Add geoip load balancing mirror stuff

04ef9fb8 · Sven-Hendrik Haase · 06733602 · 04ef9fb8 · 04ef9fb8 · 04ef9fb8
Commit 04ef9fb8 authored Oct 13, 2019 by Sven-Hendrik Haase
--- a/host_vars/mirror.pkgbuild.com
+++ b/host_vars/mirror.pkgbuild.com
+---
+mirror_domain: mirror.pkgbuild.com
+archweb_mirrorcheck_locations: [7]
+arch32_mirror_domain: mirror.archlinux32.org
+filesystem: btrfs
+zabbix_agent_templates:
+  - Template OS Linux
+  - Template App Borg Backup
+  - Template App PostgreSQL
--- a/playbooks/mirror.pkgbuild.com.yml
+++ b/playbooks/mirror.pkgbuild.com.yml
+---
+
+- name: setup mirror load balancer
+  hosts: mirror.pkgbuild.com
+  remote_user: root
+  roles:
+    - { role: common }
+    - { role: firewalld }
+    - { role: sshd }
+    - { role: root_ssh }
+    - { role: certbot }
+    - { role: nginx }
+    - { role: mirror_load_balancer }
--- a/roles/mirror_load_balancer/tasks/main.yml
+++ b/roles/mirror_load_balancer/tasks/main.yml
+---
+
+- name: install nginx-mod-geoip2
+  pacman: name=nginx-mod-geoip2 state=present
+
+- name: install mirror.pkgbuild.com.conf
+  template: src=mirror.pkgbuild.com.conf.j2 dest=/etc/nginx/nginx.d/mirror.pkgbuild.com.conf owner=root group=root mode=0644
+  notify:
+    - reload nginx
+  tags: ['nginx']
--- a/roles/mirror_load_balancer/templates/nginx.d.conf.j2
+++ b/roles/mirror_load_balancer/templates/nginx.d.conf.j2
+geoip2 GeoLite2-City.mmdb {
+   $geoip2_data_continent_name source=$remote_addr continent names en;
+}
+
+map $geoip2_data_continent_name $preferred_upstream {
+    default EU_upstream;
+    'Europe' EU_upstream;
+    'North America' US_upstream;
+    'Oceania' OC_upstream;
+    'Asia' AS_upstream;
+}
+
+upstream EU_upstream {
+    server ger.mirror.pkgbuild.com max_fails=3 fail_timeout=600s;
+    server mex.mirror.pkgbuild.com backup max_fails=3 fail_timeout=600s;
+}
+
+upstream US_upstream {
+    server mex.mirror.pkgbuild.com max_fails=3 fail_timeout=600s;
+    server ger.mirror.pkgbuild.com backup max_fails=3 fail_timeout=600s;
+}
+
+upstream OC_upstream {
+    server sgp.mirror.pkgbuild.com max_fails=3 fail_timeout=600s;
+    server ind.mirror.pkgbuild.com backup max_fails=3 fail_timeout=600s;
+}
+
+upstream AS_upstream {
+    server jpn.mirror.pkgbuild.com max_fails=3 fail_timeout=600s;
+    server sgp.mirror.pkgbuild.com backup max_fails=3 fail_timeout=600s;
+}
+
+server {
+    listen       80;
+    listen       [::]:80;
+    listen       443 ssl http2;
+    listen       [::]:443 ssl http2;
+    server_name  {{ mirror_domain }};
+    root         /srv/ftp;
+
+    access_log   /var/log/nginx/{{ mirror_domain }}/access.log reduced;
+    error_log    /var/log/nginx/{{ mirror_domain }}/error.log;
+
+    include snippets/letsencrypt.conf;
+
+    ssl_certificate      /etc/letsencrypt/live/{{ mirror_domain }}/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/{{ mirror_domain }}/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ mirror_domain }}/chain.pem;
+
+    autoindex on;
+}