Verified Commit 1bc0b279 authored by Giancarlo Razzolini's avatar Giancarlo Razzolini
Browse files

roles/security-tracker: nginx configuration and initial working on the uwsgi app .ini file.

parent 377290f6
......@@ -15,6 +15,7 @@
- pyalpm
- sqlite
- expac
- uwsgi-plugin-python
- name: make security user
user: name=security shell=/bin/false home="{{ security_tracker_dir }}" createhome=no
......@@ -29,3 +30,11 @@
- name: fix home permissions
file: state=directory owner=security group=security path="{{ security_tracker_dir }}"
- name: set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/security-tracker.conf owner=root group=root mode=644
notify:
- restart nginx
- name: make nginx log dir
file: path=/var/log/nginx/{{ security_tracker_domain }} state=directory owner=http group=log mode=755
upstream security-tracker {
server unix:///run/uwsgi/security-tracker.sock;
}
server {
listen 80;
listen [::]:80;
server_name {{ security_tracker_domain }};
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log;
error_log /var/log/nginx/{{ security_tracker_domain }}/error.log;
include snippets/letsencrypt.conf;
location / {
rewrite ^(.*) https://$server_name$1 permanent;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ security_tracker_domain }};
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log;
error_log /var/log/nginx/{{ security_tracker_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ security_tracker_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ security_tracker_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ security_tracker_domain }}/chain.pem;
location / {
include uwsgi_params;
uwsgi_pass security-tracker;
}
}
[uwsgi]
plugins=python
chdir={{ security_tracker_dir }}
module=run
callable=app
socket=/run/uwsgi/security-tracker.sock
chmod-socket=664
processes=4
threads=2
master=true
uid=security
gid=http
thunder-lock = true
daemonize=/var/log/uwsgi/security.log
stats=/run/uwsgi/security-tracker-stats.sock
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment