Skip to content
Snippets Groups Projects
Commit b8f10823 authored by void's avatar void
Browse files

Merge branch 'master' of ssh://gitlab.warpzone.ms:444/infrastruktur/ansible-warpzone

# Conflicts:
#	webserver/docker_warpinfra/files/Dockerfile
#	webserver/docker_warpinfra/files/entrypoint.sh
#	webserver/docker_warpinfra/tasks/main.yml
#	webserver/nginx/files/warpinfra
#	webserver/nginx/tasks/main.yml
parents 7a12c23a 3465ca35
No related branches found
No related tags found
No related merge requests found
From debian:jessie
RUN apt-get update && apt-get install -y \
debconf-utils \
apt-utils \
ssh \
less \
ldap-utils \
rsyslog \
nano \
python \
python-pip \
python-ldap \
python-dev \
build-essential \
libfreetype6-dev \
python-imaging \
libjpeg-dev \
libsasl2-dev \
python-dev \
libldap2-dev\
libssl-dev\
uwsgi \
python-bootstrapform
RUN pip install django \
django-ldapdb \
django-auth-ldap \
reportlab \
djangorestframework \
--upgrade
COPY entrypoint.sh /opt/entrypoint.sh
EXPOSE 22 8000
VOLUME ["/opt/warpinfra"]
ENTRYPOINT sh /opt/entrypoint.sh
cd /opt/warpinfra;
python manage.py makemigrations
python manage.py migrate
#python manage.py runserver 0.0.0.0:8000
uwsgi --ini uwsgi.ini
bash
---
- name: create folder struct for gitlab 1
- name: create folder struct for warpinfra 1
file: path=/srv/warpinfra/ state=directory
- name: create folder struct for gitlab 2
file: path=/tmp/warpinfa_docker/ state=directory
- name: create folder struct for warpinfra 2
file: path=/tmp/warpinfra_docker/ state=directory
- name: Dockerfile
copy: src=Dockerfile dest=/tmp/warpinfa_docker/Dockerfile
- name: Entrypoint
copy: src=entrypoint.sh dest=/tmp/warpinfa_docker/entrypoint.sh
- name: Clone Repo
git: repo=https://gitlab.warpzone.ms/infrastruktur/warpinfra.git dest=/srv/warpinfra
git: repo=https://gitlab.warpzone.ms/infrastruktur/warpinfra.git dest=/tmp/warpinfra_docker
- name: build the image
docker_image:
name: warpinfra
tag: latest
path: /tmp/warpinfa_docker
path: /tmp/warpinfa_docker/www/
state: present
- name: start docker image
- name: start ldap docker
docker:
name: ldap-service
image: osixia/openldap:latest
hostname: ldap-service
state: reloaded
restart_policy: always
volumes:
- /opt/warpinfra/ldap/database:/var/lib/ldap
- /opt/warpinfra/ldap/config:/etc/ldap/slapd.d
env:
- LDAP_ORGANISATION: Warpzone
- LDAP_DOMAIN: warpzone.ms
- LDAP_ADMIN_PASSWORD: k7dAw8j2
- name: start phpldapadmin docker
docker:
name: phpldapadmin-service
image: osixia/phpldapadmin:latest
link: ldap-service:ldap-host
state: reloaded
restart_policy: always
volumes:
- /tmp/warpinfra:/opt/socket
env:
- PHPLDAPADMIN_LDAP_HOSTS: ldap-host
- PHPLDAPADMIN_HTTPS: false
- PHPLDAPADMIN_TRUST_PROXY_SSL: true
ports:
- 127.0.0.1:42002:80
- name: start warpinfra docker
docker:
name: warpinfra
image: warpinfra
link: ldap-service:ldap
state: reloaded
restart_policy: always
ports:
- 127.0.0.1:42002:8000
volumes:
- /srv/warpinfra/web:/opt/warpinfra
- /tmp/warpinfra:/opt/socket
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl spdy;
listen [::]:443 ssl spdy;
server_name ldap.warpzone.ms;
root /dev/null;
index index.html;
ssl on;
ssl_certificate /etc/ssl/fullchain.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 5m;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "AES:!ADH:!AECDH:!MD5:!DSS";
ssl_prefer_server_ciphers on;
charset utf-8;
client_max_body_size 100M; # adjust to taste
location /.well-known/ {
root /var/www/html/;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:42002/;
proxy_redirect off;
}
}
upstream django {
server 127.0.0.1:42002; # for a file socket
server unix:///tmp/warpinfra/warpinfra.sock;
}
#server {
# listen 80;
# return 301 https://$host$request_uri;
#}
# configuration of the server
server {
listen 80;
return 301 https://$host$request_uri;
}
#listen 443;
listen 80;
server {
listen 443 ssl spdy;
listen [::]:443 ssl spdy;
server_name infra.warpzone.ms;
charset utf-8;
root /dev/null;
index index.html;
# ssl on;
# ssl_certificate /opt/flaghunter/nginx/flag.hunter.crt;
# ssl_certificate_key /opt/flaghunter/nginx/flag.hunter.key;
# max upload size
ssl on;
ssl_certificate /etc/ssl/fullchain.pem;
ssl_certificate_key /etc/ssl/key.pem;
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 5m;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "AES:!ADH:!AECDH:!MD5:!DSS";
ssl_prefer_server_ciphers on;
charset utf-8;
client_max_body_size 100M; # adjust to taste
# Django media
location /media {
alias /srv/warpinfra/web/media; # your Django project's media files - amend as required
location /.well-known/ {
root /var/www/html/;
}
location /static {
alias /srv/warpinfra/web/static; # your Django project's static files - amend as required
alias /tmp/warpinfra/static; # your Django project's static files - amend as required
}
# Finally, send all non-media requests to the Django server.
location / {
uwsgi_pass django;
include /etc/nginx/uwsgi_params; # the uwsgi_params file you installed
......
......@@ -21,8 +21,7 @@
when: sslcert.stat.exists == False
- name: Letsencrypt-Zertifikat beantragen und installieren
shell: cd /usr/src && if [ ! -e simp_le ]; then git clone https://github.com/kuba/simp_le; fi && cd simp_le && ./bootstrap.sh && if [ ! -e venv/bin/python ]; then ./venv.sh; fi && export PATH=/usr/src/simp_le/venv/bin:$PATH && cd /etc/ssl && simp_le --email info@warpzone.ms -f account_key.json -f key.pem -f fullchain.pem -d wz.dyhost.de:/var/www/html -d gitlab.warpzone.ms:/var/www/html -d mattermost.warpzone.ms:/var/www/html
notify: restart nginx
shell: cd /usr/src && if [ ! -e simp_le ]; then git clone https://github.com/kuba/simp_le; fi && cd simp_le && ./bootstrap.sh && if [ ! -e venv/bin/python ]; then ./venv.sh; fi && export PATH=/usr/src/simp_le/venv/bin:$PATH && cd /etc/ssl && simp_le --email info@warpzone.ms -f account_key.json -f key.pem -f fullchain.pem -d wz.dyhost.de:/var/www/html -d gitlab.warpzone.ms:/var/www/html -d mattermost.warpzone.ms:/var/www/html -d infra.warpzone.ms:/var/www/html -d ldap.warpzone.ms:/var/www/html notify: restart nginx
when: sslcert.stat.exists == False
- name: Konfig-Datei default kopieren
......@@ -42,13 +41,20 @@
- name: Activate mattermost config
file: src=/etc/nginx/sites-available/mattermost dest=/etc/nginx/sites-enabled/mattermost state=link
- name: Konfig-Datei warpinfra kopieren
copy: src=warpinfra dest=/etc/nginx/sites-available/warpinfra
notify: restart nginx
- name: Activate warpinfra config
file: src=/etc/nginx/sites-available/warpinfra dest=/etc/nginx/sites-enabled/warpinfra state=link
- name: Konfig-Datei phpldapadmin kopieren
copy: src=phpldapadmin dest=/etc/nginx/sites-available/phpldapadmin
notify: restart nginx
- name: Activate phpldapadmin config
file: src=/etc/nginx/sites-available/phpldapadmin dest=/etc/nginx/sites-enabled/phpldapadmin state=link
- name: Cronjob für Zertifikatserneuerung
cron: name="simp_le" weekday="2" hour="20" minute="0" job="cd /etc/ssl && PATH=/usr/src/simp_le/venv/bin:/usr/sbin:/usr/bin:/sbin:/bin simp_le --email info@warpzone.ms -f account_key.json -f key.pem -f fullchain.pem -d wz.dyhost.de:/var/www/html -d gitlab.warpzone.ms:/var/www/html -d mattermost.warpzone.ms:/var/www/html && systemctl reload nginx"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment