Add support for nginx with reverse proxy to embedded server
This deploys the existing embedded server service but adds a nginx reverse proxy on top. Change-Id: I06837e39c20ce9390a39fc1ef2ee046934e6f38a
This commit is contained in:
parent
58d1ec51bb
commit
f107ec0aef
|
@ -33,3 +33,6 @@ ara:
|
|||
server: embedded
|
||||
# Type (mod_wsgi, standalone, embedded-proxy, etc.)
|
||||
type: standalone
|
||||
nginx:
|
||||
# Where nginx will store the proxy cache
|
||||
cache_directory: /var/cache/nginx
|
||||
|
|
|
@ -18,13 +18,23 @@
|
|||
daemon_reload: yes
|
||||
|
||||
- name: restart apache
|
||||
become: true
|
||||
service:
|
||||
name: "{{ apache_service }}"
|
||||
state: restarted
|
||||
when: ara.deployment.server == 'apache'
|
||||
|
||||
- name: restart nginx
|
||||
become: true
|
||||
service:
|
||||
name: nginx
|
||||
state: restarted
|
||||
when: ara.deployment.server == 'nginx'
|
||||
|
||||
- name: restart ara
|
||||
become: true
|
||||
service:
|
||||
name: ara
|
||||
state: restarted
|
||||
become: true
|
||||
when: ara.deployment.server == 'embedded' or
|
||||
ara.deployment.server == 'nginx' and ara.deployment.type == 'embedded_proxy'
|
|
@ -65,6 +65,9 @@
|
|||
src: logrotate.conf.j2
|
||||
dest: /etc/logrotate.d/ara
|
||||
|
||||
- name: Include web server configuration
|
||||
include_tasks: "{{ ara.deployment.server }}/{{ ara.deployment.type }}.yml"
|
||||
|
||||
- name: Create the ARA configuration file
|
||||
become: true
|
||||
ini_file:
|
||||
|
@ -79,6 +82,7 @@
|
|||
with_dict: "{{ ara.config }}"
|
||||
notify:
|
||||
- restart ara
|
||||
- restart nginx
|
||||
|
||||
- name: Get ARA installed location
|
||||
shell: python -c "import os,ara; print(os.path.dirname(ara.__file__))"
|
||||
|
@ -97,27 +101,26 @@
|
|||
- { option: callback_plugins, value: "{{ ara_location.stdout }}/plugins/callbacks" }
|
||||
- { option: action_plugins, value: "{{ ara_location.stdout }}/plugins/actions" }
|
||||
|
||||
- name: Include web server configuration
|
||||
include_tasks: "{{ ara.deployment.server }}/{{ ara.deployment.type }}.yml"
|
||||
|
||||
- name: Provide web application URL
|
||||
vars:
|
||||
msg: >-
|
||||
ARA was installed succesfully !
|
||||
The web application should now be reachable at http://{{ ara.config.host }}:{{ ara.config.port }} !
|
||||
To customize the host and port on which the application listens to, override the defaults for the ara_host and ara_port variables.
|
||||
Data from recorded playbooks will be available in the interface as soon as you run your first ansible-playbook command.
|
||||
The web application should now be reachable at http://{{ ara.config.host_proxy | default(ara.config.host) }}:{{ ara.config.port_proxy | default(ara.config.port) }} !
|
||||
debug:
|
||||
msg: "{{ msg.split('\n') }}"
|
||||
|
||||
- name: Provide instructions
|
||||
vars:
|
||||
msg: >-
|
||||
We've set up a configuration file for you in /etc/ara/ara.cfg.
|
||||
The ARA service is already using this configuration but you'll need to make sure Ansible is using it so that Ansible knows where ARA is located.
|
||||
To customize the host and port on which the web application is served, supply an 'ara_override' dictionary variables with new host and port keys.
|
||||
|
||||
This can be done from using Ansible or the ARA CLI commands directly from that directory or by using the ANSIBLE_CONFIG environment variable, like so:
|
||||
export ANSIBLE_CONFIG=/etc/ara/ara.cfg
|
||||
ansible-playbook playbook.yml
|
||||
A configuration file was set up automatically in /etc/ara/ara.cfg.
|
||||
The ARA service is already using this configuration file but you'll need to make sure Ansible is using it so that Ansible knows where ARA is located.
|
||||
|
||||
This can be done by exporting the ANSIBLE_CONFIG environment variable, like so:
|
||||
$ export ANSIBLE_CONFIG=/etc/ara/ara.cfg
|
||||
$ ansible-playbook playbook.yml
|
||||
|
||||
Data from recorded playbooks will be available in the interface as soon as you run your first ansible-playbook command.
|
||||
debug:
|
||||
msg: "{{ msg.split('\n') }}"
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
# We're setting ara.host to localhost, there's no point in making the web
|
||||
# application listen on 0.0.0.0 or other things since it'll be proxied by nginx
|
||||
- name: Override ARA host when reverse proxying
|
||||
vars:
|
||||
override:
|
||||
config:
|
||||
host: 127.0.0.1
|
||||
proxy_host: "{{ ara.config.host }}"
|
||||
proxy_port: 80
|
||||
set_fact:
|
||||
ara: "{{ ara | combine(override, recursive=true) }}"
|
||||
|
||||
- name: Install the embedded server service
|
||||
include_tasks: ../embedded/standalone.yml
|
||||
|
||||
- name: Set selinux boolean to allow nginx to reverse proxy
|
||||
become: yes
|
||||
seboolean:
|
||||
name: httpd_can_network_connect
|
||||
state: yes
|
||||
persistent: yes
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- name: Install nginx
|
||||
include_tasks: install.yml
|
||||
|
||||
- name: Set up the nginx configuration
|
||||
template:
|
||||
src: nginx_embedded_proxy.conf.j2
|
||||
dest: "{{ nginx_config_path }}/ara.conf"
|
||||
notify:
|
||||
- restart nginx
|
||||
|
||||
- name: Enable the nginx configuration on Debian-like systems
|
||||
file:
|
||||
src: "{{ nginx_config_path }}/ara.conf"
|
||||
dest: /etc/nginx/sites-enabled/ara.conf
|
||||
state: link
|
||||
when: ansible_os_family == 'Debian'
|
||||
notify:
|
||||
- restart nginx
|
|
@ -0,0 +1,46 @@
|
|||
# This is designed to be as little invasive as possible since the user might
|
||||
# already be installing and configuring nginx.
|
||||
|
||||
- when: ansible_os_family == 'RedHat'
|
||||
block:
|
||||
- name: Ensure EPEL is installed on RedHat distributions
|
||||
package:
|
||||
name: epel-release
|
||||
state: installed
|
||||
|
||||
- name: Ensure the EPEL repository is enabled
|
||||
ini_file:
|
||||
path: /etc/yum.repos.d/epel.repo
|
||||
section: epel
|
||||
option: enabled
|
||||
value: 1
|
||||
register: epel_state
|
||||
|
||||
- name: Install nginx
|
||||
package:
|
||||
name: nginx
|
||||
state: installed
|
||||
|
||||
# We don't want to leave EPEL enabled if it was disabled to begin with
|
||||
- name: Disable EPEL on Red Hat distributions if it was disabled
|
||||
ini_file:
|
||||
path: /etc/yum.repos.d/epel.repo
|
||||
section: epel
|
||||
option: enabled
|
||||
value: 0
|
||||
when:
|
||||
- ansible_os_family == 'RedHat'
|
||||
- epel_state is changed
|
||||
|
||||
- name: Ensure nginx is started and enabled
|
||||
service:
|
||||
name: nginx
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: Create the nginx cache directory
|
||||
file:
|
||||
path: "{{ ara.deployment.nginx.cache_directory }}"
|
||||
state: directory
|
||||
owner: "{{ nginx_user }}"
|
||||
group: "{{ nginx_group }}"
|
|
@ -0,0 +1,31 @@
|
|||
proxy_cache_path {{ ara.deployment.nginx.cache_directory }} levels=1:2
|
||||
keys_zone=ara:5m max_size=1g inactive=1d use_temp_path=off;
|
||||
|
||||
upstream ara {
|
||||
server {{ ara.config.host }}:{{ ara.config.port }};
|
||||
}
|
||||
|
||||
server {
|
||||
listen {{ ara.config.proxy_port }};
|
||||
server_name {{ ara.config.proxy_host }};
|
||||
access_log /var/log/nginx/ara_access.log;
|
||||
error_log /var/log/nginx/ara_error.log;
|
||||
|
||||
location {{ ara.config.application_root }} {
|
||||
# Define the location of the proxy server to send the request to
|
||||
proxy_pass http://ara;
|
||||
|
||||
# Redefine the header fields that NGINX sends to the upstream server
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
proxy_cache ara;
|
||||
proxy_cache_revalidate on;
|
||||
proxy_cache_valid any 15m;
|
||||
proxy_cache_min_uses 1;
|
||||
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
|
||||
proxy_cache_background_update on;
|
||||
proxy_cache_lock on;
|
||||
}
|
||||
}
|
|
@ -32,3 +32,7 @@ apache_user: www-data
|
|||
apache_group: www-data
|
||||
apache_log_path: /var/log/apache2
|
||||
apache_config_path: /etc/apache2/sites-available
|
||||
|
||||
nginx_user: www-data
|
||||
nginx_group: www-data
|
||||
nginx_config_path: /etc/nginx/sites-available
|
||||
|
|
|
@ -34,3 +34,7 @@ apache_user: apache
|
|||
apache_group: apache
|
||||
apache_log_path: /var/log/httpd
|
||||
apache_config_path: /etc/httpd/conf.d
|
||||
|
||||
nginx_user: nginx
|
||||
nginx_group: nginx
|
||||
nginx_config_path: /etc/nginx/conf.d
|
||||
|
|
Loading…
Reference in New Issue