summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ansible/roles/nginx/tasks/main.yml37
-rw-r--r--ansible/roles/nginx/templates/nginx.conf.j2105
2 files changed, 142 insertions, 0 deletions
diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml
new file mode 100644
index 00000000..5c010848
--- /dev/null
+++ b/ansible/roles/nginx/tasks/main.yml
@@ -0,0 +1,37 @@
+---
+- name: Create configuration directory
+ file:
+ path: "{{ app_data_path }}/cfg"
+ state: directory
+
+- name: Upload configuration to server
+ template:
+ src: nginx.conf.j2
+ dest: "{{ app_data_path }}/cfg/nginx.conf"
+
+- name: Load nginx image
+ docker_image:
+ name: own_nginx
+ load_path: "{{ app_data_path }}/offline_data/docker_images_infra/own_nginx_latest.tar"
+ state: present
+ timeout: 120
+
+- name: Start nginx
+ docker_container:
+ name: own_nginx
+ image: own_nginx
+ networks:
+ - name: nexus_network
+ ports:
+ - "80:80"
+ - "443:443"
+ - "10001:443"
+ volumes:
+ - "{{ app_data_path }}/cfg/nginx.conf:/etc/nginx/nginx.conf:ro"
+ - "{{ app_data_path }}/certs:/etc/nginx/certs:ro"
+ - "{{ app_data_path }}/git-repo:/srv/git:rw"
+ - "{{ app_data_path }}/http:/srv/http:rw"
+ - "{{ app_data_path }}/pkg/rhel:/srv/http/repo.infra-server:rw"
+ - /var/log/nginx:/var/log/nginx:rw
+ state: started
+ restart_policy: unless-stopped
diff --git a/ansible/roles/nginx/templates/nginx.conf.j2 b/ansible/roles/nginx/templates/nginx.conf.j2
new file mode 100644
index 00000000..fb48565f
--- /dev/null
+++ b/ansible/roles/nginx/templates/nginx.conf.j2
@@ -0,0 +1,105 @@
+worker_processes 2;
+
+events {
+ worker_connections 1024;
+}
+
+http {
+ error_log /var/log/nginx/error.log debug;
+ access_log /var/log/nginx/access.log;
+
+ proxy_intercept_errors on;
+ proxy_send_timeout 120;
+ proxy_read_timeout 300;
+
+ upstream nexus {
+ server nexus:8081;
+ }
+
+ upstream registry {
+ server nexus:8082;
+ }
+
+# http simulations
+ server {
+ listen 80;
+ listen 443 ssl;
+ server_name _;
+ ssl_certificate /etc/nginx/certs/nexus_server.crt;
+ ssl_certificate_key /etc/nginx/certs/nexus_server.key;
+
+ keepalive_timeout 5 5;
+
+ location / {
+ root /srv/http/$host;
+ index index.html;
+ }
+ }
+
+# nexus simulations
+ server {
+ listen 80;
+ listen 443 ssl;
+ server_name {% for host in simulated_hosts.nexus -%}
+ {{ host + " " }}
+ {%- endfor %};
+ ssl_certificate /etc/nginx/certs/nexus_server.crt;
+ ssl_certificate_key /etc/nginx/certs/nexus_server.key;
+
+ keepalive_timeout 5 5;
+ proxy_buffering off;
+
+ # allow large uploads
+ client_max_body_size 3G;
+
+ location / {
+ # redirect to docker registry
+ if ($http_user_agent ~ docker ) {
+ proxy_pass http://registry;
+ }
+ proxy_pass http://nexus;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+ }
+
+# git simulations
+ server {
+ listen 80;
+ listen 443 ssl;
+ server_name {% for host in simulated_hosts.git -%}
+ {{ host + " " }}
+ {%- endfor %};
+ ssl_certificate /etc/nginx/certs/nexus_server.crt;
+ ssl_certificate_key /etc/nginx/certs/nexus_server.key;
+
+ keepalive_timeout 5 5;
+ proxy_buffering off;
+
+ location / {
+ try_files $uri $uri/ @git;
+ }
+
+ location @git {
+
+ # Set chunks to unlimited, as the body's can be huge
+ client_max_body_size 0;
+
+ fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
+ fastcgi_param QUERY_STRING $args;
+ fastcgi_param HTTP_HOST $server_name;
+ fastcgi_param PATH_INFO $uri;
+
+ include fastcgi_params;
+
+ fastcgi_param GIT_HTTP_EXPORT_ALL "";
+ fastcgi_param GIT_PROJECT_ROOT /srv/git/$host/;
+
+ # Forward REMOTE_USER as we want to know when we are authenticated
+ fastcgi_param REMOTE_USER $remote_user;
+
+ fastcgi_pass unix:/var/run/fcgiwrap.socket;
+ }
+ }
+}