Skip to content
Snippets Groups Projects
Commit 5a8cd501 authored by Amandus Rauin's avatar Amandus Rauin
Browse files

Merge branch 'th/nginx-caddy' into 'main' 

NGINX → Caddy integration

See merge request !3
parents 62ee7683 fa04c4ef
Branches main
No related tags found
1 merge request!3NGINX → Caddy integration
Pipeline #7040 passed
Stage: test
Show whitespace changes
Inline Side-by-side
request-tracker/defaults/main.yml
+ 1
2
View file @ 5a8cd501
---
rt_enable_acmetool: false
rt_enable_nginx: true
rt_workers: 4
rt_ldap_password: "{{ lookup('passwordstore', rt_ldappass) }}"
rt_disallowexecutecode: true
rt_configure_caddy: false
request-tracker/handlers/main.yml
+ 3
4
View file @ 5a8cd501
---
- name: restart RT
service: name=rt4-fcgi state=restarted
- name: restart nginx
service: name=nginx state=restarted
service:
name: rt4-fcgi
state: restarted
request-tracker/tasks/main.yml
+ 13
47
View file @ 5a8cd501
......@@ -75,45 +75,6 @@
tags:
- rt
- name: Have nginx packages installed
apt:
name: nginx
state: present
when: rt_enable_nginx|default(True)
tags:
- rt
- name: Have nginx config for RT installed
template:
src: nginx-rt.j2
dest: /etc/nginx/sites-available/rt
when: rt_enable_nginx|default(True)
tags:
- rt
notify:
- restart nginx
- name: Have nginx default config removed
file:
path: /etc/nginx/sites-enabled/default
state: absent
when: rt_enable_nginx|default(True)
tags:
- rt
notify:
- restart nginx
- name: Have nginx config for RT activated
file:
state: link
src: /etc/nginx/sites-available/rt
dest: /etc/nginx/sites-enabled/rt
when: rt_enable_nginx|default(True)
tags:
- rt
notify:
- restart nginx
- name: Have fcgi env installed
template:
src: fcgi-env.j2
......@@ -175,11 +136,16 @@
tags:
- rt
- name: Have nginx up und running
service:
name: nginx
state: started
enabled: true
when: rt_enable_nginx|default(True)
tags:
- rt
- name: Configure Caddy
include_role:
name: webservices/caddy
tasks_from: site
vars:
site_name: "{{ rt_webdomain }}"
site_config:
root *: /usr/share/request-tracker4/html
reverse_proxy * unix//var/run/rt4-fcgi.sock:
transport fastcgi:
env SCRIPT_NAME: '""'
when: rt_configure_caddy
tags: rt
request-tracker/templates/nginx-rt.j2 deleted 100644 → 0
+ 0
62
View file @ 62ee7683
server {
listen 443 ssl;
ssl_certificate /etc/ssl/nginx.crt;
ssl_certificate_key /etc/ssl/private/nginx.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_trusted_certificate /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
server_name {{rt_webdomain}};
access_log /var/log/nginx/access.log;
proxy_cookie_path / "/; secure; HttpOnly";
location / {
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME "";
fastcgi_param PATH_INFO $uri;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_pass unix:///var/run/rt4-fcgi.sock;
}
{% if rt_enable_acmetool %}
location /.well-known/acme-challenge {
alias /var/lib/acme/webroot;
try_files $uri =404;
}
{% endif %}
}
server {
listen 80;
server_name {{rt_webdomain}};
{% if rt_enable_acmetool %}
location /.well-known/acme-challenge {
alias /var/lib/acme/webroot;
try_files $uri =404;
}
{% endif %}
location / {
return 301 https://$server_name$request_uri;
}
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment