From 75c76b16a486f5408f674af13861d02246f4a0ca Mon Sep 17 00:00:00 2001 From: Julien Palard Date: Thu, 30 Dec 2021 21:33:48 +0100 Subject: [PATCH] Make nginx listen on IPv6 (duplicate listen should not be usefull, but happen they are). --- README.md | 5 ++--- afpy.org.yml | 14 +++++++------- afpyro.afpy.org.yml | 4 ++-- autoconfig.yml | 4 ++-- dl.yml | 8 ++++---- logs.afpy.org.yml | 4 ++-- pycon.fr.yml | 30 +++++++++++++++--------------- pydocteur.afpy.org.yml | 4 ++-- roles/discourse/tasks/main.yml | 4 ++-- roles/nginx/defaults/main.yml | 4 ++-- site.yml | 9 --------- 11 files changed, 40 insertions(+), 50 deletions(-) delete mode 100644 site.yml diff --git a/README.md b/README.md index 72066fe..c3dd2f8 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,6 @@ On découpe nos *playbooks* Ansible par rôles : -- `site.yml`: Inclu tous les autres, pratique pour tout exécuter. - `pycon.yml`: Pour les pycon.fr - `backup.yml`: Configure rsnapshot pour sauvegarder nos serveurs. - ... @@ -12,11 +11,11 @@ En partant de là, on peut utiliser les commandes suivantes: Après avoir cloné ce repo, installé Ansible dans un venv, installez les roles nécessaires via : -- ansible-galaxy install -r requirements.yml +- ansible-galaxy install julienpalard.nginx tschifftner.exim4_sendonly Puis pour jouer les *playbooks* : -- Pour tout relancer : `ansible-playbook site.yml` +- Pour tout relancer : `ansible-parallel *.yml` - Pour configurer les PyCons : `ansible-playbook pycons.yml` diff --git a/afpy.org.yml b/afpy.org.yml index c05886b..9cd2392 100644 --- a/afpy.org.yml +++ b/afpy.org.yml @@ -40,7 +40,7 @@ nginx_conf: | server { - listen 80; + listen [::]:80; listen 80; server_name www.afpy.org afpy.org; access_log /var/log/nginx/afpy.org-access.log; error_log /var/log/nginx/afpy.org-error.log; @@ -49,7 +49,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name afpy.org; access_log /var/log/nginx/afpy.org-access.log; error_log /var/log/nginx/afpy.org-error.log; @@ -59,7 +59,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name www.afpy.org; access_log /var/log/nginx/afpy.org-access.log; error_log /var/log/nginx/afpy.org-error.log; @@ -190,7 +190,7 @@ nginx_conf: | server { - listen 80; + listen [::]:80; listen 80; server_name planet.afpy.org; access_log /var/log/nginx/planet.afpy.org-access.log; error_log /var/log/nginx/planet.afpy.org-error.log; @@ -199,7 +199,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name planet.afpy.org; access_log /var/log/nginx/planet.afpy.org-access.log; error_log /var/log/nginx/planet.afpy.org-error.log; @@ -233,7 +233,7 @@ nginx_conf: | server { - listen 80; + listen [::]:80; listen 80; server_name lists.afpy.org; access_log /var/log/nginx/lists.afpy.org-access.log; error_log /var/log/nginx/lists.afpy.org-error.log; @@ -242,7 +242,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name lists.afpy.org; access_log /var/log/nginx/lists.afpy.org-access.log; error_log /var/log/nginx/lists.afpy.org-error.log; diff --git a/afpyro.afpy.org.yml b/afpyro.afpy.org.yml index 76d7cfe..278fcd8 100644 --- a/afpyro.afpy.org.yml +++ b/afpyro.afpy.org.yml @@ -16,7 +16,7 @@ nginx_conf: | server { - listen 80; + listen [::]:80; listen 80; server_name afpyro.afpy.org; access_log /var/log/nginx/afpyro.afpy.org-access.log; error_log /var/log/nginx/afpyro.afpy.org-error.log; @@ -25,7 +25,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name afpyro.afpy.org; access_log /var/log/nginx/afpyro.afpy.org-access.log; error_log /var/log/nginx/afpyro.afpy.org-error.log; diff --git a/autoconfig.yml b/autoconfig.yml index 326cabb..92a248f 100644 --- a/autoconfig.yml +++ b/autoconfig.yml @@ -17,7 +17,7 @@ nginx_conf: | server { - listen 80; + listen [::]:80; listen 80; server_name autoconfig.afpy.org autoconfig.pycon.fr; access_log /var/log/nginx/autoconfig.afpy.org-access.log; error_log /var/log/nginx/autoconfig.afpy.org-error.log; @@ -26,7 +26,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name autoconfig.afpy.org autoconfig.pycon.fr; access_log /var/log/nginx/autoconfig.afpy.org-access.log; error_log /var/log/nginx/autoconfig.afpy.org-error.log; diff --git a/dl.yml b/dl.yml index 5ba2c9d..66e55d1 100644 --- a/dl.yml +++ b/dl.yml @@ -68,7 +68,7 @@ nginx_conf: | server { - listen 80; + listen [::]:80; listen 80; server_name dl.afpy.org; access_log /var/log/nginx/http-access.log; error_log /var/log/nginx/http-error.log; @@ -77,7 +77,7 @@ server { - listen 80; + listen [::]:80; listen 80; server_name videos-2015.pycon.fr; access_log /var/log/nginx/http-access.log; error_log /var/log/nginx/http-error.log; @@ -86,7 +86,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name videos-2015.pycon.fr; access_log /var/log/nginx/videos-2015.pycon.fr-access.log; error_log /var/log/nginx/videos-2015.pycon.fr-error.log; @@ -96,7 +96,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name dl.afpy.org; access_log /var/log/nginx/dl.afpy.org-access.log; error_log /var/log/nginx/dl.afpy.org-error.log; diff --git a/logs.afpy.org.yml b/logs.afpy.org.yml index d8f7614..e1c32ce 100644 --- a/logs.afpy.org.yml +++ b/logs.afpy.org.yml @@ -15,7 +15,7 @@ nginx_conf: | server { - listen 80; + listen [::]:80; listen 80; server_name logs.afpy.org; access_log /var/log/nginx/logs.afpy.org-access.log; error_log /var/log/nginx/logs.afpy.org-error.log; @@ -24,7 +24,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name logs.afpy.org; access_log /var/log/nginx/logs.afpy.org-access.log; error_log /var/log/nginx/logs.afpy.org-error.log; diff --git a/pycon.fr.yml b/pycon.fr.yml index d505601..8b69070 100644 --- a/pycon.fr.yml +++ b/pycon.fr.yml @@ -23,7 +23,7 @@ nginx_conf: | server { - listen 80; + listen [::]:80; listen 80; server_name .pycon.fr; access_log /var/log/nginx/pycon.fr-access.log; error_log /var/log/nginx/pycon.fr-error.log; @@ -32,7 +32,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name pycon.fr; access_log /var/log/nginx/pycon.fr-access.log; error_log /var/log/nginx/pycon.fr-error.log; @@ -42,7 +42,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name www.pycon.fr; access_log /var/log/nginx/pycon.fr-access.log; error_log /var/log/nginx/pycon.fr-error.log; @@ -64,7 +64,7 @@ nginx_conf: | server { - listen 80; + listen [::]:80; listen 80; server_name 2016.pycon.fr; access_log /var/log/nginx/2016.pycon.fr-access.log; error_log /var/log/nginx/2016.pycon.fr-error.log; @@ -73,7 +73,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name 2016.pycon.fr; access_log /var/log/nginx/2016.pycon.fr-access.log; error_log /var/log/nginx/2016.pycon.fr-error.log; @@ -90,7 +90,7 @@ nginx_conf: | server { - listen 80; + listen [::]:80; listen 80; server_name 2012.pycon.fr; access_log /var/log/nginx/2012.pycon.fr-access.log; error_log /var/log/nginx/2012.pycon.fr-error.log; @@ -99,7 +99,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name 2012.pycon.fr; access_log /var/log/nginx/2012.pycon.fr-access.log; error_log /var/log/nginx/2012.pycon.fr-error.log; @@ -115,7 +115,7 @@ nginx_conf: | server { - listen 80; + listen [::]:80; listen 80; server_name 2011.pycon.fr; access_log /var/log/nginx/2011.pycon.fr-access.log; error_log /var/log/nginx/2011.pycon.fr-error.log; @@ -124,7 +124,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name 2011.pycon.fr; access_log /var/log/nginx/2011.pycon.fr-access.log; error_log /var/log/nginx/2011.pycon.fr-error.log; @@ -140,7 +140,7 @@ nginx_conf: | server { - listen 80; + listen [::]:80; listen 80; server_name 2010.pycon.fr; access_log /var/log/nginx/2010.pycon.fr-access.log; error_log /var/log/nginx/2010.pycon.fr-error.log; @@ -149,7 +149,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name 2010.pycon.fr; access_log /var/log/nginx/2010.pycon.fr-access.log; error_log /var/log/nginx/2010.pycon.fr-error.log; @@ -167,7 +167,7 @@ nginx_conf: | server { - listen 80; + listen [::]:80; listen 80; server_name paullaroid.pycon.fr; access_log /var/log/nginx/paullaroid.pycon.fr-access.log; error_log /var/log/nginx/paullaroid.pycon.fr-error.log; @@ -177,7 +177,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; charset utf-8; server_name paullaroid.pycon.fr; access_log /var/log/nginx/paullaroid.pycon.fr-access.log; @@ -196,7 +196,7 @@ nginx_conf: | server { - listen 80; + listen [::]:80; listen 80; server_name fr.pycon.org; access_log /var/log/nginx/fr.pycon.org-access.log; error_log /var/log/nginx/fr.pycon.org-error.log; @@ -205,7 +205,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name fr.pycon.org; access_log /var/log/nginx/fr.pycon.org-access.log; error_log /var/log/nginx/fr.pycon.org-error.log; diff --git a/pydocteur.afpy.org.yml b/pydocteur.afpy.org.yml index 878b0bf..a542a2a 100644 --- a/pydocteur.afpy.org.yml +++ b/pydocteur.afpy.org.yml @@ -20,7 +20,7 @@ nginx_conf: | server { - listen 80; + listen [::]:80; listen 80; server_name pydocteur.afpy.org; access_log /var/log/nginx/pydocteur.afpy.org-access.log; error_log /var/log/nginx/pydocteur.afpy.org-error.log; @@ -29,7 +29,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name pydocteur.afpy.org; access_log /var/log/nginx/pydocteur.afpy.org-access.log; error_log /var/log/nginx/pydocteur.afpy.org-error.log; diff --git a/roles/discourse/tasks/main.yml b/roles/discourse/tasks/main.yml index ddfcdce..6ff9b82 100644 --- a/roles/discourse/tasks/main.yml +++ b/roles/discourse/tasks/main.yml @@ -13,7 +13,7 @@ nginx_conf: | server { - listen 80; + listen [::]:80; listen 80; server_name {{ discourse_domain }}; access_log /var/log/nginx/{{ discourse_domain }}-access.log; error_log /var/log/nginx/{{ discourse_domain }}-error.log; @@ -22,7 +22,7 @@ server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; server_name {{ discourse_domain }}; access_log /var/log/nginx/{{ discourse_domain }}-access.log; error_log /var/log/nginx/{{ discourse_domain }}-error.log; diff --git a/roles/nginx/defaults/main.yml b/roles/nginx/defaults/main.yml index 33c77e2..a53bab2 100644 --- a/roles/nginx/defaults/main.yml +++ b/roles/nginx/defaults/main.yml @@ -7,7 +7,7 @@ HSTS_header: 'Strict-Transport-Security "max-age=63072000; always"' nginx_conf: | server { - listen 80; + listen [::]:80; listen 80; server_name {{ nginx_domain }}; access_log /var/log/nginx/{{ nginx_domain }}-access.log; error_log /var/log/nginx/{{ nginx_domain }}-error.log; @@ -17,7 +17,7 @@ nginx_conf: | server { - listen 443 ssl; + listen [::]:443 ssl; listen 443 ssl; charset utf-8; server_name {{ nginx_domain }}; access_log /var/log/nginx/{{ nginx_domain }}-access.log; diff --git a/site.yml b/site.yml deleted file mode 100644 index 1581e61..0000000 --- a/site.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- - -- import_playbook: common.yml -- import_playbook: pycon.fr.yml -- import_playbook: afpy.org.yml -- import_playbook: logs.afpy.org.yml -- import_playbook: backup.yml -- import_playbook: autoconfig.yml -- import_playbook: alain.yml