From 148c098f9f00b4384636d0926ee3339656256125 Mon Sep 17 00:00:00 2001 From: Andrea Dell'Amico Date: Mon, 25 Mar 2019 20:18:48 +0100 Subject: [PATCH] Role that installs the onlyoffice document server. --- onlyoffice_docserver/defaults/main.yml | 25 +++++++++++ onlyoffice_docserver/handlers/main.yml | 6 +++ onlyoffice_docserver/meta/main.yml | 6 +++ onlyoffice_docserver/tasks/main.yml | 34 +++++++++++++++ .../onlyoffice-documentserver-ssl.conf | 43 +++++++++++++++++++ onlyoffice_docserver/vars/main.yml | 12 ++++++ 6 files changed, 126 insertions(+) create mode 100644 onlyoffice_docserver/defaults/main.yml create mode 100644 onlyoffice_docserver/handlers/main.yml create mode 100644 onlyoffice_docserver/meta/main.yml create mode 100644 onlyoffice_docserver/tasks/main.yml create mode 100644 onlyoffice_docserver/templates/onlyoffice-documentserver-ssl.conf create mode 100644 onlyoffice_docserver/vars/main.yml diff --git a/onlyoffice_docserver/defaults/main.yml b/onlyoffice_docserver/defaults/main.yml new file mode 100644 index 00000000..cae6dc41 --- /dev/null +++ b/onlyoffice_docserver/defaults/main.yml @@ -0,0 +1,25 @@ +--- +onlyoffice_docserver_deb_repo_key: CB2DE8E5 +onlyoffice_docserver_deb_repo_key_server: 'keyserver.ubuntu.com' +onlyoffice_docserver_deb_repo: 'deb http://download.onlyoffice.com/repo/debian squeeze main' +onlyoffice_docserver_deb_packages: onlyoffice-communityserver +onlyoffice_docserver_letsencrypt_managed: True + +onlyoffice_docserver_use_nginx_role: True + +onlyoffice_docserver_deb_packages_dependencies: + - libcurl3 + - libxml2 + - supervisor + - fonts-dejavu + - fonts-liberation + - ttf-mscorefonts-installer + - fonts-crosextra-carlito + - fonts-takao-gothic + - fonts-opensymbol + - npm + - nginx-extras + +onlyoffice_docserver_packages: + - onlyoffice-documentserver + diff --git a/onlyoffice_docserver/handlers/main.yml b/onlyoffice_docserver/handlers/main.yml new file mode 100644 index 00000000..f48f37d3 --- /dev/null +++ b/onlyoffice_docserver/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Reload nginx + service: + name: nginx + enabled: yes + state: reloaded diff --git a/onlyoffice_docserver/meta/main.yml b/onlyoffice_docserver/meta/main.yml new file mode 100644 index 00000000..0d66776a --- /dev/null +++ b/onlyoffice_docserver/meta/main.yml @@ -0,0 +1,6 @@ +--- +dependencies: + - { role: '../../library/roles/postgresql', when: psql_postgresql_install } + - { role: '../../library/roles/redis' } + - { role: '../../library/roles/rabbitmq' } + - { role: '../../library/roles/nginx', when: onlyoffice_docserver_use_nginx_role } diff --git a/onlyoffice_docserver/tasks/main.yml b/onlyoffice_docserver/tasks/main.yml new file mode 100644 index 00000000..e1aa9eeb --- /dev/null +++ b/onlyoffice_docserver/tasks/main.yml @@ -0,0 +1,34 @@ +--- +- block: + - name: Install the deb OnlyOffice repository key + apt_key: + keyserver: '{{ onlyoffice_docserver_deb_repo_key_server }}' + id: '{{ onlyoffice_docserver_deb_repo_key }}' + + - name: Install the deb OnlyOffice repository + apt_repository: + repo: '{{ onlyoffice_docserver_deb_repo }}' + state: present + update_cache: yes + + - name: Install the OnlyOffice document server deb dependencies + apt: name={{ onlyoffice_docserver_deb_packages_dependencies }} state=present cache_valid_time=1800 + + - name: The OnlyOffice document server packages must be done manually, because it is interactive + debug: + msg: "Manually install the onlyoffice-documentserver package with 'apt-get install -y onlyoffice-documentserver'" + +# - name: Install the OnlyOffice document server package +# apt: name={{ onlyoffice_docserver_packages }} state=present cache_valid_time=1800 + + when: ansible_distribution_file_variety == "Debian" + tags: onlyoffice + +- block: + - name: Install the OnlyOffice document server configuration that enables SSL + template: src=onlyoffice-documentserver-ssl.conf dest=/etc/onlyoffice/documentserver/nginx/onlyoffice-documentserver.conf + when: onlyoffice_docserver_use_nginx_role + notify: Reload nginx + + when: ansible_distribution_file_variety == "Debian" + tags: [ 'onlyoffice', 'letsencrypt' ] diff --git a/onlyoffice_docserver/templates/onlyoffice-documentserver-ssl.conf b/onlyoffice_docserver/templates/onlyoffice-documentserver-ssl.conf new file mode 100644 index 00000000..0ca187f9 --- /dev/null +++ b/onlyoffice_docserver/templates/onlyoffice-documentserver-ssl.conf @@ -0,0 +1,43 @@ +include /etc/nginx/includes/onlyoffice-http.conf; + +## Normal HTTP host +server { + listen 0.0.0.0:80; + listen [::]:80 default_server; + server_name _; + server_tokens off; + + include /etc/nginx/snippets/letsencrypt-proxy.conf; + ## Redirects all traffic to the HTTPS host + root /nowhere; ## root doesn't have to be a valid path since we are redirecting + rewrite ^ https://$host$request_uri? permanent; +} + +#HTTP host for internal services +server { + listen 127.0.0.1:80; + listen [::1]:80; + server_name localhost; + server_tokens off; + + include /etc/nginx/snippets/letsencrypt-proxy.conf; + include /etc/nginx/includes/onlyoffice-documentserver-common.conf; + include /etc/nginx/includes/onlyoffice-documentserver-docservice.conf; +} + +## HTTPS host +server { + listen 0.0.0.0:443 ssl http2; + listen [::]:443 ssl http2 default_server; + server_tokens off; + root /usr/share/nginx/html; + + ## Strong SSL Security + ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html + ssl on; + include /etc/nginx/snippets/nginx-server-ssl.conf; + # add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + include /etc/nginx/includes/onlyoffice-documentserver-*.conf; + +} diff --git a/onlyoffice_docserver/vars/main.yml b/onlyoffice_docserver/vars/main.yml new file mode 100644 index 00000000..de3a4f75 --- /dev/null +++ b/onlyoffice_docserver/vars/main.yml @@ -0,0 +1,12 @@ +--- +http_port: 80 +https_port: 443 +redis_install: True + +psql_postgresql_install: True +pg_use_postgresql_org_repo: True +psql_version: 11 +pg_backup_retain_copies: 2 + +psql_db_data: + - { name: 'onlyoffice', encoding: 'UTF8', user: 'onlyoffice', roles: 'NOCREATEDB,NOSUPERUSER', pwd: '{{ onlyoffice_docserver_db_pwd }}', managedb: True, allowed_hosts: [ '127.0.0.1' ] }