Skip to content
Snippets Groups Projects
Verified Commit 1bc0b279 authored by Giancarlo Razzolini's avatar Giancarlo Razzolini
Browse files

roles/security-tracker: nginx configuration and initial working on the uwsgi app .ini file.

parent 377290f6
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
roles/security-tracker/tasks/main.yml
+ 9
0
View file @ 1bc0b279
......@@ -15,6 +15,7 @@
- pyalpm
- sqlite
- expac
- uwsgi-plugin-python
- name: make security user
user: name=security shell=/bin/false home="{{ security_tracker_dir }}" createhome=no
......@@ -29,3 +30,11 @@
- name: fix home permissions
file: state=directory owner=security group=security path="{{ security_tracker_dir }}"
- name: set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/security-tracker.conf owner=root group=root mode=644
notify:
- restart nginx
- name: make nginx log dir
file: path=/var/log/nginx/{{ security_tracker_domain }} state=directory owner=http group=log mode=755
roles/security-tracker/templates/nginx.d.conf.j2 0 → 100644
+ 36
0
View file @ 1bc0b279
upstream security-tracker {
server unix:///run/uwsgi/security-tracker.sock;
}
server {
listen 80;
listen [::]:80;
server_name {{ security_tracker_domain }};
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log;
error_log /var/log/nginx/{{ security_tracker_domain }}/error.log;
include snippets/letsencrypt.conf;
location / {
rewrite ^(.*) https://$server_name$1 permanent;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ security_tracker_domain }};
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log;
error_log /var/log/nginx/{{ security_tracker_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ security_tracker_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ security_tracker_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ security_tracker_domain }}/chain.pem;
location / {
include uwsgi_params;
uwsgi_pass security-tracker;
}
}
roles/security-tracker/templates/security-tracker.ini.j2 0 → 100644
+ 15
0
View file @ 1bc0b279
[uwsgi]
plugins=python
chdir={{ security_tracker_dir }}
module=run
callable=app
socket=/run/uwsgi/security-tracker.sock
chmod-socket=664
processes=4
threads=2
master=true
uid=security
gid=http
thunder-lock = true
daemonize=/var/log/uwsgi/security.log
stats=/run/uwsgi/security-tracker-stats.sock
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment