diff --git a/all.yml b/all.yml index 6328aec..90e3a99 100644 --- a/all.yml +++ b/all.yml @@ -20,3 +20,5 @@ tags: ["docker", "grav"] - role: "lychee" tags: ["docker", "lychee"] + - role: "web" + tags: ["docker", "web"] diff --git a/roles/web/templates/docker-compose.yml b/roles/gitea/tasks/main.yml similarity index 100% rename from roles/web/templates/docker-compose.yml rename to roles/gitea/tasks/main.yml diff --git a/roles/web/tasks/main.yml b/roles/web/tasks/main.yml index e69de29..af05fa3 100644 --- a/roles/web/tasks/main.yml +++ b/roles/web/tasks/main.yml @@ -0,0 +1,34 @@ +--- +- name: Create website directories + file: + path: "{{ websites_basepath }}/{{ item.name }}" + state: directory + owner: "{{ base_user_name }}" + group: "{{ base_user_name }}" + mode: 0755 + with_items: "{{ websites_to_up }}" + +- name: Copy nginx configurations + template: + src: "nginx.conf.j2" + dest: "{{ websites_basepath }}/{{ item.name }}.conf" + owner: "{{ base_user_name }}" + group: "{{ base_user_name }}" + mode: 0644 + with_items: "{{ websites_to_up }}" + +- name: Create Docker Compose from websites definition + template: + src: "docker-compose.yml.j2" + dest: "{{ websites_basepath }}/docker-compose.yml" + owner: "{{ base_user_name }}" + group: "{{ base_user_name }}" + mode: 0644 + +- name: Create websites containers + community.docker.docker_compose: + project_src: "{{ websites_basepath }}" + remove_orphans: yes + pull: yes + recreate: smart + state: present diff --git a/roles/web/templates/docker-compose.yml.j2 b/roles/web/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..fdbddfd --- /dev/null +++ b/roles/web/templates/docker-compose.yml.j2 @@ -0,0 +1,47 @@ +version: "{{ compose_version }}" + +networks: + proxy: + name: "{{ traefik_network }}" + php: + name: php + +services: +{% for website in websites_to_up %} + {{ website.name }}: + container_name: web_{{ website.name }} + image: nginx:alpine + volumes: + - {{ websites_basepath }}/{{ website.name }}:/var/www/html:ro + - {{ websites_basepath }}/{{ website.name }}.conf:/etc/nginx/conf.d/default.conf:ro + labels: + traefik.http.routers.{{ website.name }}.entrypoints: websecure + traefik.http.routers.{{ website.name }}.rule: "Host(`{{ website.name }}.{{ domain_name }}`)" + traefik.http.services.{{ website.name }}.loadbalancer.server.port: "{{ nginx_internal_port }}" + traefik.enable: true + networks: + - proxy + - php + read_only: true + tmpfs: + - /var/cache/nginx + - /run + restart: unless-stopped +{% endfor %} + +{# Up a php container if any of the website needs PHP #} +{% if websites_to_up | selectattr('php', 'equalto', 'true') | list | length > 0 %} + php: + container_name: php + image: php:{{ php_version }} + networks: + - php + volumes: +{# Mount files from websites which need PHP #} +{% for website in websites_to_up %} +{% if website.php == "true" %} + - {{ websites_basepath }}/{{ website.name }}:/var/www/html/{{ website.name }}:ro +{% endif %} +{% endfor %} + restart: unless-stopped +{% endif %} diff --git a/roles/web/templates/nginx.conf.j2 b/roles/web/templates/nginx.conf.j2 new file mode 100644 index 0000000..d2dfc1b --- /dev/null +++ b/roles/web/templates/nginx.conf.j2 @@ -0,0 +1,29 @@ +server { + server_name {{ item.name }}.chosto.me; + listen {{ nginx_internal_port }}; + + root /var/www/html; + index index.php index.html index.htm; + + location / { + try_files $uri $uri/ /index.php?$query_string; + add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + autoindex {{ item.autoindex }}; + } + + {% if item.php == 'true' %} + # PHP-FPM Configuration Nginx + location ~ \.php$ { + add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"; + try_files $uri = 404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass php:9000; + fastcgi_index index.php; + include fastcgi_params; + {# Unique PHP container, we need to discriminate files by website name#} + fastcgi_param REQUEST_URI $request_uri; + fastcgi_param SCRIPT_FILENAME {{ item.name }}/$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + } + {% endif %} +} diff --git a/roles/web/vars/main.yml b/roles/web/vars/main.yml new file mode 100644 index 0000000..f5863db --- /dev/null +++ b/roles/web/vars/main.yml @@ -0,0 +1,10 @@ +php_version: 8.0-fpm-alpine +nginx_internal_port: 80 +websites_basepath: "{{ docker_files }}/web" +websites_to_up: + - name: "static" + php: "false" + autoindex: "on" + - name: "artexistence" + php: "false" + autoindex: "off"