parent
2174374037
commit
7f66f4c5f2
|
@ -49,7 +49,6 @@
|
|||
- git: repo=https://github.com/oraclesorg/oracles-dapps-voting.git dest={{ home }}/parity/dapps/Voting
|
||||
- git: repo=https://github.com/oraclesorg/oracles-dapps-validators.git dest={{ home }}/parity/dapps/ValidatorsList
|
||||
|
||||
|
||||
- name: Download parity-nouncles
|
||||
get_url: url="{{ parity_nouncles }}" dest={{ home }}/parity-nouncles mode=0755
|
||||
|
||||
|
@ -62,16 +61,32 @@
|
|||
- name: Install oracles-pm2 service
|
||||
template: src=oracles-pm2.j2 dest=/etc/systemd/system/oracles-pm2.service owner=root group=root mode=0755
|
||||
|
||||
- name: Ensure oracles-pm2 is running and enabled to start at boot
|
||||
service: name=oracles-pm2 state=started enabled=yes
|
||||
|
||||
- name: Install npm pm2
|
||||
npm: name="pm2" global="yes"
|
||||
|
||||
- name: Ensure oracles-pm2 is running and enabled to start at boot
|
||||
service: name=oracles-pm2 state=started enabled=yes
|
||||
|
||||
- git: repo=https://github.com/oraclesorg/eth-net-intelligence-api dest={{ home }}/eth-net-intelligence-api
|
||||
|
||||
- name: Install netstats config
|
||||
template: src=app.json.j2 dest={{ home }}/eth-net-intelligence-api/app.json owner=root group=root mode=0644
|
||||
template: src=app.json.j2 dest={{ home }}/eth-net-intelligence-api/app.json owner=bootnode group=bootnode mode=0644
|
||||
|
||||
- git: repo=https://github.com/oraclesorg/oracles-initial-keys dest={{ home }}/oracles-initial-keys
|
||||
|
||||
- file: path={{ home }} owner={{ username }} group={{ username }} recurse=yes
|
||||
|
||||
- name: install npm netstats
|
||||
shell: "cd /home/bootnode/eth-net-intelligence-api; /usr/bin/npm install"
|
||||
become: true
|
||||
become_user: "{{ username }}"
|
||||
tags: test
|
||||
|
||||
- name: install npm oracles-initial-keys
|
||||
shell: "cd /home/bootnode/oracles-initial-keys; /usr/bin/npm install"
|
||||
become: true
|
||||
become_user: "{{ username }}"
|
||||
tags: test
|
||||
|
||||
- name: Install oracles-netstats service
|
||||
template: src=oracles-netstats.j2 dest=/etc/systemd/system/oracles-netstats.service owner=root group=root mode=0755
|
||||
|
@ -85,4 +100,3 @@
|
|||
- name: Install oracles-logrotate cron
|
||||
template: src=oracles-logrotate.j2 dest=/etc/cron.hourly/oracles-logrotate owner=root group=root mode=0755
|
||||
|
||||
- git: repo=https://github.com/oraclesorg/oracles-initial-keys dest={{ home }}/oracles-initial-keys
|
||||
|
|
|
@ -1,17 +1,16 @@
|
|||
---
|
||||
- name: Install nginx repo
|
||||
template: src=nginx.repo.j2 dest=/etc/yum.repos.d/nginx.repo owner=root group=root mode=0644
|
||||
|
||||
- name: Install nginx
|
||||
yum: name=nginx state=latest
|
||||
apt: name=nginx state=latest
|
||||
tags: nginx
|
||||
|
||||
- name: Install nginx.conf
|
||||
template: src={{ item }}.j2 dest=/etc/nginx/{{ item }} owner=root group=root mode=0644
|
||||
with_items:
|
||||
- nginx.conf
|
||||
- dhparam.pem
|
||||
- file: path=/etc/nginx/ssl state=directory mode=0755
|
||||
tags: nginx
|
||||
|
||||
- name: Generate self-signed SSL certificate
|
||||
shell: openssl req -new -x509 -nodes -subj "/CN={{ ansible_host }}" -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt
|
||||
notify:
|
||||
- reload nginx
|
||||
tags: nginx
|
||||
|
||||
- name: Install nginx conf.d files
|
||||
template: src={{ item }}.j2 dest=/etc/nginx/conf.d/{{ item }} owner=root group=root mode=0644
|
||||
|
@ -19,10 +18,8 @@
|
|||
- default.conf
|
||||
notify:
|
||||
- reload nginx
|
||||
tags: nginx
|
||||
|
||||
- name: Ensure nginx is running and enabled to start at boot
|
||||
service: name=nginx state=started enabled=yes
|
||||
|
||||
- include: vars.yml
|
||||
tags:
|
||||
- nginx_vars
|
||||
tags: nginx
|
||||
|
|
|
@ -1,231 +1,30 @@
|
|||
# {{ ansible_managed }}
|
||||
proxy_cache_path /var/cache/nginx/cache levels=1:2 keys_zone=configs_cache:1m max_size=1g;
|
||||
|
||||
log_format filter '$remote_addr - $remote_user [$time_local] '
|
||||
'"$temp" $status $request_length $body_bytes_sent '
|
||||
'"$http_referer" "$http_user_agent"';
|
||||
|
||||
upstream app_admin {
|
||||
{% for ip in nginx_pool %}
|
||||
server {{ ip }}:5029;
|
||||
{% endfor %}
|
||||
keepalive 2000;
|
||||
}
|
||||
|
||||
upstream app_moderator {
|
||||
{% for ip in nginx_pool %}
|
||||
server {{ ip }}:5028;
|
||||
{% endfor %}
|
||||
keepalive 2000;
|
||||
}
|
||||
|
||||
upstream app_estimations {
|
||||
{% for ip in nginx_pool %}
|
||||
server {{ ip }}:5027;
|
||||
{% endfor %}
|
||||
keepalive 2000;
|
||||
}
|
||||
|
||||
upstream app_manager {
|
||||
{% for ip in nginx_pool %}
|
||||
server {{ ip }}:5026;
|
||||
{% endfor %}
|
||||
keepalive 2000;
|
||||
}
|
||||
|
||||
upstream app_support {
|
||||
{% for ip in nginx_pool %}
|
||||
server {{ ip }}:5025;
|
||||
{% endfor %}
|
||||
keepalive 2000;
|
||||
}
|
||||
|
||||
upstream app_call {
|
||||
{% for ip in nginx_pool %}
|
||||
server {{ ip }}:8000;
|
||||
{% endfor %}
|
||||
keepalive 2000;
|
||||
}
|
||||
|
||||
upstream app_prediction {
|
||||
{% for ip in nginx_pool %}
|
||||
server {{ ip }}:8010;
|
||||
{% endfor %}
|
||||
keepalive 2000;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name www.owhealth.com api.owhealth.com owhealth.com;
|
||||
|
||||
root /home/website;
|
||||
listen 443 ssl default_server;
|
||||
listen [::]:443 ssl default_server;
|
||||
|
||||
location ~ /.well-known {
|
||||
allow all;
|
||||
root /home/www;
|
||||
}
|
||||
ssl_certificate /etc/nginx/ssl/server.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/server.key;
|
||||
|
||||
location /nginx-stats {
|
||||
stub_status on;
|
||||
access_log off;
|
||||
allow 127.0.0.1;
|
||||
allow 10.19.195.68;
|
||||
deny all;
|
||||
}
|
||||
server_name _;
|
||||
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
# Master backend server
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name api.owhealth.com owhealth.com *.owhealth.com;
|
||||
|
||||
# Use certificate and key provided by Let's Encrypt:
|
||||
ssl_certificate /etc/letsencrypt/live/api.owhealth.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/api.owhealth.com/privkey.pem;
|
||||
ssl_session_timeout 20m;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
||||
#ssl_ciphers "EECDH:+AES256:-3DES:RSA+AES:!NULL:!RC4";
|
||||
ssl_dhparam /etc/nginx/dhparam.pem;
|
||||
|
||||
set $temp $request;
|
||||
|
||||
# Replace password in request with ****
|
||||
if ($temp ~ (.*)password=[^&]*(.*)) {
|
||||
set $temp $1password=****$2;
|
||||
}
|
||||
access_log off;
|
||||
|
||||
# Manage static files
|
||||
location ~ /\.git {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location = / {
|
||||
return 301 https://flo.health/;
|
||||
}
|
||||
|
||||
location = /flo_about.html {
|
||||
return 301 https://flo.health/about-us/;
|
||||
}
|
||||
|
||||
location / {
|
||||
root /home/website/data/site;
|
||||
try_files $uri $uri/ $uri/index.html =404;
|
||||
}
|
||||
|
||||
location /content {
|
||||
root /home/api;
|
||||
try_files $uri $uri/ $uri/index.html =404;
|
||||
access_log /home/logging/content.access.log filter;
|
||||
}
|
||||
|
||||
location /call/v1/clientconfigs {
|
||||
proxy_set_header Host localhost:8545;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
proxy_pass http://app_call/v1/clientconfigs;
|
||||
proxy_ssl_session_reuse off;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_redirect off;
|
||||
proxy_set_header Content-Type application/json;
|
||||
add_header Access-Control-Allow-Origin "*";
|
||||
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept";
|
||||
|
||||
proxy_cache configs_cache;
|
||||
proxy_cache_valid 10m;
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header Access-Control-Allow-Headers "Origin, X-Requested-With, Content-Type, Accept";
|
||||
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
|
||||
add_header Access-Control-Allow-Origin "*";
|
||||
add_header Access-Control-Max-Age 600;
|
||||
add_header Content-Type 'text/plain charset=UTF-8';
|
||||
add_header Content-Length 0;
|
||||
return 204;
|
||||
}
|
||||
|
||||
location /call {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
proxy_pass http://app_call/;
|
||||
proxy_ssl_session_reuse off;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_redirect off;
|
||||
proxy_buffer_size 32k;
|
||||
proxy_buffers 32 32k;
|
||||
client_body_buffer_size 1m;
|
||||
}
|
||||
|
||||
location /call/v1/estimations {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
proxy_pass http://app_prediction/v1/estimations;
|
||||
proxy_ssl_session_reuse off;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /call/v2/estimations {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
proxy_pass http://app_prediction/v2/estimations;
|
||||
proxy_ssl_session_reuse off;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /support {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
proxy_pass http://app_support/;
|
||||
proxy_ssl_session_reuse off;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_redirect off;
|
||||
allow 64.58.116.236;
|
||||
deny all;
|
||||
}
|
||||
|
||||
location /manager {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
proxy_pass http://app_manager/;
|
||||
proxy_ssl_session_reuse off;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_redirect off;
|
||||
allow 64.58.116.236;
|
||||
deny all;
|
||||
}
|
||||
|
||||
location /estimations {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
proxy_pass http://app_estimations/;
|
||||
proxy_ssl_session_reuse off;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /moderator {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
proxy_pass http://app_moderator/;
|
||||
proxy_ssl_session_reuse off;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /admin {
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-NginX-Proxy true;
|
||||
proxy_pass http://app_admin/;
|
||||
proxy_ssl_session_reuse off;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_redirect off;
|
||||
allow 64.58.116.236;
|
||||
deny all;
|
||||
proxy_pass http://localhost:8545;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue