diff --git a/grav/files/nginx.conf.j2 b/grav/files/nginx.conf.j2 new file mode 100644 index 0000000..aaf6d35 --- /dev/null +++ b/grav/files/nginx.conf.j2 @@ -0,0 +1,16 @@ +server { + + listen 80; + server_name {{ http_host }}; + + location / { + + proxy_set_header Host $host:$server_port; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://localhost:{{ host_port }}; + } + +} + diff --git a/grav/grav/Dockerfile b/grav/grav/Dockerfile new file mode 100644 index 0000000..be178f7 --- /dev/null +++ b/grav/grav/Dockerfile @@ -0,0 +1,3 @@ +FROM nginx:alpine + +COPY default.conf /etc/nginx/conf.d/default.conf diff --git a/grav/grav/default.conf b/grav/grav/default.conf new file mode 100644 index 0000000..577c484 --- /dev/null +++ b/grav/grav/default.conf @@ -0,0 +1,43 @@ +server { + #listen 80; + index index.html index.php; + + ## Begin - Server Info + root /var/www/html; + server_name localhost; + ## End - Server Info + + ## Begin - Index + # for subfolders, simply adjust: + # `location /subfolder {` + # and the rewrite to use `/subfolder/index.php` + location / { + try_files $uri $uri/ /index.php?$query_string; + } + ## End - Index + + ## Begin - Security + # deny all direct access for these folders + location ~* /(\.git|cache|bin|logs|backup|tests)/.*$ { return 403; } + # deny running scripts inside core system folders + location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } + # deny running scripts inside user folder + location ~* /user/.*\.(txt|md|yaml|yml|php|pl|py|cgi|twig|sh|bat)$ { return 403; } + # deny access to specific files in the root folder + location ~ /(LICENSE\.txt|composer\.lock|composer\.json|nginx\.conf|web\.config|htaccess\.txt|\.htaccess) { return 403; } + ## End - Security + + ## Begin - PHP + location ~ \.php$ { + # Choose either a socket or TCP/IP address + fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; + # fastcgi_pass unix:/var/run/php5-fpm.sock; #legacy + # fastcgi_pass 127.0.0.1:9000; + + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; + } + ## End - PHP +} diff --git a/grav/playbook.yml b/grav/playbook.yml new file mode 100755 index 0000000..5f73daf --- /dev/null +++ b/grav/playbook.yml @@ -0,0 +1,60 @@ +################################################# +# DO Community Playbooks: Docker +################################################# +--- +- hosts: all + become: true + vars_files: + - vars/default.yml + + tasks: + - name: Copy dockerfile + synchronize: src=grav dest=/tmp + + - name: Build grav webserver image + docker_image: + name: grav + build: + path: /tmp/grav/ + dockerfile: /tmp/grav/Dockerfile + pull: yes + state: present + source: build + + - name: Create webserver container + docker_container: + name: grav-web + image: grav + state: started + published_ports: + - "{{ host_port }}:80" + volumes: + - "{{ host_directory }}:/var/www/html" + + - name: Check if Nginx conf file exists + stat: path="/etc/nginx/sites-available/{{ http_conf }}" + register: status + + - name: No need to reload Nginx + debug: msg= {{ "No need to reload Nginx as sites-available entries have already been created" }} + + - name: Set Nginx conf file + when: status.stat.exists == false + template: + src: "files/nginx.conf.j2" + dest: "/etc/nginx/sites-available/{{ http_conf }}" + + - name: Enable new site + when: status.stat.exists == false + file: + src: "/etc/nginx/sites-available/{{ http_conf }}" + dest: "/etc/nginx/sites-enabled/{{ http_conf }}" + state: link + notify: Reload Nginx + + handlers: + - name: Reload Nginx + service: + name: nginx + state: reloaded + diff --git a/grav/readme.md b/grav/readme.md new file mode 100644 index 0000000..f6d7ecc --- /dev/null +++ b/grav/readme.md @@ -0,0 +1,46 @@ +# Docker on Ubuntu 18.04 + +This playbook will install Docker an Ubuntu 18.04 machine, as explained in the guide on +[How to Use Ansible to Install and Set Up Docker on Ubuntu 18.04](https://www.digitalocean.com/community/tutorials/how-to-use-ansible-to-install-and-set-up-docker-on-ubuntu-18-04). +A number of containers will be created with the options specified in the `vars/default.yml` variable file. + +## Settings + +- `create_containers`: number of containers to create. +- `default_container_name`: default name for new containers. +- `default_container_image`: default image for new containers. +- `default_container_command`: default command to run on new containers. + + +## Running this Playbook + +Quick Steps: + +### 1. Obtain the playbook +```shell +git clone https://github.com/do-community/ansible-playbooks.git +cd ansible-playbooks/docker_ubuntu1804 +``` + +### 2. Customize Options + +```shell +nano vars/default.yml +``` + +```yml +#vars/default.yml +--- +create_containers: 4 +default_container_name: docker +default_container_image: ubuntu +default_container_command: sleep 1d +``` + +### 3. Run the Playbook + +```command +ansible-playbook -l [target] -i [inventory file] -u [remote user] playbook.yml +``` + +For more information on how to run this Ansible setup, please check this guide: [How to Use Ansible to Install and Set Up Docker on Ubuntu 18.04](https://www.digitalocean.com/community/tutorials/how-to-use-ansible-to-install-and-set-up-docker-on-ubuntu-18-04). \ No newline at end of file diff --git a/grav/vars/default.yml b/grav/vars/default.yml new file mode 100644 index 0000000..4633d0d --- /dev/null +++ b/grav/vars/default.yml @@ -0,0 +1,6 @@ +--- +http_host: "tanshu.com" +http_conf: "tanshu.com.conf" + +host_directory: /var/lib/tanshu.com +host_port: 8088