removed old nginx config

08555a45 · void · 58cf22c3 · 58cf22c3 · 58cf22c3 · 58cf22c3
Commit 08555a45 authored 2 years ago by void
--- a/common/nginx/handlers/main.yml
+++ b/common/nginx/handlers/main.yml
---
- name: restart nginx
-  service: name=nginx state=restarted
- name: restart telegraf
-  service: name=telegraf state=restarted
--- a/common/nginx/includes/_ssl_common_settings
+++ b/common/nginx/includes/_ssl_common_settings
-	ssl_session_cache shared:SSL:5m;
-	ssl_session_timeout 5m;
-	add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
-	ssl_protocols TLSv1.2;
-	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;	
-	ssl_prefer_server_ciphers on;   
\ No newline at end of file
--- a/common/nginx/includes/esphome.warpzone
+++ b/common/nginx/includes/esphome.warpzone
-    location /  {
-        	proxy_set_header        Host $host;
-        	proxy_set_header        X-Real-IP $remote_addr;
-	        proxy_pass      http://127.0.0.1:42006/;
-        	proxy_redirect  off;
-    }
--- a/common/nginx/includes/infra.warpzone
+++ b/common/nginx/includes/infra.warpzone
-    location /static {
-        alias /tmp/warpinfra/static; # your Django project's static files - amend as required
-    }
-    location / {
-        uwsgi_pass  unix:///tmp/warpinfra/warpinfra.sock; 
-        include     /etc/nginx/uwsgi_params; # the uwsgi_params file you installed
-    }
--- a/common/nginx/includes/ldap.warpzone
+++ b/common/nginx/includes/ldap.warpzone
-    location /  {
-        	proxy_set_header        Host $host;
-        	proxy_set_header        X-Real-IP $remote_addr;
-	        proxy_pass      http://127.0.0.1:42004/;
-        	proxy_redirect  off;
-    }
--- a/common/nginx/includes/unifi.warpone
+++ b/common/nginx/includes/unifi.warpone
-    location / {
-      rewrite     ^(.*)   https://warpsrvint:8443$1;
-    }
--- a/common/nginx/tasks/config_site.yml
+++ b/common/nginx/tasks/config_site.yml
-# Konfiguration einer nginx-site 
-# {{ item }} enthält den vollständigen Domänennamen 
-# Falls erforderlich wird das Zertifikat über Letsencrypt geholt 
- name: Check if cert already exists for {{ item }} 
-  stat:
-    path: /etc/letsencrypt/live/{{ item }}/privkey.pem
-  register: cert
-  when: webserver_ssl == true
- name: Stop nginx
-  service: name=nginx state=stopped
-  notify: restart nginx
-  when: webserver_ssl == true and cert.stat.exists == False 
- name: Get Certificate for {{ item }} via Certbot
-  command: "certbot certonly --non-interactive --agree-tos --standalone -m {{ letsencrypt_mail }} -w /var/www/html/  -d {{ item }}"
-  when: webserver_ssl == true and cert.stat.exists == False 
- name: Create nginx config for {{ item }}
-  template: src=nginx-site dest=/etc/nginx/sites-enabled/{{ item }}
-  notify: restart nginx
--- a/common/nginx/tasks/main.yml
+++ b/common/nginx/tasks/main.yml
-# Pakete installieren
- name: nginx installieren
-  apt:
-    name: "{{ packages }}"
-    update_cache: yes
-    state: present
-  vars:
-    packages:
-    - nginx-light
-# Pakete installieren (SSL)
- name: openssl and certbot installieren
-  apt:
-    name: "{{ packages }}"
-    update_cache: yes
-    state: present
-  vars:
-    packages:
-    - ca-certificates 
-    - openssl
-    - certbot
-  when: webserver_ssl == true
-# DH Parameter erzeugen 
- name: check if DH Params exists 
-  stat:
-    path: /etc/nginx/dhparams.pem
-  register: dhparams
-  when: webserver_ssl == true
- name: generate new DH Params 
-  command: openssl dhparam -out /etc/nginx/dhparams.pem 2048
-  when: webserver_ssl == true and dhparams.stat.exists == False 
-# NginX einrichten 
- name: nginx default Konfig entfernen 
-  file: 
-    path: /etc/nginx/sites-enabled/default 
-    state: absent
-# nginx konfigurieren 
- include: config_site.yml
-  with_items:
-    - "{{ webserver_domains }}"
--- a/common/nginx/templates/letsencrypt.sh
+++ b/common/nginx/templates/letsencrypt.sh
-#!/bin/bash
-{% for domain in webserver_domains %}
-certbot certonly --non-interactive --agree-tos --webroot -m {{ letsencrypt_mail }} -w /var/www/html/  -d {{ domain }}
-{% endfor %}
--- a/common/nginx/templates/nginx-matrix
+++ b/common/nginx/templates/nginx-matrix
-server {
-    listen 8448 ssl http2;
-    listen [::]:8448 ssl http2;
-	ssl_certificate /etc/letsencrypt/live/matrix.warpzone.ms/fullchain.pem;
-	ssl_certificate_key /etc/letsencrypt/live/matrix.warpzone.ms/privkey.pem;
-	ssl_dhparam /etc/nginx/dhparams.pem;
-  	{% include "includes/_ssl_common_settings" %}
-    server_name matrix.warpzone.ms;
-    location / {
-        proxy_pass http://127.0.0.1:18448;
-        proxy_set_header X-Forwarded-For $remote_addr;
-    }
-}
--- a/common/nginx/templates/nginx-site
+++ b/common/nginx/templates/nginx-site
-map $http_upgrade $connection_upgrade {
-        default upgrade;
-        ''      close;
-}
-server {
-	listen 80;
-	listen [::]:80;
-	server_name {{ item }};
-	root /dev/null;
-	index index.html;
-    {% if webserver_ssl == true %}
-	location /.well-known/acme-challenge/ {
-		root /var/www/html/;
-	}
-    location / {
-        	rewrite     ^(.*)   https://{{ item }}$1 permanent;
-  	}
-	{% else %}
-  	{% include "includes/" + item ignore missing %}
-    {% endif %}
-}
-{% if webserver_ssl == true %}
-server {
-	listen 443 ssl http2;
- 	listen [::]:443 ssl http2;
-	ssl_certificate /etc/letsencrypt/live/{{ item }}/fullchain.pem;
-	ssl_certificate_key /etc/letsencrypt/live/{{ item }}/privkey.pem;
-	ssl_dhparam /etc/nginx/dhparams.pem;
-  	{% include "includes/_ssl_common_settings" %}
-	server_name {{ item }};
-	root /dev/null;
-	index index.html;
-	location /.well-known/acme-challenge/ {
-		root /var/www/html/;
-	}
-  	{% include "includes/" + item ignore missing %}
-}
-{% endif %}
--- a/common/nginx/templates/nginx-status
+++ b/common/nginx/templates/nginx-status
-server {
-  listen 9145;
-  location /status {
-        # Turn on nginx stats
-        stub_status on;
-        # I do not need logs for stats
-        access_log   off;
-        # Security: Only allow access from 
-        allow 127.0.0.1;
-        # Send rest of the world to /dev/null #
-        deny all;
-  }
-}
--- a/common/nginx/templates/telegraf.conf
+++ b/common/nginx/templates/telegraf.conf
-# Read Nginx's basic status information (ngx_http_stub_status_module)
-[[inputs.nginx]]
-  ## An array of Nginx stub_status URI to gather stats.
-  urls = ["http://127.0.0.1:9145/status"]
-  ## Optional TLS Config
-  # tls_ca = "/etc/telegraf/ca.pem"
-  # tls_cert = "/etc/telegraf/cert.pem"
-  # tls_key = "/etc/telegraf/key.pem"
-  ## Use TLS but skip chain & host verification
-  # insecure_skip_verify = false
-  ## HTTP response timeout (default: 5s)
-  response_timeout = "5s"
-#[[inputs.logparser]]
-#  files = ["/var/log/nginx/access.log"]
-#  from_beginning = true
-#  name_override = "nginx_access_log"
-#  [inputs.logparser.grok]
-#    patterns = ["%{COMBINED_LOG_FORMAT}"]