ansible/inventories/automotive.yaml

@@ -4,5 +4,4 @@ automotive:
     web:
       hosts:
         automotive.sse.cloud.isti.cnr.it:
-          ansible_host: 146.48.29.251 
         #automotive2.sse.cloud.isti.cnr.it:

ansible/inventories/group_vars/automotive/automotive.yaml

@@ -1,30 +1,31 @@
 ---
-#Common Docker 
-docker_network_name: wp_net
+# Docker 
+wordpress_docker_tag: 7.0.0-php8.2-apache
+mysql_docker_tag: 9.7.0
+nginx_docker_tag: 1.31.1
+
 docker_base_volume_path: /usr/data/wp
 
 
 # MYSQL Docker 
-mysql_docker_tag: 9.7.0
-docker_mysql_hostname: web_db
-
-db_name: automotive_test_db
-db_user: automotive_test_db_u
+db_name: automotive_db
+db_user: automotive_db_u
 db_password:  "{{ automotive_mysql_user_password }}"
 db_root_password: "{{ automotive_mysql_root_password }}"
 
 
 #NGINX Docker 
-nginx_docker_tag: 1.31.1
 nginx_server_name: automotive.sse.cloud.isti.cnr.it
 ssl: true
 
-#WORDPRESS Docker
-wordpress_docker_tag: 7.0.0-php8.2-apache
-docker_wordpress_hostname: automotive_test
 
-#CERTBOT for letsencrypt
-certbot_create_method: webroot
+# WORDPRESS
+wordpress_debug : true
+wordpress_debug_log: true
+
+
+#******* CERTBOT for letsencrypt
+certbot_create_method: standalone
 certbot_create_if_missing: true
 certbot_admin_email: fabio.sinibaldi@isti.cnr.it
 
@@ -35,5 +36,5 @@ certbot_certs:
     - "{{ nginx_server_name }}"
 
 #Certbot verbose level
-certbot_create_extra_args: "-v"
+certbot_create_extra_args: "-vvv"
 certbot_testmode: false

ansible/playbooks/docker_deploy_image.yaml

@@ -0,0 +1,29 @@
+---
+- name: Create and run container
+  hosts: all
+  become : true
+  vars:
+    image_name: ubuntu
+    image_tag: latest
+    image_hostname: ubuntu
+    image_network:
+      - wp_net
+    image_volumes:
+      - "/usr/data/wp/wordpress/:/var/www"
+
+
+  tasks:
+  - name: Pull Image
+    docker_image:
+      name: "{{ image_name }}:{{ image_tag }}"
+      source: pull
+
+  - name: Create container with pulled image
+    docker_container:
+      name: "{{ image_name }}"
+      image: "{{ image_name }}"
+      networks:
+        - name: "{{ image_network }}"
+      hostname: "{{ image_hostname }}"
+      volumes: "{{image_volumes}}"
+      restart: true

ansible/playbooks/misc_tests.yaml

@@ -0,0 +1,9 @@
+---
+- name: Misc tests
+  hosts: web
+
+  tasks:
+    - name: Using dict2items
+      ansible.builtin.debug:
+        msg: "{{ item.name }}"
+      loop: "{{ certbot_certs }}"

ansible/playbooks/roles/certbot/defaults/main.yaml

@@ -0,0 +1 @@
+certbot_with_dockered_nginx : True

ansible/playbooks/roles/certbot/tasks/certbot_with_dockered_nginx.yaml

@@ -0,0 +1,54 @@
+---
+# Stop NGINX
+- name: Stop NGINX 
+  docker_container:
+    name: nginx
+    state: stopped
+
+# Manage certbot
+
+- name: Instal and configure certbot
+  include_role:
+    name: geerlingguy.certbot
+
+
+- name: Copy fullchain files to nginx volume
+  ansible.builtin.copy:
+    src: "/etc/letsencrypt/live/{{ item.name }}/fullchain.pem"
+    #TODO nginx configuration is not multi domain
+    dest: "{{ docker_base_volume_path }}/nginx/ssl/fullchain.pem"
+    remote_src: true
+    mode: '0644'
+  loop: "{{ certbot_certs }}"
+
+- name: Copy privkey files to nginx volume
+  ansible.builtin.copy:
+    src: "/etc/letsencrypt/live/{{ item.name }}/privkey.pem"
+    #TODO nginx configuration is not multi domain
+    dest: "{{ docker_base_volume_path }}/nginx/ssl/privatekey.pem"
+    remote_src: true
+    mode: '0644'
+  loop: "{{ certbot_certs }}"
+
+
+- name: Setting up Docker NGINX renewal hooks 
+  template:
+    src: "docker_nginx_{{ item }}.j2"
+    dest: "/etc/letsencrypt/renewal-hooks/{{ item }}/docker_nginx_{{ item }}.sh"
+    mode: '0744'
+  loop: 
+    - pre
+    - post
+
+- name: Removing systemctl hooks
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - "/etc/letsencrypt/renewal-hooks/pre/stop_services"
+    - "/etc/letsencrypt/renewal-hooks/post/start_services"
+
+# Start NGINX
+- name: Start NGINX
+  docker_container:
+    name: nginx

ansible/playbooks/roles/certbot/tasks/main.yaml

@@ -0,0 +1,3 @@
+---
+- include_tasks: certbot_with_dockered_nginx.yaml
+  when: certbot_with_dockered_nginx

ansible/playbooks/roles/certbot/templates/docker_nginx_post.j2

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+{% for item in certbot_certs %}
+cp /etc/letsencrypt/live/{{ item.name }}/fullchain.pem {{ docker_base_volume_path }}/nginx/ssl/fullchain.pem
+cp /etc/letsencrypt/live/{{ item.name }}/privkey.pem {{ docker_base_volume_path }}/nginx/ssl/private.pem
+{% endfor %}
+
+docker start nginx
+
+docker ps 

ansible/playbooks/roles/certbot/templates/docker_nginx_pre.j2

@@ -0,0 +1,5 @@
+#!/bin/sh
+docker stop nginx
+
+docker ps 
+

ansible/playbooks/roles/docker-certbot/tasks/main.yaml

@@ -8,8 +8,11 @@
   docker_container:
     name: certbot
     image: certbot/certbot
+    command: "certonly --standalone --non-interactive -v --dry-run -d {{ nginx_server_name}} --agree-tos -m {{ certbot_domain_mail }}"
     networks:
       - name: "{{ docker_network_name }}"
+    ports: 
+      - "81:80"
     hostname: certbot
     volumes:
       - "{{ docker_base_volume_path }}/certbot/logs:/var/log/letsencrypt"

ansible/playbooks/roles/wordpress-docker/defaults/main.yaml

@@ -0,0 +1,27 @@
+---
+wordpress_docker_tag: latest
+nginx_docker_tag: latest
+mysql_docker_tag: latest
+
+docker_network_name: wordpress_network
+docker_wordpress_hostname: wordpress_host
+docker_nginx_hostname: nginx_host
+docker_mysql_hostname: mysql_host
+
+docker_base_volume_path: /home/wordpress_docker
+
+
+nginx_server_name: default_server
+ssl: false
+
+db_name: wordpress_database
+db_user: wordpress_user
+db_password: wordpress_password
+db_root_password: wordpress_rootpassword
+
+wordpress_debug : false
+wordpress_debug_log: false
+
+
+
+

ansible/playbooks/roles/wordpress-docker/tasks/main.yml

@@ -0,0 +1,57 @@
+---
+- name: Pull docker images
+  docker_image:
+    name: "{{ item.name }}"
+    tag: "{{ item.tag }}"
+    source: pull
+  loop:
+    - name : wordpress
+      tag: "{{ wordpress_docker_tag }}"
+    - name: mysql
+      tag : "{{ mysql_docker_tag }}"
+    - name: nginx
+      tag : "{{ nginx_docker_tag }}"
+    
+
+- name: Create docker network
+  docker_network:
+    name: "{{ docker_network_name }}"
+    state: present
+
+
+- name: Create container with mysql image
+  docker_container:
+    name: mysql
+    image: mysql
+    networks:
+      - name: "{{ docker_network_name }}"
+    hostname: "{{ docker_mysql_hostname }}"
+    env:
+      MYSQL_DATABASE: "{{ db_name }}"
+      MYSQL_USER: "{{ db_user }}"
+      MYSQL_PASSWORD: "{{ db_password }}"
+      MYSQL_ROOT_PASSWORD: "{{ db_root_password }}"
+    volumes:
+      - "{{ docker_base_volume_path }}/temp_db_data:/var/tmp"
+
+
+- name: Create container with Wordpress image
+  docker_container:
+    name: wordpress
+    image: wordpress
+    networks:
+      - name: "{{ docker_network_name }}"
+    hostname: "{{ docker_wordpress_hostname }}"
+    env:
+      WORDPRESS_DB_HOST: "{{ docker_mysql_hostname }}"
+      WORDPRESS_DB_NAME: "{{ db_name }}"
+      WORDPRESS_DB_USER: "{{ db_user }}"
+      WORDPRESS_DB_PASSWORD: "{{ db_password }}"
+      WORDPRESS_DEBUG: " {{ wordpress_debug }} "
+      WORDPRESS_DEBUG_LOG: " {{ wordpress_debug_log }} "
+    volumes:
+      - "{{ docker_base_volume_path }}/wordpress:/var/www/html"
+    restart: true
+
+- include_tasks: nginx.yaml
+  when: ssl is true

ansible/playbooks/roles/wordpress-docker/tasks/nginx.yaml

@@ -0,0 +1,18 @@
+---
+- name: Create conf folder to put nginx folder
+  ansible.builtin.file:
+    path: "{{ docker_base_volume_path }}/nginx/conf"
+    state: directory
+    mode: "0755"
+
+- name: Copy nginx.conf to server
+  template:
+    src: templates/nginx.j2
+    dest: "{{ docker_base_volume_path }}/nginx/conf/nginx.conf"
+
+
+- include_tasks: nginx_http.yml
+  when: ssl is false
+
+- include_tasks: nginx_https.yml
+  when: ssl is true

ansible/playbooks/roles/wordpress-docker/tasks/nginx_http.yml

@@ -0,0 +1,15 @@
+---
+- name: Start Nginx Container (HTTP)
+  docker_container:
+    name: nginx
+    image: nginx
+    ports:
+      - "80:80"
+    networks:
+      - name: "{{ docker_network_name }}"
+    hostname: "{{ docker_nginx_hostname }}"
+    volumes:
+      - "{{ docker_base_volume_path }}/wordpress:/var/www/html"
+      - "{{ docker_base_volume_path }}/nginx/conf:/etc/nginx/conf.d"
+      - "{{ docker_base_volume_path }}/nginx/logs:/var/log/nginx"
+    restart: true

ansible/playbooks/roles/wordpress-docker/tasks/nginx_https.yml

@@ -0,0 +1,17 @@
+---
+- name: Start Nginx Container (HTTPS)
+  docker_container:
+    name: nginx
+    image: nginx
+    ports:
+      - "80:80"
+      - "443:443"
+    networks:
+      - name: "{{ docker_network_name }}"
+    hostname: "{{ docker_nginx_hostname }}"
+    volumes:
+      - "{{ docker_base_volume_path }}/wordpress:/var/www/html"
+      - "{{ docker_base_volume_path }}/nginx/conf:/etc/nginx/conf.d"
+      - "{{ docker_base_volume_path }}/nginx/logs:/var/log/nginx"
+      - "{{ docker_base_volume_path }}/nginx/ssl:/etc/nginx/ssl/:ro"
+    restart: true

ansible/playbooks/roles/wordpress-docker/templates/nginx.j2

@@ -15,9 +15,21 @@ server {
     root   /var/www/html;
     index  index.php;
 
-    ssl_certificate /etc/nginx/ssl/fullchain.pem;
+    # Needed to upload backups 
+
+    client_max_body_size 40M;
+
+
+    # Try to support website restore plugin 
+
+    proxy_read_timeout 600s;
+    keepalive_timeout 600s;
+
+
+
+     ssl_certificate /etc/nginx/ssl/fullchain.pem;
     ssl_certificate_key /etc/nginx/ssl/privatekey.pem;
-    {# ssl_trusted_certificate /etc/nginx/ssl/intermediatecertificate.pem; #}
+
 
     location / {
         proxy_pass http://{{ docker_wordpress_hostname }}:80;
@@ -26,4 +38,5 @@ server {
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
     }
+
 }

ansible/playbooks/roles/wordpress-docker/templates/nginx.j2_http

@@ -3,6 +3,9 @@ server {
     listen [::]:80;
     server_name {{ nginx_server_name }};
 
+    client_max_body_size 40M;
+
+
     root   /var/www/html;
     index  index.php;
 

ansible/playbooks/wordpress.yaml

@@ -2,61 +2,9 @@
 - name: Install and configure Wordpress
   hosts: web
   become : True
-  collections:
-    - chrissayon.wordpress_docker
+  
 
   roles:
     - geerlingguy.docker
-    - chrissayon.wordpress_docker.network
-    - chrissayon.wordpress_docker.mysql
-    - chrissayon.wordpress_docker.wordpress
-
-
-  tasks:
-    # Need to stop using port 80 for certbot webroot validation
-    - name: Gathering NGINX container state
-      docker_container_info:
-        name: nginx
-      register: nginx_info
-
-    - name: Stop NGINX if present
-      docker_container:
-        name: nginx
-        state: stopped
-      when: 
-        - nginx_info.exists
-
-    # Manage certbot
-
-    - name: Install / configure certbot
-      include_role: 
-        name: geerlingguy.certbot
-
-    # Copy certificates
-    # configured volume for ssl is 
-    # "/usr/data/wp/nginx/ssl:/etc/nginx/ssl/:ro"
-
-    - name: Copy fullchain files to nginx volume
-      ansible.builtin.copy:
-        src: "/etc/letsencrypt/live/{{ item.name }}/fullchain.pem"
-        #TODO nginx configuration is not multi domain
-        dest: "{{ docker_base_volume_path }}/nginx/ssl/fullchain.pem"
-        remote_src: true
-        mode: '0644'
-      loop: "{{ certbot_certs }}"
-
-    - name: Copy privkey files to nginx volume
-      ansible.builtin.copy:
-        src: "/etc/letsencrypt/live/{{ item.name }}/privkey.pem"
-        #TODO nginx configuration is not multi domain
-        dest: "{{ docker_base_volume_path }}/nginx/ssl/privatekey.pem"
-        remote_src: true
-        mode: '0644'
-      loop: "{{ certbot_certs }}"
-
-
-    # Restart NGINX
-
-    - name: (Re)start NGINX
-      include_role:
-        name: chrissayon.wordpress_docker.nginx
+    - wordpress-docker
+    - certbot