
# Extra
# Note:
# - On Debian, if you use Owncloud from Upstream repository, you must set this var to "/var/www/owncloud"
# - TODO: force this var in vars/FreeBSD.yml
nginx_owncloud_root: '/usr/share/owncloud'

View File

@ -41,6 +41,7 @@ Templates
- `_dokuwiki` - `_dokuwiki`
- `_redirect`: should not be called explicitly - `_redirect`: should not be called explicitly
- `_nagios3`: access to Nagios3 (be careful: you need to install [fcgiwrap](https://packages.debian.org/jessie/fcgiwrap)) - `_nagios3`: access to Nagios3 (be careful: you need to install [fcgiwrap](https://packages.debian.org/jessie/fcgiwrap))
- `_owncloud`: access to Owncloud (note: you must set `nginx_apt_package` to //nginx-extras//)
- `_phalcon`: Phalcon PHP Framework - `_phalcon`: Phalcon PHP Framework
- `_php`: PHP base template. Can work with many frameworks/tools - `_php`: PHP base template. Can work with many frameworks/tools
- `_php_index`: Same as above. But you can only run index.php - `_php_index`: Same as above. But you can only run index.php

View File

@ -50,11 +50,13 @@ server {
index {{ item.index | default('index.html index.htm') }}; index {{ item.index | default('index.html index.htm') }};
{% endblock %} {% endblock %}
{% block template_more %}
{% if item.more is defined and item.more is iterable %} {% if item.more is defined and item.more is iterable %}
{% for line in item.more %} {% for line in item.more %}
{{ line }} {{ line }}
{% endfor %} {% endfor %}
{% endif %} {% endif %}
{% endblock %}
{% if item.htpasswd is defined %} {% if item.htpasswd is defined %}
{{ htpasswd(item.htpasswd, 1) }} {{ htpasswd(item.htpasswd, 1) }}
@ -81,6 +83,19 @@ server {
{% block template_custom_location %} {% block template_custom_location %}
{% endblock %} {% endblock %}
{% if __location is iterable and __location | length > 0 %}
# --> Custom locations
{% for location, opts in __location.iteritems() %}
location {{ location }} {
{% for opt in opts %}
{% if opt.htpasswd is defined %}{{ htpasswd(opt.htpasswd, 2) }}{% else %}
{{ opt }}
{% endif %}
{% endfor %}
}
{% endfor %} # <-- Custom locations
{% endif %}
{% block template_local_content %} {% block template_local_content %}
{% if item.manage_local_content is not defined or item.manage_local_content %} {% if item.manage_local_content is not defined or item.manage_local_content %}
location ~ /\.ht { location ~ /\.ht {
@ -100,19 +115,6 @@ server {
{% endif %} {% endif %}
{% endblock %} {% endblock %}
{% if __location is iterable and __location | length > 0 %}
# --> Custom locations
{% for location, opts in __location.iteritems() %}
location {{ location }} {
{% for opt in opts %}
{% if opt.htpasswd is defined %}{{ htpasswd(opt.htpasswd, 2) }}{% else %}
{{ opt }}
{% endif %}
{% endfor %}
}
{% endfor %} # <-- Custom locations
{% endif %}
{% if item.use_access_log is defined %} {% if item.use_access_log is defined %}
{% if item.use_access_log %} {% if item.use_access_log %}
access_log {{ nginx_log_dir }}/{{ __main_name }}_access.log combined; access_log {{ nginx_log_dir }}/{{ __main_name }}_access.log combined;

View File

@ -0,0 +1,69 @@
{% extends "_php.j2" %}
{% block root %}
root {{ nginx_owncloud_root }};
{% endblock %}
{% block template_index %}
index index.php;
{% endblock %}
{% block more %}
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
gzip off;
client_max_body_size 10G;
fastcgi_buffers 64 4K;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
{% endblock %}
{% block template_headers %}
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Content-Type-Options nosniff;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options SAMEORIGIN;
{% endblock %}
{% block template_upstream_location %}
location ~ /remote.php {
dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS;
fastcgi_pass {{ php_upstream }};
fastcgi_param HOME /var/www/owncloud;
fastcgi_param HTTP_HOME /var/www/owncloud;
fastcgi_param PATH /usr/local/bin:/usr/bin:/bin;
fastcgi_param modHeadersAvailable true;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
{% if nginx_version.stdout | version_compare('1.6.1', 'lt') %}
include fastcgi_params;
{% else %}
include fastcgi.conf;
{% endif %}
}
location ~ \.php$ {
fastcgi_pass {{ php_upstream }};
fastcgi_index index.php;
fastcgi_param HOME /var/www/owncloud;
fastcgi_param HTTP_HOME /var/www/owncloud;
fastcgi_param PATH /usr/local/bin:/usr/bin:/bin;
fastcgi_param modHeadersAvailable true;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
{% if nginx_version.stdout | version_compare('1.6.1', 'lt') %}
include fastcgi_params;
{% else %}
include fastcgi.conf;
{% endif %}
}
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
expires 2h;
access_log off;
}
{% endblock %}

View File

@ -1,10 +1,11 @@
--- ---
- name: APT | Install web apps - name: APT | Install web apps
apt: pkg={{ item }} state=present apt: pkg={{ item }} state=present install_recommends=no
with_items: with_items:
- nagios3
- backuppc - backuppc
- nagios3
- owncloud
- name: SERVICE | Ensure backuppc is started - name: SERVICE | Ensure backuppc is started
service: name=backuppc state=started service: name=backuppc state=started

View File

@ -8,6 +8,10 @@
apt_key: url='http://www.dotdeb.org/dotdeb.gpg' state=present apt_key: url='http://www.dotdeb.org/dotdeb.gpg' state=present
- name: APT_REPOSITORY | Install dotdeb (PHP 7) - name: APT_REPOSITORY | Install dotdeb (PHP 7)
apt_repository: repo='deb http://packages.dotdeb.org {{ ansible_distribution_release }} all' state=present apt_repository: repo='deb http://packages.dotdeb.org {{ ansible_distribution_release }} all' state=present
- name: LINEFILEFILE | Dotdeb priority (prevent install nginx from dotdeb)
copy: >
content="Package: *\nPin: release o=packages.dotdeb.org\nPin-Priority: 100"
dest=/etc/apt/preferences
when: ansible_distribution_release == 'jessie' when: ansible_distribution_release == 'jessie'
- name: APT | Install needed packages - name: APT | Install needed packages

View File

@ -15,6 +15,7 @@
int_ansible_ssl_dir: '/etc/ansible-ssl' int_ansible_ssl_dir: '/etc/ansible-ssl'
# Role vars # Role vars
nginx_worker_processes: 1 # Ansible+FreeBSD can't detect CPU number nginx_worker_processes: 1 # Ansible+FreeBSD can't detect CPU number
nginx_apt_package: 'nginx-extras'
nginx_backports: true nginx_backports: true
nginx_php5: true nginx_php5: true
nginx_php7: true nginx_php7: true
@ -189,6 +190,8 @@
template: '_base' template: '_base'
ssl_name: 'test-ssl.local' ssl_name: 'test-ssl.local'
redirect_https: true redirect_https: true
- name: 'owncloud.local'
template: '_owncloud'
nginx_dh_length: 1024 nginx_dh_length: 1024
roles: roles:
- ../../ - ../../

View File

@ -28,9 +28,10 @@ nginx_dirs:
- "{{ nginx_helper_dir }}" - "{{ nginx_helper_dir }}"
nginx_templates_no_dir: nginx_templates_no_dir:
- '_proxy'
- '_nagios3'
- '_backuppc' - '_backuppc'
- '_nagios3'
- '_owncloud'
- '_proxy'
nginx_upstream_php5: 'php5' nginx_upstream_php5: 'php5'
nginx_upstream_php7: 'php7' nginx_upstream_php7: 'php7'