From 39cf2e14c240240c129924d3ea72e8af889b4018 Mon Sep 17 00:00:00 2001 From: Frank Villaro-Dixon Date: Thu, 20 Jun 2024 11:03:28 +0200 Subject: [PATCH] add nginx Signed-off-by: Frank Villaro-Dixon --- ansible/configure-server.yml | 43 ++++++++++++- ansible/files/bgp.network | 2 +- ansible/files/index.html | 20 ++++++ ansible/files/nginx.conf.j2 | 118 +++++++++++++++++++++++++++++++++++ ansible/inventory.yml | 6 +- 5 files changed, 184 insertions(+), 5 deletions(-) create mode 100644 ansible/files/index.html create mode 100644 ansible/files/nginx.conf.j2 diff --git a/ansible/configure-server.yml b/ansible/configure-server.yml index d65947c..eb516e9 100644 --- a/ansible/configure-server.yml +++ b/ansible/configure-server.yml @@ -109,6 +109,7 @@ - hosts: all + tags: ntp tasks: - name: Disable systemd LLMNR lineinfile: @@ -228,4 +229,44 @@ - name: restart frr systemd: name: frr - state: restarted \ No newline at end of file + state: restarted + +- hosts: all + tags: web + tasks: + - name: Install nginx + package: + name: nginx + state: present + + - name: Copy nginx config + ansible.builtin.template: + src: files/nginx.conf.j2 + dest: /etc/nginx/nginx.conf + register: nginx_conf + + - name: Enable nginx + service: + name: nginx + enabled: yes + state: started + + - name: Restart nginx + systemd: + name: nginx + state: restarted + when: nginx_conf.changed + + + - name: ensure /var/www/html exists + file: + path: /var/www/html + state: directory + + - name: Copy index page + ansible.builtin.template: + src: files/index.html + dest: /var/www/html/ + owner: root + group: root + mode: 0644 \ No newline at end of file diff --git a/ansible/files/bgp.network b/ansible/files/bgp.network index 836a89a..99e4d9f 100644 --- a/ansible/files/bgp.network +++ b/ansible/files/bgp.network @@ -2,4 +2,4 @@ Name=bgp [Network] -Address={{bgp_ipv6}} +Address={{bgp_ipv6}}/128 diff --git a/ansible/files/index.html b/ansible/files/index.html new file mode 100644 index 0000000..7d37934 --- /dev/null +++ b/ansible/files/index.html @@ -0,0 +1,20 @@ + + + NTP server {{ ansible_hostname }} + + +

NTP server {{ ansible_hostname }}

+ + + \ No newline at end of file diff --git a/ansible/files/nginx.conf.j2 b/ansible/files/nginx.conf.j2 new file mode 100644 index 0000000..a41b73a --- /dev/null +++ b/ansible/files/nginx.conf.j2 @@ -0,0 +1,118 @@ + +#user http; +worker_processes 1; + +#error_log logs/error.log; +#error_log logs/error.log notice; +#error_log logs/error.log info; + +#pid logs/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include mime.types; + default_type application/octet-stream; + + #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + # '$status $body_bytes_sent "$http_referer" ' + # '"$http_user_agent" "$http_x_forwarded_for"'; + + #access_log logs/access.log main; + + sendfile on; + #tcp_nopush on; + + #keepalive_timeout 0; + keepalive_timeout 10; + + #gzip on; + + server { + listen [::]:80; + listen 80; + server_name {{ansible_hostname}}; + + #charset koi8-r; + + #access_log logs/host.access.log main; + + location / { + root /var/www/html; #usr/share/nginx/html; + index index.html index.htm; + } + + #error_page 404 /404.html; + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + # proxy the PHP scripts to Apache listening on 127.0.0.1:80 + # + #location ~ \.php$ { + # proxy_pass http://127.0.0.1; + #} + + # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 + # + #location ~ \.php$ { + # root html; + # fastcgi_pass 127.0.0.1:9000; + # fastcgi_index index.php; + # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; + # include fastcgi_params; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} + } + + + # another virtual host using mix of IP-, name-, and port-based configuration + # + #server { + # listen 8000; + # listen somename:8080; + # server_name somename alias another.alias; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + + + # HTTPS server + # + #server { + # listen 443 ssl; + # server_name localhost; + + # ssl_certificate cert.pem; + # ssl_certificate_key cert.key; + + # ssl_session_cache shared:SSL:1m; + # ssl_session_timeout 5m; + + # ssl_ciphers HIGH:!aNULL:!MD5; + # ssl_prefer_server_ciphers on; + + # location / { + # root html; + # index index.html index.htm; + # } + #} + +} diff --git a/ansible/inventory.yml b/ansible/inventory.yml index da0bcf9..9ea9664 100644 --- a/ansible/inventory.yml +++ b/ansible/inventory.yml @@ -4,17 +4,17 @@ pi: bgp_router_ipv6: 2a01:e0a:431:b521:7683:c2ff:fe4d:4818 bgp_asn: 64600 bgp_router_asn: 65100 - bgp_ipv6: 2a01:e0a:431:b527::a123/128 + bgp_ipv6: 2a01:e0a:431:b527::a123 vms: hosts: ntp-s2-cra.lan.k3s.fr: bgp_router_ipv6: 2a01:e0a:431:b522:7683:c2ff:fe4d:4818 bgp_asn: 64601 bgp_router_asn: 65100 - bgp_ipv6: 2a01:e0a:431:b527::b123/128 + bgp_ipv6: 2a01:e0a:431:b527::b123 ntp-s2-ces.lan.k3s.fr: bgp_router_ipv6: 2a0e:e701:122c:42::1 bgp_asn: 64602 bgp_router_asn: 65000 - bgp_ipv6: 2a0e:e701:122c:fff0::a123/128 + bgp_ipv6: 2a0e:e701:122c:fff0::a123