roles/security-tracker: nginx configuration and initial working on the uwsgi app .ini file.

1bc0b279 · Giancarlo Razzolini · 377290f6 · 1bc0b279 · 1bc0b279 · 1bc0b279
Verified Commit 1bc0b279 authored Dec 15, 2016 by Giancarlo Razzolini
--- a/roles/security-tracker/tasks/main.yml
+++ b/roles/security-tracker/tasks/main.yml
@@ -15,6 +15,7 @@
    - pyalpm
    - sqlite
    - expac
+    - uwsgi-plugin-python

 - name: make security user
  user: name=security shell=/bin/false home="{{ security_tracker_dir }}" createhome=no
@@ -29,3 +30,11 @@

 - name: fix home permissions
  file: state=directory owner=security group=security path="{{ security_tracker_dir }}"
+
+- name: set up nginx
+  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/security-tracker.conf owner=root group=root mode=644
+  notify:
+    - restart nginx
+
+- name: make nginx log dir
+  file: path=/var/log/nginx/{{ security_tracker_domain }} state=directory owner=http group=log mode=755
--- a/roles/security-tracker/templates/nginx.d.conf.j2
+++ b/roles/security-tracker/templates/nginx.d.conf.j2
+upstream security-tracker {
+    server unix:///run/uwsgi/security-tracker.sock;
+}
+
+server {
+    listen       80;
+    listen       [::]:80;
+    server_name  {{ security_tracker_domain }};
+
+    access_log   /var/log/nginx/{{ security_tracker_domain }}/access.log;
+    error_log    /var/log/nginx/{{ security_tracker_domain }}/error.log;
+
+    include snippets/letsencrypt.conf;
+
+    location / {
+        rewrite ^(.*) https://$server_name$1 permanent;
+    }
+}
+
+server {
+    listen       443 ssl http2;
+    listen       [::]:443 ssl http2;
+    server_name  {{ security_tracker_domain }};
+
+    access_log   /var/log/nginx/{{ security_tracker_domain }}/access.log;
+    error_log    /var/log/nginx/{{ security_tracker_domain }}/error.log;
+
+    ssl_certificate      /etc/letsencrypt/live/{{ security_tracker_domain }}/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/{{ security_tracker_domain }}/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ security_tracker_domain }}/chain.pem;
+
+    location / {
+        include uwsgi_params;
+        uwsgi_pass security-tracker;
+    }
+}
--- a/roles/security-tracker/templates/security-tracker.ini.j2
+++ b/roles/security-tracker/templates/security-tracker.ini.j2
+[uwsgi]
+plugins=python
+chdir={{ security_tracker_dir }}
+module=run
+callable=app
+socket=/run/uwsgi/security-tracker.sock
+chmod-socket=664
+processes=4
+threads=2
+master=true
+uid=security
+gid=http
+thunder-lock = true
+daemonize=/var/log/uwsgi/security.log
+stats=/run/uwsgi/security-tracker-stats.sock