mirror of
https://github.com/rocky-linux/infrastructure
synced 2024-11-22 05:01:27 +00:00
removing nginx
This commit is contained in:
parent
f755147df9
commit
e9589a3985
@ -1,46 +1,23 @@
|
||||
---
|
||||
- name: Install nginx normally
|
||||
yum:
|
||||
name: nginx
|
||||
state: present
|
||||
|
||||
- name: Reconfigure Main nginx configuration
|
||||
template:
|
||||
src: "etc/nginx/nginx.conf.j2"
|
||||
dest: "/etc/nginx/nginx.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
backup: true
|
||||
|
||||
- name: Add omnibus nginx configuration
|
||||
template:
|
||||
src: "etc/nginx/conf.d/omnibus.conf.j2"
|
||||
dest: "/etc/nginx/conf.d/omnibus.conf"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0644'
|
||||
backup: true
|
||||
|
||||
- name: Copy self-signed certificates from GitLab
|
||||
- name: Copy certificates from ipa-getcert directory
|
||||
copy:
|
||||
src: "/etc/gitlab/ssl/{{ gitlab_domain }}.crt"
|
||||
dest: "/etc/nginx/ssl/{{ gitlab_domain }}.crt"
|
||||
owner: root
|
||||
src: "/etc/pki/tls/certs/{{ gitlab_domain }}.crt"
|
||||
dest: "/etc/gitlab/ssl/{{ gitlab_domain }}.crt"
|
||||
owner: gitlab-www
|
||||
group: root
|
||||
mode: '0644'
|
||||
remote_src: true
|
||||
when: gitlab_create_self_signed_cert
|
||||
when: not gitlab_create_self_signed_cert
|
||||
|
||||
- name: Copy self-signed certificate key
|
||||
- name: Copy keys from ipa-getcert directory
|
||||
copy:
|
||||
src: "/etc/gitlab/ssl/{{ gitlab_domain }}.key"
|
||||
dest: "/etc/nginx/ssl/{{ gitlab_domain }}.key"
|
||||
owner: root
|
||||
src: "/etc/pki/tls/private/{{ gitlab_domain }}.key"
|
||||
dest: "/etc/gitlab/ssl/{{ gitlab_domain }}.key"
|
||||
owner: gitlab-www
|
||||
group: root
|
||||
mode: '0644'
|
||||
mode: '0600'
|
||||
remote_src: true
|
||||
when: gitlab_create_self_signed_cert
|
||||
when: not gitlab_create_self_signed_cert
|
||||
|
||||
- name: Symlink the IPA CA
|
||||
file:
|
||||
@ -50,10 +27,6 @@
|
||||
group: root
|
||||
state: link
|
||||
|
||||
- name: Symlink the hash
|
||||
command: "openssl rehash /etc/gitlab/trusted-certs"
|
||||
changed_when: "1 != 1"
|
||||
|
||||
- name: Turn on necessary SELinux booleans
|
||||
ansible.posix.seboolean:
|
||||
name: "{{ item }}"
|
||||
@ -65,21 +38,12 @@
|
||||
- httpd_can_connect_ldap
|
||||
- httpd_read_user_content
|
||||
|
||||
- name: Stop nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: stopped
|
||||
|
||||
- name: Change fcontext to GitLab unix socket for nginx
|
||||
community.general.sefcontext:
|
||||
target: "/var/opt/gitlab/gitlab-workhorse/sockets/socket"
|
||||
setype: httpd_var_run_t
|
||||
state: present
|
||||
|
||||
- name: Apply fcontext to GitLab unix socket for nginx
|
||||
command: restorecon -v /var/opt/gitlab/gitlab-workhorse/sockets/socket
|
||||
register: restorecon_result
|
||||
changed_when: "restorecon_result.rc == 0"
|
||||
- name: Reconfigure gitlab is we're asked to
|
||||
command: /usr/bin/gitlab-ctl reconfigure
|
||||
register: gitlab_ctl_result
|
||||
changed_when: "gitlab_ctl_result.rc == 0"
|
||||
when:
|
||||
- gitlab_reconfigure_only
|
||||
|
||||
- name: Add firewall rules - http/s
|
||||
ansible.posix.firewalld:
|
||||
@ -91,15 +55,10 @@
|
||||
- http
|
||||
- https
|
||||
|
||||
- name: Add nginx user to git groups
|
||||
user:
|
||||
name: nginx
|
||||
shell: /sbin/nologin
|
||||
groups: gitlab-www,git
|
||||
append: yes
|
||||
|
||||
- name: Enable and Start nginx
|
||||
service:
|
||||
name: nginx
|
||||
enabled: true
|
||||
state: started
|
||||
- name: Deploy correct script
|
||||
template:
|
||||
src: "usr/local/bin/fix_gitlab_certs.sh"
|
||||
dest: "/usr/local/bin/fix_gitlab_certs.sh"
|
||||
owner: root
|
||||
group: root
|
||||
mode: '0750'
|
||||
|
@ -18,6 +18,7 @@ gitlab_rails['gitlab_default_theme'] = "{{ gitlab_default_theme }}"
|
||||
nginx['redirect_http_to_https'] = {{ gitlab_redirect_http_to_https }}
|
||||
nginx['ssl_certificate'] = "{{ gitlab_ssl_certificate }}"
|
||||
nginx['ssl_certificate_key'] = "{{ gitlab_ssl_certificate_key }}"
|
||||
letsencrypt['enable'] = false
|
||||
|
||||
# The directory where Git repositories will be stored.
|
||||
git_data_dirs({"default" => {"path" => "{{ gitlab_git_data_dir }}"} })
|
||||
@ -120,8 +121,8 @@ registry_nginx['ssl_certificate_key'] = "{{ gitlab_registry_nginx_ssl_certificat
|
||||
|
||||
# To change other settings, see:
|
||||
# https://gitlab.com/gitlab-org/omnibus-gitlab/blob/master/README.md#changing-gitlab-yml-settings
|
||||
nginx['enable'] = false
|
||||
nginx['external_users'] = ['nginx']
|
||||
#nginx['enable'] = false
|
||||
#nginx['external_users'] = ['nginx']
|
||||
|
||||
{% if gitlab_external_db %}
|
||||
postgresql['enable'] = false
|
||||
|
@ -0,0 +1,7 @@
|
||||
#!/bin/bash
|
||||
|
||||
/bin/cp "{{ gitlab_ssl_key }}" /etc/gitlab/ssl/
|
||||
/bin/cp "{{ gitlab_ssl_cert }}" /etc/gitlab/ssl/
|
||||
/bin/chown gitlab-www /etc/gitlab/ssl/*.{crt,key}
|
||||
/bin/chmod 600 /etc/gitlab/ssl/*.key
|
||||
/usr/bin/gitlab-ctl hup nginx
|
@ -58,8 +58,7 @@ gitlab_smtp_ca_path: "/etc/pki/tls/certs"
|
||||
gitlab_smtp_ca_file: "/etc/pki/tls/certs/ca-bundle.crt"
|
||||
|
||||
# In case of reverse proxy
|
||||
gitlab_nginx_listen_port: 8080
|
||||
gitlab_nginx_listen_https: "false"
|
||||
gitlab_nginx_listen_https: "true"
|
||||
|
||||
gitlab_default_theme: 2
|
||||
|
||||
@ -71,7 +70,7 @@ gitlab_external_db_password: "{{ gitlab_db_pass }}"
|
||||
gitlab_registry_enable: "true"
|
||||
gitlab_registry_external_url: "https://git.rockylinux.org:5050"
|
||||
gitlab_registry_nginx_ssl_certificate: "{{ gitlab_ssl_certificate }}"
|
||||
gitlab_registry_nginx_ssl_certificate_key: "{{ gitlab_registry_nginx_ssl_certificate_key }}"
|
||||
gitlab_registry_nginx_ssl_certificate_key: "{{ gitlab_ssl_certificate_key }}"
|
||||
gitlab_trusted_proxies:
|
||||
- 10.100.20.20/32
|
||||
|
||||
@ -80,6 +79,6 @@ ipa_getcert_requested_hostnames:
|
||||
owner: nginx
|
||||
key_location: "{{ gitlab_ssl_key }}"
|
||||
cert_location: "{{ gitlab_ssl_cert }}"
|
||||
postcmd: "/bin/systemctl restart nginx"
|
||||
postcmd: "/usr/local/bin/fix_gitlab_certs.sh"
|
||||
cnames:
|
||||
- "git.rockylinux.org"
|
||||
|
Loading…
Reference in New Issue
Block a user