diff --git a/ansible/inventories/group_vars/automotive/automotive.yaml b/ansible/inventories/group_vars/automotive/automotive.yaml index f33513b..bcd90cd 100644 --- a/ansible/inventories/group_vars/automotive/automotive.yaml +++ b/ansible/inventories/group_vars/automotive/automotive.yaml @@ -1,30 +1,31 @@ --- -#Common Docker -docker_network_name: wp_net +# Docker +wordpress_docker_tag: 7.0.0-php8.2-apache +mysql_docker_tag: 9.7.0 +nginx_docker_tag: 1.31.1 + docker_base_volume_path: /usr/data/wp # MYSQL Docker -mysql_docker_tag: 9.7.0 -docker_mysql_hostname: web_db - -db_name: automotive_test_db -db_user: automotive_test_db_u +db_name: automotive_db +db_user: automotive_db_u db_password: "{{ automotive_mysql_user_password }}" db_root_password: "{{ automotive_mysql_root_password }}" #NGINX Docker -nginx_docker_tag: 1.31.1 nginx_server_name: automotive.sse.cloud.isti.cnr.it ssl: true -#WORDPRESS Docker -wordpress_docker_tag: 7.0.0-php8.2-apache -docker_wordpress_hostname: automotive_test -#CERTBOT for letsencrypt -certbot_create_method: webroot +# WORDPRESS +wordpress_debug : true +wordpress_debug_log: true + + +#******* CERTBOT for letsencrypt +certbot_create_method: standalone certbot_create_if_missing: true certbot_admin_email: fabio.sinibaldi@isti.cnr.it @@ -35,5 +36,5 @@ certbot_certs: - "{{ nginx_server_name }}" #Certbot verbose level -certbot_create_extra_args: "-vvv --force-renewal" +certbot_create_extra_args: "-vvv" certbot_testmode: false \ No newline at end of file diff --git a/ansible/playbooks/roles/certbot/tasks/certbot_with_dockered_nginx.yaml b/ansible/playbooks/roles/certbot/tasks/certbot_with_dockered_nginx.yaml index 319856a..338feaa 100644 --- a/ansible/playbooks/roles/certbot/tasks/certbot_with_dockered_nginx.yaml +++ b/ansible/playbooks/roles/certbot/tasks/certbot_with_dockered_nginx.yaml @@ -1,16 +1,9 @@ --- -# Need to stop using port 80 for certbot webroot validation -- name: Gathering NGINX container state - docker_container_info: - name: nginx - register: nginx_info - -- name: Stop NGINX if present +# Stop NGINX +- name: Stop NGINX docker_container: name: nginx state: stopped - when: - - nginx_info.exists # Manage certbot @@ -18,6 +11,7 @@ include_role: name: geerlingguy.certbot + - name: Copy fullchain files to nginx volume ansible.builtin.copy: src: "/etc/letsencrypt/live/{{ item.name }}/fullchain.pem" @@ -54,9 +48,7 @@ - "/etc/letsencrypt/renewal-hooks/pre/stop_services" - "/etc/letsencrypt/renewal-hooks/post/start_services" - -# Installs dockered NGINX if needed and start it - -- name: Installing and (Re)starting NGINX - include_role: - name: chrissayon.wordpress_docker.nginx +# Start NGINX +- name: Start NGINX + docker_container: + name: nginx diff --git a/ansible/playbooks/roles/docker-certbot/tasks/main.yaml b/ansible/playbooks/roles/docker-certbot/tasks/main.yaml index 9cfcef1..da6fe2a 100644 --- a/ansible/playbooks/roles/docker-certbot/tasks/main.yaml +++ b/ansible/playbooks/roles/docker-certbot/tasks/main.yaml @@ -8,8 +8,11 @@ docker_container: name: certbot image: certbot/certbot + command: "certonly --standalone --non-interactive -v --dry-run -d {{ nginx_server_name}} --agree-tos -m {{ certbot_domain_mail }}" networks: - name: "{{ docker_network_name }}" + ports: + - "81:80" hostname: certbot volumes: - "{{ docker_base_volume_path }}/certbot/logs:/var/log/letsencrypt" diff --git a/ansible/playbooks/roles/wordpress-docker/defaults/main.yaml b/ansible/playbooks/roles/wordpress-docker/defaults/main.yaml new file mode 100644 index 0000000..bed1ce6 --- /dev/null +++ b/ansible/playbooks/roles/wordpress-docker/defaults/main.yaml @@ -0,0 +1,27 @@ +--- +wordpress_docker_tag: latest +nginx_docker_tag: latest +mysql_docker_tag: latest + +docker_network_name: wordpress_network +docker_wordpress_hostname: wordpress_host +docker_nginx_hostname: nginx_host +docker_mysql_hostname: mysql_host + +docker_base_volume_path: /home/wordpress_docker + + +nginx_server_name: default_server +ssl: false + +db_name: wordpress_database +db_user: wordpress_user +db_password: wordpress_password +db_root_password: wordpress_rootpassword + +wordpress_debug : false +wordpress_debug_log: false + + + + diff --git a/ansible/playbooks/roles/wordpress-docker/tasks/main.yml b/ansible/playbooks/roles/wordpress-docker/tasks/main.yml new file mode 100644 index 0000000..6249824 --- /dev/null +++ b/ansible/playbooks/roles/wordpress-docker/tasks/main.yml @@ -0,0 +1,57 @@ +--- +- name: Pull docker images + docker_image: + name: "{{ item.name }}" + tag: "{{ item.tag }}" + source: pull + loop: + - name : wordpress + tag: "{{ wordpress_docker_tag }}" + - name: mysql + tag : "{{ mysql_docker_tag }}" + - name: nginx + tag : "{{ nginx_docker_tag }}" + + +- name: Create docker network + docker_network: + name: "{{ docker_network_name }}" + state: present + + +- name: Create container with mysql image + docker_container: + name: mysql + image: mysql + networks: + - name: "{{ docker_network_name }}" + hostname: "{{ docker_mysql_hostname }}" + env: + MYSQL_DATABASE: "{{ db_name }}" + MYSQL_USER: "{{ db_user }}" + MYSQL_PASSWORD: "{{ db_password }}" + MYSQL_ROOT_PASSWORD: "{{ db_root_password }}" + volumes: + - "{{ docker_base_volume_path }}/temp_db_data:/var/tmp" + + +- name: Create container with Wordpress image + docker_container: + name: wordpress + image: wordpress + networks: + - name: "{{ docker_network_name }}" + hostname: "{{ docker_wordpress_hostname }}" + env: + WORDPRESS_DB_HOST: "{{ docker_mysql_hostname }}" + WORDPRESS_DB_NAME: "{{ db_name }}" + WORDPRESS_DB_USER: "{{ db_user }}" + WORDPRESS_DB_PASSWORD: "{{ db_password }}" + WORDPRESS_DEBUG: " {{ wordpress_debug }} " + WORDPRESS_DEBUG_LOG: " {{ wordpress_debug_log }} " + volumes: + - "{{ docker_base_volume_path }}/wordpress:/var/www/html" + restart: true + +- include_tasks: nginx.yaml + when: ssl is true diff --git a/ansible/playbooks/roles/wordpress-docker/tasks/nginx.yaml b/ansible/playbooks/roles/wordpress-docker/tasks/nginx.yaml new file mode 100644 index 0000000..4780a08 --- /dev/null +++ b/ansible/playbooks/roles/wordpress-docker/tasks/nginx.yaml @@ -0,0 +1,18 @@ +--- +- name: Create conf folder to put nginx folder + ansible.builtin.file: + path: "{{ docker_base_volume_path }}/nginx/conf" + state: directory + mode: "0755" + +- name: Copy nginx.conf to server + template: + src: templates/nginx.j2 + dest: "{{ docker_base_volume_path }}/nginx/conf/nginx.conf" + + +- include_tasks: nginx_http.yml + when: ssl is false + +- include_tasks: nginx_https.yml + when: ssl is true diff --git a/ansible/playbooks/roles/wordpress-docker/tasks/nginx_http.yml b/ansible/playbooks/roles/wordpress-docker/tasks/nginx_http.yml new file mode 100644 index 0000000..d55acab --- /dev/null +++ b/ansible/playbooks/roles/wordpress-docker/tasks/nginx_http.yml @@ -0,0 +1,15 @@ +--- +- name: Start Nginx Container (HTTP) + docker_container: + name: nginx + image: nginx + ports: + - "80:80" + networks: + - name: "{{ docker_network_name }}" + hostname: "{{ docker_nginx_hostname }}" + volumes: + - "{{ docker_base_volume_path }}/wordpress:/var/www/html" + - "{{ docker_base_volume_path }}/nginx/conf:/etc/nginx/conf.d" + - "{{ docker_base_volume_path }}/nginx/logs:/var/log/nginx" + restart: true diff --git a/ansible/playbooks/roles/wordpress-docker/tasks/nginx_https.yml b/ansible/playbooks/roles/wordpress-docker/tasks/nginx_https.yml new file mode 100644 index 0000000..72f2a7d --- /dev/null +++ b/ansible/playbooks/roles/wordpress-docker/tasks/nginx_https.yml @@ -0,0 +1,17 @@ +--- +- name: Start Nginx Container (HTTPS) + docker_container: + name: nginx + image: nginx + ports: + - "80:80" + - "443:443" + networks: + - name: "{{ docker_network_name }}" + hostname: "{{ docker_nginx_hostname }}" + volumes: + - "{{ docker_base_volume_path }}/wordpress:/var/www/html" + - "{{ docker_base_volume_path }}/nginx/conf:/etc/nginx/conf.d" + - "{{ docker_base_volume_path }}/nginx/logs:/var/log/nginx" + - "{{ docker_base_volume_path }}/nginx/ssl:/etc/nginx/ssl/:ro" + restart: true diff --git a/ansible/playbooks/templates/nginx.j2 b/ansible/playbooks/roles/wordpress-docker/templates/nginx.j2 similarity index 77% rename from ansible/playbooks/templates/nginx.j2 rename to ansible/playbooks/roles/wordpress-docker/templates/nginx.j2 index 329eca3..e067326 100644 --- a/ansible/playbooks/templates/nginx.j2 +++ b/ansible/playbooks/roles/wordpress-docker/templates/nginx.j2 @@ -15,13 +15,22 @@ server { root /var/www/html; index index.php; - - ssl_certificate /etc/nginx/ssl/fullchain.pem; - ssl_certificate_key /etc/nginx/ssl/privatekey.pem; + # Needed to upload backups client_max_body_size 40M; + # Try to support website restore plugin + + proxy_read_timeout 600s; + keepalive_timeout 600s; + + + + ssl_certificate /etc/nginx/ssl/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/privatekey.pem; + + location / { proxy_pass http://{{ docker_wordpress_hostname }}:80; proxy_set_header Host $host; @@ -29,4 +38,5 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } + } \ No newline at end of file diff --git a/ansible/playbooks/templates/nginx.j2_http b/ansible/playbooks/roles/wordpress-docker/templates/nginx.j2_http similarity index 100% rename from ansible/playbooks/templates/nginx.j2_http rename to ansible/playbooks/roles/wordpress-docker/templates/nginx.j2_http diff --git a/ansible/playbooks/wordpress.yaml b/ansible/playbooks/wordpress.yaml index a14ef46..a4604f8 100644 --- a/ansible/playbooks/wordpress.yaml +++ b/ansible/playbooks/wordpress.yaml @@ -2,12 +2,9 @@ - name: Install and configure Wordpress hosts: web become : True - collections: - - chrissayon.wordpress_docker + roles: - geerlingguy.docker - - chrissayon.wordpress_docker.network - - chrissayon.wordpress_docker.mysql - - chrissayon.wordpress_docker.wordpress + - wordpress-docker - certbot \ No newline at end of file