catchup

2023-10-08 12:28:14 -05:00
parent 5ab88dc387
commit ea75da1b41
26 changed files with 257 additions and 134 deletions
--- a/roles/WebServer/files/conf.d/Core/aaa_default.conf
+++ b/roles/WebServer/files/conf.d/Core/aaa_default.conf
@@ -27,7 +27,7 @@ server {
    location /martialarts/maqotw.xml {
        proxy_hide_header Content-Type;
        add_header content-type "application/atom+xml";
-        rewrite /martialarts/maqotw.xml /AniNIX/Wiki/raw/branch/main/rss/maqotw.xml;
+        rewrite /martialarts/maqotw.xml /MartialArts/Wiki/raw/branch/main/rss/maqotw.xml;
    }

    location /whatismyip {
--- a/roles/WebServer/files/conf.d/Core/cyberbrain.conf
+++ b/roles/WebServer/files/conf.d/Core/cyberbrain.conf
@@ -1,22 +1,46 @@
 server {
-    listen      443 ssl http2;
+    listen      443 ssl;
    server_name cyberbrain.aninix.net;

-    include sec.conf;
-    include default.csp.conf;
+    include local.conf;

-    location /
-    {
-      auth_basic "Cyberbrain";
-      auth_basic_user_file ../passwords/cyberbrain.htpasswd;
-      proxy_pass       http://127.0.0.1:8822;
-      proxy_http_version 1.1;
-      proxy_read_timeout 300;
-      proxy_set_header Upgrade $http_upgrade;
-      proxy_set_header Connection "upgrade";
-      proxy_set_header Host $http_host;
-      proxy_set_header X-Real-IP $remote_addr;
-      proxy_set_header X-Real-PORT $remote_port;
+    root /usr/share/webapps/;
+
+    client_max_body_size 5m;
+    client_body_timeout 60;
+
+    include ../conf.d/fastcgi7.config;
+
+    location /mediawiki-gb/ {
+        try_files $uri $uri/ @rewrite;
+        rewrite ^/mediawiki-gb/(.*)$ /mediawiki/index.php?title=$1&$args;
+        rewrite ^$ /mediawiki-gb/Main_Page;
+        rewrite ^/$ /mediawiki-gb/Main_Page;
+        rewrite ^mediawiki-gb$ /mediawiki-gb/Main_Page;
+        rewrite ^mediawiki-gb/$ /mediawiki-gb/Main_Page;
+    }
+
+    location /mediawiki-ma/ {
+        try_files $uri $uri/ @rewrite;
+        rewrite ^/mediawiki-ma/(.*)$ /mediawiki/index.php?title=$1&$args;
+        rewrite ^$ /mediawiki-ma/Main_Page;
+        rewrite ^/$ /mediawiki-ma/Main_Page;
+        rewrite ^mediawiki-ma$ /mediawiki-ma/Main_Page;
+        rewrite ^mediawiki-ma/$ /mediawiki-ma/Main_Page;
+    }
+
+    location ^~ /maintenance/ {
+        return 403;
+    }
+
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
+        try_files $uri /mediawiki/index.php;
+        expires max;
+        log_not_found off;
+    }
+
+    location ^~ /cache/ {
+        deny all;
    }

    include letsencrypt.conf;
--- a/roles/WebServer/files/conf.d/Core/fastcgi7.config
+++ b/roles/WebServer/files/conf.d/Core/fastcgi7.config
@@ -1,13 +0,0 @@
-location ~ \.php$ {
-    try_files $fastcgi_script_name =404;
-
-    include fastcgi_params;
-
-    fastcgi_pass			unix:/run/php-fpm7/php-fpm.sock;
-    fastcgi_index			index.php;
-    fastcgi_buffers			8 16k;
-    fastcgi_buffer_size		32k;
-
-    fastcgi_param DOCUMENT_ROOT	$realpath_root;
-    fastcgi_param SCRIPT_FILENAME	$realpath_root$fastcgi_script_name;
-}
--- a/roles/WebServer/files/conf.d/Core/lykos-wiki.conf
+++ b/roles/WebServer/files/conf.d/Core/lykos-wiki.conf
@@ -9,7 +9,7 @@ server {
    client_max_body_size 5m;
    client_body_timeout 60;

-    include ../conf.d/fastcgi7.config;
+    include ../conf.d/fastcgi.config;

    location / {
        try_files $uri $uri/ @rewrite;
--- a/roles/WebServer/files/conf/nginx.conf
+++ b/roles/WebServer/files/conf/nginx.conf
@@ -0,0 +1,37 @@
+user  http;
+worker_processes  4;
+
+# Logs
+error_log              logs/error.log;
+error_log              logs/error.log notice;
+error_log              logs/error.log info;
+
+events {
+    worker_connections 1024;
+}
+
+
+http {
+
+    include            mime.types;
+    include            fastcgi.conf;
+    default_type       application/octet-stream;
+
+    server_tokens      off;
+    sendfile           on;
+    keepalive_timeout  65;
+    gzip               on;
+
+    # Redirect all HTTP to HTTPS
+    server {
+
+        listen 80      default_server;
+        listen [::]:80 default_server;
+        server_name    _;
+        location / {
+            return 301     https://$host$request_uri;
+        }
+    }
+
+    include            ../conf.d/*.conf;
+}
--- a/roles/WebServer/tasks/main.yml
+++ b/roles/WebServer/tasks/main.yml
@@ -35,12 +35,13 @@
 - name: Copy conf.d
   become: yes
   copy:
-     src: "conf.d/{{ inventory_hostname }}"
-     dest: /opt/openresty/nginx/conf.d
+     src: "conf.d/{{ inventory_hostname }}/"
+     dest: /opt/openresty/nginx/conf.d/
     owner: http
     group: http
     mode: 0660
     directory_mode: 0770
+     follow: true
   register: confd

 - name: Copy conf
@@ -51,17 +52,18 @@
     owner: http
     group: http
     mode: 0660
+     follow: true
   register: conf

 - name: Populate security config
   become: yes
   template:
-     src: sec.conf.j2
+     src: conf/sec.conf.j2
     dest: /opt/openresty/nginx/conf/sec.conf
     owner: http
     group: http
     mode: 0660
-  register: secconf
+   register: secconf


 - name: Ensure default openresty service file is off.