From f43c3a638c57a4968a199b31953a9ffd350a399c Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Thu, 3 Jan 2019 15:32:43 +0100 Subject: [PATCH] New virtualhost template for the nginx instance that backs smartgears service. Much more flexible. --- .../defaults/main.yml | 24 + .../smartgears-nginx-frontend/tasks/main.yml | 98 ++- .../templates/nginx-smartgears-virtualhost.j2 | 615 ++++++++++++++++++ smartgears/smartgears-service/vars/main.yml | 3 +- 4 files changed, 704 insertions(+), 36 deletions(-) create mode 100644 smartgears/smartgears-nginx-frontend/templates/nginx-smartgears-virtualhost.j2 diff --git a/smartgears/smartgears-nginx-frontend/defaults/main.yml b/smartgears/smartgears-nginx-frontend/defaults/main.yml index 3fb7efe..5c363ec 100644 --- a/smartgears/smartgears-nginx-frontend/defaults/main.yml +++ b/smartgears/smartgears-nginx-frontend/defaults/main.yml @@ -3,6 +3,7 @@ setup_nginx: False http_redirect_to_https: False letsencrypt_acme_install: False smartgears_install_generic_virthost: True +smartgears_install_common_nginx_virthualhost: False #smartgears_nginx_serveraliases: smartgears_nginx_cors_enabled: False nginx_cors_acl_origin: '' @@ -16,3 +17,26 @@ smartgears_tomcat_manager_access_acls: smartgears_nginx_expose_tomcat_logs: False smartgears_nginx_rw_html_root: False + +smartgears_nginx_virtualhosts: + - virthost_name: '{{ smartgears_tomcat_servername }}' + smartgears_id: '{{ smartgears_instance_id }}' + #listen: '{{ http_port }}' + server_name: '{{ smartgears_tomcat_servername }}' + ssl_enabled: True + ssl_only: '{{ http_redirect_to_https }}' + ssl_letsencrypt_certs: '{{ nginx_letsencrypt_managed }}' + smartgears_over_ssl: False + smartgears_http_port: '{{ smartgears_http_port }}' + root: '{{ smartgears_web_document_root }}' + server_tokens: 'off' + index: index.html index.do + max_body: '{{ nginx_client_max_body_size }}' + user: '{{ smartgears_user }}' + proxy_standard_setup: True +# locations: +# - location: /yam +# other_opts: +# - 'try_files $uri $uri/ $uri.php$is_args$query_string' +# - location: ~ \.php$ +# php_target: '{{ phpfpm_listen_host }}:{{ phpfpm_listen_port }}' diff --git a/smartgears/smartgears-nginx-frontend/tasks/main.yml b/smartgears/smartgears-nginx-frontend/tasks/main.yml index e67ffab..a5166a8 100644 --- a/smartgears/smartgears-nginx-frontend/tasks/main.yml +++ b/smartgears/smartgears-nginx-frontend/tasks/main.yml @@ -1,41 +1,69 @@ --- # Install the nginx virtualhosts -- name: Install the nginx virtualhost, if a specific one has been defined - template: src={{ item.servername }}-virtualhost.j2 dest=/etc/nginx/sites-available/{{ item.servername }} owner=root group=root mode=0444 - with_items: '{{ tomcat_m_instances }}' - when: not smartgears_install_generic_virthost - notify: Reload nginx +# If bot smartgears_install_generic_virthost and smartgears_install_common_nginx_virthualhost are True, we prefer the latter +- block: + - name: Install the nginx generic virtualhost + template: src=nginx-smartgears-virtualhost.j2 dest=/etc/nginx/sites-available/{{ item.virthost_name }} owner=root group=root mode=0444 + with_items: '{{ smartgears_nginx_virtualhosts }}' + notify: Reload nginx + + - name: Enable the nginx virtualhosts + file: src=/etc/nginx/sites-available/{{ item.virthost_name }} dest=/etc/nginx/sites-enabled/smartgears_{{ item.smartgears_id }}.conf state=link + with_items: '{{ smartgears_nginx_virtualhosts }}' + notify: Reload nginx + + - name: Give the smartgears user access to the document root, and create it if needed + file: dest={{ item.root}} state=directory owner={{ item.user }} group={{ item.user }} mode=0755 + with_items: '{{ smartgears_nginx_virtualhosts }}' + when: smartgears_nginx_rw_html_root + notify: Reload nginx + tags: [ 'nginx', 'virtualhost', 'web_root' ] + + tags: [ 'nginx', 'virtualhost' ] + when: smartgears_install_common_nginx_virthualhost + +- block: + - name: Install the nginx generic virtualhost (old, to be replaced by a newer template) + template: src=generic-smartgears-virtualhost.j2 dest=/etc/nginx/sites-available/{{ item.servername }} owner=root group=root mode=0444 + with_items: '{{ tomcat_m_instances }}' + when: smartgears_install_generic_virthost + notify: Reload nginx + tags: [ 'nginx', 'virtualhost' ] + + - name: Install the nginx virtualhost, if a specific one has been defined + template: src={{ item.servername }}-virtualhost.j2 dest=/etc/nginx/sites-available/{{ item.servername }} owner=root group=root mode=0444 + with_items: '{{ tomcat_m_instances }}' + when: not smartgears_install_generic_virthost + notify: Reload nginx + tags: [ 'nginx', 'virtualhost' ] + + - name: Enable the nginx virtualhosts (old style) + file: src=/etc/nginx/sites-available/{{ item.servername }} dest=/etc/nginx/sites-enabled/smartgears_{{ item.smartgears_id }}.conf state=link + with_items: '{{ tomcat_m_instances }}' + notify: Reload nginx + tags: [ 'nginx', 'virtualhost' ] + + - name: Give the smartgears user access to the document root, and create it if needed (old style) + file: dest={{ item.web_document_root}} state=directory owner={{ item.user }} group={{ item.user }} mode=0755 + with_items: '{{ tomcat_m_instances }}' + when: smartgears_nginx_rw_html_root + notify: Reload nginx + tags: [ 'nginx', 'virtualhost', 'web_root' ] + + when: not smartgears_install_common_nginx_virthualhost tags: [ 'nginx', 'virtualhost' ] -- name: Install the nginx generic virtualhost - template: src=generic-smartgears-virtualhost.j2 dest=/etc/nginx/sites-available/{{ item.servername }} owner=root group=root mode=0444 - with_items: '{{ tomcat_m_instances }}' - when: smartgears_install_generic_virthost - notify: Reload nginx + +- block: + - name: Remove the old hostname based virtualhost filename + file: dest=/etc/nginx/sites-enabled/{{ item.servername }}.conf state=absent + with_items: '{{ tomcat_m_instances }}' + notify: Reload nginx + + - name: Remove the old ubuntu.conf virtualhost filename + file: dest=/etc/nginx/sites-enabled/ubuntu.conf state=absent + with_items: '{{ tomcat_m_instances }}' + notify: Reload nginx + tags: [ 'nginx', 'virtualhost' ] -- name: Enable the nginx virtualhosts - file: src=/etc/nginx/sites-available/{{ item.servername }} dest=/etc/nginx/sites-enabled/smartgears_{{ item.smartgears_id }}.conf state=link - with_items: '{{ tomcat_m_instances }}' - notify: Reload nginx - tags: [ 'nginx', 'virtualhost' ] - -- name: Remove the old hostname based virtualhost filename - file: dest=/etc/nginx/sites-enabled/{{ item.servername }}.conf state=absent - with_items: '{{ tomcat_m_instances }}' - notify: Reload nginx - tags: [ 'nginx', 'virtualhost' ] - -- name: Remove the old ubuntu.conf virtualhost filename - file: dest=/etc/nginx/sites-enabled/ubuntu.conf state=absent - with_items: '{{ tomcat_m_instances }}' - notify: Reload nginx - tags: [ 'nginx', 'virtualhost' ] - -- name: Give the smartgears user access to the document root, and create it if needed - file: dest={{ item.web_document_root}} state=directory owner={{ item.user }} group={{ item.user }} mode=0755 - with_items: '{{ tomcat_m_instances }}' - when: smartgears_nginx_rw_html_root - notify: Reload nginx - tags: [ 'nginx', 'virtualhost', 'web_root' ] - diff --git a/smartgears/smartgears-nginx-frontend/templates/nginx-smartgears-virtualhost.j2 b/smartgears/smartgears-nginx-frontend/templates/nginx-smartgears-virtualhost.j2 new file mode 100644 index 0000000..90d2dd1 --- /dev/null +++ b/smartgears/smartgears-nginx-frontend/templates/nginx-smartgears-virtualhost.j2 @@ -0,0 +1,615 @@ +{% if nginx_websockets_support is defined and nginx_websockets_support %} +include /etc/nginx/snippets/nginx-websockets.conf; +{% elif item.websockets is defined and item.websockets %} +include /etc/nginx/snippets/nginx-websockets.conf; +{% endif %} + +server { + listen {{ item.listen | default ('80') }}; +{% if egi_image is defined and egi_image %} + # No servername into the EGI images +{% elif hostname is defined %} + server_name _; +{% else %} + server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %}; +{% endif %} + + location ~ /\.(?!well-known).* { + deny all; + access_log off; + log_not_found off; + return 404; + } + +{% if letsencrypt_acme_install %} + include /etc/nginx/snippets/letsencrypt-proxy.conf; +{% endif %} + + {% if item.access_log is defined %} + access_log {{ item.access_log }}; + {% else %} + access_log /var/log/nginx/{{ item.server_name }}_access.log; + {% endif %} + + {% if item.error_log is defined %} + error_log {{ item.error_log }}; + {% else %} + error_log /var/log/nginx/{{ item.server_name }}_error.log; + {% endif %} + + server_tokens {{ item.server_tokens | default('off') }}; + +{% if item.ssl_enabled and item.ssl_only %} +{% if item.smartgears_over_ssl %} + location / { + return 301 https://{{ item.server_name }}$request_uri; + } +{% else %} + # Smartgears answers over http + include /etc/nginx/snippets/nginx-proxy-params.conf; + {% if r_connector_install is defined and r_connector_install %} + location /auth-sign-in { + rewrite ^/auth-sign-in http://{{ item.virthost_name }}/r-connector/gcube/service/disconnect; + } + {% endif %} + location /whn-manager { + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/whn-manager; + } + + {% if smart_executor_install is defined and smart_executor_install %} + location {{ smart_executor_context }} { + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}{{ smart_executor_context }}; + } + {% endif %} + {% if data_transfer_service_install %} + location /data-transfer-service { + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/data-transfer-service; + } + {% endif %} + + location / { + return 301 https://{{ item.server_name }}$request_uri; + } +{% endif %} +{% else %} + + root {{ item.root | default('/usr/share/nginx/html/') }}; + index {{ item.index | default('index.html index.htm') }}; + error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }}; + location = /50x.html { + root /usr/share/nginx/html; + } + location = /favicon.ico { + log_not_found off; + access_log off; + } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + location ~ /\. { + deny all; + access_log off; + log_not_found off; + return 404; + } + {% if haproxy_ips is defined %} + # We are behind haproxy + {% for ip in haproxy_ips %} + set_real_ip_from {{ ip }}; + {% endfor %} + real_ip_header X-Forwarded-For; + {% endif %} + + {% if item.max_body is defined %} + client_max_body_size {{ item.max_body }}; + {% else %} + client_max_body_size {{ nginx_client_max_body_size }}; + {% endif %} + + {% if item.body_timeout is defined %} + client_body_timeout {{ item.body_timeout }}; + {% else %} + client_body_timeout {{ nginx_client_body_timeout }}; + {% endif %} + + {% if nginx_cors_enabled %} + {% if nginx_cors_global %} + include /etc/nginx/snippets/nginx-cors.conf; + {% endif %} + {% endif %} + + {% if item.additional_options is defined %} + {% for add_opt in item.additional_options %} + {{ add_opt }}; + {% endfor %} + {% endif %} + + {% if item.http_acls is defined %} + {% for acl in item.http_acls %} + {{ acl }}; + {% endfor %} + {% endif %} + + {% if nginx_websockets_support is defined and nginx_websockets_support %} + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + {% elif item.websockets is defined and item.websockets %} + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + {% endif %} + + include /etc/nginx/snippets/nginx-proxy-params.conf; + {% if item.proxy_additional_options is defined %} + {% for popt in item.proxy_additional_options %} + {{ popt }}; + {% endfor %} + {% endif %} + + # Smartgears special urls - start + {% if r_connector_install is defined and r_connector_install %} + location /auth-sign-in { + rewrite ^/auth-sign-in http://{{ item.virthost_name }}/r-connector/gcube/service/disconnect; + } + {% endif %} + location /whn-manager { + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/whn-manager; + } + + {% if smart_executor_install is defined and smart_executor_install %} + location {{ smart_executor_context }} { + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}{{ smart_executor_context }}; + } + {% endif %} + {% if data_transfer_service_install %} + location /data-transfer-service { + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/data-transfer-service; + } + {% endif %} + # Smartgears special urls - end + + # Smartgears targets - start + {% for instance in tomcat_m_instances %} + {% for context in instance.app_contexts %} + {% if context != "whn-manager" %} + {% if context != "uri-resolver" %} + {% if context != '' %} + location /{{ context }} { + {% if varnish_install is defined and varnish_install %} + {% if smartgears_nginx_cors_enabled %} + include /etc/nginx/snippets/nginx-cors.conf; + {% if nginx_cors_extended_rules %} + proxy_pass http://127.0.0.1:{{ varnish_listen_port }}; + {% else %} + proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }}; + {% endif %} + {% else %} + proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }}; + {% endif %} + {% else %} + {% if smartgears_nginx_cors_enabled %} + include /etc/nginx/snippets/nginx-cors.conf; + {% if nginx_cors_extended_rules %} + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}; + {% else %} + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/{{ context }}; + {% endif %} + {% else %} + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/{{ context }}; + {% endif %} + {% endif %} + } + {% endif %} + {% endif %} + {% endif %} + {% endfor %} + {% endfor %} + {% if smart_executor_install is defined and smart_executor_install %} + location {{ smart_executor_context }} { + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}{{ smart_executor_context }}; + } + {% endif %} + {% if data_transfer_service_install %} + location /data-transfer-service { + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/data-transfer-service; + } + {% endif %} + {% if tomcat_m_manager_install or tomcat_m_host_manager_install %} + {% if smartgears_tomcat_manager_exposed %} + location /manager { + {% for acl in smartgears_tomcat_manager_access_acls %} + {{ acl.policy }} {{ acl.address }}; + {% endfor %} + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/manager; + } + {% endif %} + {% endif %} + {% if remote_opencpu_server is defined and remote_opencpu_server %} + location {{ opencpu_context | default('/ocpu') }} { + {% if smartgears_nginx_cors_enabled %} + include /etc/nginx/snippets/nginx-cors.conf; + {% endif %} + proxy_pass http://{{ remote_opencpu_host }}:{{ opencpu_proxy_port | default('8004') }}{{ opencpu_context | default('/ocpu') }}; + } + {% endif %} + + {% if smartgears_nginx_expose_tomcat_logs %} + location /gcube-logs/ { + alias {{ smartgears_instance_path }}/logs/; + autoindex on; + autoindex_localtime on; + } + {% endif %} + + {% if rstudio_install_server is defined and rstudio_install_server %} + location / { + {% if smartgears_nginx_cors_enabled %} + include /etc/nginx/snippets/nginx-cors.conf; + {% endif %} + proxy_pass http://127.0.0.1:8787/; + } + {% endif %} + + {% if smartgears_uri_resolver_install is defined and smartgears_uri_resolver_install %} + location /geonetwork { + {% for ip in ckan_ip_list %} + allow {{ ip }}; + {% endfor %} + deny all; + rewrite ^ $request_uri; + rewrite ^/(.*) uri-resolver/$1 break; + return 400; #if the second rewrite won't match + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/$uri; + } + + location / { + {% if smartgears_nginx_cors_enabled %} + include /etc/nginx/snippets/nginx-cors.conf; + {% endif %} + rewrite ^ $request_uri; + rewrite ^/(.*) uri-resolver/$1 break; + return 400; #if the second rewrite won't match + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/$uri; + } + {% endif %} + # Smartgears targets - end + + {% if item.locations is defined %} + {% for location in item.locations -%} + + location {{ location.location }} { + + {% if nginx_cors_enabled %} + {% if not nginx_cors_global %} + {% if location.cors is defined and location.cors %} + include /etc/nginx/snippets/nginx-cors.conf; + {% endif %} + {% endif %} + {% endif %} + + {% if location.target is defined %} + proxy_pass {{ location.target }}; + {% elif location.php_target is defined %} + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass {{ location.php_target }}; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param REMOTE_ADDR $http_x_forwarded_for; + #fastcgi_param REMOTE_ADDR $remote_addr; + include fastcgi_params; + {% endif %} + + {% if location.websockets is defined and location.websockets %} + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + {% endif %} + + {% if location.extra_conf is defined %} + {{ location.extra_conf }} + {% endif %} + + {% if location.acls is defined %} + {% for acl in location.acls %} + {{ acl }}; + {% endfor %} + {% endif %} + + {% if location.other_opts is defined %} + {% for opt in location.other_opts %} + {{ opt }}; + {% endfor %} + {% endif %} + } + {% endfor %} + {% endif %} + + {% if item.extra_parameters is defined %} + {{ item.extra_parameters }} + {% endif %} + +{% endif %} +} + +{% if item.ssl_enabled %} +server { + listen {{ https_port | default('443') }} {{ nginx_ssl_type }}; +{% if egi_image is defined and egi_image %} + # No servername into the EGI images +{% elif hostname is defined %} + server_name _; +{% else %} + server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %}; +{% endif %} + + {% if item.access_log is defined %} + access_log {{ item.access_log }}; + {% else %} + access_log /var/log/nginx/{{ item.server_name }}_ssl_access.log; + {% endif %} + + {% if item.error_log is defined %} + error_log {{ item.error_log }}; + {% else %} + error_log /var/log/nginx/{{ item.server_name }}_ssl_error.log; + {% endif %} + + root {{ item.root | default('/usr/share/nginx/html/') }}; + index {{ item.index | default('index.html index.htm') }}; + error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }}; + location = /50x.html { + root /usr/share/nginx/html; + } + location = /favicon.ico { + log_not_found off; + access_log off; + } + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + location ~ /\. { + deny all; + } + + {% if haproxy_ips is defined %} + # We are behind haproxy + {% for ip in haproxy_ips %} + set_real_ip_from {{ ip }}; + {% endfor %} + real_ip_header X-Forwarded-For; + {% endif %} + + {% if item.max_body is defined %} + client_max_body_size {{ item.max_body }}; + {% else %} + client_max_body_size {{ nginx_client_max_body_size }}; + {% endif %} + {% if item.body_timeout is defined %} + client_body_timeout {{ item.body_timeout }}; + {% else %} + client_body_timeout {{ nginx_client_body_timeout }}; + {% endif %} + + include /etc/nginx/snippets/nginx-server-ssl.conf; + + server_tokens {{ item.server_tokens | default('off') }}; + + {% if nginx_cors_enabled %} + {% if nginx_cors_global %} + include /etc/nginx/snippets/nginx-cors.conf; + {% endif %} + {% endif %} + + {% if nginx_websockets_support is defined and nginx_websockets_support %} + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + {% elif item.websockets is defined and item.websockets %} + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + {% endif %} + + {% if item.additional_options is defined %} + {% for add_opt in item.additional_options %} + {{ add_opt }}; + {% endfor %} + {% endif %} + + {% if item.https_acls is defined %} + {% for acl in item.https_acls %} + {{ acl }}; + {% endfor %} + {% endif %} + + include /etc/nginx/snippets/nginx-proxy-params.conf; + + {% if item.proxy_additional_options is defined %} + {% for popt in item.proxy_additional_options %} + {{ popt }} + {% endfor %} + {% endif %} + + # Smartgears special urls - start + {% if r_connector_install is defined and r_connector_install %} + location /auth-sign-in { + rewrite ^/auth-sign-in http://{{ item.virthost_name }}/r-connector/gcube/service/disconnect; + } + {% endif %} + location /whn-manager { + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/whn-manager; + } + + {% if smart_executor_install is defined and smart_executor_install %} + location {{ smart_executor_context }} { + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}{{ smart_executor_context }}; + } + {% endif %} + {% if data_transfer_service_install %} + location /data-transfer-service { + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/data-transfer-service; + } + {% endif %} + # Smartgears special urls - end + + # Smartgears targets - start + {% for instance in tomcat_m_instances %} + {% for context in instance.app_contexts %} + {% if context != "whn-manager" %} + {% if context != "uri-resolver" %} + {% if context != '' %} + location /{{ context }} { + {% if varnish_install is defined and varnish_install %} + {% if smartgears_nginx_cors_enabled %} + include /etc/nginx/snippets/nginx-cors.conf; + {% if nginx_cors_extended_rules %} + proxy_pass http://127.0.0.1:{{ varnish_listen_port }}; + {% else %} + proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }}; + {% endif %} + {% else %} + proxy_pass http://127.0.0.1:{{ varnish_listen_port }}/{{ context }}; + {% endif %} + {% else %} + {% if smartgears_nginx_cors_enabled %} + include /etc/nginx/snippets/nginx-cors.conf; + {% if nginx_cors_extended_rules %} + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}; + {% else %} + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/{{ context }}; + {% endif %} + {% else %} + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/{{ context }}; + {% endif %} + {% endif %} + } + {% endif %} + {% endif %} + {% endif %} + {% endfor %} + {% endfor %} + {% if smart_executor_install is defined and smart_executor_install %} + location {{ smart_executor_context }} { + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}{{ smart_executor_context }}; + } + {% endif %} + {% if data_transfer_service_install %} + location /data-transfer-service { + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/data-transfer-service; + } + {% endif %} + {% if tomcat_m_manager_install or tomcat_m_host_manager_install %} + {% if smartgears_tomcat_manager_exposed %} + location /manager { + {% for acl in smartgears_tomcat_manager_access_acls %} + {{ acl.policy }} {{ acl.address }}; + {% endfor %} + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/manager; + } + {% endif %} + {% endif %} + {% if remote_opencpu_server is defined and remote_opencpu_server %} + location {{ opencpu_context | default('/ocpu') }} { + {% if smartgears_nginx_cors_enabled %} + include /etc/nginx/snippets/nginx-cors.conf; + {% endif %} + proxy_pass http://{{ remote_opencpu_host }}:{{ opencpu_proxy_port | default('8004') }}{{ opencpu_context | default('/ocpu') }}; + } + {% endif %} + + {% if smartgears_nginx_expose_tomcat_logs %} + location /gcube-logs/ { + alias {{ smartgears_instance_path }}/logs/; + autoindex on; + autoindex_localtime on; + } + {% endif %} + + {% if rstudio_install_server is defined and rstudio_install_server %} + location / { + {% if smartgears_nginx_cors_enabled %} + include /etc/nginx/snippets/nginx-cors.conf; + {% endif %} + proxy_pass http://127.0.0.1:8787/; + } + {% endif %} + + {% if smartgears_uri_resolver_install is defined and smartgears_uri_resolver_install %} + location /geonetwork { + {% for ip in ckan_ip_list %} + allow {{ ip }}; + {% endfor %} + deny all; + rewrite ^ $request_uri; + rewrite ^/(.*) uri-resolver/$1 break; + return 400; #if the second rewrite won't match + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/$uri; + } + + location / { + {% if smartgears_nginx_cors_enabled %} + include /etc/nginx/snippets/nginx-cors.conf; + {% endif %} + rewrite ^ $request_uri; + rewrite ^/(.*) uri-resolver/$1 break; + return 400; #if the second rewrite won't match + proxy_pass http://127.0.0.1:{{ item.smartgears_http_port }}/$uri; + } + {% endif %} + # Smartgears targets - end + + {% if item.locations is defined %} + {% for location in item.locations -%} + location {{ location.location }} { + + {% if nginx_cors_enabled %} + {% if not nginx_cors_global %} + {% if location.cors is defined and location.cors %} + include /etc/nginx/snippets/nginx-cors.conf; + {% endif %} + {% endif %} + {% endif %} + + {% if location.target is defined %} + proxy_pass {{ location.target }}; + {% elif location.php_target is defined %} + try_files $uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass {{ location.php_target }}; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param REMOTE_ADDR $http_x_forwarded_for; + #fastcgi_param REMOTE_ADDR $remote_addr; + include fastcgi_params; + {% endif %} + + {% if location.websockets is defined and location.websockets %} + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + {% endif %} + + {% if location.extra_conf is defined %} + {{ location.extra_conf }} + {% endif %} + + {% if location.acls is defined %} + {% for acl in location.acls %} + {{ acl }}; + {% endfor %} + {% endif %} + + {% if location.other_opts is defined %} + {% for opt in location.other_opts %} + {{ opt }}; + {% endfor %} + {% endif %} + } + {% endfor %} + {% endif %} + + {% if item.extra_parameters is defined %} + {{ item.extra_parameters }} + {% endif %} +} +{% endif %} diff --git a/smartgears/smartgears-service/vars/main.yml b/smartgears/smartgears-service/vars/main.yml index 307d612..cdc2729 100644 --- a/smartgears/smartgears-service/vars/main.yml +++ b/smartgears/smartgears-service/vars/main.yml @@ -1,7 +1,8 @@ --- smartgears_node: True smartgears_install_generic_virthost: True +smartgears_instance_id: 1 tomcat_m_webapps_unpack: True tomcat_m_instances: - - { http_enabled: True, http_port: '{{ smartgears_http_port }}', http_address: '{{ smartgears_tomcat_listen_address }}', ajp_enabled: False, ajp_port: '8109', ajp_address: '127.0.0.1', restart_timeout: '{{ tomcat_m_restart_timeout }}', shutdown_port: '-1', java_home: '{{ jdk_java_home }}', user: '{{ smartgears_user }}', user_home: '{{ smartgears_user_home }}', user_shell: '{{ tomcat_m_default_user_shell }}', instance_path: '{{ smartgears_instance_path }}', max_threads: '{{ tomcat_m_max_threads }}', autodeploy: '{{ tomcat_m_webapps_autodeploy }}', unpack: '{{ tomcat_m_webapps_unpack }}', default_conf: True, java_opts: '{{ tomcat_m_java_opts }}', java_gc_opts: '{{ tomcat_m_java_gc_opts }}', other_java_opts: '{{ tomcat_m_other_java_opts }}', jmx_enabled: '{{ tomcat_m_jmx_enabled }}', jmx_disable_additional_ports: '{{ tomcat_m_jmx_disable_additional_ports }}', jmx_port: '{{ tomcat_m_jmx_port }}', jmx_use_ssl: '{{ tomcat_m_jmx_use_ssl }}', jmx_auth_enabled: '{{ tomcat_m_jmx_auth_enabled }}', jmx_auth_dir: '{{ tomcat_m_instances_base_path }}/{{ smartgears_http_port }}/conf', jmx_monitorpass: '{{ tomcat_m_jmx_monitorpass | default(omit) }}', jmx_controlpass: '{{ tomcat_m_jmx_controlpass | default(omit) }}', catalina_tmp_directory: '{{ smartgears_tomcat_tmp_dir }}', remote_debugging: '{{ tomcat_m_enable_remote_debugging }}', remote_debugging_port: '{{ smartgears_debugging_port }}', access_log_enabled: True, log_rotation_freq: daily, log_retain: 30, allowed_hosts: [ '0.0.0.0/0' ], app_contexts: '{{ smartgears_tomcat_contexts }}', web_document_root: '{{ smartgears_web_document_root }}' , skip_smartgears: False, smartgears_id: 1, servername: '{{ smartgears_tomcat_servername }}' } + - { http_enabled: True, http_port: '{{ smartgears_http_port }}', http_address: '{{ smartgears_tomcat_listen_address }}', ajp_enabled: False, ajp_port: '8109', ajp_address: '127.0.0.1', restart_timeout: '{{ tomcat_m_restart_timeout }}', shutdown_port: '-1', java_home: '{{ jdk_java_home }}', user: '{{ smartgears_user }}', user_home: '{{ smartgears_user_home }}', user_shell: '{{ tomcat_m_default_user_shell }}', instance_path: '{{ smartgears_instance_path }}', max_threads: '{{ tomcat_m_max_threads }}', autodeploy: '{{ tomcat_m_webapps_autodeploy }}', unpack: '{{ tomcat_m_webapps_unpack }}', default_conf: True, java_opts: '{{ tomcat_m_java_opts }}', java_gc_opts: '{{ tomcat_m_java_gc_opts }}', other_java_opts: '{{ tomcat_m_other_java_opts }}', jmx_enabled: '{{ tomcat_m_jmx_enabled }}', jmx_disable_additional_ports: '{{ tomcat_m_jmx_disable_additional_ports }}', jmx_port: '{{ tomcat_m_jmx_port }}', jmx_use_ssl: '{{ tomcat_m_jmx_use_ssl }}', jmx_auth_enabled: '{{ tomcat_m_jmx_auth_enabled }}', jmx_auth_dir: '{{ tomcat_m_instances_base_path }}/{{ smartgears_http_port }}/conf', jmx_monitorpass: '{{ tomcat_m_jmx_monitorpass | default(omit) }}', jmx_controlpass: '{{ tomcat_m_jmx_controlpass | default(omit) }}', catalina_tmp_directory: '{{ smartgears_tomcat_tmp_dir }}', remote_debugging: '{{ tomcat_m_enable_remote_debugging }}', remote_debugging_port: '{{ smartgears_debugging_port }}', access_log_enabled: True, log_rotation_freq: daily, log_retain: 30, allowed_hosts: [ '0.0.0.0/0' ], app_contexts: '{{ smartgears_tomcat_contexts }}', web_document_root: '{{ smartgears_web_document_root }}' , skip_smartgears: False, smartgears_id: '{{ smartgears_instance_id }}', servername: '{{ smartgears_tomcat_servername }}' }