subspace 0.4.5 → 0.4.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +2 -1
- data/ansible/roles/apache/tasks/main.yml +0 -3
- data/ansible/roles/collectd/tasks/main.yml +2 -2
- data/ansible/roles/letsencrypt/tasks/main.yml +2 -12
- data/ansible/roles/nginx-rails/tasks/main.yml +0 -4
- data/ansible/roles/nginx-rails/templates/_rails.conf +1 -0
- data/ansible/roles/nginx/tasks/main.yml +3 -4
- data/lib/subspace/version.rb +1 -1
- metadata +3 -4
- data/ansible/roles/letsencrypt/templates/project-le-ssl.conf +0 -31
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 97810da82feed7d91e5e2e6c4bceab27812c3217
|
|
4
|
+
data.tar.gz: 389446d27e1246762e691ca5582879577a4218a9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 88dc66c1cfe739d3d6cc2ff7049fa74dac314d8af1f2e2599ec576c70d075189d63b07be321e9c6a013873263dd85750fa1daed33a82a36b7752c7af1dfe7e9d
|
|
7
|
+
data.tar.gz: bc0e6a036626de95bc4519890e562a499732780581f7cf73dddac58f8601be84b0eed8b8d93b3e0f8ea8e50ef0b993111670fc886f9b9ae9dc965e5add2e71b2
|
data/README.md
CHANGED
|
@@ -167,7 +167,8 @@ If you'd like more control over the certs created, you can define the variables
|
|
|
167
167
|
domains:
|
|
168
168
|
- othersite.example.com
|
|
169
169
|
|
|
170
|
-
Note that this role needs to be
|
|
170
|
+
Note that this role needs to be included _before_ the webserver (apache or
|
|
171
|
+
nginx) role
|
|
171
172
|
|
|
172
173
|
## logrotate
|
|
173
174
|
|
|
@@ -47,7 +47,7 @@
|
|
|
47
47
|
dest: /etc/collectd/collectd.conf.d/apache2.conf
|
|
48
48
|
sudo: true
|
|
49
49
|
notify: restart collectd
|
|
50
|
-
when:
|
|
50
|
+
when: "'apache' in role_names"
|
|
51
51
|
|
|
52
52
|
- name: create puma config
|
|
53
53
|
template:
|
|
@@ -63,7 +63,7 @@
|
|
|
63
63
|
dest: /etc/collectd/collectd.conf.d/nginx.conf
|
|
64
64
|
sudo: true
|
|
65
65
|
notify: restart collectd
|
|
66
|
-
when:
|
|
66
|
+
when: "'nginx' in role_names"
|
|
67
67
|
|
|
68
68
|
- name: create rails_lograge config
|
|
69
69
|
template:
|
|
@@ -59,27 +59,17 @@
|
|
|
59
59
|
command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{item.domains | join(',')}} --cert-name {{item.cert_name}} --standalone --agree-tos --expand --non-interactive"
|
|
60
60
|
|
|
61
61
|
- name: Update nginx default options
|
|
62
|
-
when:
|
|
62
|
+
when: "'nginx' in role_names"
|
|
63
63
|
get_url:
|
|
64
64
|
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf
|
|
65
65
|
dest: /etc/letsencrypt/options-ssl-nginx.conf
|
|
66
66
|
|
|
67
67
|
- name: Update apache default options
|
|
68
|
-
when:
|
|
68
|
+
when: "'apache' in role_names"
|
|
69
69
|
get_url:
|
|
70
70
|
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-apache/certbot_apache/options-ssl-apache.conf
|
|
71
71
|
dest: /etc/letsencrypt/options-ssl-apache.conf
|
|
72
72
|
|
|
73
|
-
- name: "Re-run apache rails_project to get SSL configuration"
|
|
74
|
-
when: apache2_installed is defined
|
|
75
|
-
include_role:
|
|
76
|
-
name: apache-rails
|
|
77
|
-
|
|
78
|
-
- name: "Re-run nginx rails_project to get SSL configuration"
|
|
79
|
-
when: nginx_installed is defined
|
|
80
|
-
include_role:
|
|
81
|
-
name: nginx-rails
|
|
82
|
-
|
|
83
73
|
- name: start webserver after standalone mode
|
|
84
74
|
debug: msg="Startup webserver"
|
|
85
75
|
notify: start webserver
|
|
@@ -5,6 +5,7 @@ location @app {
|
|
|
5
5
|
proxy_pass http://app;
|
|
6
6
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
7
7
|
proxy_set_header Host $http_host;
|
|
8
|
+
proxy_set_header X-Forwarded-Proto $scheme;
|
|
8
9
|
# pass the upgrade headers so websockets work
|
|
9
10
|
proxy_set_header Upgrade $http_upgrade;
|
|
10
11
|
proxy_set_header Connection "upgrade";
|
|
@@ -1,12 +1,11 @@
|
|
|
1
|
-
- set_fact:
|
|
2
|
-
nginx_installed: true
|
|
3
|
-
|
|
4
1
|
- name: Install nginx
|
|
5
2
|
apt: pkg=nginx state=latest
|
|
6
3
|
become: true
|
|
7
4
|
|
|
8
5
|
- name: Remove the default app
|
|
9
|
-
|
|
6
|
+
file:
|
|
7
|
+
path: /etc/nginx/sites-enabled/default
|
|
8
|
+
state: absent
|
|
10
9
|
become: true
|
|
11
10
|
|
|
12
11
|
- name: "Configure rails projects"
|
data/lib/subspace/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: subspace
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.4.
|
|
4
|
+
version: 0.4.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Brian Samson
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-09-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -135,7 +135,6 @@ files:
|
|
|
135
135
|
- ansible/roles/delayed_job/templates/delayed-job-monit-rc
|
|
136
136
|
- ansible/roles/letsencrypt/defaults/main.yml
|
|
137
137
|
- ansible/roles/letsencrypt/tasks/main.yml
|
|
138
|
-
- ansible/roles/letsencrypt/templates/project-le-ssl.conf
|
|
139
138
|
- ansible/roles/logrotate/LICENSE
|
|
140
139
|
- ansible/roles/logrotate/README.md
|
|
141
140
|
- ansible/roles/logrotate/defaults/main.yml
|
|
@@ -289,7 +288,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
289
288
|
version: '0'
|
|
290
289
|
requirements: []
|
|
291
290
|
rubyforge_project:
|
|
292
|
-
rubygems_version: 2.
|
|
291
|
+
rubygems_version: 2.6.13
|
|
293
292
|
signing_key:
|
|
294
293
|
specification_version: 4
|
|
295
294
|
summary: Ansible-based server provisioning for rails projects
|
|
@@ -1,31 +0,0 @@
|
|
|
1
|
-
<IfModule mod_ssl.c>
|
|
2
|
-
<VirtualHost *:443>
|
|
3
|
-
ServerName {{server_name}}
|
|
4
|
-
{% for alias in server_aliases %}
|
|
5
|
-
ServerAlias {{alias}}
|
|
6
|
-
{% endfor %}
|
|
7
|
-
RailsEnv {{rails_env}}
|
|
8
|
-
# !!! Be sure to point DocumentRoot to 'public'!
|
|
9
|
-
DocumentRoot /u/apps/{{project_name}}/current/public
|
|
10
|
-
<Directory /u/apps/{{project_name}}/current/public>
|
|
11
|
-
# This relaxes Apache security settings.
|
|
12
|
-
AllowOverride all
|
|
13
|
-
# MultiViews must be turned off.
|
|
14
|
-
Options -MultiViews
|
|
15
|
-
# Uncomment this if you're on Apache >= 2.4:
|
|
16
|
-
Require all granted
|
|
17
|
-
</Directory>
|
|
18
|
-
<Location /assets/>
|
|
19
|
-
# Use of ETag is discouraged when Last-Modified is present
|
|
20
|
-
Header unset ETag
|
|
21
|
-
FileETag None
|
|
22
|
-
# RFC says only cache for 1 year
|
|
23
|
-
ExpiresActive On
|
|
24
|
-
ExpiresDefault "access plus 1 year"
|
|
25
|
-
</Location>
|
|
26
|
-
SSLCertificateFile /etc/letsencrypt/live/{{server_name}}/cert.pem
|
|
27
|
-
SSLCertificateKeyFile /etc/letsencrypt/live/{{server_name}}/privkey.pem
|
|
28
|
-
Include /etc/letsencrypt/options-ssl-apache.conf
|
|
29
|
-
SSLCertificateChainFile /etc/letsencrypt/live/{{server_name}}/chain.pem
|
|
30
|
-
</VirtualHost>
|
|
31
|
-
</IfModule>
|