poanetwork
/
deployment-playbooks
mirror of https://github.com/poanetwork/deployment-playbooks.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

add nginx template 

fix in bootnode template
This commit is contained in:
Vitaly Znachenok 2017-11-15 23:02:45 +03:00
parent 2174374037
commit 7f66f4c5f2
3 changed files with 54 additions and 244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
roles/bootnode/tasks/main.yml
View File

@ -49,7 +49,6 @@
- git: repo=https://github.com/oraclesorg/oracles-dapps-voting.git dest={{ home }}/parity/dapps/Voting - git: repo=https://github.com/oraclesorg/oracles-dapps-voting.git dest={{ home }}/parity/dapps/Voting
- git: repo=https://github.com/oraclesorg/oracles-dapps-validators.git dest={{ home }}/parity/dapps/ValidatorsList - git: repo=https://github.com/oraclesorg/oracles-dapps-validators.git dest={{ home }}/parity/dapps/ValidatorsList
- name: Download parity-nouncles - name: Download parity-nouncles
get_url: url="{{ parity_nouncles }}" dest={{ home }}/parity-nouncles mode=0755 get_url: url="{{ parity_nouncles }}" dest={{ home }}/parity-nouncles mode=0755
@ -62,16 +61,32 @@
- name: Install oracles-pm2 service - name: Install oracles-pm2 service
template: src=oracles-pm2.j2 dest=/etc/systemd/system/oracles-pm2.service owner=root group=root mode=0755 template: src=oracles-pm2.j2 dest=/etc/systemd/system/oracles-pm2.service owner=root group=root mode=0755
- name: Ensure oracles-pm2 is running and enabled to start at boot
service: name=oracles-pm2 state=started enabled=yes
- name: Install npm pm2 - name: Install npm pm2
npm: name="pm2" global="yes" npm: name="pm2" global="yes"
- name: Ensure oracles-pm2 is running and enabled to start at boot
service: name=oracles-pm2 state=started enabled=yes
- git: repo=https://github.com/oraclesorg/eth-net-intelligence-api dest={{ home }}/eth-net-intelligence-api - git: repo=https://github.com/oraclesorg/eth-net-intelligence-api dest={{ home }}/eth-net-intelligence-api
- name: Install netstats config - name: Install netstats config
template: src=app.json.j2 dest={{ home }}/eth-net-intelligence-api/app.json owner=root group=root mode=0644 template: src=app.json.j2 dest={{ home }}/eth-net-intelligence-api/app.json owner=bootnode group=bootnode mode=0644
- git: repo=https://github.com/oraclesorg/oracles-initial-keys dest={{ home }}/oracles-initial-keys
- file: path={{ home }} owner={{ username }} group={{ username }} recurse=yes
- name: install npm netstats
shell: "cd /home/bootnode/eth-net-intelligence-api; /usr/bin/npm install"
become: true
become_user: "{{ username }}"
tags: test
- name: install npm oracles-initial-keys
shell: "cd /home/bootnode/oracles-initial-keys; /usr/bin/npm install"
become: true
become_user: "{{ username }}"
tags: test
- name: Install oracles-netstats service - name: Install oracles-netstats service
template: src=oracles-netstats.j2 dest=/etc/systemd/system/oracles-netstats.service owner=root group=root mode=0755 template: src=oracles-netstats.j2 dest=/etc/systemd/system/oracles-netstats.service owner=root group=root mode=0755
@ -85,4 +100,3 @@
- name: Install oracles-logrotate cron - name: Install oracles-logrotate cron
template: src=oracles-logrotate.j2 dest=/etc/cron.hourly/oracles-logrotate owner=root group=root mode=0755 template: src=oracles-logrotate.j2 dest=/etc/cron.hourly/oracles-logrotate owner=root group=root mode=0755
- git: repo=https://github.com/oraclesorg/oracles-initial-keys dest={{ home }}/oracles-initial-keys

23
roles/nginx/tasks/main.yml
View File

@ -1,17 +1,16 @@
--- ---
- name: Install nginx repo
template: src=nginx.repo.j2 dest=/etc/yum.repos.d/nginx.repo owner=root group=root mode=0644
- name: Install nginx - name: Install nginx
yum: name=nginx state=latest apt: name=nginx state=latest
tags: nginx
- name: Install nginx.conf - file: path=/etc/nginx/ssl state=directory mode=0755
template: src={{ item }}.j2 dest=/etc/nginx/{{ item }} owner=root group=root mode=0644 tags: nginx
with_items:
- nginx.conf - name: Generate self-signed SSL certificate
- dhparam.pem shell: openssl req -new -x509 -nodes -subj "/CN={{ ansible_host }}" -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt
notify: notify:
- reload nginx - reload nginx
tags: nginx
- name: Install nginx conf.d files - name: Install nginx conf.d files
template: src={{ item }}.j2 dest=/etc/nginx/conf.d/{{ item }} owner=root group=root mode=0644 template: src={{ item }}.j2 dest=/etc/nginx/conf.d/{{ item }} owner=root group=root mode=0644
@ -19,10 +18,8 @@
- default.conf - default.conf
notify: notify:
- reload nginx - reload nginx
tags: nginx
- name: Ensure nginx is running and enabled to start at boot - name: Ensure nginx is running and enabled to start at boot
service: name=nginx state=started enabled=yes service: name=nginx state=started enabled=yes
tags: nginx
- include: vars.yml
tags:
- nginx_vars

249
roles/nginx/templates/default.conf.j2
View File

@ -1,231 +1,30 @@
# {{ ansible_managed }}
proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=configs_cache:1m max_size=1g;
log_format filter '$remote_addr - $remote_user [$time_local] '
'"$temp" $status $request_length $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
upstream app_admin {
{% for ip in nginx_pool %}
server {{ ip }}:5029;
{% endfor %}
keepalive 2000;
}
upstream app_moderator {
{% for ip in nginx_pool %}
server {{ ip }}:5028;
{% endfor %}
keepalive 2000;
}
upstream app_estimations {
{% for ip in nginx_pool %}
server {{ ip }}:5027;
{% endfor %}
keepalive 2000;
}
upstream app_manager {
{% for ip in nginx_pool %}
server {{ ip }}:5026;
{% endfor %}
keepalive 2000;
}
upstream app_support {
{% for ip in nginx_pool %}
server {{ ip }}:5025;
{% endfor %}
keepalive 2000;
}
upstream app_call {
{% for ip in nginx_pool %}
server {{ ip }}:8000;
{% endfor %}
keepalive 2000;
}
upstream app_prediction {
{% for ip in nginx_pool %}
server {{ ip }}:8010;
{% endfor %}
keepalive 2000;
}
server { server {
listen 80;
server_name www.owhealth.com api.owhealth.com owhealth.com;
root /home/website; listen 443 ssl default_server;
listen [::]:443 ssl default_server;
location ~ /.well-known { ssl_certificate /etc/nginx/ssl/server.crt;
allow all; ssl_certificate_key /etc/nginx/ssl/server.key;
root /home/www;
server_name _;
location / {
proxy_set_header Host localhost:8545;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Content-Type application/json;
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept";
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept";
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Max-Age 600;
add_header Content-Type 'text/plain charset=UTF-8';
add_header Content-Length 0;
return 204;
} }
proxy_pass http://localhost:8545;
location /nginx-stats { }
stub_status on;
access_log off;
allow 127.0.0.1;
allow 10.19.195.68;
deny all;
}
location / {
return 301 https://$host$request_uri;
}
}
# Master backend server
server {
listen 443 ssl;
server_name api.owhealth.com owhealth.com *.owhealth.com;
# Use certificate and key provided by Let's Encrypt:
ssl_certificate /etc/letsencrypt/live/api.owhealth.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.owhealth.com/privkey.pem;
ssl_session_timeout 20m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
#ssl_ciphers "EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4";
ssl_dhparam /etc/nginx/dhparam.pem;
set $temp $request;
# Replace password in request with ****
if ($temp ~ (.*)password=[^&]*(.*)) {
set $temp $1password=****$2;
}
access_log off;
# Manage static files
location ~ /\.git {
deny all;
}
location = / {
return 301 https://flo.health/;
}
location = /flo_about.html {
return 301 https://flo.health/about-us/;
}
location / {
root /home/website/data/site;
try_files $uri $uri/ $uri/index.html =404;
}
location /content {
root /home/api;
try_files $uri $uri/ $uri/index.html =404;
access_log /home/logging/content.access.log filter;
}
location /call/v1/clientconfigs {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app_call/v1/clientconfigs;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_cache configs_cache;
proxy_cache_valid 10m;
}
location /call {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app_call/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffer_size 32k;
proxy_buffers 32 32k;
client_body_buffer_size 1m;
}
location /call/v1/estimations {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app_prediction/v1/estimations;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location /call/v2/estimations {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app_prediction/v2/estimations;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location /support {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app_support/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
allow 64.58.116.236;
deny all;
}
location /manager {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app_manager/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
allow 64.58.116.236;
deny all;
}
location /estimations {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app_estimations/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location /moderator {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app_moderator/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
}
location /admin {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app_admin/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_redirect off;
allow 64.58.116.236;
deny all;
}
} }