summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2023-08-14 22:11:11 +0200
committerChristian Pointner <equinox@spreadspace.org>2023-08-20 22:12:03 +0200
commita3ab64f6a262e3bd0da4435729c2e6f9013aad5d (patch)
tree3bb91a533fb2ea1c51b9930becc4f0ab73035478
parentmonitoring/landingpage: fix tls config and make config changable (diff)
gitolite/http: use generic template for vhost
Diffstat
-rw-r--r--roles/gitolite/http/tasks/main.yml49
-rw-r--r--roles/gitolite/http/templates/nginx-vhost.conf.j272
-rw-r--r--roles/nginx/vhost/defaults/main.yml11
-rw-r--r--roles/nginx/vhost/templates/generic.conf.j222
4 files changed, 81 insertions, 73 deletions
diff --git a/roles/gitolite/http/tasks/main.yml b/roles/gitolite/http/tasks/main.yml
index 1006283a..fdc86d66 100644
--- a/roles/gitolite/http/tasks/main.yml
+++ b/roles/gitolite/http/tasks/main.yml
@@ -50,13 +50,60 @@
src: "{{ gitolite_instances[gitolite_instance].http.logo }}"
dest: "/usr/local/share/cgit/{{ gitolite_instance }}.png"
+ - name: compute nginx location directive for logo
+ set_fact:
+ nginx_locations_logo:
+ '= /logo.png':
+ alias: "/usr/local/share/cgit/{{ gitolite_instance }}.png"
+
+- name: compute nginx locations directives
+ set_fact:
+ nginx_locations_base:
+ '= /':
+ return: "303 /cgit/"
+ '/cgit-css/':
+ alias: "/usr/share/cgit/"
+ nginx_locations_main:
+ '/cgit/':
+ custom: |-
+ include fastcgi_params;
+ fastcgi_split_path_info ^(/cgit)(.*)$;
+
+ fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
+ fastcgi_param PATH_INFO $fastcgi_path_info;
+ fastcgi_param QUERY_STRING $args;
+ fastcgi_param HTTP_HOST $server_name;
+ fastcgi_param CGIT_CONFIG {{ gitolite_base_path }}/{{ gitolite_instance }}/cgitrc;
+
+ fastcgi_pass unix:/run/fcgiwrap/gitolite-{{ gitolite_instance }}.sock;
+
+- name: compute nginx location directive for git_backend
+ when: "'enable_git_backend' in gitolite_instances[gitolite_instance].http and gitolite_instances[gitolite_instance].http.enable_git_backend"
+ set_fact:
+ nginx_locations_git_backend:
+ '~ ^.*/git-receive-pack$':
+ return: "403"
+ '~ ^.*/(HEAD|info/refs|objects/(info/.*|[0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))|git-upload-pack)$':
+ custom: |-
+ include fastcgi_params;
+
+ fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
+ fastcgi_param PATH_INFO $uri;
+ fastcgi_param GIT_PROJECT_ROOT {{ gitolite_base_path }}/{{ gitolite_instance }}/repositories;
+
+ fastcgi_pass unix:/run/fcgiwrap/gitolite-{{ gitolite_instance }}.sock;
+
- name: install nginx vhost
vars:
nginx_vhost:
name: "gitolite-{{ gitolite_instance }}"
+ template: generic
tls:
certificate_provider: "{{ acme_client }}"
hostnames: "{{ gitolite_instances[gitolite_instance].http.hostnames }}"
- content: "{{ lookup('template', 'nginx-vhost.conf.j2') }}"
+ logs:
+ access: "/var/log/nginx/git-{{ gitolite_instance }}_access.log"
+ error: "/var/log/nginx/git-{{ gitolite_instance }}_error.log"
+ locations: "{{ nginx_locations_base | combine(nginx_locations_logo | default({})) | combine(nginx_locations_main) | combine(nginx_locations_git_backend | default({})) }}"
include_role:
name: nginx/vhost
diff --git a/roles/gitolite/http/templates/nginx-vhost.conf.j2 b/roles/gitolite/http/templates/nginx-vhost.conf.j2
deleted file mode 100644
index f656d48f..00000000
--- a/roles/gitolite/http/templates/nginx-vhost.conf.j2
+++ /dev/null
@@ -1,72 +0,0 @@
- server {
- listen 80;
- listen [::]:80;
- server_name {{ gitolite_instances[gitolite_instance].http.hostnames | join(' ') }};
-
- access_log /var/log/nginx/git-{{ gitolite_instance }}_access.log;
- error_log /var/log/nginx/git-{{ gitolite_instance }}_error.log;
-
- include snippets/{{ acme_client }}.conf;
-
- location / {
- return 301 https://$host$request_uri;
- }
-}
-
-server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
- server_name {{ gitolite_instances[gitolite_instance].http.hostnames | join(' ') }};
-
- access_log /var/log/nginx/git-{{ gitolite_instance }}_access.log;
- error_log /var/log/nginx/git-{{ gitolite_instance }}_error.log;
-
- include snippets/{{ acme_client }}.conf;
- include snippets/tls.conf;
- ssl_certificate {{ x509_certificate_path_fullchain }};
- ssl_certificate_key {{ x509_certificate_path_key }};
- include snippets/hsts.conf;
-
- location = / {
- return 303 /cgit/;
- }
-
- location /cgit-css/ {
- alias /usr/share/cgit/;
- }
-{% if 'logo' in gitolite_instances[gitolite_instance].http %}
-
- location = /logo.png {
- alias /usr/local/share/cgit/{{ gitolite_instance }}.png;
- }
-{% endif %}
-
- location /cgit/ {
- include fastcgi_params;
- fastcgi_split_path_info ^(/cgit)(.*)$;
-
- fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param QUERY_STRING $args;
- fastcgi_param HTTP_HOST $server_name;
- fastcgi_param CGIT_CONFIG {{ gitolite_base_path }}/{{ gitolite_instance }}/cgitrc;
-
- fastcgi_pass unix:/run/fcgiwrap/gitolite-{{ gitolite_instance }}.sock;
- }
-{% if 'enable_git_backend' in gitolite_instances[gitolite_instance].http and gitolite_instances[gitolite_instance].http.enable_git_backend %}
-
- location ~ ^.*/git-receive-pack$ {
- return 403;
- }
-
- location ~ ^.*/(HEAD|info/refs|objects/(info/.*|[0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))|git-upload-pack)$ {
- include fastcgi_params;
-
- fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend;
- fastcgi_param PATH_INFO $uri;
- fastcgi_param GIT_PROJECT_ROOT {{ gitolite_base_path }}/{{ gitolite_instance }}/repositories;
-
- fastcgi_pass unix:/run/fcgiwrap/gitolite-{{ gitolite_instance }}.sock;
- }
-{% endif %}
-}
diff --git a/roles/nginx/vhost/defaults/main.yml b/roles/nginx/vhost/defaults/main.yml
index 5984e623..1447fb14 100644
--- a/roles/nginx/vhost/defaults/main.yml
+++ b/roles/nginx/vhost/defaults/main.yml
@@ -8,6 +8,9 @@
# hostnames:
# - example.com
# - www.example.com
+# logs:
+# access: /var/log/nginx/example_access.log
+# error: /var/log/nginx/example_error.log
# extra_directives: |-
# add_header X-Example-Header "foo";
# locations:
@@ -45,8 +48,16 @@
# add_header X-Example-Header "foo";
# '/subdir/':
# alias: /srv/www/foo
+# '/private/':
+# return: "403"
# '/foo/':
# proxy_pass: http://127.0.0.1:1234
+# '/custom/':
+# custom: |-
+# include fastcgi_params;
+# fastcgi_param SCRIPT_FILENAME /usr/lib/cgi/foo
+# fastcgi_param PATH_INFO $uri;
+# fastcgi_pass unix:/run/fcgiwrap/foo.sock;
# nginx_vhost:
# name: other-example
diff --git a/roles/nginx/vhost/templates/generic.conf.j2 b/roles/nginx/vhost/templates/generic.conf.j2
index 434fa679..f87d029d 100644
--- a/roles/nginx/vhost/templates/generic.conf.j2
+++ b/roles/nginx/vhost/templates/generic.conf.j2
@@ -3,6 +3,15 @@ server {
listen [::]:80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
server_name {{ nginx_vhost.hostnames | join(' ') }};
+{% if 'logs' in nginx_vhost %}
+{% if 'access' in nginx_vhost.logs %}
+ access_log {{ nginx_vhost.logs.access }};
+{% endif %}
+{% if 'error' in nginx_vhost.logs %}
+ error_log {{ nginx_vhost.logs.error }};
+{% endif %}
+
+{% endif %}
{% if 'tls' in nginx_vhost %}
{% if nginx_vhost.tls.certificate_provider == 'acmetool' %}
include snippets/acmetool.conf;
@@ -18,6 +27,15 @@ server {
listen [::]:443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
server_name {{ nginx_vhost.hostnames | join(' ') }};
+{% if 'logs' in nginx_vhost %}
+{% if 'access' in nginx_vhost.logs %}
+ access_log {{ nginx_vhost.logs.access }};
+{% endif %}
+{% if 'error' in nginx_vhost.logs %}
+ error_log {{ nginx_vhost.logs.error }};
+{% endif %}
+
+{% endif %}
{% if nginx_vhost.tls.certificate_provider == 'acmetool' %}
include snippets/acmetool.conf;
{% endif %}
@@ -55,6 +73,10 @@ server {
proxy_ssl_{{ prop }} {{ location.proxy_ssl[prop] }};
{% endfor %}
{% endif %}
+{% elif 'return' in location %}
+ return {{ location.return }};
+{% elif 'custom' in location %}
+ {{ location.custom | indent(8) }}
{% else %}
{% if 'root' in location %}
root {{ location.root }};
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-28 22:15:19 +0000