mdk
/
infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Unify nginx logs for readability of the directory.

This commit is contained in:
Julien Palard 2022-11-30 23:31:25 +01:00
parent 562ca983f6
commit b172b60e93
Signed by: mdk
GPG Key ID: 0EFC1AC1006886F8
5 changed files with 116 additions and 112 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
mdk.fr.yml Normal file
View File

@ -0,0 +1,96 @@
---
- hosts: mdk
vars:
letsencrypt_email: julien@palard.fr
tasks:
- name: Setup mdk.fr
include_role: name=nginx
vars:
nginx_domain: mdk.fr
nginx_certificates: [mdk.fr, www.mdk.fr, julien.palard.fr, mandark.fr, sizeof.fr, www.mandark.fr, www.sizeof.fr]
nginx_owner: mdk_fr
nginx_path: /var/www/mdk.fr/
nginx_public_deploy_key: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/8I1ecV8EutLc+Qx6Q8b2RhzXMl9n23LznNlw+MQtM mdk.fr
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETtLGjVKqpQ4bQRh108Bi5vkc8omuEwZPEUbeysLfci formations
nginx_conf: |
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header X-Frame-Options "DENY";
server
{
listen 80;
server_name julien.palard.fr sizeof.fr www.sizeof.fr;
return 301 https://mdk.fr;
}
server
{
listen 80;
server_name mdk.fr www.mdk.fr mandark.fr www.mandark.fr;
return 301 https://mdk.fr$request_uri;
}
server
{
listen 443 ssl;
server_name julien.palard.fr sizeof.fr www.sizeof.fr;
include snippets/letsencrypt-mdk.fr.conf;
add_header X-Frame-Options "DENY";
return 301 https://mdk.fr;
}
server
{
listen 443 ssl;
server_name www.mdk.fr mandark.fr www.mandark.fr;
include snippets/letsencrypt-mdk.fr.conf;
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header X-Frame-Options "DENY";
return 301 https://mdk.fr$request_uri;
}
server
{
listen 443 ssl;
charset utf-8;
server_name mdk.fr;
include snippets/letsencrypt-mdk.fr.conf;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;";
add_header X-Frame-Options "DENY";
location /noindex/ {
autoindex off;
}
location /index/ {
autoindex on;
}
root /var/www/mdk.fr/;
index index.html;
}
- name: Keep nginx logs longer
copy:
dest: /etc/logrotate.d/nginx
content: |
/var/log/nginx/*.log {
size 10M
missingok
rotate 99
compress
delaycompress
notifempty
create 0640 www-data adm
sharedscripts
prerotate
if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
run-parts /etc/logrotate.d/httpd-prerotate; \
fi \
endscript
postrotate
invoke-rc.d nginx rotate >/dev/null 2>&1
endscript
}

4
roles/nginx/defaults/main.yml
View File

@ -9,8 +9,6 @@ nginx_conf: |
{
listen [::]:80; listen 80;
server_name {{ nginx_domain }};
access_log /var/log/nginx/{{ nginx_domain }}-access.log;
error_log /var/log/nginx/{{ nginx_domain }}-error.log;
return 301 https://$host$request_uri;
}
@ -20,8 +18,6 @@ nginx_conf: |
listen [::]:443 ssl; listen 443 ssl;
charset utf-8;
server_name {{ nginx_domain }};
access_log /var/log/nginx/{{ nginx_domain }}-access.log;
error_log /var/log/nginx/{{ nginx_domain }}-error.log;
include snippets/letsencrypt-{{ nginx_domain }}.conf;
root {{ nginx_path }};

20
roles/nginx/tasks/main.yml
View File

@ -71,6 +71,26 @@
- nginx
- ca-certificates
- name: Setup custom log format
copy:
dest: /etc/nginx/conf.d/logging.conf
owner: root
group: root
mode: 0644
content: |
log_format custom '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log custom;
error_log /var/log/nginx/error.log;
- name: Hide logging setup from nginx.conf
lineinfile:
regex: _log
state: absent
path: /etc/nginx/nginx.conf
backup: true
- name: Ensure certbot is not installed from Debian packages
package:
state: absent

4
roles/pasteque/templates/nginx.conf
View File

@ -2,8 +2,6 @@ server
{
listen 80;
server_name .{{ domain }};
access_log /var/log/nginx/{{ domain }}-access.log;
error_log /var/log/nginx/{{ domain }}-error.log;
return 301 https://$host$request_uri;
}
@ -11,8 +9,6 @@ server
{
listen 443 ssl;
server_name .{{ domain }};
access_log /var/log/nginx/{{ domain }}-access.log;
error_log /var/log/nginx/{{ domain }}-error.log;
include snippets/letsencrypt-{{ domain }}.conf;
add_header Content-Security-Policy "default-src 'self' code.jquery.com cdnjs.cloudflare.com stackpath.bootstrapcdn.com";

104
static_websites.yml
View File

@ -4,85 +4,6 @@
vars:
letsencrypt_email: julien@palard.fr
tasks:
- name: Setup mdk.fr
include_role: name=nginx
vars:
nginx_domain: mdk.fr
nginx_certificates: [mdk.fr, www.mdk.fr, julien.palard.fr, mandark.fr, sizeof.fr, www.mandark.fr, www.sizeof.fr]
nginx_owner: mdk_fr
nginx_path: /var/www/mdk.fr/
nginx_public_deploy_key: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/8I1ecV8EutLc+Qx6Q8b2RhzXMl9n23LznNlw+MQtM mdk.fr
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETtLGjVKqpQ4bQRh108Bi5vkc8omuEwZPEUbeysLfci formations
nginx_conf: |
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header X-Frame-Options "DENY";
server
{
listen 80;
server_name julien.palard.fr sizeof.fr www.sizeof.fr;
access_log /var/log/nginx/redirects-access.log;
error_log /var/log/nginx/redirects-error.log;
return 301 https://mdk.fr;
}
server
{
listen 80;
server_name mdk.fr www.mdk.fr mandark.fr www.mandark.fr;
access_log /var/log/nginx/redirects-access.log;
error_log /var/log/nginx/redirects-error.log;
return 301 https://mdk.fr$request_uri;
}
server
{
listen 443 ssl;
server_name julien.palard.fr sizeof.fr www.sizeof.fr;
access_log /var/log/nginx/redirects-access.log;
error_log /var/log/nginx/redirects-error.log;
include snippets/letsencrypt-mdk.fr.conf;
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header X-Frame-Options "DENY";
return 301 https://mdk.fr;
}
server
{
listen 443 ssl;
server_name www.mdk.fr mandark.fr www.mandark.fr;
access_log /var/log/nginx/redirects-access.log;
error_log /var/log/nginx/redirects-error.log;
include snippets/letsencrypt-mdk.fr.conf;
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header X-Frame-Options "DENY";
return 301 https://mdk.fr$request_uri;
}
server
{
listen 443 ssl;
charset utf-8;
server_name mdk.fr;
access_log /var/log/nginx/mdk.fr-access.log;
error_log /var/log/nginx/mdk.fr-error.log;
include snippets/letsencrypt-mdk.fr.conf;
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header X-Frame-Options "DENY";
location /noindex/ {
autoindex off;
}
location /index/ {
autoindex on;
}
root /var/www/mdk.fr/;
index index.html;
}
- name: Setup palard.fr
include_role: name=nginx
vars:
@ -93,8 +14,6 @@
{
listen 80;
server_name palard.fr www.palard.fr;
access_log /var/log/nginx/palard.fr-access.log;
error_log /var/log/nginx/palard.fr-error.log;
return 301 https://$host$request_uri;
}
@ -103,8 +22,6 @@
listen 443 ssl;
charset utf-8;
server_name palard.fr www.palard.fr;
access_log /var/log/nginx/palard.fr-access.log;
error_log /var/log/nginx/palard.fr-error.log;
include snippets/letsencrypt-palard.fr.conf;
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header X-Frame-Options "DENY";
@ -176,8 +93,6 @@
{
listen 80;
server_name le-poitevin.fr;
access_log /var/log/nginx/le-poitevin.fr-access.log;
error_log /var/log/nginx/le-poitevin.fr-error.log;
return 301 https://$host$request_uri;
}
@ -185,8 +100,6 @@
{
listen 80;
server_name www.le-poitevin.fr;
access_log /var/log/nginx/le-poitevin.fr-access.log;
error_log /var/log/nginx/le-poitevin.fr-error.log;
return 301 https://le-poitevin.fr$request_uri;
}
@ -194,8 +107,6 @@
{
listen 443 ssl;
server_name le-poitevin.fr;
access_log /var/log/nginx/le-poitevin.fr-access.log;
error_log /var/log/nginx/le-poitevin.fr-error.log;
include snippets/letsencrypt-le-poitevin.fr.conf;
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header X-Frame-Options "DENY";
@ -207,8 +118,6 @@
{
listen 443 ssl;
server_name www.le-poitevin.fr;
access_log /var/log/nginx/le-poitevin.fr-access.log;
error_log /var/log/nginx/le-poitevin.fr-error.log;
include snippets/letsencrypt-le-poitevin.fr.conf;
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header X-Frame-Options "DENY";
@ -229,9 +138,6 @@
{
listen 80;
server_name codeenseine.fr;
access_log /var/log/nginx/codeenseine.fr-access.log;
error_log /var/log/nginx/codeenseine.fr-error.log;
return 301 https://$host$request_uri;
}
@ -240,8 +146,6 @@
listen 443 ssl;
charset utf-8;
server_name codeenseine.fr;
access_log /var/log/nginx/codeenseine.fr-access.log;
error_log /var/log/nginx/codeenseine.fr-error.log;
include snippets/letsencrypt-codeenseine.fr.conf;
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header X-Frame-Options "DENY";
@ -254,8 +158,6 @@
{
listen 80;
server_name www.codeenseine.fr;
access_log /var/log/nginx/codeenseine.fr-access.log;
error_log /var/log/nginx/codeenseine.fr-error.log;
return 301 https://codeenseine.fr$request_uri;
}
@ -263,8 +165,6 @@
{
listen 443 ssl;
server_name www.codeenseine.fr;
access_log /var/log/nginx/codeenseine.fr-access.log;
error_log /var/log/nginx/codeenseine.fr-error.log;
include snippets/letsencrypt-codeenseine.fr.conf;
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header X-Frame-Options "DENY";
@ -282,8 +182,6 @@
{
listen 80;
server_name matrix.palard.fr;
access_log /var/log/nginx/matrix.palard.fr-access.log;
error_log /var/log/nginx/matrix.palard.fr-error.log;
return 301 https://$host$request_uri;
}
@ -291,8 +189,6 @@
{
listen 443 ssl;
server_name matrix.palard.fr;
access_log /var/log/nginx/matrix.palard.fr-access.log;
error_log /var/log/nginx/matrix.palard.fr-error.log;
include snippets/letsencrypt-matrix.palard.fr.conf;
add_header Content-Security-Policy "frame-ancestors 'none'";
add_header X-Frame-Options "DENY";