From 08555a451ce82858163914cb1202c775a444b3f4 Mon Sep 17 00:00:00 2001 From: Christian Elberfeld <elberfeld@web.de> Date: Thu, 3 Nov 2022 01:08:01 +0100 Subject: [PATCH] removed old nginx config --- common/nginx/handlers/main.yml | 6 --- common/nginx/includes/_ssl_common_settings | 9 ---- common/nginx/includes/esphome.warpzone | 13 ----- common/nginx/includes/infra.warpzone | 12 ----- common/nginx/includes/ldap.warpzone | 13 ----- common/nginx/includes/unifi.warpone | 4 -- common/nginx/tasks/config_site.yml | 24 --------- common/nginx/tasks/main.yml | 49 ------------------ common/nginx/templates/letsencrypt.sh | 5 -- common/nginx/templates/nginx-matrix | 18 ------- common/nginx/templates/nginx-site | 59 ---------------------- common/nginx/templates/nginx-status | 24 --------- common/nginx/templates/telegraf.conf | 24 --------- 13 files changed, 260 deletions(-) delete mode 100644 common/nginx/handlers/main.yml delete mode 100644 common/nginx/includes/_ssl_common_settings delete mode 100644 common/nginx/includes/esphome.warpzone delete mode 100644 common/nginx/includes/infra.warpzone delete mode 100644 common/nginx/includes/ldap.warpzone delete mode 100644 common/nginx/includes/unifi.warpone delete mode 100644 common/nginx/tasks/config_site.yml delete mode 100644 common/nginx/tasks/main.yml delete mode 100644 common/nginx/templates/letsencrypt.sh delete mode 100644 common/nginx/templates/nginx-matrix delete mode 100644 common/nginx/templates/nginx-site delete mode 100644 common/nginx/templates/nginx-status delete mode 100644 common/nginx/templates/telegraf.conf diff --git a/common/nginx/handlers/main.yml b/common/nginx/handlers/main.yml deleted file mode 100644 index 7217c0ff..00000000 --- a/common/nginx/handlers/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: restart nginx - service: name=nginx state=restarted - -- name: restart telegraf - service: name=telegraf state=restarted diff --git a/common/nginx/includes/_ssl_common_settings b/common/nginx/includes/_ssl_common_settings deleted file mode 100644 index 247d5608..00000000 --- a/common/nginx/includes/_ssl_common_settings +++ /dev/null @@ -1,9 +0,0 @@ - - ssl_session_cache shared:SSL:5m; - ssl_session_timeout 5m; - - add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; - ssl_protocols TLSv1.2; - ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; - ssl_prefer_server_ciphers on; - \ No newline at end of file diff --git a/common/nginx/includes/esphome.warpzone b/common/nginx/includes/esphome.warpzone deleted file mode 100644 index a7771cd6..00000000 --- a/common/nginx/includes/esphome.warpzone +++ /dev/null @@ -1,13 +0,0 @@ - - - - location / { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://127.0.0.1:42006/; - proxy_redirect off; - - } - - diff --git a/common/nginx/includes/infra.warpzone b/common/nginx/includes/infra.warpzone deleted file mode 100644 index 040c4565..00000000 --- a/common/nginx/includes/infra.warpzone +++ /dev/null @@ -1,12 +0,0 @@ - - - location /static { - alias /tmp/warpinfra/static; # your Django project's static files - amend as required - } - - location / { - uwsgi_pass unix:///tmp/warpinfra/warpinfra.sock; - include /etc/nginx/uwsgi_params; # the uwsgi_params file you installed - } - - diff --git a/common/nginx/includes/ldap.warpzone b/common/nginx/includes/ldap.warpzone deleted file mode 100644 index d37146d7..00000000 --- a/common/nginx/includes/ldap.warpzone +++ /dev/null @@ -1,13 +0,0 @@ - - - - location / { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - - proxy_pass http://127.0.0.1:42004/; - proxy_redirect off; - - } - - diff --git a/common/nginx/includes/unifi.warpone b/common/nginx/includes/unifi.warpone deleted file mode 100644 index d266449e..00000000 --- a/common/nginx/includes/unifi.warpone +++ /dev/null @@ -1,4 +0,0 @@ - - location / { - rewrite ^(.*) https://warpsrvint:8443$1; - } diff --git a/common/nginx/tasks/config_site.yml b/common/nginx/tasks/config_site.yml deleted file mode 100644 index 1dd25b6b..00000000 --- a/common/nginx/tasks/config_site.yml +++ /dev/null @@ -1,24 +0,0 @@ - -# Konfiguration einer nginx-site -# {{ item }} enthält den vollständigen Domänennamen -# Falls erforderlich wird das Zertifikat über Letsencrypt geholt - -- name: Check if cert already exists for {{ item }} - stat: - path: /etc/letsencrypt/live/{{ item }}/privkey.pem - register: cert - when: webserver_ssl == true - -- name: Stop nginx - service: name=nginx state=stopped - notify: restart nginx - when: webserver_ssl == true and cert.stat.exists == False - -- name: Get Certificate for {{ item }} via Certbot - command: "certbot certonly --non-interactive --agree-tos --standalone -m {{ letsencrypt_mail }} -w /var/www/html/ -d {{ item }}" - when: webserver_ssl == true and cert.stat.exists == False - -- name: Create nginx config for {{ item }} - template: src=nginx-site dest=/etc/nginx/sites-enabled/{{ item }} - notify: restart nginx - diff --git a/common/nginx/tasks/main.yml b/common/nginx/tasks/main.yml deleted file mode 100644 index 4afb9d88..00000000 --- a/common/nginx/tasks/main.yml +++ /dev/null @@ -1,49 +0,0 @@ -# Pakete installieren -- name: nginx installieren - apt: - name: "{{ packages }}" - update_cache: yes - state: present - vars: - packages: - - nginx-light - -# Pakete installieren (SSL) -- name: openssl and certbot installieren - apt: - name: "{{ packages }}" - update_cache: yes - state: present - vars: - packages: - - ca-certificates - - openssl - - certbot - when: webserver_ssl == true - -# DH Parameter erzeugen -- name: check if DH Params exists - stat: - path: /etc/nginx/dhparams.pem - register: dhparams - when: webserver_ssl == true - - -- name: generate new DH Params - command: openssl dhparam -out /etc/nginx/dhparams.pem 2048 - when: webserver_ssl == true and dhparams.stat.exists == False - - -# NginX einrichten -- name: nginx default Konfig entfernen - file: - path: /etc/nginx/sites-enabled/default - state: absent - - -# nginx konfigurieren -- include: config_site.yml - with_items: - - "{{ webserver_domains }}" - - diff --git a/common/nginx/templates/letsencrypt.sh b/common/nginx/templates/letsencrypt.sh deleted file mode 100644 index 57dd5ed3..00000000 --- a/common/nginx/templates/letsencrypt.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -{% for domain in webserver_domains %} -certbot certonly --non-interactive --agree-tos --webroot -m {{ letsencrypt_mail }} -w /var/www/html/ -d {{ domain }} -{% endfor %} diff --git a/common/nginx/templates/nginx-matrix b/common/nginx/templates/nginx-matrix deleted file mode 100644 index e655afe7..00000000 --- a/common/nginx/templates/nginx-matrix +++ /dev/null @@ -1,18 +0,0 @@ - -server { - listen 8448 ssl http2; - listen [::]:8448 ssl http2; - - ssl_certificate /etc/letsencrypt/live/matrix.warpzone.ms/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/matrix.warpzone.ms/privkey.pem; - ssl_dhparam /etc/nginx/dhparams.pem; - - {% include "includes/_ssl_common_settings" %} - - server_name matrix.warpzone.ms; - - location / { - proxy_pass http://127.0.0.1:18448; - proxy_set_header X-Forwarded-For $remote_addr; - } -} diff --git a/common/nginx/templates/nginx-site b/common/nginx/templates/nginx-site deleted file mode 100644 index 1a6b4df3..00000000 --- a/common/nginx/templates/nginx-site +++ /dev/null @@ -1,59 +0,0 @@ - - -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} - -server { - - listen 80; - listen [::]:80; - - server_name {{ item }}; - root /dev/null; - index index.html; - - {% if webserver_ssl == true %} - - location /.well-known/acme-challenge/ { - root /var/www/html/; - } - - location / { - rewrite ^(.*) https://{{ item }}$1 permanent; - } - - {% else %} - - {% include "includes/" + item ignore missing %} - - {% endif %} -} - -{% if webserver_ssl == true %} - -server { - - listen 443 ssl http2; - listen [::]:443 ssl http2; - - ssl_certificate /etc/letsencrypt/live/{{ item }}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{ item }}/privkey.pem; - ssl_dhparam /etc/nginx/dhparams.pem; - - {% include "includes/_ssl_common_settings" %} - - server_name {{ item }}; - root /dev/null; - index index.html; - - location /.well-known/acme-challenge/ { - root /var/www/html/; - } - - {% include "includes/" + item ignore missing %} - -} - -{% endif %} diff --git a/common/nginx/templates/nginx-status b/common/nginx/templates/nginx-status deleted file mode 100644 index 7bc3c674..00000000 --- a/common/nginx/templates/nginx-status +++ /dev/null @@ -1,24 +0,0 @@ - - -server { - - listen 9145; - - location /status { - - # Turn on nginx stats - stub_status on; - - # I do not need logs for stats - access_log off; - - # Security: Only allow access from - allow 127.0.0.1; - - # Send rest of the world to /dev/null # - deny all; - - } - -} - diff --git a/common/nginx/templates/telegraf.conf b/common/nginx/templates/telegraf.conf deleted file mode 100644 index 34894dd3..00000000 --- a/common/nginx/templates/telegraf.conf +++ /dev/null @@ -1,24 +0,0 @@ - -# Read Nginx's basic status information (ngx_http_stub_status_module) -[[inputs.nginx]] - ## An array of Nginx stub_status URI to gather stats. - urls = ["http://127.0.0.1:9145/status"] - - ## Optional TLS Config - # tls_ca = "/etc/telegraf/ca.pem" - # tls_cert = "/etc/telegraf/cert.pem" - # tls_key = "/etc/telegraf/key.pem" - ## Use TLS but skip chain & host verification - # insecure_skip_verify = false - - ## HTTP response timeout (default: 5s) - response_timeout = "5s" - - -#[[inputs.logparser]] -# files = ["/var/log/nginx/access.log"] -# from_beginning = true -# name_override = "nginx_access_log" -# [inputs.logparser.grok] -# patterns = ["%{COMBINED_LOG_FORMAT}"] - -- GitLab