From b50043cb5cbb6d284016fa59eb68f733ad71324e Mon Sep 17 00:00:00 2001
From: Christian Elberfeld <elberfeld@web.de>
Date: Wed, 15 Mar 2017 01:12:07 +0100
Subject: [PATCH] deployment warpinfra interne instanz, erster entwurf
---
host_vars/warpsrvint | 7 ++
hosts | 7 +-
site.yml | 1 +
warpsrvint/docker/tasks/main.yml | 23 ++++
warpsrvint/docker_ldap/tasks/main.yml | 67 +++++++++++
warpsrvint/docker_warpinfra/tasks/main.yml | 104 ++++++++++++++++++
.../docker_warpinfra/templates/config.ini | 41 +++++++
.../docker_warpinfratest/tasks/main.yml | 103 +++++++++++++++++
.../docker_warpinfratest/templates/config.ini | 41 +++++++
warpsrvint/main.yml | 11 ++
warpsrvint/nginx/handlers/main.yml | 3 +
warpsrvint/nginx/includes/infra | 12 ++
warpsrvint/nginx/includes/infra-test | 9 ++
warpsrvint/nginx/tasks/main.yml | 26 +++++
warpsrvint/nginx/templates/nginx-site | 37 +++++++
webserver/docker_warpinfra/tasks/main.yml | 2 +-
16 files changed, 488 insertions(+), 6 deletions(-)
create mode 100644 warpsrvint/docker/tasks/main.yml
create mode 100644 warpsrvint/docker_ldap/tasks/main.yml
create mode 100644 warpsrvint/docker_warpinfra/tasks/main.yml
create mode 100644 warpsrvint/docker_warpinfra/templates/config.ini
create mode 100644 warpsrvint/docker_warpinfratest/tasks/main.yml
create mode 100644 warpsrvint/docker_warpinfratest/templates/config.ini
create mode 100644 warpsrvint/main.yml
create mode 100644 warpsrvint/nginx/handlers/main.yml
create mode 100644 warpsrvint/nginx/includes/infra
create mode 100644 warpsrvint/nginx/includes/infra-test
create mode 100644 warpsrvint/nginx/tasks/main.yml
create mode 100644 warpsrvint/nginx/templates/nginx-site
diff --git a/host_vars/warpsrvint b/host_vars/warpsrvint
index 4d1c4c0d..1a64c61a 100644
--- a/host_vars/warpsrvint
+++ b/host_vars/warpsrvint
@@ -9,11 +9,18 @@ debian_sources:
- "deb http://debian.uni-duisburg-essen.de/debian/ jessie main non-free contrib"
- "deb http://security.debian.org/ jessie/updates main contrib non-free"
- "deb http://debian.uni-duisburg-essen.de/debian/ jessie-updates main contrib non-free"
+ - "deb https://apt.dockerproject.org/repo debian-jessie main"
+ - "deb http://http.debian.net/debian wheezy-backports main"
debian_keys:
+webserver_domains:
+ - "infra"
+ - "infra-test"
+
administratorenteam:
- "void"
+ - "dray"
- "sandhome"
- "sandmobil"
# - "ennox" (ssh key fehlt noch)
diff --git a/hosts b/hosts
index f8dbda90..2daa4fc7 100644
--- a/hosts
+++ b/hosts
@@ -4,11 +4,8 @@
# Interner Server Warpzone
# Umgebaute Watchguard im Serverschrank
-# Die KVM Verwaltung erfolgt aktuell noch manuell
-warpsrvint ansible_ssh_host=192.168.0.103
-
-# Server für Interne Dienste
-# warpsrvint ansible_ssh_host=192.168.0.103
+# https://wiki.warpzone.ms/intern:warpzone_internal_it_infrastructure#host_fuer_interne_dienste_watchguard_xtm_505
+warpsrvint ansible_ssh_host=192.168.0.201
# Öffentlicher Server Warpzone
# Webserver im Rechnzentrum bei myLoc
diff --git a/site.yml b/site.yml
index 148ba4e9..dc39bc0f 100644
--- a/site.yml
+++ b/site.yml
@@ -4,6 +4,7 @@
- include: all/main.yml
- include: vorstandspi/main.yml
- include: warphab/main.yml
+- include: warpsrvint/main.yml
- include: webserver/main.yml
diff --git a/warpsrvint/docker/tasks/main.yml b/warpsrvint/docker/tasks/main.yml
new file mode 100644
index 00000000..2d93189f
--- /dev/null
+++ b/warpsrvint/docker/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+
+- name: add docker repo key
+ apt_key:
+ keyserver: "hkp://p80.pool.sks-keyservers.net:80"
+ id: 58118E89F3A912897C070ADBF76221572C52609D
+
+- name: install deb packages
+ apt:
+ pkg: "{{ item }}"
+ update_cache: yes
+ state: installed
+ with_items:
+ - docker-engine
+ - python
+ - python-pip
+
+- name: install pip packages
+ pip:
+ name: docker-py
+ version: 1.7.2
+ state: present
+
diff --git a/warpsrvint/docker_ldap/tasks/main.yml b/warpsrvint/docker_ldap/tasks/main.yml
new file mode 100644
index 00000000..66388402
--- /dev/null
+++ b/warpsrvint/docker_ldap/tasks/main.yml
@@ -0,0 +1,67 @@
+---
+# Einige Secrets sind auf dem Server lokal gespeichert und werden von dort gelesen
+# Auslesen der Dateien vom Server, zwischengespeicert wird in der Variable gitlab_secrets
+# Anschließend müssen die entsprechenden Einträge aus gitlab_secrets extrahiert werden
+# Die Daten, die von Slurp gelesen werden sind Base64 codiert
+# Zur Sicherheit werden Whitespace-Zeichen entfert, damit z.B. Zeilenumbrüche nicht übernommen werden
+
+- name: get secrets from server 1
+ slurp: src={{ item }}
+ with_items:
+ - /srv/ldap/secret/ldap_admin_pass
+ - /srv/ldap/secret/ldap_readonly_pass
+ register: ldap_secrets
+
+- name: get secrets from server 2
+ set_fact:
+ ldap_admin_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_admin_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+ ldap_readonly_pass: "{{ ldap_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_readonly_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+
+- name: create folder struct for ldap
+ file:
+ path: "/srv/ldap"
+ state: "directory"
+
+- name: create folder struct for ldap
+ file:
+ path: "/srv/ldap/database"
+ state: "directory"
+
+- name: create folder struct for ldap
+ file:
+ path: "/srv/ldap/config"
+ state: "directory"
+
+- name: start ldap docker
+ docker_container:
+ name: ldap-service
+ image: osixia/openldap:1.1.6
+ hostname: ldap-service
+ state: started
+ restart_policy: always
+ volumes:
+ - /srv/ldap/database:/var/lib/ldap
+ - /srv/ldap/config:/etc/ldap/slapd.d
+ env:
+ LDAP_ORGANISATION: Warpzone
+ LDAP_DOMAIN: warpzone.ms
+ LDAP_ADMIN_PASSWORD: "{{ ldap_admin_pass }}"
+ LDAP_READONLY_USER: true
+ LDAP_READONLY_USER_USERNAME: readonly
+ LDAP_READONLY_USER_PASSWORD: "{{ ldap_readonly_pass }}"
+
+- name: start phpldapadmin docker
+ docker_container:
+ name: phpldapadmin-app
+ image: osixia/phpldapadmin:0.6.11
+ state: started
+ restart_policy: always
+ env:
+ PHPLDAPADMIN_LDAP_HOSTS: ldap-host
+ PHPLDAPADMIN_HTTPS: false
+ PHPLDAPADMIN_TRUST_PROXY_SSL: true
+ links:
+ - ldap-service:ldap-host
+ ports:
+ - 127.0.0.1:42004:80
+
diff --git a/warpsrvint/docker_warpinfra/tasks/main.yml b/warpsrvint/docker_warpinfra/tasks/main.yml
new file mode 100644
index 00000000..91ff7c7c
--- /dev/null
+++ b/warpsrvint/docker_warpinfra/tasks/main.yml
@@ -0,0 +1,104 @@
+---
+# Einige Secrets sind auf dem Server lokal gespeichert und werden von dort gelesen
+# Auslesen der Dateien vom Server, zwischengespeicert wird in der Variable gitlab_secrets
+# Anschließend müssen die entsprechenden Einträge aus gitlab_secrets extrahiert werden
+# Die Daten, die von Slurp gelesen werden sind Base64 codiert
+# Zur Sicherheit werden Whitespace-Zeichen entfert, damit z.B. Zeilenumbrüche nicht übernommen werden
+
+- name: get secrets from server 1
+ slurp: src={{ item }}
+ with_items:
+ - /srv/ldap/secret/ldap_admin_pass
+ - /srv/ldap/secret/ldap_readonly_pass
+ - /srv/warpinfra/secret/web_secret_key
+ - /srv/warpinfra/secret/mysql_root_pw
+ - /srv/warpinfra/secret/mysql_user_pw
+ register: warpinfra_secrets
+
+- name: get secrets from server 2
+ set_fact:
+ ldap_admin_pass: "{{ warpinfra_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_admin_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+ ldap_readonly_pass: "{{ warpinfra_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_readonly_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+ web_secret_key: "{{ warpinfra_secrets.results | selectattr('item', 'equalto', '/srv/warpinfra/secret/web_secret_key') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+ mysql_root_pw: "{{ warpinfra_secrets.results | selectattr('item', 'equalto', '/srv/warpinfra/secret/mysql_root_pw') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+ mysql_user_pw: "{{ warpinfra_secrets.results | selectattr('item', 'equalto', '/srv/warpinfra/secret/mysql_user_pw') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+
+- name: create folder struct for warpinfra
+ file:
+ path: "/tmp/warpinfra_docker/"
+ state: "directory"
+
+- name: create folder struct for warpinfra
+ file:
+ path: "/srv/warpinfra/etc"
+ state: "directory"
+
+- name: create folder struct for warpinfra
+ file:
+ path: "/srv/warpinfra/data"
+ state: "directory"
+
+- name: create folder struct for warpinfra
+ file:
+ path: "/srv/warpinfra/log"
+ state: "directory"
+
+- name: Konfig-Datei erstellen
+ template:
+ src: "config.ini"
+ dest: "/srv/warpinfra/etc/config.ini"
+
+- name: clone repo
+ git:
+ repo: "https://gitlab.warpzone.ms/infrastruktur/warpinfra.git"
+ version: "1.1"
+ dest: "/tmp/warpinfra_docker"
+ force: "yes"
+ register: gitclone
+
+- name: clone repo status
+ debug:
+ msg: "{{gitclone}}"
+
+# commit id in den Namen des Image einbeziehen
+# als tag scheint von docker_image nicht korrekt gesetzt zu werden
+
+- name: build the image
+ docker_image:
+ name: "warpinfra-app-{{ gitclone.after }}"
+ path: /tmp/warpinfra_docker/www/
+ state: present
+
+
+- name: start warpinfra-db docker
+ docker_container:
+ name: warpinfra-db
+ image: mariadb:10.1
+ state: started
+ interactive: yes
+ restart_policy: always
+ volumes:
+ - /srv/warpinfratest/db/:/var/lib/mysql
+ env:
+ MYSQL_DATABASE=warpinfra
+ MYSQL_USER=warpinfra
+ MYSQL_PASSWORD={{ mysql_user_pw }}
+ MYSQL_ROOT_PASSWORD={{ mysql_root_pw }}
+
+
+- name: start warpinfra docker
+ docker_container:
+ name: warpinfra-app
+ image: "warpinfra-app-{{ gitclone.after }}"
+ state: started
+ interactive: yes
+ restart_policy: always
+ volumes:
+ - /tmp/warpinfra:/opt/socket
+ - /srv/warpinfra/etc:/etc/warpinfra
+ - /srv/warpinfra/data:/opt/database
+ - /srv/warpinfra/log:/opt/log
+ links:
+ - warpinfra-test-db:mysql
+# - ldap-service:ldap
+
diff --git a/warpsrvint/docker_warpinfra/templates/config.ini b/warpsrvint/docker_warpinfra/templates/config.ini
new file mode 100644
index 00000000..3da2346c
--- /dev/null
+++ b/warpsrvint/docker_warpinfra/templates/config.ini
@@ -0,0 +1,41 @@
+
+[common]
+# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
+APPS = warpmain, warpauth, warppay
+
+[debug]
+DEBUG = False
+
+[security]
+SECRET_KEY = '{{ web_secret_key }}'
+PW_RESET_TOKEN_LIFETIME = 5
+ALLOWED_HOSTS = infra.warpzone
+
+[mattermost]
+API_KEY = ''
+
+[ldap]
+LDAP_HOST = 10.0.20.2
+LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
+LDAP_PASSWORD = {{ ldap_admin_pass }}
+
+LDAP_USER_SEARCH_PATH = ou=users,dc=warpzone,dc=ms
+LDAP_GROUP_SEARCH_PATH = dc=warpzone,dc=ms
+LDAP_USER_SEARCH_FILTER = (uid=%(user)s)
+
+LDAP_GROUP_IS_ACTIVE = cn=active,ou=groups,dc=warpzone,dc=ms
+LDAP_GROUP_IS_STAFF = cn=warpauth-admin,ou=infrastructure,dc=warpzone,dc=ms
+LDAP_GROUP_SUPERUSER = cn=warpauth-admin,ou=infrastructure,dc=warpzone,dc=ms
+
+[email]
+SMTP_ENABLED = False
+SMTP_HOST = smtp.warpzone.ms
+SMTP_PORT = 25
+SMTP_USERNAME = ''
+SMTP_PASSWORD = ''
+SMTP_EMAIL_FROM = ''
+SMTP_USE_TLS = True
+SUBJECT_PREFIX = ''
+
+[misc]
+LOG_PATH = /opt/log/
diff --git a/warpsrvint/docker_warpinfratest/tasks/main.yml b/warpsrvint/docker_warpinfratest/tasks/main.yml
new file mode 100644
index 00000000..65431bf5
--- /dev/null
+++ b/warpsrvint/docker_warpinfratest/tasks/main.yml
@@ -0,0 +1,103 @@
+---
+# Einige Secrets sind auf dem Server lokal gespeichert und werden von dort gelesen
+# Auslesen der Dateien vom Server, zwischengespeicert wird in der Variable gitlab_secrets
+# Anschließend müssen die entsprechenden Einträge aus gitlab_secrets extrahiert werden
+# Die Daten, die von Slurp gelesen werden sind Base64 codiert
+# Zur Sicherheit werden Whitespace-Zeichen entfert, damit z.B. Zeilenumbrüche nicht übernommen werden
+
+- name: get secrets from server 1
+ slurp: src={{ item }}
+ with_items:
+ - /srv/ldap/secret/ldap_admin_pass
+ - /srv/ldap/secret/ldap_readonly_pass
+ - /srv/warpinfratest/secret/web_secret_key
+ - /srv/warpinfratest/secret/mysql_root_pw
+ - /srv/warpinfratest/secret/mysql_user_pw
+ register: warpinfratest_secrets
+
+- name: get secrets from server 2
+ set_fact:
+ ldap_admin_pass: "{{ warpinfratest_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_admin_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+ ldap_readonly_pass: "{{ warpinfratest_secrets.results | selectattr('item', 'equalto', '/srv/ldap/secret/ldap_readonly_pass') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+ web_secret_key: "{{ warpinfratest_secrets.results | selectattr('item', 'equalto', '/srv/warpinfratest/secret/web_secret_key') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+ mysql_root_pw: "{{ warpinfratest_secrets.results | selectattr('item', 'equalto', '/srv/warpinfratest/secret/mysql_root_pw') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+ mysql_user_pw: "{{ warpinfratest_secrets.results | selectattr('item', 'equalto', '/srv/warpinfratest/secret/mysql_user_pw') | map(attribute='content') | list | first | b64decode | regex_replace('\\s', '') }}"
+
+- name: create folder struct for warpinfratest
+ file:
+ path: "/tmp/warpinfratest_docker/"
+ state: "directory"
+
+- name: create folder struct for warpinfratest
+ file:
+ path: "/srv/warpinfratest/etc"
+ state: "directory"
+
+- name: create folder struct for warpinfratest
+ file:
+ path: "/srv/warpinfratest/data"
+ state: "directory"
+
+- name: create folder struct for warpinfratest
+ file:
+ path: "/srv/warpinfratest/log"
+ state: "directory"
+
+- name: Konfig-Datei erstellen
+ template:
+ src: "config.ini"
+ dest: "/srv/warpinfratest/etc/config.ini"
+
+- name: clone repo
+ git:
+ repo: "https://gitlab.warpzone.ms/infrastruktur/warpinfra.git"
+ dest: "/tmp/warpinfratest_docker"
+ force: "yes"
+ register: gitclone
+
+- name: clone repo status
+ debug:
+ msg: "{{gitclone}}"
+
+# commit id in den Namen des Image einbeziehen
+# als tag scheint von docker_image nicht korrekt gesetzt zu werden
+
+- name: build the image
+ docker_image:
+ name: "warpinfra-test-{{ gitclone.after }}"
+ path: /tmp/warpinfratest_docker/www/
+ state: present
+
+
+- name: start warpinfratest-db docker
+ docker_container:
+ name: warpinfra-test-db
+ image: mariadb:10.1
+ state: started
+ interactive: yes
+ restart_policy: always
+ volumes:
+ - /srv/warpinfratest/db/:/var/lib/mysql
+ env:
+ MYSQL_DATABASE=warpinfra
+ MYSQL_USER=warpinfra
+ MYSQL_PASSWORD={{ mysql_user_pw }}
+ MYSQL_ROOT_PASSWORD={{ mysql_root_pw }}
+
+
+- name: start warpinfratest-app docker
+ docker_container:
+ name: warpinfra-test
+ image: "warpinfra-test-{{ gitclone.after }}"
+ state: started
+ interactive: yes
+ restart_policy: always
+ volumes:
+ - /tmp/warpinfratest:/opt/socket
+ - /srv/warpinfratest/etc:/etc/warpinfra
+ - /srv/warpinfratest/data:/opt/database
+ - /srv/warpinfratest/log:/opt/log
+ links:
+ - warpinfra-test-db:mysql
+# - ldap-service:ldap
+
diff --git a/warpsrvint/docker_warpinfratest/templates/config.ini b/warpsrvint/docker_warpinfratest/templates/config.ini
new file mode 100644
index 00000000..3a9f596d
--- /dev/null
+++ b/warpsrvint/docker_warpinfratest/templates/config.ini
@@ -0,0 +1,41 @@
+
+[common]
+# Possible Apps: warpmain, warpauth, warpfood, warpapi, warppay
+APPS = warpmain, warpauth, warppay
+
+[debug]
+DEBUG = True
+
+[security]
+SECRET_KEY = '{{ web_secret_key }}'
+PW_RESET_TOKEN_LIFETIME = 5
+ALLOWED_HOSTS = infra-test.warpzone
+
+[mattermost]
+API_KEY = ''
+
+[ldap]
+LDAP_HOST = 10.0.20.2
+LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
+LDAP_PASSWORD = {{ ldap_admin_pass }}
+
+LDAP_USER_SEARCH_PATH = ou=users,dc=warpzone,dc=ms
+LDAP_GROUP_SEARCH_PATH = dc=warpzone,dc=ms
+LDAP_USER_SEARCH_FILTER = (uid=%(user)s)
+
+LDAP_GROUP_IS_ACTIVE = cn=active,ou=groups,dc=warpzone,dc=ms
+LDAP_GROUP_IS_STAFF = cn=warpauth-admin,ou=infrastructure,dc=warpzone,dc=ms
+LDAP_GROUP_SUPERUSER = cn=warpauth-admin,ou=infrastructure,dc=warpzone,dc=ms
+
+[email]
+SMTP_ENABLED = False
+SMTP_HOST = smtp.warpzone.ms
+SMTP_PORT = 25
+SMTP_USERNAME = ''
+SMTP_PASSWORD = ''
+SMTP_EMAIL_FROM = ''
+SMTP_USE_TLS = True
+SUBJECT_PREFIX = '[TEST] '
+
+[misc]
+LOG_PATH = /opt/log/
diff --git a/warpsrvint/main.yml b/warpsrvint/main.yml
new file mode 100644
index 00000000..ef5e2475
--- /dev/null
+++ b/warpsrvint/main.yml
@@ -0,0 +1,11 @@
+---
+
+- hosts: warpsrvint
+ remote_user: root
+ roles:
+ - { role: nginx, tags: nginx }
+ - { role: docker, tags: docker }
+# - { role: docker_ldap, tags: ldap }
+ - { role: docker_warpinfra, tags: warpinfra }
+ - { role: docker_warpinfratest, tags: warpinfratest }
+
diff --git a/warpsrvint/nginx/handlers/main.yml b/warpsrvint/nginx/handlers/main.yml
new file mode 100644
index 00000000..92971d2c
--- /dev/null
+++ b/warpsrvint/nginx/handlers/main.yml
@@ -0,0 +1,3 @@
+---
+- name: restart nginx
+ service: name=nginx state=restarted
diff --git a/warpsrvint/nginx/includes/infra b/warpsrvint/nginx/includes/infra
new file mode 100644
index 00000000..040c4565
--- /dev/null
+++ b/warpsrvint/nginx/includes/infra
@@ -0,0 +1,12 @@
+
+
+ location /static {
+ alias /tmp/warpinfra/static; # your Django project's static files - amend as required
+ }
+
+ location / {
+ uwsgi_pass unix:///tmp/warpinfra/warpinfra.sock;
+ include /etc/nginx/uwsgi_params; # the uwsgi_params file you installed
+ }
+
+
diff --git a/warpsrvint/nginx/includes/infra-test b/warpsrvint/nginx/includes/infra-test
new file mode 100644
index 00000000..b2d07df0
--- /dev/null
+++ b/warpsrvint/nginx/includes/infra-test
@@ -0,0 +1,9 @@
+
+ location /static {
+ alias /tmp/warpinfratest/static; # your Django project's static files - amend as required
+ }
+
+ location / {
+ uwsgi_pass unix:///tmp/warpinfratest/warpinfra.sock;
+ include /etc/nginx/uwsgi_params; # the uwsgi_params file you installed
+ }
diff --git a/warpsrvint/nginx/tasks/main.yml b/warpsrvint/nginx/tasks/main.yml
new file mode 100644
index 00000000..fc240e1d
--- /dev/null
+++ b/warpsrvint/nginx/tasks/main.yml
@@ -0,0 +1,26 @@
+# Pakete installieren
+- name: nginx installieren
+ apt:
+ pkg: "{{ item }}"
+ update_cache: yes
+ state: installed
+ with_items:
+ - nginx
+ - git
+
+- name: nginx default Konfig entfernen
+ file:
+ path: /etc/nginx/sites-enabled/default
+ state: absent
+
+
+
+# nginx konfigurieren
+
+- name: Konfig-Datei default erstellen
+ template: src=nginx-site dest=/etc/nginx/sites-enabled/{{ item }}.wapzone
+ with_items: webserver_domains
+ notify: restart nginx
+
+
+
diff --git a/warpsrvint/nginx/templates/nginx-site b/warpsrvint/nginx/templates/nginx-site
new file mode 100644
index 00000000..1764241a
--- /dev/null
+++ b/warpsrvint/nginx/templates/nginx-site
@@ -0,0 +1,37 @@
+
+map $http_upgrade $connection_upgrade {
+ default upgrade;
+ '' close;
+}
+
+server {
+
+ listen 80;
+ listen [::]:80;
+
+
+# listen 443 ssl spdy;
+# listen [::]:443 ssl spdy;
+
+# ssl_certificate /etc/ssl/fullchain.pem;
+# ssl_certificate_key /etc/ssl/key.pem;
+# ssl_session_cache shared:SSL:5m;
+# ssl_session_timeout 5m;
+# add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
+# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+# ssl_ciphers "AES:!ADH:!AECDH:!MD5:!DSS";
+# ssl_prefer_server_ciphers on;
+
+
+ server_name {{ item }}.warpzone.ms;
+ root /dev/null;
+ index index.html;
+
+ location /.well-known/ {
+ root /var/www/html/;
+ }
+
+ {% include "includes/" + item ignore missing %}
+
+}
+
diff --git a/webserver/docker_warpinfra/tasks/main.yml b/webserver/docker_warpinfra/tasks/main.yml
index 8d8f4d1e..908887cc 100644
--- a/webserver/docker_warpinfra/tasks/main.yml
+++ b/webserver/docker_warpinfra/tasks/main.yml
@@ -51,7 +51,7 @@
- name: clone repo
git:
repo: "https://gitlab.warpzone.ms/infrastruktur/warpinfra.git"
- version: "1.1"
+# version: "1.1"
dest: "/tmp/warpinfra_docker"
force: "yes"
register: gitclone
--
GitLab