Moved the nginx stuff for the mapserver into its own role

playbooks/group_vars/mapservers/nginx.yml

@@ -26,4 +26,14 @@ nginx_sites:
               gzip_comp_level 2;
               gzip_types application/json;
               gzip_vary on;
+      }
+  - location /grafana {
+      if ($scheme != "https") {
+        rewrite ^ https://map.ffdo.de$request_uri permanent;
+      }
+                include proxy_params;
+                proxy_pass http://127.0.0.1:3000/;
+                rewrite  ^/grafana/(.*)  /$1 break;
+                proxy_set_header Host $host;
+
       }

playbooks/group_vars/mapservers/ssl.yml

@@ -1,3 +1,6 @@
+
+mapserver_ssl_key_path: /etc/nginx/ssl/wiki.ffdo.de.key
+mapserver_ssl_cert_path: /etc/nginx/ssl/wiki.ffdo.de.crt
 mapserver_use_pregenerated_dh_params: false
 mapserver_ssl_private_key: |
     -----BEGIN RSA PRIVATE KEY-----

roles/internal/ffdo.mapserver-nginx/README.md

@@ -0,0 +1,38 @@
+Role Name
+=========
+
+A brief description of the role goes here.
+
+Requirements
+------------
+
+Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
+
+Role Variables
+--------------
+
+A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
+
+Dependencies
+------------
+
+A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
+
+Example Playbook
+----------------
+
+Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
+
+    - hosts: servers
+      roles:
+         - { role: username.rolename, x: 42 }
+
+License
+-------
+
+BSD
+
+Author Information
+------------------
+
+An optional section for the role authors to include contact information, or a website (HTML is not allowed).

roles/internal/ffdo.mapserver-nginx/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+# defaults file for ffdo.mapserver-nginx

roles/internal/ffdo.mapserver-nginx/handlers/main.yml

@@ -0,0 +1,5 @@
+---
+# handlers file for ffdo.mapserver-nginx
+
+- name: Restart nginx
+  service: name=nginx state=restarted

roles/internal/ffdo.mapserver-nginx/meta/main.yml

@@ -0,0 +1,139 @@
+---
+galaxy_info:
+  author: your name
+  description: 
+  company: your company (optional)
+  # If the issue tracker for your role is not on github, uncomment the
+  # next line and provide a value
+  # issue_tracker_url: http://example.com/issue/tracker
+  # Some suggested licenses:
+  # - BSD (default)
+  # - MIT
+  # - GPLv2
+  # - GPLv3
+  # - Apache
+  # - CC-BY
+  license: license (GPLv2, CC-BY, etc)
+  min_ansible_version: 1.2
+  #
+  # Below are all platforms currently available. Just uncomment
+  # the ones that apply to your role. If you don't see your 
+  # platform on this list, let us know and we'll get it added!
+  #
+  #platforms:
+  #- name: EL
+  #  versions:
+  #  - all
+  #  - 5
+  #  - 6
+  #  - 7
+  #- name: GenericUNIX
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Fedora
+  #  versions:
+  #  - all
+  #  - 16
+  #  - 17
+  #  - 18
+  #  - 19
+  #  - 20
+  #  - 21
+  #  - 22
+  #- name: Windows
+  #  versions:
+  #  - all
+  #  - 2012R2
+  #- name: SmartOS
+  #  versions:
+  #  - all
+  #  - any
+  #- name: opensuse
+  #  versions:
+  #  - all
+  #  - 12.1
+  #  - 12.2
+  #  - 12.3
+  #  - 13.1
+  #  - 13.2
+  #- name: Amazon
+  #  versions:
+  #  - all
+  #  - 2013.03
+  #  - 2013.09
+  #- name: GenericBSD
+  #  versions:
+  #  - all
+  #  - any
+  #- name: FreeBSD
+  #  versions:
+  #  - all
+  #  - 8.0
+  #  - 8.1
+  #  - 8.2
+  #  - 8.3
+  #  - 8.4
+  #  - 9.0
+  #  - 9.1
+  #  - 9.1
+  #  - 9.2
+  #- name: Ubuntu
+  #  versions:
+  #  - all
+  #  - lucid
+  #  - maverick
+  #  - natty
+  #  - oneiric
+  #  - precise
+  #  - quantal
+  #  - raring
+  #  - saucy
+  #  - trusty
+  #  - utopic
+  #  - vivid
+  #- name: SLES
+  #  versions:
+  #  - all
+  #  - 10SP3
+  #  - 10SP4
+  #  - 11
+  #  - 11SP1
+  #  - 11SP2
+  #  - 11SP3
+  #- name: GenericLinux
+  #  versions:
+  #  - all
+  #  - any
+  #- name: Debian
+  #  versions:
+  #  - all
+  #  - etch
+  #  - jessie
+  #  - lenny
+  #  - squeeze
+  #  - wheezy
+  #
+  # Below are all categories currently available. Just as with
+  # the platforms above, uncomment those that apply to your role.
+  #
+  #categories:
+  #- cloud
+  #- cloud:ec2
+  #- cloud:gce
+  #- cloud:rax
+  #- clustering
+  #- database
+  #- database:nosql
+  #- database:sql
+  #- development
+  #- monitoring
+  #- networking
+  #- packaging
+  #- system
+  #- web
+dependencies: []
+  # List your role dependencies here, one per line.
+  # Be sure to remove the '[]' above if you add dependencies
+  # to this list.
+  

roles/internal/ffdo.mapserver-nginx/tasks/main.yml

@@ -0,0 +1,48 @@
+---
+# tasks file for ffdo.mapserver-nginx
+
+- name: Ensure nginx is installed
+  apt: name=nginx state=present
+
+- name: Install openssl to generate DH params
+  apt: name=openssl state=present
+
+- name: Ensure nginx ssl directory exists
+  file: dest=/etc/nginx/ssl/ state=directory
+
+- name: Create private ssl key from secret var
+  copy: content="{{ mapserver_ssl_private_key }}" dest="{{mapserver_ssl_key_path}}"
+  notify:
+  - Restart nginx
+
+- name: Create nginx server certificate from secret var
+  copy: content="{{ mapserver_ssl_server_cert }}" dest="{{mapserver_ssl_cert_path}}"
+  notify:
+  - Restart nginx
+
+- name: Deploy pregenerated DH params
+  when: mapserver_use_pregenerated_dh_params
+  copy: content="{{mapserver_dh_params}}" dest=/etc/nginx/dhparams.pem
+  notify:
+  - Restart nginx
+
+- name: Generate strong dhparams
+  when: not mapserver_use_pregenerated_dh_params
+  shell: openssl dhparam -out /etc/nginx/dhparams.pem 4096 creates=/etc/nginx/dhparams.pem
+  notify:
+  - Restart nginx
+
+- name: Install nginx configs
+  template:
+    src: "{{item.src}}"
+    dest: "{{item.dest}}"
+  with_items:
+  - src: nginx-default.conf.j2
+    dest: /etc/nginx/sites-available/default
+  - src: nginx-wiki.conf.j2
+    dest: /etc/nginx/sites-available/wiki
+  notify:
+  - Restart nginx
+
+- name: Ensure nginx is started and enabled
+  service: name=nginx state=started enabled=yes

roles/internal/ffdo.mapserver-nginx/templates/nginx-default.conf.j2

@@ -0,0 +1,67 @@
+server {
+  listen 80 default_server;
+  listen [::]:80 default_server;
+
+
+  # ssl
+  listen 443 ssl;
+        listen [::]:443 ssl;
+  ssl_certificate {{mapserver_ssl_cert_path}};
+  ssl_certificate_key {{mapserver_ssl_key_path}};
+  ssl_dhparam /etc/nginx/dhparams.pem;
+
+  server_name _;
+  root /var/www;
+  index index.html;
+
+  location = / {
+    return 302 /meshviewer/;
+  }
+
+  location /meshviewer {
+    alias {{meshviewer_install_directory}};
+    try_files $uri $uri/ =404;
+    gzip on;
+    gzip_comp_level 2;
+    gzip_types application/json application/javascript text/css;
+    gzip_vary on;
+  }
+
+  location /meshviewer-test {
+    alias /srv/meshviewer-test;
+    try_files $uri $uri/ =404;
+                gzip on;
+                gzip_comp_level 2;
+                gzip_types application/json application/javascript text/css;
+                gzip_vary on;
+  }
+
+        location /grafana {
+    if ($scheme != "https") {
+      rewrite ^ https://map.ffdo.de$request_uri permanent;
+    }
+                include proxy_params;
+                proxy_pass http://127.0.0.1:3000/;
+                rewrite  ^/grafana/(.*)  /$1 break;
+                proxy_set_header Host $host;
+
+        }
+
+  location /data {
+    alias /srv/ffmap-data;
+    gzip on;
+    gzip_comp_level 2;
+    gzip_types application/json;
+    gzip_vary on;
+  }
+
+# location /wiki {
+#   if ($scheme = http){
+#                 rewrite ^ https://map.do.freifunk.ruhr$request_uri? permanent;
+#         }
+#   proxy_pass        http://127.0.0.1:5001/;
+#         proxy_set_header  X-Real-IP  $remote_addr;
+#         proxy_redirect off;
+# }
+
+}

roles/internal/ffdo.mapserver-nginx/templates/nginx-wiki.conf.j2

@@ -0,0 +1,29 @@
+server {
+  listen 80;
+  listen [::]:80;
+
+
+  # ssl
+  listen 443 ssl;
+        listen [::]:443 ssl;
+  ssl_certificate {{mapserver_ssl_cert_path}};
+  ssl_certificate_key {{mapserver_ssl_key_path}};
+  ssl_dhparam /etc/nginx/dhparams.pem;
+
+  server_name wiki.ffdo.de;
+  root /var/www;
+  index index.html;
+
+  if ($scheme = http){
+                rewrite ^ https://wiki.ffdo.de$request_uri? permanent;
+        }
+  location / {
+    proxy_pass        http://127.0.0.1:55001/;
+          proxy_set_header  X-Real-IP  $remote_addr;
+          proxy_redirect off;
+  }
+  location /_NOWIKI {
+    deny all;
+  }
+
+}

roles/internal/ffdo.mapserver-nginx/vars/main.yml

@@ -0,0 +1,2 @@
+---
+# vars file for ffdo.mapserver-nginx

roles/internal/map-server/defaults/main.yml

@@ -1,2 +1,3 @@
 ---
 # defaults file for map-server
+mapserver_use_pregenerated_dh_params: false

roles/internal/map-server/meta/main.yml

@@ -18,5 +18,5 @@ galaxy_info:
   - system
   - web
 dependencies:
-- jdauphant.nginx
+- ffdo.mapserver-nginx
 - meshviewer

roles/internal/map-server/tasks/main.yml

@@ -2,26 +2,6 @@
 # tasks file for map-server
 - include_vars: "{{ ansible_os_family }}.yml"
 
-- name: Install openssl to generate DH params
-  apt: name=openssl state=present
-
-- name: Ensure nginx ssl directory exists
-  file: dest=/etc/nginx/ssl/ state=directory
-
-- name: Create private ssl key from secret var
-  copy: content="{{ mapserver_ssl_private_key }}" dest=/etc/nginx/ssl/wiki.ffdo.de.key
-
-- name: Create nginx server certificate from secret var
-  copy: content="{{ mapserver_ssl_server_cert }}" dest=/etc/nginx/ssl/wiki.ffdo.de.crt
-
-- name: Deploy pregenerated DH params
-  when: mapserver_use_pregenerated_dh_params
-  copy: content="{{mapserver_dh_params}}" dest=/etc/nginx/dhparams.pem
-
-- name: Generate strong dhparams
-  when: not mapserver_use_pregenerated_dh_params
-  shell: openssl dhparam -out /etc/nginx/dhparams.pem 4096 creates=/etc/nginx/dhparams.pem
-
 - name: Install necessary packages
   apt: name={{item}} state=present
   with_items: "{{mapserver_packages}}"