Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Lots of changes.

  • Loading branch information...
commit 0d1c29caff6d745f267c5f834cc4972e45fe711c 1 parent dde1c84
@btompkins authored
Showing with 112 additions and 35 deletions.
  1. +10 −2 apache-default-upstream-proxy.txt
  2. +99 −31 fabfile.py
  3. +3 −2 nginx-default.txt
View
12 apache-default-upstream-proxy.txt
@@ -8,9 +8,9 @@
# your frontend proxy.
Listen 8200
-NameVirtualHost 127.0.0.1:8200
+NameVirtualHost IP_ADDRESS:8200
-<VirtualHost 127.0.0.1:8200>
+<VirtualHost IP_ADDRESS:8200>
ServerName www.DOMAIN_NAME
RewriteEngine on
DocumentRoot /var/www/DOMAIN_NAME
@@ -22,4 +22,12 @@ NameVirtualHost 127.0.0.1:8200
RewriteCond %{HTTP_REFERER} !.*blog.example.org.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) - [R=403,L]
+
+ <IfModule mod_rpaf.c>
+ RPAFenable On
+ RPAFsethostname On
+ RPAFproxy_ips REVERSE_PROXY_IP
+ </IfModule>
+
+
</VirtualHost>
View
130 fabfile.py
@@ -1,36 +1,77 @@
from fabric.api import *
from fabric.contrib.files import *
-env.hosts = ['184.106.93.74']
+env.roledefs = {
+ 'prx' : ['184.106.69.38'],
+ 'app' : ['184.106.69.20', '184.106.69.92'],
+ 'db' : ['184.106.69.141']
+}
+
env.user = 'brendan'
-def deploy_all():
+@roles('prx','app','db')
+def base_host_setup():
+ env.user = 'root'
+ #Create local sudoer user, then upgrade Ubuntu.
+ prompt('Specify new username: ', 'new_username')
+ prompt('Speciry new password: ', 'new_password')
+ new_user(env.new_username,env.new_password)
+ upgrade_host()
+
+@roles('app')
+def deploy_appservers():
+ """
+ Deploy apache, mail, ftp, and make apache listen on
+ port 8200. Then deploy our Wordpress install, which
+ has already been skinned setup, and stored at github.
+ """
+ prompt('Specify db password: ', 'new_password')
install_apache()
- install_mysql('bbb123')
- install_phpmyadmin()
install_git()
- create_database('wp_codebetter',
- 'root',
- 'bbb123',
- 'dbuser',
- 'dbpass')
-
- copy_git_database('wp_codebetter',
- 'git://github.com/btompkins/CodeBetter.Com-MySql.git')
install_mail()
install_ftp()
- setup_website_as_upstream_server('codebetter.com')
+ setup_website_as_upstream_server('codebetter.com',
+ env.host_string,
+ env.roledefs['prx'][0])
copy_git_website('codebetter.com',
'git://github.com/btompkins/CodeBetter.Com-Wordpress.git',
'wp_codebetter',
'dbuser',
- 'dbpass')
+ env.new_password,
+ env.roledefs['db'][0])
+
+@roles('prx')
+def deploy_reverse_proxy():
+ """
+ Deploy NGINX and setup as a front end
+ reverse proxy, loadbalacing between our app servers.
+ """
install_nginx()
- configure_nginx()
+ configure_nginx(env.roledefs['app'][0])
+ configure_nginx(env.roledefs['app'][1])
+
+@roles('db')
+def deploy_dbserver():
+ """
+ Setup apache, mysql, and phpmyadmin, git
+ and create our databse, and restore from github.
+ """
+ prompt('Specify db password: ', 'new_password')
+ install_apache()
+ install_mysql(env.new_password)
+ install_phpmyadmin()
+ install_git()
+ create_database('wp_codebetter',
+ 'root',
+ env.new_password,
+ 'dbuser',
+ env.new_password)
+ copy_git_database('wp_codebetter',
+ 'git://github.com/btompkins/CodeBetter.Com-MySql.git')
+ setup_mysql_remote_access('184.106.0.0/16', env.host_string)
def new_user(admin_username, admin_password):
env.user = 'root'
- env.password = 'test.codebetter.comtx65bUXO4'
# Create the admin group and add it to the sudoers file
admin_group = 'admin'
@@ -50,11 +91,11 @@ def new_user(admin_username, admin_password):
username=admin_username,
password=admin_password))
-def upgrade_hosts():
+def upgrade_host():
runcmd('apt-get -y update && apt-get -y dist-upgrade ')
def install_apache():
- runcmd('apt-get -y install apache2 php5 libapache2-mod-php5')
+ runcmd('apt-get -y install apache2 php5 libapache2-mod-php5 mysql-client php5-mysql')
runcmd('a2enmod rewrite')
runcmd('a2enmod deflate')
runcmd('a2enmod expires')
@@ -64,7 +105,8 @@ def install_apache():
'# Customizations', 'Header unset ETag',
'FileETag None',
'ExpiresActive On',
- 'ExpiresDefault "access plus 7 days"'], '/etc/apache2/apache2.conf', use_sudo=True)
+ 'ExpiresDefault "access plus 7 days"'], '/etc/apache2/apache2.conf',
+ use_sudo=True)
runcmd('/etc/init.d/apache2 restart')
def install_mysql(mysql_root_password):
@@ -74,7 +116,7 @@ def install_mysql(mysql_root_password):
runcmd('echo "mysql-server mysql-server/root_password_again select '
'{password}" | debconf-set-selections'.format(
password=mysql_root_password))
- runcmd('apt-get -y install mysql-server mysql-client php5-mysql')
+ runcmd('apt-get -y install mysql-server')
def install_phpmyadmin():
runcmd('DEBIAN_FRONTEND=noninteractive apt-get install -y phpmyadmin')
@@ -100,7 +142,7 @@ def create_database(database_name, root_user, root_password, new_user,
userpass=new_user_password))
runcmd('mysql --user={root} --password={password} '
'--execute="GRANT ALL ON {database}.* TO '
- '\'{user}\'@\'localhost\' IDENTIFIED BY \'{userpass}\'"'
+ '\'{user}\'@\'%\' IDENTIFIED BY \'{userpass}\'"'
.format(root=root_user,
password=root_password,
database=database_name,
@@ -151,16 +193,20 @@ def setup_website(domain_name):
'</IfModule>'], '/etc/apache2/apache2.conf', use_sudo=True)
runcmd('/etc/init.d/apache2 restart')
-def setup_website_as_upstream_server(domain_name):
+def setup_website_as_upstream_server(domain_name, ip_address, reverse_proxy_ip):
+ runcmd('apt-get -y install libapache2-mod-rpaf')
runcmd('mkdir /var/www/{domain}'.format(domain=domain_name))
runcmd('rm /etc/apache2/sites-enabled/000-default')
- upload_template('.\\apache-default-upstream-proxy.txt'.format(
- domain=domain_name), '/etc/apache2/sites-enabled/{domain}'.format(
- domain=domain_name), use_sudo=True)
+ upload_template('.\\apache-default-upstream-proxy.txt',
+ '/etc/apache2/sites-enabled/{domain}'.format(
+ domain=domain_name), use_sudo=True)
sed('/etc/apache2/sites-enabled/{domain}'.format(
domain=domain_name), 'DOMAIN_NAME', domain_name, use_sudo=True,)
+ sed('/etc/apache2/sites-enabled/{domain}'.format(
+ domain=domain_name), 'IP_ADDRESS', ip_address, use_sudo=True,)
+ sed('/etc/apache2/sites-enabled/{domain}'.format(
+ domain=domain_name), 'REVERSE_PROXY_IP', reverse_proxy_ip, use_sudo=True,)
runcmd('rm /etc/apache2/sites-enabled/*.bak')
-
# Note that the following will only work once!
append(['<IfModule mod_rewrite.c>',
' RewriteLog "/var/log/apache2/rewrite.log"',
@@ -169,10 +215,13 @@ def setup_website_as_upstream_server(domain_name):
.format(domain=domain_name),
' LimitInternalRecursion 5',
'</IfModule>'], '/etc/apache2/apache2.conf', use_sudo=True)
-
+ comment('/etc/apache2/ports.conf','NameVirtualHost \*:80', use_sudo=True)
+ comment('/etc/apache2/ports.conf','Listen 80', use_sudo=True)
runcmd('/etc/init.d/apache2 restart')
-def copy_git_website(domain_name, repository_uri, database_name, database_user, database_password):
+
+def copy_git_website(domain_name, repository_uri, database_name, database_user, database_password,
+ database_host):
with cd('/var/www/{domain}'.format(domain=domain_name)):
runcmd('git clone {repo} .'.format(repo=repository_uri))
sed('/var/www/{domain}/wp-config.php'.format(domain=domain_name),
@@ -182,6 +231,8 @@ def copy_git_website(domain_name, repository_uri, database_name, database_user,
sed('/var/www/{domain}/wp-config.php'.format(domain=domain_name),
'DATABASE_PASSWORD', database_password, use_sudo=True)
sed('/var/www/{domain}/wp-config.php'.format(domain=domain_name),
+ 'DATABASE_HOST', database_host, use_sudo=True)
+ sed('/var/www/{domain}/wp-config.php'.format(domain=domain_name),
'SITE_DOMAIN', domain_name, use_sudo=True)
with cd('/var/www/'):
runcmd('chown www-data {domain} -fR'.format(domain=domain_name))
@@ -194,11 +245,28 @@ def install_nginx():
runcmd('apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C300EE8C')
runcmd('apt-get update')
runcmd('apt-get -y install nginx')
-
-def configure_nginx():
upload_template('.\\nginx-default.txt', '/etc/nginx/sites-available/default', use_sudo=True)
- runcmd('/etc/init.d/nginx restart')
+def configure_nginx(upstream_server_ip):
+ uncomment('/etc/nginx/sites-available/default',
+ '#NEW_UPSTREAM_SERVER', use_sudo=True)
+ sed('/etc/nginx/sites-available/default',
+ 'NEW_UPSTREAM_SERVER',
+ 'server {server_ip}:8200 weight=1 fail_timeout=30s;#NEW_UPSTREAM_SERVER'
+ .format(server_ip=upstream_server_ip), use_sudo=True)
+ runcmd('rm /etc/nginx/sites-available/*.bak')
+ runcmd('/etc/init.d/nginx restart')
+
+
+def setup_mysql_remote_access(remote_range, bind_address):
+ comment('/etc/mysql/my.cnf', 'skip-networking', use_sudo=True)
+ sed('/etc/mysql/my.cnf', 'bind-address = 127.0.0.1',
+ 'bind-address = {address}'.format(address=bind_address), use_sudo=True)
+ runcmd('restart mysql')
+ runcmd('iptables -A INPUT -i eth0 -s {remote} -p tcp --destination-port 3306 -j ACCEPT'
+ .format(remote=remote_range))
+ runcmd('iptables-save')
+
# Helpers
def runcmd(arg):
if env.user != "root":
View
5 nginx-default.txt
@@ -17,7 +17,8 @@ proxy_cache_key "$scheme://$host$request_uri";
upstream wordpressapache {
#The upstream apache server. You can have many of these and weight them accordingly,
#allowing nginx to function as a caching load balancer (oh my. Awesomeness abounds.)
- server 127.0.0.1:8200 weight=1 fail_timeout=120s;
+ #NEW_UPSTREAM_SERVER
+
}
server {
@@ -28,7 +29,7 @@ server {
server_name codebetter.tld;
# "combined" matches apache's concept of "combined". Neat.
- access_log /var/log/apache2/nginx-access.log combined;
+ access_log /var/log/nginx/nginx-access.log combined;
# Set the real IP.
proxy_set_header X-Real-IP $remote_addr;
Please sign in to comment.
Something went wrong with that request. Please try again.