Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
initial commit firmware server nginx role
- Loading branch information
HellMar
committed
May 4, 2017
1 parent
2402aec
commit c97aa9d
Showing
6 changed files
with
765 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
--- | ||
- name: restart nginx | ||
service: name=nginx state=restarted |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,150 @@ | ||
- name: install nginx | ||
apt: | ||
pkg: "{{ item }}" | ||
update_cache: no | ||
state: latest | ||
with_items: | ||
- nginx | ||
- php5-fpm | ||
- unzip | ||
|
||
- name: create config directory | ||
file: name=/etc/nginx/sites-available/default.d state=directory | ||
|
||
- name: Create config file for blacklist | ||
copy: content="" dest=/etc/nginx/sites-available/default.d/blacklist force=no | ||
|
||
#- name: Create config file for each domain | ||
# copy: content="" dest=/etc/nginx/sites-available/default.d/UmzugInDomaene{{item[0]}} force=no | ||
# with_items: | ||
# - "{{domaenen|dictsort}}" | ||
|
||
#- name: Create config file for each domain (legacy) | ||
# copy: content="" dest=/etc/nginx/sites-available/default.d/Domaene{{item[0]}} force=no | ||
# with_items: | ||
# - "{{domaenen|dictsort}}" | ||
|
||
- name: create letsencrypt directory | ||
file: name=/var/www/letsencrypt state=directory | ||
|
||
- name: Install default nginx site for letsencrypt requests and https rewrite | ||
template: | ||
src: templates/default.j2 | ||
dest: /etc/nginx/sites-available/default | ||
register: gendefconf | ||
|
||
- name: Activate default nginx site | ||
file: src=/etc/nginx/sites-available/default dest=/etc/nginx/sites-enabled/default state=link | ||
register: actdefconf | ||
|
||
- name: Reload nginx to activate letsencrypt site | ||
service: name=nginx state=restarted | ||
when: gendefconf.changed or actdefconf.changed | ||
|
||
- name: acme install | ||
shell: wget -O - https://get.acme.sh | sh | ||
args: | ||
creates: /root/.acme.sh/acme.sh | ||
|
||
#- name: Create certificate | ||
# shell: /root/.acme.sh/acme.sh --issue -d {{inventory_hostname_short}}.{{freifunk.domain}} -w /var/www/letsencrypt | ||
# args: | ||
# creates: /root/.acme.sh/{{inventory_hostname_short}}.{{freifunk.domain}}/ca.cer | ||
|
||
- name: Create certificate | ||
shell: /root/.acme.sh/acme.sh --issue -d {{inventory_hostname_short}}.{{freifunk.domain}} -w /var/www/letsencrypt -d {{inventory_hostname_short}}.freifunk-muensterland.net -w /var/www/letsencrypt -d {{inventory_hostname_short}}.freifunk-muenster.de -w /var/www/letsencrypt -d {{inventory_hostname_short}}.freifunk-muensterland.org -w /var/www/letsencrypt | ||
args: | ||
creates: /root/.acme.sh/{{inventory_hostname_short}}.{{freifunk.domain}}/ca.cer | ||
|
||
- name: install cert to Nginx | ||
shell: /root/.acme.sh/acme.sh --installcert -d {{inventory_hostname_short}}.{{freifunk.domain}} --keypath "/etc/ssl/key.pem" --fullchainpath "/etc/ssl/fullchain.pem" --reloadcmd "systemctl restart nginx" | ||
args: | ||
creates: /etc/ssl/certs/key.pem | ||
|
||
- name: Generate dhparams | ||
shell: openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 | ||
args: | ||
creates: /etc/ssl/certs/dhparam.pem | ||
|
||
- name: Deploy default ssl nginx site | ||
template: | ||
src: default_ssl.j2 | ||
dest: /etc/nginx/sites-available/default_ssl | ||
notify: | ||
- restart nginx | ||
|
||
- name: Aktivate default ssl nginx site | ||
file: src=/etc/nginx/sites-available/default_ssl dest=/etc/nginx/sites-enabled/default_ssl state=link | ||
register: actsslconf | ||
|
||
- name: Reload nginx to activate default ssl nginx site | ||
service: name=nginx state=restarted | ||
when: actsslconf.changed | ||
|
||
- name: Clone bootstrap and css files | ||
git: repo=https://github.com/FreiFunkMuenster/nodesmap-page.git dest=/opt/nodesmap force=yes | ||
|
||
- name: link nophp | ||
file: | ||
src: ../html | ||
dest: /var/www/html/nophp | ||
state: link | ||
|
||
- name: link css | ||
file: | ||
src: /opt/nodesmap/css | ||
dest: /var/www/html/css | ||
state: link | ||
|
||
- name: link js | ||
file: | ||
src: /opt/nodesmap/js | ||
dest: /var/www/html/js | ||
state: link | ||
|
||
- name: link fonts | ||
file: | ||
src: /opt/nodesmap/fonts | ||
dest: /var/www/html/fonts | ||
state: link | ||
|
||
- name: link icons | ||
file: | ||
src: /opt/nodesmap/icons | ||
dest: /var/www/html/icons | ||
state: link | ||
|
||
- name: link logo | ||
file: | ||
src: /opt/nodesmap/logo.svg | ||
dest: /var/www/html/logo.svg | ||
state: link | ||
|
||
- name: Generate index.html | ||
template: | ||
src: index.html.j2 | ||
dest: /var/www/html/index.html | ||
|
||
- name: css git clonen | ||
git: repo=https://github.com/FreiFunkMuenster/md-fw-dl.git dest=/var/www/html/md-fw-dl force=yes | ||
|
||
- name: create directory for h5ai | ||
file: name=/opt/h5ai state=directory | ||
|
||
- name: get h5ai | ||
get_url: | ||
url: "https://release.larsjung.de/h5ai/h5ai-0.29.0.zip" | ||
dest: /opt/h5ai/h5ai-0.29.0.zip | ||
register: geth5ai | ||
|
||
- name: unarchive h5ai | ||
unarchive: | ||
src: /opt/h5ai/h5ai-0.29.0.zip | ||
dest: /var/www/html | ||
remote_src: True | ||
when: geth5ai.changed | ||
|
||
- name: deploy h5ai config | ||
template: | ||
src: templates/options.json.j2 | ||
dest: /var/www/html/_h5ai/private/conf/options.json |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
server { | ||
listen 80 default_server; | ||
listen [::]:80 default_server; | ||
server_name {{inventory_hostname_short}}.{{freifunk.domain}}; | ||
|
||
location /.well-known/acme-challenge { | ||
root /var/www/letsencrypt; | ||
try_files $uri $uri/ =404; | ||
} | ||
|
||
location /nginx_status { | ||
stub_status on; | ||
access_log off; | ||
allow 127.0.0.1; | ||
deny all; | ||
} | ||
|
||
location / { | ||
return 301 https://$server_name$request_uri; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
geo $blacklist { #Knoten die bewust kein update bekommen sollen. | ||
include /etc/nginx/sites-available/default.d/blacklist; | ||
default 0; | ||
} | ||
#################################################################### | ||
{% for domaene in domaenen|dictsort -%} | ||
geo $umzugindom{{domaene[0]}} { | ||
include /etc/nginx/sites-available/default.d/UmzugInDomaene{{domaene[0]}}; | ||
default 0; | ||
} | ||
{% endfor %} | ||
#################################################################### | ||
## LEGACY | ||
{% for domaene in domaenen|dictsort -%} | ||
geo $domaene{{domaene[0]}} { | ||
include /etc/nginx/sites-available/default.d/Domaene{{domaene[0]}}; | ||
default 0; | ||
} | ||
{% endfor %} | ||
#################################################################### | ||
server { | ||
# listen 443 ssl http2; #NUR NEUERE NGINX VERSIONEN | ||
# listen [::]:443 ssl http2; | ||
|
||
listen 443 ssl spdy; | ||
listen [::]:443 ssl spdy; | ||
|
||
server_name {{inventory_hostname_short}}.{{freifunk.domain}}; | ||
|
||
ssl_certificate /etc/ssl/fullchain.pem; | ||
ssl_certificate_key /etc/ssl/key.pem; | ||
|
||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | ||
ssl_prefer_server_ciphers on; | ||
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; | ||
ssl_ecdh_curve secp384r1; | ||
ssl_session_cache shared:SSL:10m; | ||
ssl_session_tickets off; | ||
ssl_stapling on; | ||
ssl_stapling_verify on; | ||
resolver 8.8.8.8 8.8.4.4 valid=300s; | ||
resolver_timeout 5s; | ||
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; | ||
add_header X-Content-Type-Options nosniff; | ||
|
||
ssl_dhparam /etc/ssl/certs/dhparam.pem; | ||
|
||
root /var/www/html; | ||
|
||
# Add index.php to the list if you are using PHP | ||
index index.html index.htm index.nginx-debian.html /_h5ai/public/index.php; | ||
# index index.html index.htm index.nginx-debian.html; | ||
|
||
if ($blacklist) { | ||
return 204; | ||
} | ||
#################################################################### | ||
{% for domaene in domaenen|dictsort -%} | ||
if ($umzugindom{{domaene[0]}}) { | ||
rewrite ^/domaene[0-9][0-9]/(.*)$ /umzug/domaene{{domaene[0]}}/$1; | ||
} | ||
{% endfor %} | ||
#################################################################### | ||
{% for domaene in domaenen|dictsort -%} | ||
if ($domaene{{domaene[0]}}) { | ||
rewrite ^/site-ffms/(.*)$ /domaene{{domaene[0]}}/$1; | ||
} | ||
{% endfor %} | ||
#################################################################### | ||
|
||
location / { | ||
autoindex on; | ||
autoindex_localtime on; | ||
autoindex_exact_size on; | ||
# First attempt to serve request as file, then | ||
# as directory, then fall back to displaying a 404. | ||
try_files $uri $uri/ =404; | ||
} | ||
|
||
location ~ \.php$ { | ||
include snippets/fastcgi-php.conf; | ||
fastcgi_pass unix:/var/run/php5-fpm.sock; | ||
} | ||
|
||
location /nophp { | ||
autoindex on; | ||
autoindex_localtime on; | ||
autoindex_exact_size on; | ||
index index.html index.htm index.nginx-debian.html; | ||
# First attempt to serve request as file, then | ||
# as directory, then fall back to displaying a 404. | ||
try_files $uri $uri/ =404; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,106 @@ | ||
<!DOCTYPE html> | ||
<html lang="en"><!-- Mit Ansible erzeugt - änderungen werden überschrieben --> | ||
<head> | ||
<title>{{freifunk.name}} - Firmware</title> | ||
<meta charset="utf-8"> | ||
<meta name="viewport" content="width=device-width, initial-scale=1"> | ||
<link rel="apple-touch-icon" sizes="180x180" href="/icons/apple-touch-icon.png?v=2"> | ||
<link rel="icon" type="image/png" href="/icons/favicon-32x32.png?v=2" sizes="32x32"> | ||
<link rel="icon" type="image/png" href="/icons/favicon-16x16.png?v=2" sizes="16x16"> | ||
<link rel="manifest" href="/icons/manifest.json?v=2"> | ||
<link rel="mask-icon" href="/icons/safari-pinned-tab.svg?v=2" color="#ffb400"> | ||
<link rel="shortcut icon" href="/icons/favicon.ico?v=2"> | ||
<meta name="apple-mobile-web-app-title" content="Freifunk"> | ||
<meta name="application-name" content="Freifunk"> | ||
<meta name="msapplication-config" content="/icons/browserconfig.xml?v=2"> | ||
<meta name="theme-color" content="#dc0067"> | ||
<link rel="stylesheet" href="css/bootstrap.min.css"> | ||
<link rel="stylesheet" href="css/ffms.css"> | ||
</head> | ||
<body> | ||
<div class="container"> | ||
<div class="page-header"> | ||
<div class="row"> | ||
<div class="col-md-2 col-sm-3"> | ||
<img id="ffms-logo" src="logo.svg" class="img" alt="Logo Freifunk Münsterland"> | ||
</div> | ||
<div class="col-md-10 col-sm-9"> | ||
<h2>Firmware - {{freifunk.name}} | ||
<br/><small>Firmware der einzelnen Domänen</small></h2> | ||
<p>Im Januar 2016 haben wir das Netzwerk umstrukturiert. Seitdem gibt es für die verschiedenen Bereiche (Domänen) unterschiedliche Firmware. Es gibt zwei Methoden, die passende Firmware zu finden:</p> | ||
<ol> | ||
<li>Den <a href="md-fw-dl/">Firmware Download Assistenten</a> verwenden.</li> | ||
<li>Wähle unten eine Domäne, um zum Verzeichnisbaum mit passender Firmware zu gelangen: | ||
<ul> | ||
|
||
</ul> | ||
</li> | ||
</ol> | ||
</div> | ||
</div> | ||
</div> | ||
</div> | ||
<div class="container"> | ||
<div class="row"> | ||
<!-- Suchfeld und Links --> | ||
<div class="col-md-4 col-sm-4 col-xs-12"> | ||
<form type="text" action="javascript:myScroll()"> | ||
<div class="input-group"> | ||
<!-- USE TWITTER TYPEAHEAD JSON WITH API TO SEARCH --> | ||
<input class="form-control" id="system-search" | ||
name="q" placeholder="Suche nach" autofocus> | ||
<span class="input-group-btn"> | ||
<button type="submit" id="searchbutton" class="btn btn-ffms"> | ||
<i class="glyphicon glyphicon-search"></i> | ||
</button> | ||
</span> | ||
</input> | ||
</div> | ||
</form> | ||
<br/> | ||
<h4><strong><a href="md-fw-dl/">Firmware Download Assistent</a></strong></h4> | ||
<p><a class="btn-ffms-collapse visible-xs" data-toggle="collapse" data-target="#narrow-results">» Mehr Freifunk Links</a></p> | ||
<div id="narrow-results" class="narrow-results collapse"> | ||
<p><a href="https://freifunk-muensterland.de">{{freifunk.name}} - Homepage</a></p> | ||
<p><a href="https://wiki.freifunk-muensterland.de/">{{freifunk.name}} - Wiki</a></p> | ||
<p><a href="https://forum.freifunk-muensterland.de/">{{freifunk.name}} - Forum</a></p> | ||
<p><a href="https://karte.freifunk-muensterland.de/">{{freifunk.name}} - Karte</a></p> | ||
</div> | ||
</div> | ||
<!-- Spalte mit Domänen --> | ||
<div class="col-md-4 col-sm-4 col-xs-12"> | ||
<div class="ffms-align-center"> | ||
<table class="table table-list-search table-hover"> | ||
<tbody> | ||
<!-- Alle Domänen einfügen --> | ||
{% for domaene in domaenen|dictsort %} | ||
{% if "firmware" in domaene[1] %} | ||
<tr> | ||
<td> | ||
<a href="{{domaene[1].firmware}}">Domäne {{domaene[0]}}</a> - {{domaene[1].name}}</li> | ||
</td> | ||
</tr> | ||
{% endif %} | ||
{% endfor %} | ||
</tbody> | ||
</table> | ||
</div> | ||
</div> | ||
</div> | ||
</div> | ||
<!-- jQuery (necessary for Bootstrap's JavaScript plugins) --> | ||
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script> | ||
<!-- Include all compiled plugins (below), or include individual files as needed --> | ||
<!-- optional via CDN: <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" </script> --> | ||
<script src="js/bootstrap.min.js"></script> | ||
<script src="js/search.js"></script> | ||
<script> | ||
function myScroll(my) { | ||
$('html, body').animate({ | ||
scrollTop: $(".table").offset().top | ||
}, 200); | ||
} | ||
</script> | ||
</body> | ||
|
||
|
Oops, something went wrong.