Verified Commit 3472c7bb authored by Sven-Hendrik Haase's avatar Sven-Hendrik Haase
Browse files

Remove mirror_load_balancer stuff

This never really worked to well and since basically all PIA boxes that we
balanced to have died by now and it's also pretty slow.
parent 5a99d4f1
---
- name: setup mirror load balancer (using geoip)
hosts: mirror.pkgbuild.com
remote_user: root
roles:
- { role: common }
- { role: firewalld }
- { role: sshd }
- { role: root_ssh }
- { role: sudo }
- { role: zabbix-agent, when: "'unmanaged' not in group_names" }
- { role: certbot }
- { role: nginx }
- { role: mirror_load_balancer }
load_module /usr/lib/nginx/modules/ngx_http_geoip2_module.so;
---
- name: install nginx-mod-geoip2
pacman: name=nginx-mod-geoip2,geoipupdate state=present
- name: install geoipupdate config
template: src=GeoIP.conf.j2 dest=/etc/GeoIP.conf owner=root group=root mode=0644
notify:
- name: install mirror.pkgbuild.com.conf
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/mirror.pkgbuild.com.conf owner=root group=root mode=0644
notify:
- reload nginx
tags: ['nginx']
- name: install toplevel-snippet
copy: src=load-geoip.conf dest=/etc/nginx/toplevel-snippets/load-geoip.conf owner=root group=root mode=0644
notify:
- reload nginx
tags: ['nginx']
- name: make nginx log dir
file: path=/var/log/nginx/{{ mirror_domain }} state=directory owner=root group=root mode=0755
- name: enable geoipupdate timer
systemd: name=geoipupdate.timer enabled=yes state=started
AccountID {{ vault_mirror_maxmind_id }}
LicenseKey {{ vault_mirror_maxmind_license }}
EditionIDs GeoLite2-City
geoip2 /var/lib/GeoIP/GeoLite2-City.mmdb {
$geoip2_data_continent_name continent names en;
}
map $geoip2_data_continent_name $preferred_upstream {
default ger.mirror.pkgbuild.com;
'Africa' ger.mirror.pkgbuild.com;
'Europe' ger.mirror.pkgbuild.com;
}
log_format loadbalancer
'$host [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" dispatched to $scheme://$preferred_upstream$request_uri';
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ mirror_domain }};
access_log /var/log/nginx/{{ mirror_domain }}/access.log loadbalancer;
error_log /var/log/nginx/{{ mirror_domain }}/error.log;
include snippets/letsencrypt.conf;
ssl_certificate /etc/letsencrypt/live/{{ mirror_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ mirror_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ mirror_domain }}/chain.pem;
location / {
return $scheme://$preferred_upstream$request_uri;
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment