Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
1bc0b279
Verified
Commit
1bc0b279
authored
Dec 15, 2016
by
Giancarlo Razzolini
Browse files
roles/security-tracker: nginx configuration and initial working on the uwsgi app .ini file.
parent
377290f6
Changes
3
Hide whitespace changes
Inline
Side-by-side
roles/security-tracker/tasks/main.yml
View file @
1bc0b279
...
...
@@ -15,6 +15,7 @@
-
pyalpm
-
sqlite
-
expac
-
uwsgi-plugin-python
-
name
:
make security user
user
:
name=security shell=/bin/false home="{{ security_tracker_dir }}" createhome=no
...
...
@@ -29,3 +30,11 @@
-
name
:
fix home permissions
file
:
state=directory owner=security group=security path="{{ security_tracker_dir }}"
-
name
:
set up nginx
template
:
src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/security-tracker.conf owner=root group=root mode=644
notify
:
-
restart nginx
-
name
:
make nginx log dir
file
:
path=/var/log/nginx/{{ security_tracker_domain }} state=directory owner=http group=log mode=755
roles/security-tracker/templates/nginx.d.conf.j2
0 → 100644
View file @
1bc0b279
upstream security-tracker {
server unix:///run/uwsgi/security-tracker.sock;
}
server {
listen 80;
listen [::]:80;
server_name {{ security_tracker_domain }};
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log;
error_log /var/log/nginx/{{ security_tracker_domain }}/error.log;
include snippets/letsencrypt.conf;
location / {
rewrite ^(.*) https://$server_name$1 permanent;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ security_tracker_domain }};
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log;
error_log /var/log/nginx/{{ security_tracker_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ security_tracker_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ security_tracker_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ security_tracker_domain }}/chain.pem;
location / {
include uwsgi_params;
uwsgi_pass security-tracker;
}
}
roles/security-tracker/templates/security-tracker.ini.j2
0 → 100644
View file @
1bc0b279
[uwsgi]
plugins=python
chdir={{ security_tracker_dir }}
module=run
callable=app
socket=/run/uwsgi/security-tracker.sock
chmod-socket=664
processes=4
threads=2
master=true
uid=security
gid=http
thunder-lock = true
daemonize=/var/log/uwsgi/security.log
stats=/run/uwsgi/security-tracker-stats.sock
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment