Commit 04ef9fb8 authored by Sven-Hendrik Haase's avatar Sven-Hendrik Haase
Browse files

Add geoip load balancing mirror stuff

parent 06733602
---
mirror_domain: mirror.pkgbuild.com
archweb_mirrorcheck_locations: [7]
arch32_mirror_domain: mirror.archlinux32.org
filesystem: btrfs
zabbix_agent_templates:
- Template OS Linux
- Template App Borg Backup
- Template App PostgreSQL
---
- name: setup mirror load balancer
hosts: mirror.pkgbuild.com
remote_user: root
roles:
- { role: common }
- { role: firewalld }
- { role: sshd }
- { role: root_ssh }
- { role: certbot }
- { role: nginx }
- { role: mirror_load_balancer }
---
- name: install nginx-mod-geoip2
pacman: name=nginx-mod-geoip2 state=present
- name: install mirror.pkgbuild.com.conf
template: src=mirror.pkgbuild.com.conf.j2 dest=/etc/nginx/nginx.d/mirror.pkgbuild.com.conf owner=root group=root mode=0644
notify:
- reload nginx
tags: ['nginx']
geoip2 GeoLite2-City.mmdb {
$geoip2_data_continent_name source=$remote_addr continent names en;
}
map $geoip2_data_continent_name $preferred_upstream {
default EU_upstream;
'Europe' EU_upstream;
'North America' US_upstream;
'Oceania' OC_upstream;
'Asia' AS_upstream;
}
upstream EU_upstream {
server ger.mirror.pkgbuild.com max_fails=3 fail_timeout=600s;
server mex.mirror.pkgbuild.com backup max_fails=3 fail_timeout=600s;
}
upstream US_upstream {
server mex.mirror.pkgbuild.com max_fails=3 fail_timeout=600s;
server ger.mirror.pkgbuild.com backup max_fails=3 fail_timeout=600s;
}
upstream OC_upstream {
server sgp.mirror.pkgbuild.com max_fails=3 fail_timeout=600s;
server ind.mirror.pkgbuild.com backup max_fails=3 fail_timeout=600s;
}
upstream AS_upstream {
server jpn.mirror.pkgbuild.com max_fails=3 fail_timeout=600s;
server sgp.mirror.pkgbuild.com backup max_fails=3 fail_timeout=600s;
}
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ mirror_domain }};
root /srv/ftp;
access_log /var/log/nginx/{{ mirror_domain }}/access.log reduced;
error_log /var/log/nginx/{{ mirror_domain }}/error.log;
include snippets/letsencrypt.conf;
ssl_certificate /etc/letsencrypt/live/{{ mirror_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ mirror_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ mirror_domain }}/chain.pem;
autoindex on;
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment