Add support for nginx with reverse proxy to embedded server
This deploys the existing embedded server service but adds a nginx reverse proxy on top. Change-Id: I06837e39c20ce9390a39fc1ef2ee046934e6f38a
This commit is contained in:
parent
58d1ec51bb
commit
f107ec0aef
@ -33,3 +33,6 @@ ara:
|
|||||||
server: embedded
|
server: embedded
|
||||||
# Type (mod_wsgi, standalone, embedded-proxy, etc.)
|
# Type (mod_wsgi, standalone, embedded-proxy, etc.)
|
||||||
type: standalone
|
type: standalone
|
||||||
|
nginx:
|
||||||
|
# Where nginx will store the proxy cache
|
||||||
|
cache_directory: /var/cache/nginx
|
||||||
|
@ -18,13 +18,23 @@
|
|||||||
daemon_reload: yes
|
daemon_reload: yes
|
||||||
|
|
||||||
- name: restart apache
|
- name: restart apache
|
||||||
|
become: true
|
||||||
service:
|
service:
|
||||||
name: "{{ apache_service }}"
|
name: "{{ apache_service }}"
|
||||||
state: restarted
|
state: restarted
|
||||||
|
when: ara.deployment.server == 'apache'
|
||||||
|
|
||||||
|
- name: restart nginx
|
||||||
become: true
|
become: true
|
||||||
|
service:
|
||||||
|
name: nginx
|
||||||
|
state: restarted
|
||||||
|
when: ara.deployment.server == 'nginx'
|
||||||
|
|
||||||
- name: restart ara
|
- name: restart ara
|
||||||
|
become: true
|
||||||
service:
|
service:
|
||||||
name: ara
|
name: ara
|
||||||
state: restarted
|
state: restarted
|
||||||
become: true
|
when: ara.deployment.server == 'embedded' or
|
||||||
|
ara.deployment.server == 'nginx' and ara.deployment.type == 'embedded_proxy'
|
@ -65,6 +65,9 @@
|
|||||||
src: logrotate.conf.j2
|
src: logrotate.conf.j2
|
||||||
dest: /etc/logrotate.d/ara
|
dest: /etc/logrotate.d/ara
|
||||||
|
|
||||||
|
- name: Include web server configuration
|
||||||
|
include_tasks: "{{ ara.deployment.server }}/{{ ara.deployment.type }}.yml"
|
||||||
|
|
||||||
- name: Create the ARA configuration file
|
- name: Create the ARA configuration file
|
||||||
become: true
|
become: true
|
||||||
ini_file:
|
ini_file:
|
||||||
@ -79,6 +82,7 @@
|
|||||||
with_dict: "{{ ara.config }}"
|
with_dict: "{{ ara.config }}"
|
||||||
notify:
|
notify:
|
||||||
- restart ara
|
- restart ara
|
||||||
|
- restart nginx
|
||||||
|
|
||||||
- name: Get ARA installed location
|
- name: Get ARA installed location
|
||||||
shell: python -c "import os,ara; print(os.path.dirname(ara.__file__))"
|
shell: python -c "import os,ara; print(os.path.dirname(ara.__file__))"
|
||||||
@ -97,27 +101,26 @@
|
|||||||
- { option: callback_plugins, value: "{{ ara_location.stdout }}/plugins/callbacks" }
|
- { option: callback_plugins, value: "{{ ara_location.stdout }}/plugins/callbacks" }
|
||||||
- { option: action_plugins, value: "{{ ara_location.stdout }}/plugins/actions" }
|
- { option: action_plugins, value: "{{ ara_location.stdout }}/plugins/actions" }
|
||||||
|
|
||||||
- name: Include web server configuration
|
|
||||||
include_tasks: "{{ ara.deployment.server }}/{{ ara.deployment.type }}.yml"
|
|
||||||
|
|
||||||
- name: Provide web application URL
|
- name: Provide web application URL
|
||||||
vars:
|
vars:
|
||||||
msg: >-
|
msg: >-
|
||||||
ARA was installed succesfully !
|
ARA was installed succesfully !
|
||||||
The web application should now be reachable at http://{{ ara.config.host }}:{{ ara.config.port }} !
|
The web application should now be reachable at http://{{ ara.config.host_proxy | default(ara.config.host) }}:{{ ara.config.port_proxy | default(ara.config.port) }} !
|
||||||
To customize the host and port on which the application listens to, override the defaults for the ara_host and ara_port variables.
|
|
||||||
Data from recorded playbooks will be available in the interface as soon as you run your first ansible-playbook command.
|
|
||||||
debug:
|
debug:
|
||||||
msg: "{{ msg.split('\n') }}"
|
msg: "{{ msg.split('\n') }}"
|
||||||
|
|
||||||
- name: Provide instructions
|
- name: Provide instructions
|
||||||
vars:
|
vars:
|
||||||
msg: >-
|
msg: >-
|
||||||
We've set up a configuration file for you in /etc/ara/ara.cfg.
|
To customize the host and port on which the web application is served, supply an 'ara_override' dictionary variables with new host and port keys.
|
||||||
The ARA service is already using this configuration but you'll need to make sure Ansible is using it so that Ansible knows where ARA is located.
|
|
||||||
|
|
||||||
This can be done from using Ansible or the ARA CLI commands directly from that directory or by using the ANSIBLE_CONFIG environment variable, like so:
|
A configuration file was set up automatically in /etc/ara/ara.cfg.
|
||||||
export ANSIBLE_CONFIG=/etc/ara/ara.cfg
|
The ARA service is already using this configuration file but you'll need to make sure Ansible is using it so that Ansible knows where ARA is located.
|
||||||
ansible-playbook playbook.yml
|
|
||||||
|
This can be done by exporting the ANSIBLE_CONFIG environment variable, like so:
|
||||||
|
$ export ANSIBLE_CONFIG=/etc/ara/ara.cfg
|
||||||
|
$ ansible-playbook playbook.yml
|
||||||
|
|
||||||
|
Data from recorded playbooks will be available in the interface as soon as you run your first ansible-playbook command.
|
||||||
debug:
|
debug:
|
||||||
msg: "{{ msg.split('\n') }}"
|
msg: "{{ msg.split('\n') }}"
|
||||||
|
41
tasks/nginx/embedded_proxy.yml
Normal file
41
tasks/nginx/embedded_proxy.yml
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
# We're setting ara.host to localhost, there's no point in making the web
|
||||||
|
# application listen on 0.0.0.0 or other things since it'll be proxied by nginx
|
||||||
|
- name: Override ARA host when reverse proxying
|
||||||
|
vars:
|
||||||
|
override:
|
||||||
|
config:
|
||||||
|
host: 127.0.0.1
|
||||||
|
proxy_host: "{{ ara.config.host }}"
|
||||||
|
proxy_port: 80
|
||||||
|
set_fact:
|
||||||
|
ara: "{{ ara | combine(override, recursive=true) }}"
|
||||||
|
|
||||||
|
- name: Install the embedded server service
|
||||||
|
include_tasks: ../embedded/standalone.yml
|
||||||
|
|
||||||
|
- name: Set selinux boolean to allow nginx to reverse proxy
|
||||||
|
become: yes
|
||||||
|
seboolean:
|
||||||
|
name: httpd_can_network_connect
|
||||||
|
state: yes
|
||||||
|
persistent: yes
|
||||||
|
when: ansible_os_family == "RedHat"
|
||||||
|
|
||||||
|
- name: Install nginx
|
||||||
|
include_tasks: install.yml
|
||||||
|
|
||||||
|
- name: Set up the nginx configuration
|
||||||
|
template:
|
||||||
|
src: nginx_embedded_proxy.conf.j2
|
||||||
|
dest: "{{ nginx_config_path }}/ara.conf"
|
||||||
|
notify:
|
||||||
|
- restart nginx
|
||||||
|
|
||||||
|
- name: Enable the nginx configuration on Debian-like systems
|
||||||
|
file:
|
||||||
|
src: "{{ nginx_config_path }}/ara.conf"
|
||||||
|
dest: /etc/nginx/sites-enabled/ara.conf
|
||||||
|
state: link
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
notify:
|
||||||
|
- restart nginx
|
46
tasks/nginx/install.yml
Normal file
46
tasks/nginx/install.yml
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
# This is designed to be as little invasive as possible since the user might
|
||||||
|
# already be installing and configuring nginx.
|
||||||
|
|
||||||
|
- when: ansible_os_family == 'RedHat'
|
||||||
|
block:
|
||||||
|
- name: Ensure EPEL is installed on RedHat distributions
|
||||||
|
package:
|
||||||
|
name: epel-release
|
||||||
|
state: installed
|
||||||
|
|
||||||
|
- name: Ensure the EPEL repository is enabled
|
||||||
|
ini_file:
|
||||||
|
path: /etc/yum.repos.d/epel.repo
|
||||||
|
section: epel
|
||||||
|
option: enabled
|
||||||
|
value: 1
|
||||||
|
register: epel_state
|
||||||
|
|
||||||
|
- name: Install nginx
|
||||||
|
package:
|
||||||
|
name: nginx
|
||||||
|
state: installed
|
||||||
|
|
||||||
|
# We don't want to leave EPEL enabled if it was disabled to begin with
|
||||||
|
- name: Disable EPEL on Red Hat distributions if it was disabled
|
||||||
|
ini_file:
|
||||||
|
path: /etc/yum.repos.d/epel.repo
|
||||||
|
section: epel
|
||||||
|
option: enabled
|
||||||
|
value: 0
|
||||||
|
when:
|
||||||
|
- ansible_os_family == 'RedHat'
|
||||||
|
- epel_state is changed
|
||||||
|
|
||||||
|
- name: Ensure nginx is started and enabled
|
||||||
|
service:
|
||||||
|
name: nginx
|
||||||
|
state: started
|
||||||
|
enabled: yes
|
||||||
|
|
||||||
|
- name: Create the nginx cache directory
|
||||||
|
file:
|
||||||
|
path: "{{ ara.deployment.nginx.cache_directory }}"
|
||||||
|
state: directory
|
||||||
|
owner: "{{ nginx_user }}"
|
||||||
|
group: "{{ nginx_group }}"
|
31
templates/nginx_embedded_proxy.conf.j2
Normal file
31
templates/nginx_embedded_proxy.conf.j2
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
proxy_cache_path {{ ara.deployment.nginx.cache_directory }} levels=1:2
|
||||||
|
keys_zone=ara:5m max_size=1g inactive=1d use_temp_path=off;
|
||||||
|
|
||||||
|
upstream ara {
|
||||||
|
server {{ ara.config.host }}:{{ ara.config.port }};
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen {{ ara.config.proxy_port }};
|
||||||
|
server_name {{ ara.config.proxy_host }};
|
||||||
|
access_log /var/log/nginx/ara_access.log;
|
||||||
|
error_log /var/log/nginx/ara_error.log;
|
||||||
|
|
||||||
|
location {{ ara.config.application_root }} {
|
||||||
|
# Define the location of the proxy server to send the request to
|
||||||
|
proxy_pass http://ara;
|
||||||
|
|
||||||
|
# Redefine the header fields that NGINX sends to the upstream server
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
|
proxy_cache ara;
|
||||||
|
proxy_cache_revalidate on;
|
||||||
|
proxy_cache_valid any 15m;
|
||||||
|
proxy_cache_min_uses 1;
|
||||||
|
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
|
||||||
|
proxy_cache_background_update on;
|
||||||
|
proxy_cache_lock on;
|
||||||
|
}
|
||||||
|
}
|
@ -32,3 +32,7 @@ apache_user: www-data
|
|||||||
apache_group: www-data
|
apache_group: www-data
|
||||||
apache_log_path: /var/log/apache2
|
apache_log_path: /var/log/apache2
|
||||||
apache_config_path: /etc/apache2/sites-available
|
apache_config_path: /etc/apache2/sites-available
|
||||||
|
|
||||||
|
nginx_user: www-data
|
||||||
|
nginx_group: www-data
|
||||||
|
nginx_config_path: /etc/nginx/sites-available
|
||||||
|
@ -34,3 +34,7 @@ apache_user: apache
|
|||||||
apache_group: apache
|
apache_group: apache
|
||||||
apache_log_path: /var/log/httpd
|
apache_log_path: /var/log/httpd
|
||||||
apache_config_path: /etc/httpd/conf.d
|
apache_config_path: /etc/httpd/conf.d
|
||||||
|
|
||||||
|
nginx_user: nginx
|
||||||
|
nginx_group: nginx
|
||||||
|
nginx_config_path: /etc/nginx/conf.d
|
||||||
|
Loading…
Reference in New Issue
Block a user