Role that installs the onlyoffice document server.

2019-03-25 20:18:48 +01:00 · 2019-03-25 20:18:48 +01:00 · 148c098f9f
parent 78cb5df2d4
commit 148c098f9f
6 changed files with 126 additions and 0 deletions
--- a/onlyoffice_docserver/defaults/main.yml
+++ b/onlyoffice_docserver/defaults/main.yml
@ -0,0 +1,25 @@
+---
+onlyoffice_docserver_deb_repo_key: CB2DE8E5
+onlyoffice_docserver_deb_repo_key_server: 'keyserver.ubuntu.com'
+onlyoffice_docserver_deb_repo: 'deb http://download.onlyoffice.com/repo/debian squeeze main'
+onlyoffice_docserver_deb_packages: onlyoffice-communityserver
+onlyoffice_docserver_letsencrypt_managed: True
+
+onlyoffice_docserver_use_nginx_role: True
+
+onlyoffice_docserver_deb_packages_dependencies:
+  - libcurl3
+  - libxml2
+  - supervisor
+  - fonts-dejavu
+  - fonts-liberation
+  - ttf-mscorefonts-installer
+  - fonts-crosextra-carlito
+  - fonts-takao-gothic
+  - fonts-opensymbol
+  - npm
+  - nginx-extras
+
+onlyoffice_docserver_packages:
+  - onlyoffice-documentserver
+
--- a/onlyoffice_docserver/handlers/main.yml
+++ b/onlyoffice_docserver/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: Reload nginx
+  service:
+    name: nginx
+    enabled: yes
+    state: reloaded
--- a/onlyoffice_docserver/meta/main.yml
+++ b/onlyoffice_docserver/meta/main.yml
@ -0,0 +1,6 @@
+---
+dependencies:
+  - { role: '../../library/roles/postgresql', when: psql_postgresql_install }
+  - { role: '../../library/roles/redis' }
+  - { role: '../../library/roles/rabbitmq' }
+  - { role: '../../library/roles/nginx', when: onlyoffice_docserver_use_nginx_role }
--- a/onlyoffice_docserver/tasks/main.yml
+++ b/onlyoffice_docserver/tasks/main.yml
@ -0,0 +1,34 @@
+---
+- block:
+  - name: Install the deb OnlyOffice repository key
+    apt_key:
+      keyserver: '{{ onlyoffice_docserver_deb_repo_key_server }}'
+      id: '{{ onlyoffice_docserver_deb_repo_key }}'
+
+  - name: Install the deb OnlyOffice repository
+    apt_repository:
+      repo: '{{ onlyoffice_docserver_deb_repo }}'
+      state: present
+      update_cache: yes
+
+  - name: Install the OnlyOffice document server deb dependencies
+    apt: name={{ onlyoffice_docserver_deb_packages_dependencies }} state=present cache_valid_time=1800
+
+  - name: The OnlyOffice document server packages must be done manually, because it is interactive
+    debug:
+      msg: "Manually install the onlyoffice-documentserver package with 'apt-get install -y onlyoffice-documentserver'"
+
+#  - name: Install the OnlyOffice document server package
+#    apt: name={{ onlyoffice_docserver_packages }} state=present cache_valid_time=1800
+
+  when: ansible_distribution_file_variety == "Debian"
+  tags: onlyoffice
+
+- block:
+  - name: Install the OnlyOffice document server configuration that enables SSL
+    template: src=onlyoffice-documentserver-ssl.conf dest=/etc/onlyoffice/documentserver/nginx/onlyoffice-documentserver.conf
+    when: onlyoffice_docserver_use_nginx_role
+    notify: Reload nginx
+
+  when: ansible_distribution_file_variety == "Debian"
+  tags: [ 'onlyoffice', 'letsencrypt' ]
--- a/onlyoffice_docserver/templates/onlyoffice-documentserver-ssl.conf
+++ b/onlyoffice_docserver/templates/onlyoffice-documentserver-ssl.conf
@ -0,0 +1,43 @@
+include /etc/nginx/includes/onlyoffice-http.conf;
+
+## Normal HTTP host
+server {
+  listen 0.0.0.0:80;
+  listen [::]:80 default_server;
+  server_name _;
+  server_tokens off;
+
+  include /etc/nginx/snippets/letsencrypt-proxy.conf;
+  ## Redirects all traffic to the HTTPS host
+  root /nowhere; ## root doesn't have to be a valid path since we are redirecting
+  rewrite ^ https://$host$request_uri? permanent;
+}
+
+#HTTP host for internal services
+server {
+  listen 127.0.0.1:80;
+  listen [::1]:80;
+  server_name localhost;
+  server_tokens off;
+  
+  include /etc/nginx/snippets/letsencrypt-proxy.conf;
+  include /etc/nginx/includes/onlyoffice-documentserver-common.conf;
+  include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf;
+}
+
+## HTTPS host
+server {
+  listen 0.0.0.0:443 ssl http2;
+  listen [::]:443 ssl http2 default_server;
+  server_tokens off;
+  root /usr/share/nginx/html;
+
+  ## Strong SSL Security
+  ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+  ssl on;
+  include /etc/nginx/snippets/nginx-server-ssl.conf;
+  # add_header X-Frame-Options SAMEORIGIN;
+  add_header X-Content-Type-Options nosniff;
+  include /etc/nginx/includes/onlyoffice-documentserver-*.conf;
+
+}
--- a/onlyoffice_docserver/vars/main.yml
+++ b/onlyoffice_docserver/vars/main.yml
@ -0,0 +1,12 @@
+---
+http_port: 80
+https_port: 443
+redis_install: True
+
+psql_postgresql_install: True
+pg_use_postgresql_org_repo: True
+psql_version: 11
+pg_backup_retain_copies: 2
+
+psql_db_data:
+  - { name: 'onlyoffice', encoding: 'UTF8', user: 'onlyoffice', roles: 'NOCREATEDB,NOSUPERUSER', pwd: '{{  onlyoffice_docserver_db_pwd }}', managedb: True, allowed_hosts: [ '127.0.0.1' ] }