# HG changeset patch # User ymh # Date 1536967447 -7200 # Node ID f72ffe8b30b141f5c3531f58ae038893b7080a7a # Parent 66f388fa213056fe744fd7a87abb6372b1467450 Correct deployment diff -r 66f388fa2130 -r f72ffe8b30b1 deploy/deploy.sh --- a/deploy/deploy.sh Fri Sep 14 22:07:56 2018 +0200 +++ b/deploy/deploy.sh Sat Sep 15 01:24:07 2018 +0200 @@ -31,6 +31,6 @@ pushd "$SCRIPTPATH" -ansible-playbook -v -i "./hosts/hosts.$DASHBOARDNAME" -l "$DASHBOARDNAME" ./deploy.yml --extra-vars "dashboard_version=${VERSION}" --step --ask-vault-pass +ANSIBLE_STDOUT_CALLBACK=debug ansible-playbook -v -i "./hosts/hosts.$DASHBOARDNAME" -l "$DASHBOARDNAME" ./deploy.yml --extra-vars "dashboard_version=${VERSION}" --ask-vault-pass popd diff -r 66f388fa2130 -r f72ffe8b30b1 deploy/deploy.yml --- a/deploy/deploy.yml Fri Sep 14 22:07:56 2018 +0200 +++ b/deploy/deploy.yml Sat Sep 15 01:24:07 2018 +0200 @@ -181,7 +181,7 @@ # TODO : set dashboard name in setting - name: transfert static dist to remote copy: - src: "{{clientjs_dir}}/{{dashboard_name}}/build/" + src: "{{clientjs_dir}}/packages/{{dashboard_name}}/build/" dest: "{{remote_static_path}}/" owner: "{{static_http_user}}" group: "{{static_http_group}}" @@ -190,7 +190,7 @@ - name: create refresh nginx config template: - src: netrights.iri-research.org.j2 + src: "{{static_nginx_use_ssl | ternary('nginx.static.ssl.conf.j2', 'nginx.static.conf.j2')}}" dest: "{{static_nginx_config | default('/etc/nginx/site-available/'+static_server_name, true)}}" notify: - restart static nginx diff -r 66f388fa2130 -r f72ffe8b30b1 deploy/group_vars/explorunivers_test.yml --- a/deploy/group_vars/explorunivers_test.yml Fri Sep 14 22:07:56 2018 +0200 +++ b/deploy/group_vars/explorunivers_test.yml Sat Sep 15 01:24:07 2018 +0200 @@ -5,7 +5,8 @@ # note : must not end with / remote_static_path: "/var/www" -static_nginx_config: "/etc/nginx/site-available/172.16.1.7" +static_nginx_config: "/etc/nginx/conf.d/172.16.1.7.conf" +static_nginx_use_ssl: false static_server_name: "172.16.1.7" static_http_service: "nginx" diff -r 66f388fa2130 -r f72ffe8b30b1 deploy/group_vars/group_vars.yml.tmpl --- a/deploy/group_vars/group_vars.yml.tmpl Fri Sep 14 22:07:56 2018 +0200 +++ b/deploy/group_vars/group_vars.yml.tmpl Sat Sep 15 01:24:07 2018 +0200 @@ -14,6 +14,9 @@ # remote path for nginx static file config static_nginx_config: "" +# use the nginx ssl config template for static webserver of not +static_nginx_use_ssl: true + # static file domain static_server_name: "netrights.iri-research.org" diff -r 66f388fa2130 -r f72ffe8b30b1 deploy/templates/netrights.iri-research.org.j2 --- a/deploy/templates/netrights.iri-research.org.j2 Fri Sep 14 22:07:56 2018 +0200 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,63 +0,0 @@ -upstream annotation-api { - server {{annotations_api_host}}:{{annotations_api_port}}; - server 127.0.0.1 backup; -} - -upstream discussion-api { - server {{discussions_host}}:{{discussions_port}}; - server 127.0.0.1 backup; -} - - -server { - listen 80; - listen [::]:80; - - server_name {{static_server_name}}; - return 301 https://$host$request_uri; -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - - server_name {{static_server_name}}; - - access_log /var/log/nginx/{{static_server_name}}-access.log; - error_log /var/log/nginx/{{static_server_name}}-error.log; - - ssl_certificate /etc/letsencrypt/live/{{static_server_name}}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/{{static_server_name}}/privkey.pem; - - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; - - - root {{remote_static_path}}/; - index index.html index.htm; - - location /.well-known/acme-challenge { - alias /var/lib/letsencrypt/.well-known/acme-challenge; - default_type "text/plain"; - try_files $uri =404; - } - - location {{annotations_api_url}}/ { - uwsgi_pass annotation-api; - include /etc/nginx/uwsgi_params; - } - - location {{discussions_url}}/ { - uwsgi_pass discussion-api; - include /etc/nginx/uwsgi_params; - } - - location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ /index.html; - # Uncomment to enable naxsi on this location - # include /etc/nginx/naxsi.rules - } -} diff -r 66f388fa2130 -r f72ffe8b30b1 deploy/templates/nginx.static.conf.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/templates/nginx.static.conf.j2 Sat Sep 15 01:24:07 2018 +0200 @@ -0,0 +1,42 @@ +upstream annotation-api { + server {{annotations_api_host}}:{{annotations_api_port}}; + server 127.0.0.1 backup; +} + +upstream discussion-api { + server {{discussions_host}}:{{discussions_port}}; + server 127.0.0.1 backup; +} + + +server { + listen 80; + listen [::]:80; + + server_name {{static_server_name}}; + + access_log /var/log/nginx/{{static_server_name}}-access.log; + error_log /var/log/nginx/{{static_server_name}}-error.log; + + root {{remote_static_path}}/; + index index.html index.htm; + + + location {{annotations_api_url}}/ { + uwsgi_pass annotation-api; + include /etc/nginx/uwsgi_params; + } + + location {{discussions_url}}/ { + uwsgi_pass discussion-api; + include /etc/nginx/uwsgi_params; + } + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ /index.html; + # Uncomment to enable naxsi on this location + # include /etc/nginx/naxsi.rules + } +} diff -r 66f388fa2130 -r f72ffe8b30b1 deploy/templates/nginx.static.ssl.conf.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/deploy/templates/nginx.static.ssl.conf.j2 Sat Sep 15 01:24:07 2018 +0200 @@ -0,0 +1,63 @@ +upstream annotation-api { + server {{annotations_api_host}}:{{annotations_api_port}}; + server 127.0.0.1 backup; +} + +upstream discussion-api { + server {{discussions_host}}:{{discussions_port}}; + server 127.0.0.1 backup; +} + + +server { + listen 80; + listen [::]:80; + + server_name {{static_server_name}}; + return 301 https://$host$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name {{static_server_name}}; + + access_log /var/log/nginx/{{static_server_name}}-access.log; + error_log /var/log/nginx/{{static_server_name}}-error.log; + + ssl_certificate /etc/letsencrypt/live/{{static_server_name}}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{static_server_name}}/privkey.pem; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; + + + root {{remote_static_path}}/; + index index.html index.htm; + + location /.well-known/acme-challenge { + alias /var/lib/letsencrypt/.well-known/acme-challenge; + default_type "text/plain"; + try_files $uri =404; + } + + location {{annotations_api_url}}/ { + uwsgi_pass annotation-api; + include /etc/nginx/uwsgi_params; + } + + location {{discussions_url}}/ { + uwsgi_pass discussion-api; + include /etc/nginx/uwsgi_params; + } + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ /index.html; + # Uncomment to enable naxsi on this location + # include /etc/nginx/naxsi.rules + } +} diff -r 66f388fa2130 -r f72ffe8b30b1 deploy/test_playbook.yml --- a/deploy/test_playbook.yml Fri Sep 14 22:07:56 2018 +0200 +++ b/deploy/test_playbook.yml Sat Sep 15 01:24:07 2018 +0200 @@ -7,7 +7,7 @@ tasks: - name: install deps apk: - name: python-dev,python3-dev,py-virtualenv,nginx,supervisor,shadow,build-base,musl-dev,gcc,linux-headers + name: python-dev,python3-dev,py-virtualenv,nginx,supervisor,shadow,build-base,musl-dev,gcc,linux-headers,libffi,libffi-dev update_cache: yes - name: create etc supervisor.d folder file: