subspace 0.4.5 → 0.4.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +2 -1
- data/ansible/roles/apache/tasks/main.yml +0 -3
- data/ansible/roles/collectd/tasks/main.yml +2 -2
- data/ansible/roles/letsencrypt/tasks/main.yml +2 -12
- data/ansible/roles/nginx-rails/tasks/main.yml +0 -4
- data/ansible/roles/nginx-rails/templates/_rails.conf +1 -0
- data/ansible/roles/nginx/tasks/main.yml +3 -4
- data/lib/subspace/version.rb +1 -1
- metadata +3 -4
- data/ansible/roles/letsencrypt/templates/project-le-ssl.conf +0 -31
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 97810da82feed7d91e5e2e6c4bceab27812c3217
|
4
|
+
data.tar.gz: 389446d27e1246762e691ca5582879577a4218a9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 88dc66c1cfe739d3d6cc2ff7049fa74dac314d8af1f2e2599ec576c70d075189d63b07be321e9c6a013873263dd85750fa1daed33a82a36b7752c7af1dfe7e9d
|
7
|
+
data.tar.gz: bc0e6a036626de95bc4519890e562a499732780581f7cf73dddac58f8601be84b0eed8b8d93b3e0f8ea8e50ef0b993111670fc886f9b9ae9dc965e5add2e71b2
|
data/README.md
CHANGED
@@ -167,7 +167,8 @@ If you'd like more control over the certs created, you can define the variables
|
|
167
167
|
domains:
|
168
168
|
- othersite.example.com
|
169
169
|
|
170
|
-
Note that this role needs to be
|
170
|
+
Note that this role needs to be included _before_ the webserver (apache or
|
171
|
+
nginx) role
|
171
172
|
|
172
173
|
## logrotate
|
173
174
|
|
@@ -47,7 +47,7 @@
|
|
47
47
|
dest: /etc/collectd/collectd.conf.d/apache2.conf
|
48
48
|
sudo: true
|
49
49
|
notify: restart collectd
|
50
|
-
when:
|
50
|
+
when: "'apache' in role_names"
|
51
51
|
|
52
52
|
- name: create puma config
|
53
53
|
template:
|
@@ -63,7 +63,7 @@
|
|
63
63
|
dest: /etc/collectd/collectd.conf.d/nginx.conf
|
64
64
|
sudo: true
|
65
65
|
notify: restart collectd
|
66
|
-
when:
|
66
|
+
when: "'nginx' in role_names"
|
67
67
|
|
68
68
|
- name: create rails_lograge config
|
69
69
|
template:
|
@@ -59,27 +59,17 @@
|
|
59
59
|
command: "{{certbot_dir}}/certbot-auto certonly --email {{letsencrypt_email}} --domains {{item.domains | join(',')}} --cert-name {{item.cert_name}} --standalone --agree-tos --expand --non-interactive"
|
60
60
|
|
61
61
|
- name: Update nginx default options
|
62
|
-
when:
|
62
|
+
when: "'nginx' in role_names"
|
63
63
|
get_url:
|
64
64
|
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf
|
65
65
|
dest: /etc/letsencrypt/options-ssl-nginx.conf
|
66
66
|
|
67
67
|
- name: Update apache default options
|
68
|
-
when:
|
68
|
+
when: "'apache' in role_names"
|
69
69
|
get_url:
|
70
70
|
url: https://raw.githubusercontent.com/certbot/certbot/master/certbot-apache/certbot_apache/options-ssl-apache.conf
|
71
71
|
dest: /etc/letsencrypt/options-ssl-apache.conf
|
72
72
|
|
73
|
-
- name: "Re-run apache rails_project to get SSL configuration"
|
74
|
-
when: apache2_installed is defined
|
75
|
-
include_role:
|
76
|
-
name: apache-rails
|
77
|
-
|
78
|
-
- name: "Re-run nginx rails_project to get SSL configuration"
|
79
|
-
when: nginx_installed is defined
|
80
|
-
include_role:
|
81
|
-
name: nginx-rails
|
82
|
-
|
83
73
|
- name: start webserver after standalone mode
|
84
74
|
debug: msg="Startup webserver"
|
85
75
|
notify: start webserver
|
@@ -5,6 +5,7 @@ location @app {
|
|
5
5
|
proxy_pass http://app;
|
6
6
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
7
7
|
proxy_set_header Host $http_host;
|
8
|
+
proxy_set_header X-Forwarded-Proto $scheme;
|
8
9
|
# pass the upgrade headers so websockets work
|
9
10
|
proxy_set_header Upgrade $http_upgrade;
|
10
11
|
proxy_set_header Connection "upgrade";
|
@@ -1,12 +1,11 @@
|
|
1
|
-
- set_fact:
|
2
|
-
nginx_installed: true
|
3
|
-
|
4
1
|
- name: Install nginx
|
5
2
|
apt: pkg=nginx state=latest
|
6
3
|
become: true
|
7
4
|
|
8
5
|
- name: Remove the default app
|
9
|
-
|
6
|
+
file:
|
7
|
+
path: /etc/nginx/sites-enabled/default
|
8
|
+
state: absent
|
10
9
|
become: true
|
11
10
|
|
12
11
|
- name: "Configure rails projects"
|
data/lib/subspace/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: subspace
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.4.
|
4
|
+
version: 0.4.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Brian Samson
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-
|
11
|
+
date: 2017-09-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -135,7 +135,6 @@ files:
|
|
135
135
|
- ansible/roles/delayed_job/templates/delayed-job-monit-rc
|
136
136
|
- ansible/roles/letsencrypt/defaults/main.yml
|
137
137
|
- ansible/roles/letsencrypt/tasks/main.yml
|
138
|
-
- ansible/roles/letsencrypt/templates/project-le-ssl.conf
|
139
138
|
- ansible/roles/logrotate/LICENSE
|
140
139
|
- ansible/roles/logrotate/README.md
|
141
140
|
- ansible/roles/logrotate/defaults/main.yml
|
@@ -289,7 +288,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
289
288
|
version: '0'
|
290
289
|
requirements: []
|
291
290
|
rubyforge_project:
|
292
|
-
rubygems_version: 2.
|
291
|
+
rubygems_version: 2.6.13
|
293
292
|
signing_key:
|
294
293
|
specification_version: 4
|
295
294
|
summary: Ansible-based server provisioning for rails projects
|
@@ -1,31 +0,0 @@
|
|
1
|
-
<IfModule mod_ssl.c>
|
2
|
-
<VirtualHost *:443>
|
3
|
-
ServerName {{server_name}}
|
4
|
-
{% for alias in server_aliases %}
|
5
|
-
ServerAlias {{alias}}
|
6
|
-
{% endfor %}
|
7
|
-
RailsEnv {{rails_env}}
|
8
|
-
# !!! Be sure to point DocumentRoot to 'public'!
|
9
|
-
DocumentRoot /u/apps/{{project_name}}/current/public
|
10
|
-
<Directory /u/apps/{{project_name}}/current/public>
|
11
|
-
# This relaxes Apache security settings.
|
12
|
-
AllowOverride all
|
13
|
-
# MultiViews must be turned off.
|
14
|
-
Options -MultiViews
|
15
|
-
# Uncomment this if you're on Apache >= 2.4:
|
16
|
-
Require all granted
|
17
|
-
</Directory>
|
18
|
-
<Location /assets/>
|
19
|
-
# Use of ETag is discouraged when Last-Modified is present
|
20
|
-
Header unset ETag
|
21
|
-
FileETag None
|
22
|
-
# RFC says only cache for 1 year
|
23
|
-
ExpiresActive On
|
24
|
-
ExpiresDefault "access plus 1 year"
|
25
|
-
</Location>
|
26
|
-
SSLCertificateFile /etc/letsencrypt/live/{{server_name}}/cert.pem
|
27
|
-
SSLCertificateKeyFile /etc/letsencrypt/live/{{server_name}}/privkey.pem
|
28
|
-
Include /etc/letsencrypt/options-ssl-apache.conf
|
29
|
-
SSLCertificateChainFile /etc/letsencrypt/live/{{server_name}}/chain.pem
|
30
|
-
</VirtualHost>
|
31
|
-
</IfModule>
|