• ansible的playbook创建nginx站点配置示例


    [root@sz_xxgc_cms_slave01_18_214 roles]# pwd
    /usr/local/worksh/ansible_script/ansible/roles
    [root@sz_xxgc_cms_slave01_18_214 roles]# tree cn_accounts/
    cn_accounts/
    ├── tasks
    │   ├── commom.yaml
    │   └── main.yaml
    ├── templates
    │   ├── accounts_nginx_chinasoft.com.conf.j2
    │   ├── accounts_rewrite_chinasoft.com.conf.j2
    │   ├── chinasoft_com_br.crt
    │   ├── chinasoft_com_br.key
    └── vars
        └── main.yaml
    
    [root@sz_xxgc_cms_slave01_18_214 roles]# more cn_accounts/tasks/commom.yaml 
    - name: "{{accounts_production_name}}=====Checking nginx configuration file if exists"
      stat:
        path: "{{accounts_nginx_dest_path}}/{{accounts_production_name}}.{{accounts_domain_name}}.conf"
      register: accounts_nginx_ws_fcheck
    
    - name: "{{accounts_production_name}}=====upload nginx configuration file to server"
      template:
        src: accounts_nginx_chinasoft.com.conf.j2
        dest: "{{accounts_nginx_dest_path}}/{{accounts_production_name}}.{{accounts_domain_name}}.conf"
        owner: apache
        group: users
        mode: 0644
      when: not accounts_nginx_ws_fcheck.stat.exists
    
    
    - name: "{{accounts_production_name}}=====Checking nginx's rewrite rule file if exists"
      stat:
        path: "{{accounts_rewrite_nginx_dest_path}}/{{accounts_production_name}}.{{accounts_domain_name}}.conf"
      register: accounts_rewrite_ws_fcheck
    
    - name: "{{accounts_production_name}}=====upload nginx's rewrite rule file to server"
      template:
        src: accounts_rewrite_chinasoft.com.conf.j2
        dest: "{{accounts_rewrite_nginx_dest_path}}/{{accounts_production_name}}.{{accounts_domain_name}}.conf"
        owner: apache
        group: users
        mode: 0644
      when: not accounts_rewrite_ws_fcheck.stat.exists
    
    
    #- name: "{{accounts_production_name}}=====Checking apache configuration file if exists"
    #  stat:
    #    path: "{{accounts_http_dest_path}}/{{accounts_production_name}}.{{accounts_domain_name}}.conf"
    #  register: accounts_apache_ws_fcheck
    #
    #- name: "{{accounts_production_name}}=====upload apache configuration file to server"
    #  template:
    #    src: accounts_apache_chinasoft.com.conf.j2
    #    dest: "{{accounts_http_dest_path}}/{{accounts_production_name}}.{{accounts_domain_name}}.conf"
    #    owner: apache
    #    group: users
    #    mode: 0644
    #  when: not accounts_apache_ws_fcheck.stat.exists
    
    
    #- name: "{{accounts_production_name}}=====Checking web data httpdocs and create if not exists"
    #  file:
    #    path: "{{accounts_http_data_dest_path}}/{{accounts_production_name}}.{{accounts_domain_name}}/httpdocs"
    #    state: directory
    #    owner: apache
    #    group: users
    #    mode: 0755
    
    #- name: "{{accounts_production_name}}=====Checking data link and create if not exists"
    #  file:
    #    src: "{{accounts_http_data_dest_path}}/{{accounts_production_name}}.{{accounts_domain_name}}/httpdocs"
    #    dest: "{{accounts_http_data_dest_path}}/{{accounts_production_name}}.{{accounts_domain_name}}/httpdocs/cbs_down"
    #    state: link
    #    owner: apache
    #    group: users
    #    mode: 0755
    
    #- name: "{{accounts_production_name}}=====Checking data index.html and create if not exists"
    #  stat:
    #    path: "{{accounts_http_data_dest_path}}/{{accounts_production_name}}.{{accounts_domain_name}}/httpdocs/index.html"
    #  register: accounts_apache_data_ws_fcheck
    #
    #- name: "{{accounts_production_name}}=====upload www test data file to server"
    #  template:
    #    src: accounts_nginx_index.html.j2
    #    dest: "{{accounts_http_data_dest_path}}/{{accounts_production_name}}.{{accounts_domain_name}}/httpdocs/index.html"
    #    owner: apache
    #    group: users
    #    mode: 0644
    #  when: not accounts_apache_data_ws_fcheck.stat.exists
    
    
    - name: "{{accounts_production_name}}=====Checking certification path if not exists"
      file:
        path: "/usr/local/nginx/conf/cert2016"
        state: directory
        owner: apache
        group: users
        mode: 0755
    
    - name: "{{accounts_production_name}}=====upload certification file to server"
      template:
        src: "{{item.src}}"
        dest: "{{accounts_certification_dest_path}}/{{item.dest}}"
        owner: apache
        group: users
        mode: 0644
      with_items: 
        - { src: "{{accounts_domain_name|regex_replace('\.' , '_')}}.crt", dest: "{{accounts_domain_name|regex_replace('\.' , '_')}}.crt" }
        - { src: "{{accounts_domain_name|regex_replace('\.' , '_')}}.key", dest: "{{accounts_domain_name|regex_replace('\.' , '_')}}.key" }
    
    [root@sz_xxgc_cms_slave01_18_214 roles]# more cn_accounts/tasks/main.yaml 
    - name: Deploy common site
      import_tasks: commom.yaml
    
    
    [root@sz_xxgc_cms_slave01_18_214 roles]# more cn_accounts/templates/accounts_nginx_chinasoft.com.conf.j2 
    server {
        listen 80;
        server_name     {{accounts_production_name}}.{{accounts_domain_name}} {% if accounts_is_ori_needed  %}ori-{{accounts_production_name}}.{{accounts_domain_name}}{% endif %};
        access_log      /data/www/logs/nginx_log/access/{{ accounts_production_name }}.{{accounts_domain_name}}_access.log main ;
            error_log       /data/www/logs/nginx_log/error/{{ accounts_production_name }}.{{accounts_domain_name}}_error.log ;
        root            /data/www/vhosts/services/ucweb/_static/www ;
        index           index.html index.shtml ;
        include         rewrite.d/{{ accounts_production_name }}.{{accounts_domain_name}}.conf ;
    
        error_page  404 403             /404.html;
    
        if ($http_user_agent ~ Ezooms) {
            return 403;
        }
    
        location ~ ^.*.(htaccess|htpasswd|ini|sh)$ {
            deny all;
        }
    
        set $jump_accounts 0;
    
        if ($request_method = "GET") { 
            set $jump_accounts "${jump_accounts}1";
        }
    
        if ($jump_accounts = "01") {
            rewrite ^/(.*)$ https://{{accounts_production_name}}.{{accounts_domain_name}}/$1 permanent;
        }
    
        location / {
                    try_files $uri $uri/ /index.html;
                    #    expires -1;
            }
            location /api {
                    add_header Cache-Control no-cache;
                    proxy_set_header Host $host;
                    proxy_set_header X-Forwarded-For $remote_addr;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Scheme $scheme;
                    proxy_pass http://ucweb_servers;
                    expires -1;
    
            }
    
            location /v3/user/oauth {
                    add_header Cache-Control no-cache;
                    proxy_set_header Host $host;
                    proxy_set_header X-Forwarded-For $remote_addr;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Scheme $scheme;
            proxy_pass http://ucweb_servers;
                    expires -1;
    
            }
    
    
    }
    
    server {
        listen 443;
        server_name     {{accounts_production_name}}.{{accounts_domain_name}} {% if accounts_is_ori_needed  %}ori-{{accounts_production_name}}.{{accounts_domain_name}}{% endif %};
        access_log      /data/www/logs/nginx_log/access/{{ accounts_production_name }}.{{accounts_domain_name}}_access.log main ;
            error_log       /data/www/logs/nginx_log/error/{{ accounts_production_name }}.{{accounts_domain_name}}_error.log ;
        root            /data/www/vhosts/services/ucweb/_static/www ;
        index           index.html index.shtml ;
        include         rewrite.d/{{ accounts_production_name }}.{{accounts_domain_name}}.conf ;
        error_page  404 403             /404.html;
    
    
        ssl_certificate         cert2016/{{accounts_domain_name|regex_replace('.' , '_')}}.crt;
            ssl_certificate_key     cert2016/{{accounts_domain_name|regex_replace('.' , '_')}}.key;
        ssl_dhparam             cert2016/dh_2048.pem;
    
        ssl_session_timeout     15m;
        ssl_protocols   TLSv1 TLSv1.1 TLSv1.2;
    
        ssl_ciphers     "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AE
    S256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!AES128-GCM-SHA256:!AES256-GCM-SHA384:!AES128-SHA256:!AES256-SHA256:!AES128-SHA:!AES256-SHA:AES:!CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:EDH-RSA-DES-CBC3
    -SHA:!KRB5-DES-CBC3-SHA";
    
        if ($http_user_agent ~ Ezooms) {
            return 403;
        }
    
        location ~ ^.*.(htaccess|htpasswd|ini|sh)$ {
            deny all;
        }
    
        location / {
            try_files $uri $uri/ /index.html;
            #    expires -1;
        }       
        location /api {
            add_header Cache-Control no-cache;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Scheme $scheme;
            proxy_pass http://ucweb_servers;
            expires -1;
    
        }
    
        location /v3/user/oauth {
            add_header Cache-Control no-cache;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Scheme $scheme;
            proxy_pass http://ucweb_servers;
            expires -1;
    
        }
    
    }
    
    [root@sz_xxgc_cms_slave01_18_214 roles]# more cn_accounts/templates/accounts_rewrite_chinasoft.com.conf.j2 
    if ($request_uri ~ ^/(.*)/(index|indice).(html)) { rewrite ^/(.*)/(index|indice).(html) /$1   permanent;}
    if ($request_uri ~ ^/(index|indice).html) { rewrite    ^       / permanent;}
    
    [root@sz_xxgc_cms_slave01_18_214 roles]# more cn_accounts/vars/main.yaml 
    accounts_domain_name: chinasoft.cn
    accounts_is_ori_needed: true
    
    accounts_nginx_dest_path: /usr/local/nginx/conf/vhost.d
    accounts_rewrite_nginx_dest_path: /usr/local/nginx/conf/rewrite.d
    #accounts_http_dest_path: /usr/local/httpd-2.2.26/conf/vhost.d
    accounts_http_data_dest_path: /data/www/vhosts
    accounts_certification_dest_path: /usr/local/nginx/conf/cert2016
    
    #accounts_production_accountsre: accountsre
    #accounts_production_shopcart: shopcart
    #accounts_production_uniconverter: uniconverter
    accounts_production_name: accounts
  • 相关阅读:
    Yii2 数据操作Query Builder
    Yii2.0 rules验证规则大全
    git错误解决 -- 小结
    为什么结构化编程、面向对象编程、软件工程、架构设计最后没有成为软件领域的银弹
    系统和子系统、架构和框架、模块和组件
    MyBatis实战之动态SQL
    Controller如何写的更简化
    MyBatis实战之映射器
    WiFi密码忘记了怎么办之解决方案
    Linux常用监控服务器性能命令
  • 原文地址:https://www.cnblogs.com/reblue520/p/13687243.html
Copyright © 2020-2023  润新知