From 3ff5cc5c3bcd63a23b9d5873d32a52a32049bb32 Mon Sep 17 00:00:00 2001
From: Thomas Schneider <thomas@fsmpi.rwth-aachen.de>
Date: Wed, 25 Sep 2024 17:14:53 +0200
Subject: [PATCH] Yeet nginx configuration support
---
request-tracker/defaults/main.yml | 2 -
request-tracker/handlers/main.yml | 7 ++-
request-tracker/tasks/main.yml | 47 --------------------
request-tracker/templates/nginx-rt.j2 | 62 ---------------------------
4 files changed, 3 insertions(+), 115 deletions(-)
delete mode 100644 request-tracker/templates/nginx-rt.j2
diff --git a/request-tracker/defaults/main.yml b/request-tracker/defaults/main.yml
index 773f526..1f17222 100644
--- a/request-tracker/defaults/main.yml
+++ b/request-tracker/defaults/main.yml
@@ -1,7 +1,5 @@
---
-rt_enable_acmetool: false
-rt_enable_nginx: true
rt_workers: 4
rt_ldap_password: "{{ lookup('passwordstore', rt_ldappass) }}"
rt_disallowexecutecode: true
diff --git a/request-tracker/handlers/main.yml b/request-tracker/handlers/main.yml
index 95e9e78..241452d 100644
--- a/request-tracker/handlers/main.yml
+++ b/request-tracker/handlers/main.yml
@@ -1,7 +1,6 @@
---
- name: restart RT
- service: name=rt4-fcgi state=restarted
-
-- name: restart nginx
- service: name=nginx state=restarted
+ service:
+ name: rt4-fcgi
+ state: restarted
diff --git a/request-tracker/tasks/main.yml b/request-tracker/tasks/main.yml
index 2e7e20d..1078db6 100644
--- a/request-tracker/tasks/main.yml
+++ b/request-tracker/tasks/main.yml
@@ -75,45 +75,6 @@
tags:
- rt
-- name: Have nginx packages installed
- apt:
- name: nginx
- state: present
- when: rt_enable_nginx|default(True)
- tags:
- - rt
-
-- name: Have nginx config for RT installed
- template:
- src: nginx-rt.j2
- dest: /etc/nginx/sites-available/rt
- when: rt_enable_nginx|default(True)
- tags:
- - rt
- notify:
- - restart nginx
-
-- name: Have nginx default config removed
- file:
- path: /etc/nginx/sites-enabled/default
- state: absent
- when: rt_enable_nginx|default(True)
- tags:
- - rt
- notify:
- - restart nginx
-
-- name: Have nginx config for RT activated
- file:
- state: link
- src: /etc/nginx/sites-available/rt
- dest: /etc/nginx/sites-enabled/rt
- when: rt_enable_nginx|default(True)
- tags:
- - rt
- notify:
- - restart nginx
-
- name: Have fcgi env installed
template:
src: fcgi-env.j2
@@ -175,11 +136,3 @@
tags:
- rt
-- name: Have nginx up und running
- service:
- name: nginx
- state: started
- enabled: true
- when: rt_enable_nginx|default(True)
- tags:
- - rt
diff --git a/request-tracker/templates/nginx-rt.j2 b/request-tracker/templates/nginx-rt.j2
deleted file mode 100644
index f465bb6..0000000
--- a/request-tracker/templates/nginx-rt.j2
+++ /dev/null
@@ -1,62 +0,0 @@
-server {
- listen 443 ssl;
- ssl_certificate /etc/ssl/nginx.crt;
- ssl_certificate_key /etc/ssl/private/nginx.key;
- ssl_session_timeout 1d;
- ssl_session_cache shared:SSL:50m;
- ssl_session_tickets off;
- ssl_trusted_certificate /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem;
- ssl_protocols TLSv1.2;
- ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
- ssl_prefer_server_ciphers on;
- ssl_stapling on;
- ssl_stapling_verify on;
-
- server_name {{rt_webdomain}};
- access_log /var/log/nginx/access.log;
- proxy_cookie_path / "/; secure; HttpOnly";
-
- location / {
- fastcgi_param QUERY_STRING $query_string;
- fastcgi_param REQUEST_METHOD $request_method;
- fastcgi_param CONTENT_TYPE $content_type;
- fastcgi_param CONTENT_LENGTH $content_length;
-
- fastcgi_param SCRIPT_NAME "";
- fastcgi_param PATH_INFO $uri;
- fastcgi_param REQUEST_URI $request_uri;
- fastcgi_param DOCUMENT_URI $document_uri;
- fastcgi_param DOCUMENT_ROOT $document_root;
- fastcgi_param SERVER_PROTOCOL $server_protocol;
-
- fastcgi_param GATEWAY_INTERFACE CGI/1.1;
- fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
-
- fastcgi_param REMOTE_ADDR $remote_addr;
- fastcgi_param REMOTE_PORT $remote_port;
- fastcgi_param SERVER_ADDR $server_addr;
- fastcgi_param SERVER_PORT $server_port;
- fastcgi_param SERVER_NAME $server_name;
- fastcgi_pass unix:///var/run/rt4-fcgi.sock;
- }
- {% if rt_enable_acmetool %}
- location /.well-known/acme-challenge {
- alias /var/lib/acme/webroot;
- try_files $uri =404;
- }
- {% endif %}
-}
-
-server {
- listen 80;
- server_name {{rt_webdomain}};
- {% if rt_enable_acmetool %}
- location /.well-known/acme-challenge {
- alias /var/lib/acme/webroot;
- try_files $uri =404;
- }
- {% endif %}
- location / {
- return 301 https://$server_name$request_uri;
- }
-}
--
GitLab