diff options
-rw-r--r-- | ansible/roles/nginx/tasks/main.yml | 37 | ||||
-rw-r--r-- | ansible/roles/nginx/templates/nginx.conf.j2 | 105 |
2 files changed, 142 insertions, 0 deletions
diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml new file mode 100644 index 00000000..5c010848 --- /dev/null +++ b/ansible/roles/nginx/tasks/main.yml @@ -0,0 +1,37 @@ +--- +- name: Create configuration directory + file: + path: "{{ app_data_path }}/cfg" + state: directory + +- name: Upload configuration to server + template: + src: nginx.conf.j2 + dest: "{{ app_data_path }}/cfg/nginx.conf" + +- name: Load nginx image + docker_image: + name: own_nginx + load_path: "{{ app_data_path }}/offline_data/docker_images_infra/own_nginx_latest.tar" + state: present + timeout: 120 + +- name: Start nginx + docker_container: + name: own_nginx + image: own_nginx + networks: + - name: nexus_network + ports: + - "80:80" + - "443:443" + - "10001:443" + volumes: + - "{{ app_data_path }}/cfg/nginx.conf:/etc/nginx/nginx.conf:ro" + - "{{ app_data_path }}/certs:/etc/nginx/certs:ro" + - "{{ app_data_path }}/git-repo:/srv/git:rw" + - "{{ app_data_path }}/http:/srv/http:rw" + - "{{ app_data_path }}/pkg/rhel:/srv/http/repo.infra-server:rw" + - /var/log/nginx:/var/log/nginx:rw + state: started + restart_policy: unless-stopped diff --git a/ansible/roles/nginx/templates/nginx.conf.j2 b/ansible/roles/nginx/templates/nginx.conf.j2 new file mode 100644 index 00000000..fb48565f --- /dev/null +++ b/ansible/roles/nginx/templates/nginx.conf.j2 @@ -0,0 +1,105 @@ +worker_processes 2; + +events { + worker_connections 1024; +} + +http { + error_log /var/log/nginx/error.log debug; + access_log /var/log/nginx/access.log; + + proxy_intercept_errors on; + proxy_send_timeout 120; + proxy_read_timeout 300; + + upstream nexus { + server nexus:8081; + } + + upstream registry { + server nexus:8082; + } + +# http simulations + server { + listen 80; + listen 443 ssl; + server_name _; + ssl_certificate /etc/nginx/certs/nexus_server.crt; + ssl_certificate_key /etc/nginx/certs/nexus_server.key; + + keepalive_timeout 5 5; + + location / { + root /srv/http/$host; + index index.html; + } + } + +# nexus simulations + server { + listen 80; + listen 443 ssl; + server_name {% for host in simulated_hosts.nexus -%} + {{ host + " " }} + {%- endfor %}; + ssl_certificate /etc/nginx/certs/nexus_server.crt; + ssl_certificate_key /etc/nginx/certs/nexus_server.key; + + keepalive_timeout 5 5; + proxy_buffering off; + + # allow large uploads + client_max_body_size 3G; + + location / { + # redirect to docker registry + if ($http_user_agent ~ docker ) { + proxy_pass http://registry; + } + proxy_pass http://nexus; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + } + +# git simulations + server { + listen 80; + listen 443 ssl; + server_name {% for host in simulated_hosts.git -%} + {{ host + " " }} + {%- endfor %}; + ssl_certificate /etc/nginx/certs/nexus_server.crt; + ssl_certificate_key /etc/nginx/certs/nexus_server.key; + + keepalive_timeout 5 5; + proxy_buffering off; + + location / { + try_files $uri $uri/ @git; + } + + location @git { + + # Set chunks to unlimited, as the body's can be huge + client_max_body_size 0; + + fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_param PATH_INFO $uri; + + include fastcgi_params; + + fastcgi_param GIT_HTTP_EXPORT_ALL ""; + fastcgi_param GIT_PROJECT_ROOT /srv/git/$host/; + + # Forward REMOTE_USER as we want to know when we are authenticated + fastcgi_param REMOTE_USER $remote_user; + + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } + } +} |