Added nginx

This commit is contained in:
Erik Stambaugh 2024-01-18 20:47:07 -08:00
parent 19b1425c98
commit 4f5d601316
4 changed files with 135 additions and 0 deletions

View file

@ -0,0 +1,23 @@
version: '3.5'
services:
nginx:
container_name: nginx
image: nginx
restart: unless-stopped
volumes:
- /srv/nginx/conf.d:/etc/nginx/conf.d:ro
- /srv/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- /srv/certbot/etc:/etc/letsencrypt
- /srv/certbot/www:/var/www/certbot
ports:
- "80:80"
- "443:443"
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
networks:
- nginx
networks:
nginx:
driver: bridge
name: nginx

View file

@ -0,0 +1,38 @@
---
- name: install base apps
apt:
force_apt_get: yes
name:
- docker-compose-v2
- name: base path
file:
path: "/srv/nginx/conf.d"
state: directory
recurse: true
- name: copy docker-compose
copy:
src: files/docker-compose.yaml
dest: /srv/nginx/docker-compose.yaml
register: dockercompose
- name: nginx config
template:
src: templates/nginx.conf
dest: /srv/nginx/nginx.conf
register: nginxconf
- name: launch nginx
command: docker compose up -d
args:
chdir: /srv/nginx
- name: restart nginx
command: docker compose restart
args:
chdir: /srv/nginx
when: dockercompose.changed or nginxconf.changed

View file

@ -0,0 +1,73 @@
user nginx;
worker_processes auto;
events { worker_connections 1024; }
http {
charset utf-8;
server {
listen 80;
server_name {{domain_name}};
server_tokens off;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
# Hide nginx version information.
server_tokens off;
listen 443 ssl default_server;
server_name {{domain_name}};
root /usr/share/nginx/html;
include /etc/nginx/mime.types;
ssl_certificate /etc/letsencrypt/live/{{domain_name}}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{domain_name}}/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
try_files $uri $uri/ /index.html;
}
gzip on;
gzip_vary on;
gzip_http_version 1.0;
gzip_comp_level 5;
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;
gzip_proxied no-cache no-store private expired auth;
gzip_min_length 256;
gunzip on;
}
include /etc/nginx/conf.d/*.conf;
}

View file

@ -8,5 +8,6 @@
- name: mastodon instance
hosts: social
roles:
- { role: nginx, become: yes }
- { role: mastodon, become: yes }