Added RequestTracker (DEV) container
Signed-off-by: Jim Martens <github@2martens.de>
This commit is contained in:
parent
b242cfdd26
commit
a3247a6aff
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
dependencies:
|
||||||
|
- role: docker
|
||||||
|
- role: apache
|
||||||
|
- role: letsencrypt
|
|
@ -0,0 +1,38 @@
|
||||||
|
---
|
||||||
|
- name: add rt http site
|
||||||
|
template:
|
||||||
|
src: etc/apache2/sites-available/ansible_domain.conf.j2
|
||||||
|
dest: /etc/apache2/sites-available/{{ rt_domain }}.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
force: no
|
||||||
|
register: rt_http
|
||||||
|
- name: disable default site and enable rt site
|
||||||
|
block:
|
||||||
|
- name: disable default site
|
||||||
|
command:
|
||||||
|
cmd: a2dissite 000-default.conf
|
||||||
|
removes: /etc/apache2/sites-enabled/000-default.conf
|
||||||
|
- name: enable rt site
|
||||||
|
command:
|
||||||
|
cmd: a2ensite {{ rt_domain }}.conf
|
||||||
|
creates: /etc/apache2/sites-enabled/{{ rt_domain }}.conf
|
||||||
|
- name: run certbot
|
||||||
|
command:
|
||||||
|
cmd: certbot --apache --non-interactive --keep-until-expiring --no-eff-email --email {{ admin_mail }} --redirect --renew-with-new-domains --agree-tos -d {{ collabora_domain }}
|
||||||
|
when: ansible_domain != 'dev' and rt_http.changed
|
||||||
|
- include: ssl-dev.yml
|
||||||
|
when: ansible_domain == 'dev'
|
||||||
|
- name: add rt https site
|
||||||
|
template:
|
||||||
|
src: etc/apache2/sites-available/ansible_domain-le-ssl.conf.j2
|
||||||
|
dest: /etc/apache2/sites-available/{{ rt_domain }}-le-ssl.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
- name: enable rt https site
|
||||||
|
command:
|
||||||
|
cmd: a2ensite {{ rt_domain }}-le-ssl.conf
|
||||||
|
creates: /etc/apache2/sites-enabled/{{ rt_domain }}-le-ssl.conf
|
||||||
|
notify: restart apache
|
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
- include: rt.yml
|
||||||
|
- include: apache.yml
|
|
@ -0,0 +1,15 @@
|
||||||
|
---
|
||||||
|
- name: create rt directory
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: /etc/rt
|
||||||
|
- name: copy docker compose file for rt
|
||||||
|
template:
|
||||||
|
src: etc/rt/docker-compose.yml.j2
|
||||||
|
dest: /etc/rt/docker-compose.yml
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
- name: start rt docker container
|
||||||
|
docker_compose:
|
||||||
|
project_src: /etc/rt
|
|
@ -0,0 +1,27 @@
|
||||||
|
---
|
||||||
|
- name: Ensure python OpenSSL dependencies are installed.
|
||||||
|
pip:
|
||||||
|
name: pyOpenSSL
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Ensure directory exists for local self-signed TLS certs.
|
||||||
|
file:
|
||||||
|
path: /etc/letsencrypt/live/{{ rt_domain }}
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Generate an OpenSSL private key.
|
||||||
|
openssl_privatekey:
|
||||||
|
path: /etc/letsencrypt/live/{{ rt_domain }}/privkey.pem
|
||||||
|
|
||||||
|
- name: Generate an OpenSSL CSR.
|
||||||
|
openssl_csr:
|
||||||
|
path: /etc/ssl/private/{{ rt_domain }}.csr
|
||||||
|
privatekey_path: /etc/letsencrypt/live/{{ rt_domain }}/privkey.pem
|
||||||
|
common_name: "{{ rt_domain }}"
|
||||||
|
|
||||||
|
- name: Generate a Self Signed OpenSSL certificate.
|
||||||
|
openssl_certificate:
|
||||||
|
path: /etc/letsencrypt/live/{{ rt_domain }}/fullchain.pem
|
||||||
|
privatekey_path: /etc/letsencrypt/live/{{ rt_domain }}/privkey.pem
|
||||||
|
csr_path: /etc/ssl/private/{{ rt_domain }}.csr
|
||||||
|
provider: selfsigned
|
|
@ -0,0 +1,23 @@
|
||||||
|
<IfModule mod_ssl.c>
|
||||||
|
<VirtualHost *:443>
|
||||||
|
ServerName {{ rt_domain }}
|
||||||
|
ServerAdmin {{ admin_mail }}
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
|
||||||
|
SSLCertificateFile /etc/letsencrypt/live/{{ rt_domain }}/fullchain.pem
|
||||||
|
SSLCertificateKeyFile /etc/letsencrypt/live/{{ rt_domain }}/privkey.pem
|
||||||
|
Include /etc/letsencrypt/options-ssl-apache.conf
|
||||||
|
|
||||||
|
# Encoded slashes need to be allowed
|
||||||
|
AllowEncodedSlashes NoDecode
|
||||||
|
|
||||||
|
# keep the host
|
||||||
|
ProxyPreserveHost On
|
||||||
|
RequestHeader set X-Forwarded-Proto "https"
|
||||||
|
RequestHeader set X-Forwarded-Host "{{ rt_domain }}"
|
||||||
|
ProxyPass / http://127.0.0.1:8082/
|
||||||
|
ProxyPassReverse / http://127.0.0.1:8082/
|
||||||
|
|
||||||
|
</VirtualHost>
|
||||||
|
</IfModule>
|
|
@ -0,0 +1,6 @@
|
||||||
|
<VirtualHost *:80>
|
||||||
|
ServerName {{ rt_domain }}
|
||||||
|
ServerAdmin {{ admin_mail }}
|
||||||
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
||||||
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
||||||
|
</VirtualHost>
|
|
@ -0,0 +1,15 @@
|
||||||
|
version: '2'
|
||||||
|
|
||||||
|
services:
|
||||||
|
rt:
|
||||||
|
image: netsandbox/request-tracker:latest
|
||||||
|
|
||||||
|
ports:
|
||||||
|
- "8082:80"
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
restart: always
|
||||||
|
environment:
|
||||||
|
- RT_WEB_PORT=8082
|
||||||
|
- LC_ALL=C.UTF-8
|
||||||
|
- LANG=C.UTF-8
|
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
- name: Set up RT
|
||||||
|
hosts: vps
|
||||||
|
vars_files:
|
||||||
|
- general_vars.yml
|
||||||
|
- rt_vars.yml
|
||||||
|
remote_user: "{{ ssh_user }}"
|
||||||
|
become: yes
|
||||||
|
become_user: root
|
||||||
|
roles:
|
||||||
|
- rt
|
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
rt_domain: best-practical.com
|
Loading…
Reference in New Issue