From 3e7cf6d52e34673ba6027949fc6cc961662cc396 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Wed, 1 Mar 2017 20:26:39 +0530 Subject: [PATCH 01/33] Added WooCommerce Rules Bypass --- roles/website/templates/wordpress/wpfc.conf | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/roles/website/templates/wordpress/wpfc.conf b/roles/website/templates/wordpress/wpfc.conf index 85fecb0..e0e2a7c 100644 --- a/roles/website/templates/wordpress/wpfc.conf +++ b/roles/website/templates/wordpress/wpfc.conf @@ -23,6 +23,7 @@ server { if ($request_method = POST) { set $skip_cache 1; } + if ($query_string != "") { set $skip_cache 1; } @@ -37,6 +38,17 @@ server { set $skip_cache 1; } + # Woo-commerce NGINX Cache Settings + if ($request_uri ~* "/shop.*|/store.*|/cart.*|/my-account.*|/checkout.*|/addons.*") { + set $skip_cache 1; + } + if ( $arg_add-to-cart != "" ) { + set $skip_cache 1; + } + if ( $cookie_woocommerce_items_in_cart != "" ) { + set $skip_cache 1; + } + # Use cached or actual file if they exists, Otherwise pass request to WordPress location / { try_files $uri $uri/ /index.php?$args; From fa1e0a8c6a1cb411571797f7f5225ac5f230dc9f Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Thu, 2 Mar 2017 20:40:45 +0530 Subject: [PATCH 02/33] UTC TimeZone --- group_vars/all | 5 ----- roles/libs/tasks/timezone.yml | 7 ++++++- roles/website/tasks/php.yml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/group_vars/all b/group_vars/all index c299758..dcf335e 100644 --- a/group_vars/all +++ b/group_vars/all @@ -4,11 +4,6 @@ remote_user: root ansible_python_interpreter: /usr/bin/python3 -# AnsiPress Server TimeZone -# Why you need UTC TimeZone - -# http://yellerapp.com/posts/2015-01-12-the-worst-server-setup-you-can-make.html -timezone: Etc/UTC - # Create New User Account # We can also pass username variable value using following command # ansible-playbook -i hosts -e user_name=mi setup.yml --extra-vars="username=AnsiPress" -v diff --git a/roles/libs/tasks/timezone.yml b/roles/libs/tasks/timezone.yml index 467441a..8c28d1b 100644 --- a/roles/libs/tasks/timezone.yml +++ b/roles/libs/tasks/timezone.yml @@ -1,4 +1,9 @@ --- # Setup TimeZone +# AnsiPress Server TimeZone +# Why you need UTC TimeZone - +# http://yellerapp.com/posts/2015-01-12-the-worst-server-setup-you-can-make.html + +# Dont Forget to Update TimeZone in PHP (UTC) - name: Setup Timezone to UTC, Hold on... - timezone: name={{ timezone }} + timezone: name=Etc/UTC diff --git a/roles/website/tasks/php.yml b/roles/website/tasks/php.yml index b096a6a..ef7c030 100644 --- a/roles/website/tasks/php.yml +++ b/roles/website/tasks/php.yml @@ -49,7 +49,7 @@ - { regexp: '^post_max_size', line: 'post_max_size = 100M' } - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300' } - - { regexp: '^;date.timezone', line: 'date.timezone = {{ timezone }}' } + - { regexp: '^;date.timezone', line: 'date.timezone = UTC' } when: package_install.changed == True - name: Changing PHP-FPM Log Location, Hold on... From 4a217a82979fdafec6ad39e96f079fbc85cba8de Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Fri, 3 Mar 2017 01:23:57 +0530 Subject: [PATCH 03/33] Fix #24 - PHP Separate Master Pool --- roles/bootstrap/tasks/main.yml | 1 + roles/libs/tasks/umask.yml | 9 + roles/user/tasks/main.yml | 24 +++ roles/website/handlers/main.yml | 4 +- roles/website/tasks/html.yml | 11 - roles/website/tasks/php.yml | 29 +-- roles/website/tasks/wp.yml | 7 +- roles/website/templates/php/php7.1-fpm | 191 ++++++++++++++++++ .../website/templates/php/php7.1-fpm.service | 13 ++ roles/website/templates/php/pool.conf | 30 +++ 10 files changed, 282 insertions(+), 37 deletions(-) create mode 100644 roles/libs/tasks/umask.yml create mode 100755 roles/website/templates/php/php7.1-fpm create mode 100644 roles/website/templates/php/php7.1-fpm.service create mode 100644 roles/website/templates/php/pool.conf diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml index 86116af..d5a3edc 100644 --- a/roles/bootstrap/tasks/main.yml +++ b/roles/bootstrap/tasks/main.yml @@ -2,6 +2,7 @@ - include: roles/libs/tasks/ping.yml - include: roles/libs/tasks/hostname.yml - include: roles/libs/tasks/timezone.yml +- include: roles/libs/tasks/umask.yml - include: roles/libs/tasks/apt/update.yml - include: roles/libs/tasks/apt/dist_upgrade.yml - include: roles/libs/tasks/apt/install.yml diff --git a/roles/libs/tasks/umask.yml b/roles/libs/tasks/umask.yml new file mode 100644 index 0000000..43754d5 --- /dev/null +++ b/roles/libs/tasks/umask.yml @@ -0,0 +1,9 @@ +--- +# Setup UMASK for Better Security +- name: Setup UMASK, Hold on... + lineinfile: + dest: "/etc/profile" + regexp: "{{ item.regexp }}" + line: "{{ item.line }}" + with_items: + - { regexp: '^umask', line: 'umask 0027' } diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml index 5f91835..4be1854 100644 --- a/roles/user/tasks/main.yml +++ b/roles/user/tasks/main.yml @@ -2,3 +2,27 @@ # Setup User Account - name: Setup User Account, Hold on... user: name={{ username | lower }} shell=/bin/bash + register: setup_user + +# Allow NGINX to Read files +- name: Grant NGINX Read Permissions, Hold on... + user: + name: www-data + groups: "{{ username | lower }}" + append: yes + when: setup_user.changed == True + +# https://github.com/ansible/ansible/issues/9196#issuecomment-57168074 +- name: Setup Direcroty, Hold on... + file: + path: "{{ item }}" + state: directory + owner: "{{ username | lower }}" + group: "{{ username | lower }}" + mode: "0750" + with_items: + - /home/{{ username | lower }}/vhosts/{{ website_name | lower }}/htdocs + - /home/{{ username | lower }}/vhosts/{{ website_name | lower }}/ssl + - /home/{{ username | lower }}/vhosts/{{ website_name | lower }}/conf + - /home/{{ username | lower }}/vhosts/{{ website_name | lower }}/logs + when: setup_user.changed == True diff --git a/roles/website/handlers/main.yml b/roles/website/handlers/main.yml index f95f361..9db972d 100644 --- a/roles/website/handlers/main.yml +++ b/roles/website/handlers/main.yml @@ -2,8 +2,8 @@ - name: service nginx reload service: name=nginx state=reloaded -- name: service php7.1-fpm reload - service: name=php7.1-fpm state=reloaded +- name: service php7.1-{{ username | lower }} restart + service: name=php7.1-{{ username | lower }} state=restarted - name: service mysql restart service: name=mysql state=restarted diff --git a/roles/website/tasks/html.yml b/roles/website/tasks/html.yml index 397a193..4aa0d4f 100644 --- a/roles/website/tasks/html.yml +++ b/roles/website/tasks/html.yml @@ -55,17 +55,6 @@ # The notify will call the ../handlers/main.yml notify: service nginx reload -- name: Setup Webroot & Logs Direcroty, Hold on... - file: - path: "{{ item }}" - state: directory - owner: "{{ username | lower }}" - group: "{{ username | lower }}" - with_items: - - /home/{{ username | lower }}/vhosts/{{ website_name | lower }}/htdocs - - /home/{{ username | lower }}/vhosts/{{ website_name | lower }}/ssl - - /home/{{ username | lower }}/vhosts/{{ website_name | lower }}/conf - - /home/{{ username | lower }}/vhosts/{{ website_name | lower }}/logs - name: Setup Symbolic Link for Logs, Hold on... file: diff --git a/roles/website/tasks/php.yml b/roles/website/tasks/php.yml index ef7c030..0bc1cb4 100644 --- a/roles/website/tasks/php.yml +++ b/roles/website/tasks/php.yml @@ -103,23 +103,16 @@ - { regexp: '^;php_admin_value\[memory_limit\]', line: ";php_admin_value[memory_limit] = 32M \nphp_admin_value[xdebug.profiler_output_dir] = /tmp/ \nphp_admin_value[xdebug.profiler_output_name] = cachegrind.out.%p-%H-%R \nphp_admin_flag[xdebug.profiler_enable_trigger] = on \nphp_admin_flag[xdebug.profiler_enable] = off" } when: package_install.changed == True +- name: Setup {{ username | lower }} Pool, Hold on... + template: src=php/pool.conf dest=/etc/php/7.1/fpm/pool.d/{{ username | lower }}.conf + when: setup_user.changed == True -- name: Creating PHP {{ username | lower }} Pool, Hold on... - copy: - src: /etc/php/7.1/fpm/pool.d/www.conf - dest: /etc/php/7.1/fpm/pool.d/{{ username | lower }}.conf - remote_src: true - -- name: Tunning PHP {{ username | lower }} Pool Variables, Hold on... - lineinfile: - dest: /etc/php/7.1/fpm/pool.d/{{ username | lower }}.conf - regexp: "{{ item.regexp }}" - backrefs: yes - line: "{{ item.line }}" +#- name: Setup php7.1-{ username | lower }} Service, Hold on... +- template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" with_items: - - { regexp: '^\[www\]', line: "[{{ username | lower }}]" } - - { regexp: '^user = www-data', line: 'user = {{ username | lower }}' } - - { regexp: '^group = www-data', line: 'group = {{ username | lower }}' } - - { regexp: '^listen = 127.0.0.1:9000', line: 'listen = 127.0.0.1:{{ php_pool.stdout }};' } - # The notify will call the ../handlers/main.yml - notify: service php7.1-fpm reload + - { src: "php/php7.1-fpm", dest: "/etc/init.d/php7.1-{{ username | lower }}" } + - { src: "php/php7.1-fpm.service", dest: "/lib/systemd/system/php7.1-{{ username | lower }}.service" } + when: setup_user.changed == True + notify: service php7.1-{{ username | lower }} restart diff --git a/roles/website/tasks/wp.yml b/roles/website/tasks/wp.yml index 1a4952b..8ce57b3 100644 --- a/roles/website/tasks/wp.yml +++ b/roles/website/tasks/wp.yml @@ -39,12 +39,7 @@ when: website_type == "wpfc" or website_type == "WPFC" - name: Fixing WordPress Permissions, Hold On - file: - path: /home/{{ username | lower }}/vhosts/{{ website_name | lower }}/ - state: directory - recurse: yes - owner: "{{ username | lower }}" - group: "{{ username | lower }}" + shell: find /home/{{ username | lower }}/vhosts/{{ website_name | lower }} -type d -exec chmod 750 {} \; && find /home/{{ username | lower }}/vhosts/{{ website_name | lower }} -type f -exec chmod 640 {} \; - name: Getting WordPress Setup Information, Hold on... debug: diff --git a/roles/website/templates/php/php7.1-fpm b/roles/website/templates/php/php7.1-fpm new file mode 100755 index 0000000..ba0bbf8 --- /dev/null +++ b/roles/website/templates/php/php7.1-fpm @@ -0,0 +1,191 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: php7.1-fpm +# Required-Start: $remote_fs $network +# Required-Stop: $remote_fs $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: starts php7.1-fpm +# Description: Starts The PHP FastCGI Process Manager Daemon +### END INIT INFO + +# Author: Mitesh Shah + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="PHP 7.1 FastCGI Process Manager" +NAME=php-fpm7.1 +CONFFILE=/etc/php/7.1/fpm/pool.d/{{ username | lower }}.conf +DAEMON=/usr/sbin/$NAME +DAEMON_ARGS="--daemonize --fpm-config $CONFFILE" +CONF_PIDFILE=$(sed -n 's/^pid[ =]*//p' $CONFFILE) +PIDFILE=${CONF_PIDFILE:-/run/php/php-{{ username | lower }}.pid} +TIMEOUT=30 +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \ + $DAEMON_ARGS 2>/dev/null \ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=QUIT/$TIMEOUT/TERM/5/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/TERM/5/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal USR2 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +do_tmpfiles() { + local type path mode user group + + [ "$1" != no ] && V=-v + + TMPFILES=/usr/lib/tmpfiles.d/php7.1-fpm.conf + + if [ -r "$TMPFILES" ]; then + while read type path mode user group age argument; do + if [ "$type" = "d" ]; then + mkdir $V -p "$path" + chmod $V "$mode" "$path" + chown $V "$user:$group" "$path" + fi + done < "$TMPFILES" + fi +} + +case "$1" in + start) + if init_is_upstart; then + exit 1 + fi + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_tmpfiles $VERBOSE + case "$?" in + 0) + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + 1) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + if init_is_upstart; then + exit 0 + fi + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + reload|force-reload) + if init_is_upstart; then + exit 1 + fi + log_daemon_msg "Reloading $DESC" "$NAME" + do_reload + log_end_msg $? + ;; + reopen-logs) + log_daemon_msg "Reopening $DESC logs" $NAME + if start-stop-daemon --stop --signal USR1 --oknodo --quiet \ + --pidfile $PIDFILE --exec $DAEMON + then + log_end_msg 0 + else + log_end_msg 1 + fi + ;; + restart) + if init_is_upstart; then + exit 1 + fi + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 1 + ;; +esac + +: diff --git a/roles/website/templates/php/php7.1-fpm.service b/roles/website/templates/php/php7.1-fpm.service new file mode 100644 index 0000000..b0ac666 --- /dev/null +++ b/roles/website/templates/php/php7.1-fpm.service @@ -0,0 +1,13 @@ +[Unit] +Description=The PHP 7.1 FastCGI Process Manager +Documentation=man:php-fpm7.1(8) +After=network.target + +[Service] +Type=notify +PIDFile=/run/php/php7.1-{{ username | lower }}.pid +ExecStart=/usr/sbin/php-fpm7.1 --nodaemonize --fpm-config /etc/php/7.1/fpm/pool.d/{{ username | lower }}.conf +ExecReload=/bin/kill -USR2 $MAINPID + +[Install] +WantedBy=multi-user.target diff --git a/roles/website/templates/php/pool.conf b/roles/website/templates/php/pool.conf new file mode 100644 index 0000000..348e1d4 --- /dev/null +++ b/roles/website/templates/php/pool.conf @@ -0,0 +1,30 @@ +[global] +pid = /run/php/php7.1-{{ username | lower }}.pid +error_log = /var/log/php/php7.1-{{ username | lower }}.log +log_level = notice +emergency_restart_threshold = 0 +emergency_restart_interval = 0 +process_control_timeout = 0 +daemonize = yes + +[{{ username | lower }}] + +user = {{ username | lower }} +group = {{ username | lower }} +listen = 127.0.0.1:{{ php_pool.stdout }}; + +listen.owner = {{ username | lower }} +listen.group = {{ username | lower }} + +pm = ondemand +pm.max_children = 20 +pm.start_servers = 15 +pm.min_spare_servers = 10 +pm.max_spare_servers = 20 +pm.max_requests = 250 + +pm.status_path = /status +ping.path = /ping +ping.response = pong + +request_terminate_timeout = 300 From b6d8fd8a376173d2d6de0a11b62950ff3bd11651 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Fri, 3 Mar 2017 15:22:59 +0530 Subject: [PATCH 04/33] Updated ReadMe File --- README.md | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 1d95303..7b1b599 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,24 @@ ## Quick Start +### Features + +✓ True Shared Hosting + +✓ NGINX + PageSpeed + +✓ PHP 7.1 With Different Master Process for Each User + +✓ MariaDB + +✓ WordPress (W3TC & FastCGI Cache) + +⚠ Lets Encrypt (ETA in 2 Weeks) + +⚠ Google PageSpeed Configuration (ETA in 3 Weeks) + +⚠ NGINX Redis Module (ETA in 5 weeks) + **Operating System:** - ✓ Ubuntu 16.04 @@ -26,7 +44,7 @@ -#### Ansible - [Install Ansible] (https://miteshshah.github.io/devops/ansible/ansible-installation/) +### Ansible - [Install Ansible] (https://miteshshah.github.io/devops/ansible/ansible-installation/) #### Clone AnsiPress @@ -58,11 +76,11 @@ $ ansible-playbook -i hosts setup.yml --extra-vars="username=wp website_name=w3t $ ansible-playbook -i hosts setup.yml --extra-vars="username=wp website_name=wpfc.com website_type=wpfc" ``` -#### Track Development +### Track Development [Milestone] (https://github.com/AnsiPress/AnsiPress/milestones) -#### Donation +### Donation [![PayPal Donate](https://cloud.githubusercontent.com/assets/1223371/20793214/ec6ffca2-b7eb-11e6-9614-d893ff77a565.png)] (https://paypal.me/AnsiPress) Yes you can! Just click on the image above ;) From 4651a99866e6ac2d7e487b0a1b0c3499bd5d4ad6 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Fri, 3 Mar 2017 15:23:19 +0530 Subject: [PATCH 05/33] Updated ReadMe File --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 7b1b599..0018405 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,9 @@ ## Quick Start +✓ = Under Testing +⚠ = Under Progress + ### Features ✓ True Shared Hosting @@ -29,9 +32,6 @@ - ⚠ Debian 8 & 9 - ⚠ CentOS 7 -✓ = Supported OS - -⚠ = Under Progress **Port Requirements:** From d698eb68c1afc88e108fa7a846723b50475eacb2 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Fri, 3 Mar 2017 17:01:20 +0530 Subject: [PATCH 06/33] Fix #25 --- roles/user/tasks/main.yml | 6 ++++++ roles/website/tasks/wp.yml | 2 +- roles/website/templates/php/php7.1-fpm.service | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml index 4be1854..8667ad5 100644 --- a/roles/user/tasks/main.yml +++ b/roles/user/tasks/main.yml @@ -4,6 +4,12 @@ user: name={{ username | lower }} shell=/bin/bash register: setup_user +- name: Setup User Home Direcroty Permissions, Hold on... + file: + path: "/home/{{ username | lower }}" + mode: "0750" + when: setup_user.changed == True + # Allow NGINX to Read files - name: Grant NGINX Read Permissions, Hold on... user: diff --git a/roles/website/tasks/wp.yml b/roles/website/tasks/wp.yml index 8ce57b3..4c69c89 100644 --- a/roles/website/tasks/wp.yml +++ b/roles/website/tasks/wp.yml @@ -39,7 +39,7 @@ when: website_type == "wpfc" or website_type == "WPFC" - name: Fixing WordPress Permissions, Hold On - shell: find /home/{{ username | lower }}/vhosts/{{ website_name | lower }} -type d -exec chmod 750 {} \; && find /home/{{ username | lower }}/vhosts/{{ website_name | lower }} -type f -exec chmod 640 {} \; + shell: find /home/{{ username | lower }}/vhosts/{{ website_name | lower }} -type d -exec chmod 750 {} \; && find /home/{{ username | lower }}/vhosts/{{ website_name | lower }} -type f -exec chmod 640 {} \; && chown -R {{ username | lower }}:{{ username | lower }} /home/{{ username | lower }}/vhosts/{{ website_name | lower }} - name: Getting WordPress Setup Information, Hold on... debug: diff --git a/roles/website/templates/php/php7.1-fpm.service b/roles/website/templates/php/php7.1-fpm.service index b0ac666..e202d73 100644 --- a/roles/website/templates/php/php7.1-fpm.service +++ b/roles/website/templates/php/php7.1-fpm.service @@ -4,6 +4,7 @@ Documentation=man:php-fpm7.1(8) After=network.target [Service] +UMask=0027 Type=notify PIDFile=/run/php/php7.1-{{ username | lower }}.pid ExecStart=/usr/sbin/php-fpm7.1 --nodaemonize --fpm-config /etc/php/7.1/fpm/pool.d/{{ username | lower }}.conf From 0d858f8ee57f0cdb01318b3d16b2518b70a307a5 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Fri, 3 Mar 2017 17:13:38 +0530 Subject: [PATCH 07/33] Updated ReadMe --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 0018405..a925209 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,10 @@ ⚠ NGINX Redis Module (ETA in 5 weeks) +⚠ Laravel Support (ETA in 10 weeks) + +⚠ Drupal Support (ETA in 15 weeks) + **Operating System:** - ✓ Ubuntu 16.04 From 90bba828384fe1d1e2cd29e27a71747038c5e0b4 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Mon, 6 Mar 2017 13:49:33 +0530 Subject: [PATCH 08/33] Fix PHP-FPM Default 127.0.0.1:9000 Bad Gateway Issue --- roles/website/tasks/php.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/roles/website/tasks/php.yml b/roles/website/tasks/php.yml index 0bc1cb4..fffd65f 100644 --- a/roles/website/tasks/php.yml +++ b/roles/website/tasks/php.yml @@ -55,9 +55,12 @@ - name: Changing PHP-FPM Log Location, Hold on... lineinfile: dest: /etc/php/7.1/fpm/php-fpm.conf - regexp: '^error_log' + regexp: "{{ item.regexp }}" backrefs: yes - line: 'error_log = /var/log/php/fpm.log' + line: "{{ item.line }}" + with_items: + - { regexp: '^error_log', line: 'error_log = /var/log/php/fpm.log' } + - { regexp: '^include=', line: 'include=/etc/php/7.1/fpm/pool.d/www.conf' } when: package_install.changed == True - name: Tunning PHP WWW Pool Variables, Hold on... From edcfd951a54831d83f5cecbc915103350e4e7853 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Mon, 6 Mar 2017 14:26:07 +0530 Subject: [PATCH 09/33] Video Guide --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a925209..ca1a54f 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,7 @@ [![saythanks](https://img.shields.io/badge/say-thanks-ff69b4.svg)](https://saythanks.io/to/MiteshShah) [![Join AnsiPress Slack Channel](https://ansipress.herokuapp.com/badge.svg)](https://ansipress.herokuapp.com/) +[![AnsiPress](https://cloud.githubusercontent.com/assets/1223371/23602874/937c6338-0278-11e7-8a91-6d62d677c46b.png)](https://www.youtube.com/watch?v=s7ShsNrQ4-0) ## Quick Start From 6dd64d2df2c816b5d3ca05d3404f2bcae5b6805a Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Mon, 6 Mar 2017 14:59:22 +0530 Subject: [PATCH 10/33] Fix 127.0.0.1:9000 auto restart issue --- roles/website/handlers/main.yml | 3 +++ roles/website/tasks/php.yml | 1 + 2 files changed, 4 insertions(+) diff --git a/roles/website/handlers/main.yml b/roles/website/handlers/main.yml index 9db972d..e6cd835 100644 --- a/roles/website/handlers/main.yml +++ b/roles/website/handlers/main.yml @@ -2,6 +2,9 @@ - name: service nginx reload service: name=nginx state=reloaded +- name: service php7.1-fpm restart + service: name=php7.1-fpm state=restarted + - name: service php7.1-{{ username | lower }} restart service: name=php7.1-{{ username | lower }} state=restarted diff --git a/roles/website/tasks/php.yml b/roles/website/tasks/php.yml index fffd65f..0e5a1a0 100644 --- a/roles/website/tasks/php.yml +++ b/roles/website/tasks/php.yml @@ -62,6 +62,7 @@ - { regexp: '^error_log', line: 'error_log = /var/log/php/fpm.log' } - { regexp: '^include=', line: 'include=/etc/php/7.1/fpm/pool.d/www.conf' } when: package_install.changed == True + notify: service php7.1-fpm restart - name: Tunning PHP WWW Pool Variables, Hold on... lineinfile: From 162892466b8165a2f2daff6697fa9cc323d2bc0e Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Tue, 7 Mar 2017 16:14:57 +0530 Subject: [PATCH 11/33] PayPal Logo --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index ca1a54f..23c328e 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # AnsiPress -[![saythanks](https://img.shields.io/badge/say-thanks-ff69b4.svg)](https://saythanks.io/to/MiteshShah) [![Join AnsiPress Slack Channel](https://ansipress.herokuapp.com/badge.svg)](https://ansipress.herokuapp.com/) +[![saythanks](https://img.shields.io/badge/say-thanks-ff69b4.svg)](https://saythanks.io/to/MiteshShah) [![Join AnsiPress Slack Channel](https://ansipress.herokuapp.com/badge.svg)](https://ansipress.herokuapp.com/) + [![AnsiPress](https://cloud.githubusercontent.com/assets/1223371/23602874/937c6338-0278-11e7-8a91-6d62d677c46b.png)](https://www.youtube.com/watch?v=s7ShsNrQ4-0) From 2cd8c62312bb646b1e863457a2bd904d82205412 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Tue, 7 Mar 2017 17:40:07 +0530 Subject: [PATCH 12/33] Fix #21 & Few Minor Bugs --- roles/user/tasks/main.yml | 1 - roles/website/tasks/html.yml | 17 +++++++++++++++-- roles/website/tasks/main.yml | 1 + roles/website/tasks/print.yml | 10 ++++++++++ 4 files changed, 26 insertions(+), 3 deletions(-) create mode 100644 roles/website/tasks/print.yml diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml index 8667ad5..8a7ee15 100644 --- a/roles/user/tasks/main.yml +++ b/roles/user/tasks/main.yml @@ -31,4 +31,3 @@ - /home/{{ username | lower }}/vhosts/{{ website_name | lower }}/ssl - /home/{{ username | lower }}/vhosts/{{ website_name | lower }}/conf - /home/{{ username | lower }}/vhosts/{{ website_name | lower }}/logs - when: setup_user.changed == True diff --git a/roles/website/tasks/html.yml b/roles/website/tasks/html.yml index 4aa0d4f..1c02acd 100644 --- a/roles/website/tasks/html.yml +++ b/roles/website/tasks/html.yml @@ -18,13 +18,26 @@ dest: /etc/nginx/ when: package_install.changed == True +- name: Checking /etc/nginx/htpasswd File, Hold on... + stat: + path: /etc/nginx/htpasswd + register: setup_http_auth + +# Gererate Random Password For HTTP AUTH +- include: roles/libs/tasks/random_password.yml + when: setup_http_auth.stat.islnk is not defined + - name: Setup HTTP AUTH, Hold On... htpasswd: path: /etc/nginx/htpasswd name: AnsiPress - password: 'AnsiPress' - when: package_install.changed == True + password: "{{ random_password.stdout }}" + when: setup_http_auth.stat.islnk is not defined +# Save the HTTP_AUTH_Password Value +- set_fact: + http_auth_pass: "{{ random_password.stdout }}" + when: setup_http_auth.stat.islnk is not defined # We need PHP Pool Number # In Order to setup PHP/MySQL/WordPress website template diff --git a/roles/website/tasks/main.yml b/roles/website/tasks/main.yml index 6b4ebcb..76cda4d 100644 --- a/roles/website/tasks/main.yml +++ b/roles/website/tasks/main.yml @@ -1,2 +1,3 @@ --- - include: roles/website/tasks/{{ website_type | lower }}.yml +- include: roles/website/tasks/print.yml diff --git a/roles/website/tasks/print.yml b/roles/website/tasks/print.yml new file mode 100644 index 0000000..51c2a6b --- /dev/null +++ b/roles/website/tasks/print.yml @@ -0,0 +1,10 @@ +--- +# Print Userful Information + +- name: AnsiPress HTTP Auth Details, Hold on... + debug: + msg: "{{ item }}" + with_items: + - HTTP AUTH Username = AnsiPress + - HTTP AUTH Password = {{ http_auth_pass }} + when: setup_http_auth.stat.islnk is not defined From e367e62968b2cb8cf3953a96e38105c2a469b0b7 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Tue, 7 Mar 2017 18:42:54 +0530 Subject: [PATCH 13/33] Fix #14 Setup NTP & Custom Bash Prompt PS1 --- roles/bootstrap/handlers/main.yml | 3 +++ roles/bootstrap/tasks/main.yml | 1 + roles/libs/tasks/apt/ntp.yml | 5 +++++ roles/user/tasks/main.yml | 5 +++++ 4 files changed, 14 insertions(+) create mode 100644 roles/bootstrap/handlers/main.yml create mode 100644 roles/libs/tasks/apt/ntp.yml diff --git a/roles/bootstrap/handlers/main.yml b/roles/bootstrap/handlers/main.yml new file mode 100644 index 0000000..77e3dda --- /dev/null +++ b/roles/bootstrap/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: service ntp restart + service: name=ntp state=restarted diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml index d5a3edc..b78532d 100644 --- a/roles/bootstrap/tasks/main.yml +++ b/roles/bootstrap/tasks/main.yml @@ -6,3 +6,4 @@ - include: roles/libs/tasks/apt/update.yml - include: roles/libs/tasks/apt/dist_upgrade.yml - include: roles/libs/tasks/apt/install.yml +- include: roles/libs/tasks/apt/ntp.yml diff --git a/roles/libs/tasks/apt/ntp.yml b/roles/libs/tasks/apt/ntp.yml new file mode 100644 index 0000000..1143cc9 --- /dev/null +++ b/roles/libs/tasks/apt/ntp.yml @@ -0,0 +1,5 @@ +--- +# Install Required Software +- name: Installing NTP Service Hold on... + apt: name=ntp state=present + notify: service ntp restart diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml index 8a7ee15..0f47711 100644 --- a/roles/user/tasks/main.yml +++ b/roles/user/tasks/main.yml @@ -18,6 +18,11 @@ append: yes when: setup_user.changed == True +# Setup PS1 +- name: Setup Custom Bash Prompt PS1, Hold on... + shell: echo 'PS1="\`if [ \$? = 0 ]; then echo \[\e[37m\]^_^[\u@\H:\w]\\$ \[\e[0m\]; else echo \[\e[31m\]O_O[\u@\H:\w]\\$ \[\e[0m\]; fi\`"' >> /home/{{ username | lower }}/.bashrc + when: setup_user.changed == True + # https://github.com/ansible/ansible/issues/9196#issuecomment-57168074 - name: Setup Direcroty, Hold on... file: From f8d38e942d4556b996bff1b05a26ac437608c116 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Fri, 10 Mar 2017 14:19:51 +0530 Subject: [PATCH 14/33] PageSpeed Configuration --- README.md | 2 +- roles/libs/tasks/apt/ntp.yml | 4 +-- roles/website/handlers/main.yml | 3 ++ roles/website/tasks/html.yml | 8 +++++- roles/website/tasks/main.yml | 1 + roles/website/tasks/memcached.yml | 5 ++++ roles/website/templates/html/basic.conf | 28 +++++++++++++++++++ roles/website/templates/mysql/basic.conf | 28 +++++++++++++++++++ .../templates/{ => nginx}/ansipress/acl.conf | 0 .../{ => nginx}/ansipress/expires.conf | 0 .../{ => nginx}/ansipress/locations.conf | 0 .../templates/nginx/ansipress/pagespeed.conf | 17 +++++++++++ .../ansipress/protect-system-files.conf | 0 .../{ => nginx}/ansipress/status.conf | 0 .../templates/nginx/conf.d/pagespeed.conf | 27 ++++++++++++++++++ roles/website/templates/php/basic.conf | 28 +++++++++++++++++++ roles/website/templates/wordpress/w3tc.conf | 28 +++++++++++++++++++ roles/website/templates/wordpress/wp.conf | 28 +++++++++++++++++++ roles/website/templates/wordpress/wpfc.conf | 28 +++++++++++++++++++ 19 files changed, 231 insertions(+), 4 deletions(-) create mode 100644 roles/website/tasks/memcached.yml rename roles/website/templates/{ => nginx}/ansipress/acl.conf (100%) rename roles/website/templates/{ => nginx}/ansipress/expires.conf (100%) rename roles/website/templates/{ => nginx}/ansipress/locations.conf (100%) create mode 100644 roles/website/templates/nginx/ansipress/pagespeed.conf rename roles/website/templates/{ => nginx}/ansipress/protect-system-files.conf (100%) rename roles/website/templates/{ => nginx}/ansipress/status.conf (100%) create mode 100644 roles/website/templates/nginx/conf.d/pagespeed.conf diff --git a/README.md b/README.md index 23c328e..27640e4 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # AnsiPress -[![saythanks](https://img.shields.io/badge/say-thanks-ff69b4.svg)](https://saythanks.io/to/MiteshShah) [![Join AnsiPress Slack Channel](https://ansipress.herokuapp.com/badge.svg)](https://ansipress.herokuapp.com/) + [![saythanks](https://img.shields.io/badge/say-thanks-ff69b4.svg)](https://saythanks.io/to/MiteshShah) [![Join AnsiPress Slack Channel](https://ansipress.herokuapp.com/badge.svg)](https://ansipress.herokuapp.com/) [![AnsiPress](https://cloud.githubusercontent.com/assets/1223371/23602874/937c6338-0278-11e7-8a91-6d62d677c46b.png)](https://www.youtube.com/watch?v=s7ShsNrQ4-0) diff --git a/roles/libs/tasks/apt/ntp.yml b/roles/libs/tasks/apt/ntp.yml index 1143cc9..f94d020 100644 --- a/roles/libs/tasks/apt/ntp.yml +++ b/roles/libs/tasks/apt/ntp.yml @@ -1,5 +1,5 @@ --- -# Install Required Software -- name: Installing NTP Service Hold on... +# Install NTP +- name: Installing NTP Service, Hold on... apt: name=ntp state=present notify: service ntp restart diff --git a/roles/website/handlers/main.yml b/roles/website/handlers/main.yml index e6cd835..0abc079 100644 --- a/roles/website/handlers/main.yml +++ b/roles/website/handlers/main.yml @@ -1,4 +1,7 @@ --- +- name: service memcached restart + service: name=memcached state=restarted + - name: service nginx reload service: name=nginx state=reloaded diff --git a/roles/website/tasks/html.yml b/roles/website/tasks/html.yml index 1c02acd..5dd9a78 100644 --- a/roles/website/tasks/html.yml +++ b/roles/website/tasks/html.yml @@ -12,9 +12,15 @@ apt: name=nginx-pagespeed state=present register: package_install +- name: Setup NGINX conf.d Files, Hold on... + copy: + src: ../templates/nginx/conf.d/ + dest: /etc/nginx/conf.d/ + when: package_install.changed == True + - name: Setup AnsiPress NGINX Files, Hold on... copy: - src: ../templates/ansipress + src: ../templates/nginx/ansipress dest: /etc/nginx/ when: package_install.changed == True diff --git a/roles/website/tasks/main.yml b/roles/website/tasks/main.yml index 76cda4d..a8ecf25 100644 --- a/roles/website/tasks/main.yml +++ b/roles/website/tasks/main.yml @@ -1,3 +1,4 @@ --- +- include: roles/website/tasks/memcached.yml - include: roles/website/tasks/{{ website_type | lower }}.yml - include: roles/website/tasks/print.yml diff --git a/roles/website/tasks/memcached.yml b/roles/website/tasks/memcached.yml new file mode 100644 index 0000000..274d5cc --- /dev/null +++ b/roles/website/tasks/memcached.yml @@ -0,0 +1,5 @@ +--- +# Install Memcached +- name: Installing Memcached, Hold on... + apt: name=memcached state=present + notify: service memcached restart diff --git a/roles/website/templates/html/basic.conf b/roles/website/templates/html/basic.conf index 3d37e68..53299e9 100644 --- a/roles/website/templates/html/basic.conf +++ b/roles/website/templates/html/basic.conf @@ -16,8 +16,36 @@ server { try_files $uri $uri/ /index.html; } + # Prefetch DNS + pagespeed EnableFilters insert_dns_prefetch; + + # HTTPS Support + pagespeed FetchHttps enable; + + # PageSpeed Filters + + # Remove WHITESPACE & Comments from HTML + pagespeed EnableFilters collapse_whitespace,remove_comments; + + # CSS Minification + pagespeed EnableFilters combine_css,rewrite_css; + + # Enable JavaScript Library Offload + pagespeed EnableFilters canonicalize_javascript_libraries; + # JS Minification + pagespeed EnableFilters combine_javascript,rewrite_javascript; + + # Images Optimization + pagespeed EnableFilters lazyload_images; + pagespeed EnableFilters rewrite_images; + pagespeed EnableFilters convert_jpeg_to_progressive,convert_png_to_jpeg,convert_jpeg_to_webp,convert_to_webp_lossless; + + # CDN Support + # pagespeed MapRewriteDomain cdn.example.com www.example.com; + include ansipress/status.conf; include ansipress/expires.conf; + include ansipress/pagespeed.conf; include ansipress/locations.conf; include ansipress/protect-system-files.conf; diff --git a/roles/website/templates/mysql/basic.conf b/roles/website/templates/mysql/basic.conf index 762fd46..7277fc0 100644 --- a/roles/website/templates/mysql/basic.conf +++ b/roles/website/templates/mysql/basic.conf @@ -35,8 +35,36 @@ server { include ansipress/acl.conf; } + # Prefetch DNS + pagespeed EnableFilters insert_dns_prefetch; + + # HTTPS Support + pagespeed FetchHttps enable; + + # PageSpeed Filters + + # Remove WHITESPACE & Comments from HTML + pagespeed EnableFilters collapse_whitespace,remove_comments; + + # CSS Minification + pagespeed EnableFilters combine_css,rewrite_css; + + # Enable JavaScript Library Offload + pagespeed EnableFilters canonicalize_javascript_libraries; + # JS Minification + pagespeed EnableFilters combine_javascript,rewrite_javascript; + + # Images Optimization + pagespeed EnableFilters lazyload_images; + pagespeed EnableFilters rewrite_images; + pagespeed EnableFilters convert_jpeg_to_progressive,convert_png_to_jpeg,convert_jpeg_to_webp,convert_to_webp_lossless; + + # CDN Support + # pagespeed MapRewriteDomain cdn.example.com www.example.com; + include ansipress/status.conf; include ansipress/expires.conf; + include ansipress/pagespeed.conf; include ansipress/locations.conf; include ansipress/protect-system-files.conf; diff --git a/roles/website/templates/ansipress/acl.conf b/roles/website/templates/nginx/ansipress/acl.conf similarity index 100% rename from roles/website/templates/ansipress/acl.conf rename to roles/website/templates/nginx/ansipress/acl.conf diff --git a/roles/website/templates/ansipress/expires.conf b/roles/website/templates/nginx/ansipress/expires.conf similarity index 100% rename from roles/website/templates/ansipress/expires.conf rename to roles/website/templates/nginx/ansipress/expires.conf diff --git a/roles/website/templates/ansipress/locations.conf b/roles/website/templates/nginx/ansipress/locations.conf similarity index 100% rename from roles/website/templates/ansipress/locations.conf rename to roles/website/templates/nginx/ansipress/locations.conf diff --git a/roles/website/templates/nginx/ansipress/pagespeed.conf b/roles/website/templates/nginx/ansipress/pagespeed.conf new file mode 100644 index 0000000..5a85e29 --- /dev/null +++ b/roles/website/templates/nginx/ansipress/pagespeed.conf @@ -0,0 +1,17 @@ +## +# Google PageSpeed Settings +## + +# PageSpeed Admin +location /ngx_pagespeed_statistics { include ansipress/acl.conf; } +location /ngx_pagespeed_global_statistics { include ansipress/acl.conf; } +location /ngx_pagespeed_message { include ansipress/acl.conf; } +location /pagespeed_console { include ansipress/acl.conf; } +location ~ ^/pagespeed_admin { include ansipress/acl.conf; } +location ~ ^/pagespeed_global_admin { include ansipress/acl.conf; } + +# This is a temporary workaround that ensures requests for pagespeed +# optimized resources go to the pagespeed handler. +location ~ ".pagespeed.([a-z].)?[a-z]{2}.[^.]{10}.[^.]+" { } +location ~ "^/ngx_pagespeed_static/" { } +location ~ "^/ngx_pagespeed_beacon$" { } diff --git a/roles/website/templates/ansipress/protect-system-files.conf b/roles/website/templates/nginx/ansipress/protect-system-files.conf similarity index 100% rename from roles/website/templates/ansipress/protect-system-files.conf rename to roles/website/templates/nginx/ansipress/protect-system-files.conf diff --git a/roles/website/templates/ansipress/status.conf b/roles/website/templates/nginx/ansipress/status.conf similarity index 100% rename from roles/website/templates/ansipress/status.conf rename to roles/website/templates/nginx/ansipress/status.conf diff --git a/roles/website/templates/nginx/conf.d/pagespeed.conf b/roles/website/templates/nginx/conf.d/pagespeed.conf new file mode 100644 index 0000000..a59699b --- /dev/null +++ b/roles/website/templates/nginx/conf.d/pagespeed.conf @@ -0,0 +1,27 @@ +## +# Google PageSpeed Settings +## + +# Turning the module on and off +pagespeed on; + +# Configuring PageSpeed Filters +pagespeed RewriteLevel PassThrough; + +# Needs to exist and be writable by nginx. +# Use tmpfs for best performance. +pagespeed MemcachedThreads 1; +pagespeed MemcachedServers "127.0.0.1:11211"; +pagespeed FileCachePath /run/ngx_pagespeed_cache; + +# PageSpeed Admin +pagespeed StatisticsPath /ngx_pagespeed_statistics; +pagespeed GlobalStatisticsPath /ngx_pagespeed_global_statistics; +pagespeed MessagesPath /ngx_pagespeed_message; +pagespeed ConsolePath /pagespeed_console; +pagespeed AdminPath /pagespeed_admin; +pagespeed GlobalAdminPath /pagespeed_global_admin; + +# PageSpeed Cache Purge +pagespeed EnableCachePurge on; +pagespeed PurgeMethod PURGE; diff --git a/roles/website/templates/php/basic.conf b/roles/website/templates/php/basic.conf index 4f7563e..6295cfd 100644 --- a/roles/website/templates/php/basic.conf +++ b/roles/website/templates/php/basic.conf @@ -35,8 +35,36 @@ server { include ansipress/acl.conf; } + # Prefetch DNS + pagespeed EnableFilters insert_dns_prefetch; + + # HTTPS Support + pagespeed FetchHttps enable; + + # PageSpeed Filters + + # Remove WHITESPACE & Comments from HTML + pagespeed EnableFilters collapse_whitespace,remove_comments; + + # CSS Minification + pagespeed EnableFilters combine_css,rewrite_css; + + # Enable JavaScript Library Offload + pagespeed EnableFilters canonicalize_javascript_libraries; + # JS Minification + pagespeed EnableFilters combine_javascript,rewrite_javascript; + + # Images Optimization + pagespeed EnableFilters lazyload_images; + pagespeed EnableFilters rewrite_images; + pagespeed EnableFilters convert_jpeg_to_progressive,convert_png_to_jpeg,convert_jpeg_to_webp,convert_to_webp_lossless; + + # CDN Support + # pagespeed MapRewriteDomain cdn.example.com www.example.com; + include ansipress/status.conf; include ansipress/expires.conf; + include ansipress/pagespeed.conf; include ansipress/locations.conf; include ansipress/protect-system-files.conf; diff --git a/roles/website/templates/wordpress/w3tc.conf b/roles/website/templates/wordpress/w3tc.conf index 2d51e70..4e3d343 100644 --- a/roles/website/templates/wordpress/w3tc.conf +++ b/roles/website/templates/wordpress/w3tc.conf @@ -90,8 +90,36 @@ server { include ansipress/acl.conf; } + # Prefetch DNS + pagespeed EnableFilters insert_dns_prefetch; + + # HTTPS Support + pagespeed FetchHttps enable; + + # PageSpeed Filters + + # Remove WHITESPACE & Comments from HTML + pagespeed EnableFilters collapse_whitespace,remove_comments; + + # CSS Minification + pagespeed EnableFilters combine_css,rewrite_css; + + # Enable JavaScript Library Offload + pagespeed EnableFilters canonicalize_javascript_libraries; + # JS Minification + pagespeed EnableFilters combine_javascript,rewrite_javascript; + + # Images Optimization + pagespeed EnableFilters lazyload_images; + pagespeed EnableFilters rewrite_images; + pagespeed EnableFilters convert_jpeg_to_progressive,convert_png_to_jpeg,convert_jpeg_to_webp,convert_to_webp_lossless; + + # CDN Support + # pagespeed MapRewriteDomain cdn.example.com www.example.com; + include ansipress/status.conf; include ansipress/expires.conf; + include ansipress/pagespeed.conf; include ansipress/locations.conf; include ansipress/protect-system-files.conf; diff --git a/roles/website/templates/wordpress/wp.conf b/roles/website/templates/wordpress/wp.conf index a54c132..ecf2c1c 100644 --- a/roles/website/templates/wordpress/wp.conf +++ b/roles/website/templates/wordpress/wp.conf @@ -66,8 +66,36 @@ server { include ansipress/acl.conf; } + # Prefetch DNS + pagespeed EnableFilters insert_dns_prefetch; + + # HTTPS Support + pagespeed FetchHttps enable; + + # PageSpeed Filters + + # Remove WHITESPACE & Comments from HTML + pagespeed EnableFilters collapse_whitespace,remove_comments; + + # CSS Minification + pagespeed EnableFilters combine_css,rewrite_css; + + # Enable JavaScript Library Offload + pagespeed EnableFilters canonicalize_javascript_libraries; + # JS Minification + pagespeed EnableFilters combine_javascript,rewrite_javascript; + + # Images Optimization + pagespeed EnableFilters lazyload_images; + pagespeed EnableFilters rewrite_images; + pagespeed EnableFilters convert_jpeg_to_progressive,convert_png_to_jpeg,convert_jpeg_to_webp,convert_to_webp_lossless; + + # CDN Support + # pagespeed MapRewriteDomain cdn.example.com www.example.com; + include ansipress/status.conf; include ansipress/expires.conf; + include ansipress/pagespeed.conf; include ansipress/locations.conf; include ansipress/protect-system-files.conf; diff --git a/roles/website/templates/wordpress/wpfc.conf b/roles/website/templates/wordpress/wpfc.conf index e0e2a7c..9996298 100644 --- a/roles/website/templates/wordpress/wpfc.conf +++ b/roles/website/templates/wordpress/wpfc.conf @@ -120,8 +120,36 @@ server { include ansipress/acl.conf; } + # Prefetch DNS + pagespeed EnableFilters insert_dns_prefetch; + + # HTTPS Support + pagespeed FetchHttps enable; + + # PageSpeed Filters + + # Remove WHITESPACE & Comments from HTML + pagespeed EnableFilters collapse_whitespace,remove_comments; + + # CSS Minification + pagespeed EnableFilters combine_css,rewrite_css; + + # Enable JavaScript Library Offload + pagespeed EnableFilters canonicalize_javascript_libraries; + # JS Minification + pagespeed EnableFilters combine_javascript,rewrite_javascript; + + # Images Optimization + pagespeed EnableFilters lazyload_images; + pagespeed EnableFilters rewrite_images; + pagespeed EnableFilters convert_jpeg_to_progressive,convert_png_to_jpeg,convert_jpeg_to_webp,convert_to_webp_lossless; + + # CDN Support + # pagespeed MapRewriteDomain cdn.example.com www.example.com; + include ansipress/status.conf; include ansipress/expires.conf; + include ansipress/pagespeed.conf; include ansipress/locations.conf; include ansipress/protect-system-files.conf; From dade5ff8ab963818909cc9de8d1f2575e4af8acf Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Fri, 24 Mar 2017 00:34:40 +0530 Subject: [PATCH 15/33] Markdown fix --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 27640e4..5cd1171 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ -### Ansible - [Install Ansible] (https://miteshshah.github.io/devops/ansible/ansible-installation/) +### Ansible - [Install Ansible](https://miteshshah.github.io/devops/ansible/ansible-installation/) #### Clone AnsiPress @@ -62,9 +62,9 @@ $ cd AnsiPress && git checkout develop #### Setup SSH Server Login Details * AnsiPress required you can login to remote server via `ssh AnsiPress.local` -* Change the [AnsiPerss.local] (https://github.com/AnsiPress/AnsiPress/blob/develop/hosts#L2) server name +* Change the [AnsiPerss.local](https://github.com/AnsiPress/AnsiPress/blob/develop/hosts#L2) server name * Make sure you are able to connect server via `ssh example.com` -* Refer - [SSH Configuration] (https://miteshshah.github.io/linux/ssh/ssh-tips-and-tricks/#ssh-config) +* Refer - [SSH Configuration](https://miteshshah.github.io/linux/ssh/ssh-tips-and-tricks/#ssh-config) #### Run the AnsiPress Playbook @@ -84,7 +84,7 @@ $ ansible-playbook -i hosts setup.yml --extra-vars="username=wp website_name=wpf ### Track Development -[Milestone] (https://github.com/AnsiPress/AnsiPress/milestones) +[Milestone](https://github.com/AnsiPress/AnsiPress/milestones) ### Donation [![PayPal Donate](https://cloud.githubusercontent.com/assets/1223371/20793214/ec6ffca2-b7eb-11e6-9614-d893ff77a565.png)] (https://paypal.me/AnsiPress) From 63679e2939b080c6235127b4e400d957d5008338 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Fri, 24 Mar 2017 00:36:32 +0530 Subject: [PATCH 16/33] Markdown fix --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5cd1171..01af844 100644 --- a/README.md +++ b/README.md @@ -87,7 +87,7 @@ $ ansible-playbook -i hosts setup.yml --extra-vars="username=wp website_name=wpf [Milestone](https://github.com/AnsiPress/AnsiPress/milestones) ### Donation -[![PayPal Donate](https://cloud.githubusercontent.com/assets/1223371/20793214/ec6ffca2-b7eb-11e6-9614-d893ff77a565.png)] (https://paypal.me/AnsiPress) +[![PayPal Donate](https://cloud.githubusercontent.com/assets/1223371/20793214/ec6ffca2-b7eb-11e6-9614-d893ff77a565.png)](https://paypal.me/AnsiPress) Yes you can! Just click on the image above ;) From bd7c37fc856935fc7cef1d794f0902b781e259a7 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Wed, 12 Apr 2017 13:57:54 +0530 Subject: [PATCH 17/33] Fix Typo --- roles/user/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml index 0f47711..55daa41 100644 --- a/roles/user/tasks/main.yml +++ b/roles/user/tasks/main.yml @@ -24,7 +24,7 @@ when: setup_user.changed == True # https://github.com/ansible/ansible/issues/9196#issuecomment-57168074 -- name: Setup Direcroty, Hold on... +- name: Setup Directory, Hold on... file: path: "{{ item }}" state: directory From 15edbec1cf953fa78f39b87a3d24133c554f50d2 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Mon, 24 Apr 2017 22:53:06 +0530 Subject: [PATCH 18/33] OpenSUSE NGINX Build 1.12.0 --- roles/website/tasks/html.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/roles/website/tasks/html.yml b/roles/website/tasks/html.yml index 5dd9a78..facad73 100644 --- a/roles/website/tasks/html.yml +++ b/roles/website/tasks/html.yml @@ -1,12 +1,20 @@ --- # Setup NGINX PlayBook +- name: Adding NGINX Repository Key, Hold on... + apt_key: + id: B9C9F7DE + url: http://download.opensuse.org/repositories/home:AnsiPress/x{{ ansible_distribution }}_{{ ansible_distribution_version }}/Release.key + register: nginx_key + when: ansible_distribution == 'Ubuntu' + - name: Adding NGINX Repository, Hold on... - apt_repository: repo=ppa:ansipress/nginx + apt_repository: repo='deb http://download.opensuse.org/repositories/home:/AnsiPress/x{{ ansible_distribution }}_{{ ansible_distribution_version }}/ /' state=present filename=nginx register: nginx_repo + when: ansible_distribution == 'Ubuntu' - include: roles/libs/tasks/apt/update.yml - when: nginx_repo.changed == True + when: nginx_repo.changed == True or nginx_key.changed == True - name: Installing NGINX, Hold on... apt: name=nginx-pagespeed state=present From 76fba3d0603465f189bea0553ef2cf77cd704864 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Mon, 24 Apr 2017 23:44:58 +0530 Subject: [PATCH 19/33] Updated Readme --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 01af844..c327bbc 100644 --- a/README.md +++ b/README.md @@ -22,9 +22,9 @@ ✓ WordPress (W3TC & FastCGI Cache) -⚠ Lets Encrypt (ETA in 2 Weeks) +✓ Google PageSpeed Configuration -⚠ Google PageSpeed Configuration (ETA in 3 Weeks) +⚠ Lets Encrypt (ETA in 2 Weeks) ⚠ NGINX Redis Module (ETA in 5 weeks) @@ -35,7 +35,7 @@ **Operating System:** - ✓ Ubuntu 16.04 -- ⚠ Debian 8 & 9 +- ✓ Debian 8 - ⚠ CentOS 7 From 99fc65aa3308f98bc5ad38038dbd1f1972a3e99e Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Wed, 22 Mar 2017 10:33:52 +0530 Subject: [PATCH 20/33] adding Fail2ban --- roles/fail2ban/handlers/main.yml | 5 +++++ roles/fail2ban/tasks/main.yml | 8 ++++++++ 2 files changed, 13 insertions(+) create mode 100644 roles/fail2ban/handlers/main.yml create mode 100644 roles/fail2ban/tasks/main.yml diff --git a/roles/fail2ban/handlers/main.yml b/roles/fail2ban/handlers/main.yml new file mode 100644 index 0000000..6e0d910 --- /dev/null +++ b/roles/fail2ban/handlers/main.yml @@ -0,0 +1,5 @@ +--- +# We had include service restart module +# Also we have to passs service_name variable which trigger +# service {{ service_name }} restart +- include: roles/libs/tasks/service.yml service_name=mariadb diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml new file mode 100644 index 0000000..919c11a --- /dev/null +++ b/roles/fail2ban/tasks/main.yml @@ -0,0 +1,8 @@ +--- +- name: Installing Fail2ban, Hold on... + apt: name={{ item }} state=present + with_items: + - fail2ban + register: package_install + # The notify will call the ../handlers/main.yml + notify: service fail2ban restart From de234f4b39db7d661fdd33120ec6efcd82ba51ff Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Tue, 25 Apr 2017 10:34:19 +0530 Subject: [PATCH 21/33] solve conflict --- roles/fail2ban/handlers/main.yml | 2 +- roles/fail2ban/tasks/main.yml | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/roles/fail2ban/handlers/main.yml b/roles/fail2ban/handlers/main.yml index 6e0d910..3b5350d 100644 --- a/roles/fail2ban/handlers/main.yml +++ b/roles/fail2ban/handlers/main.yml @@ -2,4 +2,4 @@ # We had include service restart module # Also we have to passs service_name variable which trigger # service {{ service_name }} restart -- include: roles/libs/tasks/service.yml service_name=mariadb +- include: roles/libs/tasks/service.yml service_name=fail2ban diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml index 919c11a..617a6c5 100644 --- a/roles/fail2ban/tasks/main.yml +++ b/roles/fail2ban/tasks/main.yml @@ -6,3 +6,20 @@ register: package_install # The notify will call the ../handlers/main.yml notify: service fail2ban restart + +- name: Copying Configuration File, Hold on... + copy: + src: /etc/fail2ban/jail.conf + dest: /etc/fail2ban/jail.local + when: package_install.changed == True + +- name: Configuring Fail2ban, please wait... + lineinfile: + dest: /etc/fail2ban/jail.local + regexp: "{{ item.regexp }}" + backrefs: yes + line: "{{ item.line }}" + with_items: + - { regexp: '^sender = root@localhost', line: 'sender = {{ inventry_hostname }}' } + when: package_install.changed == True + notify: service fail2ban restart From a38448390fcc763d13becd1aeebb8a52ecadb103 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Fri, 14 Apr 2017 17:48:22 +0530 Subject: [PATCH 22/33] troubleshoot copy task --- roles/fail2ban/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml index 617a6c5..51d0e8d 100644 --- a/roles/fail2ban/tasks/main.yml +++ b/roles/fail2ban/tasks/main.yml @@ -11,6 +11,7 @@ copy: src: /etc/fail2ban/jail.conf dest: /etc/fail2ban/jail.local + remote_src: true when: package_install.changed == True - name: Configuring Fail2ban, please wait... From 12828550516a5eae94587dae15f7866dcaec4f6f Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Sun, 16 Apr 2017 13:45:34 +0530 Subject: [PATCH 23/33] inventory_hostname seems to be deprecated --- roles/fail2ban/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml index 51d0e8d..53faf13 100644 --- a/roles/fail2ban/tasks/main.yml +++ b/roles/fail2ban/tasks/main.yml @@ -21,6 +21,6 @@ backrefs: yes line: "{{ item.line }}" with_items: - - { regexp: '^sender = root@localhost', line: 'sender = {{ inventry_hostname }}' } + - { regexp: '^sender = root@localhost', line: 'sender = root@{{ ansible_hostname }}' } when: package_install.changed == True notify: service fail2ban restart From 317e83800ba4cb39f5bef72de0bb53e5a9326833 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Tue, 25 Apr 2017 10:27:30 +0530 Subject: [PATCH 24/33] Fail2ban integration --- group_vars/all | 3 +++ roles/fail2ban/tasks/main.yml | 16 ++-------------- roles/fail2ban/templates/jail.local | 9 +++++++++ 3 files changed, 14 insertions(+), 14 deletions(-) create mode 100644 roles/fail2ban/templates/jail.local diff --git a/group_vars/all b/group_vars/all index dcf335e..08667ed 100644 --- a/group_vars/all +++ b/group_vars/all @@ -3,6 +3,9 @@ remote_user: root ansible_python_interpreter: /usr/bin/python3 +# fail2ban bantime +bantime: 86400 + # Create New User Account # We can also pass username variable value using following command diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml index 53faf13..243163e 100644 --- a/roles/fail2ban/tasks/main.yml +++ b/roles/fail2ban/tasks/main.yml @@ -8,19 +8,7 @@ notify: service fail2ban restart - name: Copying Configuration File, Hold on... - copy: - src: /etc/fail2ban/jail.conf + template: + src: ../templates/jail.local dest: /etc/fail2ban/jail.local - remote_src: true when: package_install.changed == True - -- name: Configuring Fail2ban, please wait... - lineinfile: - dest: /etc/fail2ban/jail.local - regexp: "{{ item.regexp }}" - backrefs: yes - line: "{{ item.line }}" - with_items: - - { regexp: '^sender = root@localhost', line: 'sender = root@{{ ansible_hostname }}' } - when: package_install.changed == True - notify: service fail2ban restart diff --git a/roles/fail2ban/templates/jail.local b/roles/fail2ban/templates/jail.local new file mode 100644 index 0000000..e178a34 --- /dev/null +++ b/roles/fail2ban/templates/jail.local @@ -0,0 +1,9 @@ +[DEFAULT] +# Ban hosts for one hour: +bantime = {{ bantime }} + +# Override /etc/fail2ban/jail.d/00-firewalld.conf: +banaction = iptables-multiport + +[sshd] +enabled = true From 2a2a7af924b69f1a1beb89856b9936c909a72022 Mon Sep 17 00:00:00 2001 From: harshadyeola Date: Tue, 25 Apr 2017 10:37:28 +0530 Subject: [PATCH 25/33] add fail2ban role --- setup.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/setup.yml b/setup.yml index 232fb5b..6e106f1 100644 --- a/setup.yml +++ b/setup.yml @@ -7,3 +7,4 @@ - reboot - user - website + - fail2ban From aef421e4e6a48744c61c49cfea42274e9bd45551 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Tue, 25 Apr 2017 12:56:56 +0530 Subject: [PATCH 26/33] Fix #28 Fail2Ban --- README.md | 2 ++ group_vars/all | 2 +- roles/fail2ban/tasks/main.yml | 14 -------------- roles/fail2ban/templates/jail.local | 9 --------- .../{fail2ban => security}/handlers/main.yml | 3 ++- roles/security/tasks/fail2ban.yml | 17 +++++++++++++++++ roles/security/tasks/main.yml | 2 ++ roles/security/templates/fail2ban/jail.local | 19 +++++++++++++++++++ .../templates/fail2ban/nginx-req-limit.conf | 13 +++++++++++++ setup.yml | 2 +- 10 files changed, 57 insertions(+), 26 deletions(-) delete mode 100644 roles/fail2ban/tasks/main.yml delete mode 100644 roles/fail2ban/templates/jail.local rename roles/{fail2ban => security}/handlers/main.yml (65%) create mode 100644 roles/security/tasks/fail2ban.yml create mode 100644 roles/security/tasks/main.yml create mode 100644 roles/security/templates/fail2ban/jail.local create mode 100644 roles/security/templates/fail2ban/nginx-req-limit.conf diff --git a/README.md b/README.md index c327bbc..25ee22f 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,8 @@ ✓ Google PageSpeed Configuration +✓ Fail2Ban + ⚠ Lets Encrypt (ETA in 2 Weeks) ⚠ NGINX Redis Module (ETA in 5 weeks) diff --git a/group_vars/all b/group_vars/all index 08667ed..fbeba06 100644 --- a/group_vars/all +++ b/group_vars/all @@ -3,7 +3,7 @@ remote_user: root ansible_python_interpreter: /usr/bin/python3 -# fail2ban bantime +# Fail2ban Bantime 24 hours. bantime: 86400 diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml deleted file mode 100644 index 243163e..0000000 --- a/roles/fail2ban/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- -- name: Installing Fail2ban, Hold on... - apt: name={{ item }} state=present - with_items: - - fail2ban - register: package_install - # The notify will call the ../handlers/main.yml - notify: service fail2ban restart - -- name: Copying Configuration File, Hold on... - template: - src: ../templates/jail.local - dest: /etc/fail2ban/jail.local - when: package_install.changed == True diff --git a/roles/fail2ban/templates/jail.local b/roles/fail2ban/templates/jail.local deleted file mode 100644 index e178a34..0000000 --- a/roles/fail2ban/templates/jail.local +++ /dev/null @@ -1,9 +0,0 @@ -[DEFAULT] -# Ban hosts for one hour: -bantime = {{ bantime }} - -# Override /etc/fail2ban/jail.d/00-firewalld.conf: -banaction = iptables-multiport - -[sshd] -enabled = true diff --git a/roles/fail2ban/handlers/main.yml b/roles/security/handlers/main.yml similarity index 65% rename from roles/fail2ban/handlers/main.yml rename to roles/security/handlers/main.yml index 3b5350d..50e7f3e 100644 --- a/roles/fail2ban/handlers/main.yml +++ b/roles/security/handlers/main.yml @@ -2,4 +2,5 @@ # We had include service restart module # Also we have to passs service_name variable which trigger # service {{ service_name }} restart -- include: roles/libs/tasks/service.yml service_name=fail2ban +- name: service fail2ban restart + service: name=fail2ban state=restarted diff --git a/roles/security/tasks/fail2ban.yml b/roles/security/tasks/fail2ban.yml new file mode 100644 index 0000000..28f8c44 --- /dev/null +++ b/roles/security/tasks/fail2ban.yml @@ -0,0 +1,17 @@ +--- +- name: Installing Fail2ban, Hold on... + apt: name={{ item }} state=present + with_items: + - fail2ban + register: package_install + # The notify will call the ../handlers/main.yml + notify: service fail2ban restart + +- name: Copying Fail2ban Configuration File, Hold on... + template: + src: "{{ item.src }}" + dest: "{{ item.dest }}" + with_items: + - { src: "../templates/fail2ban/jail.local", dest: "/etc/fail2ban/jail.local" } + - { src: "../templates/fail2ban/nginx-req-limit.conf", dest: "/etc/fail2ban/filter.d/nginx-req-limit.conf" } + when: package_install.changed == True diff --git a/roles/security/tasks/main.yml b/roles/security/tasks/main.yml new file mode 100644 index 0000000..91f968b --- /dev/null +++ b/roles/security/tasks/main.yml @@ -0,0 +1,2 @@ +--- +- include: roles/security/tasks/fail2ban.yml diff --git a/roles/security/templates/fail2ban/jail.local b/roles/security/templates/fail2ban/jail.local new file mode 100644 index 0000000..60a12b0 --- /dev/null +++ b/roles/security/templates/fail2ban/jail.local @@ -0,0 +1,19 @@ +[DEFAULT] +# Ban hosts for one hour: +bantime = {{ bantime }} + +# Override /etc/fail2ban/jail.d/00-firewalld.conf: +banaction = iptables-multiport + +[sshd] +enabled = true + +[nginx-req-limit] + +enabled = true +filter = nginx-req-limit +action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp] +logpath = /var/log/nginx/*error.log +findtime = 600 +bantime = 7200 +maxretry = 10 diff --git a/roles/security/templates/fail2ban/nginx-req-limit.conf b/roles/security/templates/fail2ban/nginx-req-limit.conf new file mode 100644 index 0000000..a84d7cc --- /dev/null +++ b/roles/security/templates/fail2ban/nginx-req-limit.conf @@ -0,0 +1,13 @@ +# Fail2Ban configuration file +# +# supports: ngx_http_limit_req_module module + +[Definition] + +failregex = limiting requests, excess:.* by zone.*client: + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = diff --git a/setup.yml b/setup.yml index 6e106f1..a2ca42c 100644 --- a/setup.yml +++ b/setup.yml @@ -4,7 +4,7 @@ roles: - bootstrap + - security - reboot - user - website - - fail2ban From f4373a83010574a96af10a46b6655e3ceb241b59 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Tue, 25 Apr 2017 13:18:38 +0530 Subject: [PATCH 27/33] Fail2Ban reload after new website create --- roles/website/handlers/main.yml | 5 +++++ roles/website/tasks/html.yml | 2 ++ 2 files changed, 7 insertions(+) diff --git a/roles/website/handlers/main.yml b/roles/website/handlers/main.yml index 0abc079..c7abaa7 100644 --- a/roles/website/handlers/main.yml +++ b/roles/website/handlers/main.yml @@ -5,6 +5,11 @@ - name: service nginx reload service: name=nginx state=reloaded +# In order to Fail2ban read new website error.log file +# We need to reload fail2ban +- name: service fail2ban reload + service: name=fail2ban state=reloaded + - name: service php7.1-fpm restart service: name=php7.1-fpm state=restarted diff --git a/roles/website/tasks/html.yml b/roles/website/tasks/html.yml index facad73..42ea8ae 100644 --- a/roles/website/tasks/html.yml +++ b/roles/website/tasks/html.yml @@ -94,3 +94,5 @@ with_items: - { src: "/var/log/nginx/{{ website_name | lower }}.access.log", dest: "/home/{{ username | lower }}/vhosts/{{ website_name | lower }}/logs/access.log" } - { src: "/var/log/nginx/{{ website_name | lower }}.error.log", dest: "/home/{{ username | lower }}/vhosts/{{ website_name | lower }}/logs/error.log" } + # The notify will call the ../handlers/main.yml + notify: service fail2ban reload From fdb89b088c8e7ac46b06bbf182c14f3365f38247 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Tue, 25 Apr 2017 15:46:33 +0530 Subject: [PATCH 28/33] More Fail2Ban Jails --- group_vars/all | 3 ++- roles/security/templates/fail2ban/jail.local | 17 +++++++++++++++-- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/group_vars/all b/group_vars/all index fbeba06..bdc5de5 100644 --- a/group_vars/all +++ b/group_vars/all @@ -5,7 +5,8 @@ ansible_python_interpreter: /usr/bin/python3 # Fail2ban Bantime 24 hours. bantime: 86400 - +# Fail2ban ignore ip address separated by space +ignoreip: 127.0.0.1/8 # Create New User Account # We can also pass username variable value using following command diff --git a/roles/security/templates/fail2ban/jail.local b/roles/security/templates/fail2ban/jail.local index 60a12b0..00f8e36 100644 --- a/roles/security/templates/fail2ban/jail.local +++ b/roles/security/templates/fail2ban/jail.local @@ -1,6 +1,7 @@ [DEFAULT] -# Ban hosts for one hour: + bantime = {{ bantime }} +ignoreip = {{ ignoreip }} # Override /etc/fail2ban/jail.d/00-firewalld.conf: banaction = iptables-multiport @@ -8,8 +9,20 @@ banaction = iptables-multiport [sshd] enabled = true -[nginx-req-limit] +[sshd-ddos] +enabled = true +[php-url-fopen] +enabled = true + +[nginx-http-auth] +enabled = true +logpath = /var/log/nginx/*error.log + +[nginx-botsearch] +enabled = true + +[nginx-req-limit] enabled = true filter = nginx-req-limit action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp] From ec1dd83de44e839d486eb70ab28eacb5961425d8 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Tue, 25 Apr 2017 15:48:12 +0530 Subject: [PATCH 29/33] More Fail2Ban Jails --- roles/security/templates/fail2ban/jail.local | 1 + 1 file changed, 1 insertion(+) diff --git a/roles/security/templates/fail2ban/jail.local b/roles/security/templates/fail2ban/jail.local index 00f8e36..b54fada 100644 --- a/roles/security/templates/fail2ban/jail.local +++ b/roles/security/templates/fail2ban/jail.local @@ -21,6 +21,7 @@ logpath = /var/log/nginx/*error.log [nginx-botsearch] enabled = true +logpath = /var/log/nginx/*error.log [nginx-req-limit] enabled = true From 6b648187413073dc0b746e61f1cc1c96cb73dac9 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Wed, 26 Apr 2017 14:01:36 +0530 Subject: [PATCH 30/33] Fix Python3 Not Found issue on Debian8 --- setup.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/setup.yml b/setup.yml index a2ca42c..c8baf7d 100644 --- a/setup.yml +++ b/setup.yml @@ -1,6 +1,12 @@ --- - name: Welcome to AnsiPress Setup hosts: AnsiPress + gather_facts: no + pre_tasks: + - name: Installing python3-simplejson for Ansible, Hold on... + raw: apt-get update && apt-get -y install python3-simplejson + - name: Gathering Facts + setup: roles: - bootstrap From 0965fdac09f24c0db73c22cbcf43985c9504d347 Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Wed, 26 Apr 2017 14:02:19 +0530 Subject: [PATCH 31/33] Debian8 Changes --- group_vars/all | 7 ++++-- roles/libs/tasks/apt/install.yml | 3 +++ roles/website/handlers/main.yml | 4 ++-- roles/website/tasks/html.yml | 17 +------------- roles/website/tasks/main.yml | 1 + roles/website/tasks/mysql.yml | 13 +---------- roles/website/tasks/php.yml | 17 ++++---------- roles/website/tasks/repo_debian.yml | 36 +++++++++++++++++++++++++++++ roles/website/tasks/repo_ubuntu.yml | 29 +++++++++++++++++++++++ 9 files changed, 83 insertions(+), 44 deletions(-) create mode 100644 roles/website/tasks/repo_debian.yml create mode 100644 roles/website/tasks/repo_ubuntu.yml diff --git a/group_vars/all b/group_vars/all index bdc5de5..1414b43 100644 --- a/group_vars/all +++ b/group_vars/all @@ -6,7 +6,7 @@ ansible_python_interpreter: /usr/bin/python3 # Fail2ban Bantime 24 hours. bantime: 86400 # Fail2ban ignore ip address separated by space -ignoreip: 127.0.0.1/8 +ignoreip: 127.0.0.1/8 # Create New User Account # We can also pass username variable value using following command @@ -23,8 +23,11 @@ packages: - git - htop - coreutils + - libssl-dev + - lsb-release - python3-dev - python3-pip - - python3-passlib + - ca-certificates + - apt-transport-https - python-software-properties - software-properties-common diff --git a/roles/libs/tasks/apt/install.yml b/roles/libs/tasks/apt/install.yml index feed350..b41defe 100644 --- a/roles/libs/tasks/apt/install.yml +++ b/roles/libs/tasks/apt/install.yml @@ -3,3 +3,6 @@ - name: Installing required software, Hold on... apt: name={{ item }} state=present with_items: "{{ packages }}" + +- name: Installing passlib software, Hold on... + pip: name=passlib state=present diff --git a/roles/website/handlers/main.yml b/roles/website/handlers/main.yml index c7abaa7..70fd91a 100644 --- a/roles/website/handlers/main.yml +++ b/roles/website/handlers/main.yml @@ -7,8 +7,8 @@ # In order to Fail2ban read new website error.log file # We need to reload fail2ban -- name: service fail2ban reload - service: name=fail2ban state=reloaded +- name: service fail2ban restart + service: name=fail2ban state=restarted - name: service php7.1-fpm restart service: name=php7.1-fpm state=restarted diff --git a/roles/website/tasks/html.yml b/roles/website/tasks/html.yml index 42ea8ae..c91960e 100644 --- a/roles/website/tasks/html.yml +++ b/roles/website/tasks/html.yml @@ -1,21 +1,6 @@ --- # Setup NGINX PlayBook -- name: Adding NGINX Repository Key, Hold on... - apt_key: - id: B9C9F7DE - url: http://download.opensuse.org/repositories/home:AnsiPress/x{{ ansible_distribution }}_{{ ansible_distribution_version }}/Release.key - register: nginx_key - when: ansible_distribution == 'Ubuntu' - -- name: Adding NGINX Repository, Hold on... - apt_repository: repo='deb http://download.opensuse.org/repositories/home:/AnsiPress/x{{ ansible_distribution }}_{{ ansible_distribution_version }}/ /' state=present filename=nginx - register: nginx_repo - when: ansible_distribution == 'Ubuntu' - -- include: roles/libs/tasks/apt/update.yml - when: nginx_repo.changed == True or nginx_key.changed == True - - name: Installing NGINX, Hold on... apt: name=nginx-pagespeed state=present register: package_install @@ -95,4 +80,4 @@ - { src: "/var/log/nginx/{{ website_name | lower }}.access.log", dest: "/home/{{ username | lower }}/vhosts/{{ website_name | lower }}/logs/access.log" } - { src: "/var/log/nginx/{{ website_name | lower }}.error.log", dest: "/home/{{ username | lower }}/vhosts/{{ website_name | lower }}/logs/error.log" } # The notify will call the ../handlers/main.yml - notify: service fail2ban reload + notify: service fail2ban restart diff --git a/roles/website/tasks/main.yml b/roles/website/tasks/main.yml index a8ecf25..2da42fd 100644 --- a/roles/website/tasks/main.yml +++ b/roles/website/tasks/main.yml @@ -1,4 +1,5 @@ --- - include: roles/website/tasks/memcached.yml +- include: roles/website/tasks/repo_{{ ansible_distribution | lower }}.yml - include: roles/website/tasks/{{ website_type | lower }}.yml - include: roles/website/tasks/print.yml diff --git a/roles/website/tasks/mysql.yml b/roles/website/tasks/mysql.yml index 394536f..da479fe 100644 --- a/roles/website/tasks/mysql.yml +++ b/roles/website/tasks/mysql.yml @@ -3,23 +3,12 @@ - include: roles/website/tasks/php.yml -- name: Adding MariaDB Repository, Hold on... - apt_repository: repo='deb [arch=amd64,i386,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/ubuntu {{ ansible_distribution_release }} main' state=present filename=mariadb - register: mariadb_repo - -- name: Adding MariaDB Repository Key, Hold on... - apt_key: keyserver=keyserver.ubuntu.com id=0xF1656F24C74CD1D8 - register: mariadb_key - -- include: roles/libs/tasks/apt/update.yml - when: mariadb_repo.changed == True or mariadb_key.changed == True - - name: Installing MariaDB, Hold on... apt: name={{ item }} state=present with_items: - mariadb-server - mariadb-client - - libmysqlclient-dev + - libmariadbclient-dev register: package_install # The notify will call the ../handlers/main.yml notify: service mysql restart diff --git a/roles/website/tasks/php.yml b/roles/website/tasks/php.yml index 0e5a1a0..c1ac6ca 100644 --- a/roles/website/tasks/php.yml +++ b/roles/website/tasks/php.yml @@ -3,13 +3,6 @@ - include: roles/website/tasks/html.yml -- name: Adding PHP Repository, Hold on... - apt_repository: repo=ppa:ondrej/php - register: php_repo - -- include: roles/libs/tasks/apt/update.yml - when: php_repo.changed == True - - name: Installing PHP, Hold on... apt: name={{ item }} state=present with_items: @@ -85,12 +78,12 @@ when: package_install.changed == True - name: Creating PHP Debug Pool, Hold on... -# shell: cp -av /etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/debug.conf + shell: cp -av /etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/debug.conf # Ansible Copy Module bug https://github.com/ansible/ansible/issues/14341#issuecomment-275057426 - copy: - src: /etc/php/7.1/fpm/pool.d/www.conf - dest: /etc/php/7.1/fpm/pool.d/debug.conf - remote_src: true +# copy: +# src: /etc/php/7.1/fpm/pool.d/www.conf +# dest: /etc/php/7.1/fpm/pool.d/debug.conf +# remote_src: true when: package_install.changed == True - name: Tunning PHP Debug Pool Variables, Hold on... diff --git a/roles/website/tasks/repo_debian.yml b/roles/website/tasks/repo_debian.yml new file mode 100644 index 0000000..5c03987 --- /dev/null +++ b/roles/website/tasks/repo_debian.yml @@ -0,0 +1,36 @@ +--- +# Setup Debian Repository + +- name: Adding NGINX Repository Key, Hold on... + apt_key: + id: B9C9F7DE + url: http://download.opensuse.org/repositories/home:AnsiPress/{{ ansible_distribution }}_8.0/Release.key + register: apt_key + when: ansible_distribution == 'Debian' + +- name: Adding NGINX Repository, Hold on... + apt_repository: repo='deb http://download.opensuse.org/repositories/home:/AnsiPress/{{ ansible_distribution }}_8.0/ /' state=present filename=nginx + register: repository + when: ansible_distribution == 'Debian' + +- name: Adding PHP Repository Key, Hold on... + apt_key: + url: https://packages.sury.org/php/apt.gpg + register: apt_key + when: ansible_distribution == 'Debian' + +- name: Adding PHP Repository, Hold on... + apt_repository: repo='deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main' state=present filename=php + register: repository + when: ansible_distribution == 'Debian' + +- name: Adding MariaDB Repository Key, Hold on... + apt_key: keyserver=keyserver.ubuntu.com id=0xcbcb082a1bb943db + register: apt_key + +- name: Adding MariaDB Repository, Hold on... + apt_repository: repo='deb [arch=amd64,i386,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main' state=present filename=mariadb + register: repository + +- include: roles/libs/tasks/apt/update.yml + when: repository.changed == True or apt_key.changed == True diff --git a/roles/website/tasks/repo_ubuntu.yml b/roles/website/tasks/repo_ubuntu.yml new file mode 100644 index 0000000..64fc970 --- /dev/null +++ b/roles/website/tasks/repo_ubuntu.yml @@ -0,0 +1,29 @@ +--- +# Setup Ubuntu Repository + +- name: Adding NGINX Repository Key, Hold on... + apt_key: + id: B9C9F7DE + url: http://download.opensuse.org/repositories/home:AnsiPress/x{{ ansible_distribution }}_{{ ansible_distribution_version }}/Release.key + register: apt_key + when: ansible_distribution == 'Ubuntu' + +- name: Adding NGINX Repository, Hold on... + apt_repository: repo='deb http://download.opensuse.org/repositories/home:/AnsiPress/x{{ ansible_distribution }}_{{ ansible_distribution_version }}/ /' state=present filename=nginx + register: repository + when: ansible_distribution == 'Ubuntu' + +- name: Adding PHP Repository, Hold on... + apt_repository: repo=ppa:ondrej/php + register: repository + +- name: Adding MariaDB Repository Key, Hold on... + apt_key: keyserver=keyserver.ubuntu.com id=0xF1656F24C74CD1D8 + register: apt_key + +- name: Adding MariaDB Repository, Hold on... + apt_repository: repo='deb [arch=amd64,i386,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main' state=present filename=mariadb + register: repository + +- include: roles/libs/tasks/apt/update.yml + when: repository.changed == True or apt_key.changed == True From d93a4c926d99de146ea83c2f8d2af5671a826e3b Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Wed, 26 Apr 2017 16:17:47 +0530 Subject: [PATCH 32/33] Final Changes for Ubuntu + Debian --- hosts | 3 +- .../tasks/print.yml => print/tasks/main.yml} | 7 ++ roles/stack/handlers/main.yml | 12 ++ roles/stack/tasks/debian/mysql_repo.yml | 13 +++ roles/stack/tasks/debian/nginx_repo.yml | 17 +++ roles/stack/tasks/debian/php_repo.yml | 16 +++ roles/stack/tasks/main.yml | 16 +++ roles/{website => stack}/tasks/memcached.yml | 0 roles/stack/tasks/mysql.yml | 57 ++++++++++ roles/stack/tasks/nginx.yml | 44 ++++++++ roles/stack/tasks/php.yml | 105 ++++++++++++++++++ roles/stack/tasks/ubuntu/mysql_repo.yml | 13 +++ .../tasks/ubuntu/nginx_repo.yml} | 14 +-- roles/stack/tasks/ubuntu/php_repo.yml | 9 ++ .../{website => stack}/templates/mysql/my.cnf | 0 .../templates/nginx/ansipress/acl.conf | 0 .../templates/nginx/ansipress/expires.conf | 0 .../templates/nginx/ansipress/locations.conf | 0 .../templates/nginx/ansipress/pagespeed.conf | 0 .../nginx/ansipress/protect-system-files.conf | 0 .../templates/nginx/ansipress/status.conf | 0 .../templates/nginx/conf.d/pagespeed.conf | 0 roles/website/handlers/main.yml | 9 -- roles/website/tasks/html.yml | 45 +------- roles/website/tasks/main.yml | 3 - roles/website/tasks/mysql.yml | 57 +--------- roles/website/tasks/php.yml | 100 +---------------- roles/website/tasks/repo_debian.yml | 36 ------ roles/website/tasks/wp.yml | 9 +- setup.yml | 2 + 30 files changed, 322 insertions(+), 265 deletions(-) rename roles/{website/tasks/print.yml => print/tasks/main.yml} (55%) create mode 100644 roles/stack/handlers/main.yml create mode 100644 roles/stack/tasks/debian/mysql_repo.yml create mode 100644 roles/stack/tasks/debian/nginx_repo.yml create mode 100644 roles/stack/tasks/debian/php_repo.yml create mode 100644 roles/stack/tasks/main.yml rename roles/{website => stack}/tasks/memcached.yml (100%) create mode 100644 roles/stack/tasks/mysql.yml create mode 100644 roles/stack/tasks/nginx.yml create mode 100644 roles/stack/tasks/php.yml create mode 100644 roles/stack/tasks/ubuntu/mysql_repo.yml rename roles/{website/tasks/repo_ubuntu.yml => stack/tasks/ubuntu/nginx_repo.yml} (55%) create mode 100644 roles/stack/tasks/ubuntu/php_repo.yml rename roles/{website => stack}/templates/mysql/my.cnf (100%) rename roles/{website => stack}/templates/nginx/ansipress/acl.conf (100%) rename roles/{website => stack}/templates/nginx/ansipress/expires.conf (100%) rename roles/{website => stack}/templates/nginx/ansipress/locations.conf (100%) rename roles/{website => stack}/templates/nginx/ansipress/pagespeed.conf (100%) rename roles/{website => stack}/templates/nginx/ansipress/protect-system-files.conf (100%) rename roles/{website => stack}/templates/nginx/ansipress/status.conf (100%) rename roles/{website => stack}/templates/nginx/conf.d/pagespeed.conf (100%) delete mode 100644 roles/website/tasks/repo_debian.yml diff --git a/hosts b/hosts index 4df98c9..a019d3b 100644 --- a/hosts +++ b/hosts @@ -1,2 +1,3 @@ [AnsiPress] -AnsiPress.local +AnsiPress.ubuntu +AnsiPress.debian diff --git a/roles/website/tasks/print.yml b/roles/print/tasks/main.yml similarity index 55% rename from roles/website/tasks/print.yml rename to roles/print/tasks/main.yml index 51c2a6b..6ef4c63 100644 --- a/roles/website/tasks/print.yml +++ b/roles/print/tasks/main.yml @@ -8,3 +8,10 @@ - HTTP AUTH Username = AnsiPress - HTTP AUTH Password = {{ http_auth_pass }} when: setup_http_auth.stat.islnk is not defined + +- name: Getting WordPress Setup Information, Hold on... + debug: + msg: "{{ item }}" + with_items: + - WordPress Username = {{ username | lower }} + - WordPress Password = {{ random_password.stdout }} diff --git a/roles/stack/handlers/main.yml b/roles/stack/handlers/main.yml new file mode 100644 index 0000000..2789e92 --- /dev/null +++ b/roles/stack/handlers/main.yml @@ -0,0 +1,12 @@ +--- +- name: service memcached restart + service: name=memcached state=restarted + +- name: service nginx restart + service: name=nginx state=restarted + +- name: service php7.1-fpm restart + service: name=php7.1-fpm state=restarted + +- name: service mysql restart + service: name=mysql state=restarted diff --git a/roles/stack/tasks/debian/mysql_repo.yml b/roles/stack/tasks/debian/mysql_repo.yml new file mode 100644 index 0000000..9ee7a20 --- /dev/null +++ b/roles/stack/tasks/debian/mysql_repo.yml @@ -0,0 +1,13 @@ +--- +# Setup MySQL Repository + +- name: Adding MariaDB Repository Key, Hold on... + apt_key: keyserver=keyserver.ubuntu.com id=0xcbcb082a1bb943db + register: apt_key + +- name: Adding MariaDB Repository, Hold on... + apt_repository: repo='deb [arch=amd64,i386,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main' state=present filename=mariadb + register: repository + +- include: roles/libs/tasks/apt/update.yml + when: repository.changed == True or apt_key.changed == True diff --git a/roles/stack/tasks/debian/nginx_repo.yml b/roles/stack/tasks/debian/nginx_repo.yml new file mode 100644 index 0000000..885f8df --- /dev/null +++ b/roles/stack/tasks/debian/nginx_repo.yml @@ -0,0 +1,17 @@ +--- +# Setup NGINX Repository + +- name: Adding NGINX Repository Key, Hold on... + apt_key: + id: B9C9F7DE + url: http://download.opensuse.org/repositories/home:AnsiPress/{{ ansible_distribution }}_8.0/Release.key + register: apt_key + when: ansible_distribution == 'Debian' + +- name: Adding NGINX Repository, Hold on... + apt_repository: repo='deb http://download.opensuse.org/repositories/home:/AnsiPress/{{ ansible_distribution }}_8.0/ /' state=present filename=nginx + register: repository + when: ansible_distribution == 'Debian' + +- include: roles/libs/tasks/apt/update.yml + when: repository.changed == True or apt_key.changed == True diff --git a/roles/stack/tasks/debian/php_repo.yml b/roles/stack/tasks/debian/php_repo.yml new file mode 100644 index 0000000..b50bcd4 --- /dev/null +++ b/roles/stack/tasks/debian/php_repo.yml @@ -0,0 +1,16 @@ +--- +# Setup PHP Repository + +- name: Adding PHP Repository Key, Hold on... + apt_key: + url: https://packages.sury.org/php/apt.gpg + register: apt_key + when: ansible_distribution == 'Debian' + +- name: Adding PHP Repository, Hold on... + apt_repository: repo='deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main' state=present filename=php + register: repository + when: ansible_distribution == 'Debian' + +- include: roles/libs/tasks/apt/update.yml + when: repository.changed == True or apt_key.changed == True diff --git a/roles/stack/tasks/main.yml b/roles/stack/tasks/main.yml new file mode 100644 index 0000000..4fe44bf --- /dev/null +++ b/roles/stack/tasks/main.yml @@ -0,0 +1,16 @@ +--- +- include: roles/stack/tasks/memcached.yml + +- name: Checking NGINX Stack Required, Hold on... + set_fact: stack="nginx" + when: website_type == "html" + +- name: Checking PHP Stack Required, Hold on... + set_fact: stack="php" + when: website_type == "php" + +- name: Checking MySQL Stack Required, Hold on... + set_fact: stack="mysql" + when: website_type == "mysql" or website_type == "wp" or website_type == "w3tc" or website_type == "wpfc" + +- include: roles/stack/tasks/{{ stack }}.yml diff --git a/roles/website/tasks/memcached.yml b/roles/stack/tasks/memcached.yml similarity index 100% rename from roles/website/tasks/memcached.yml rename to roles/stack/tasks/memcached.yml diff --git a/roles/stack/tasks/mysql.yml b/roles/stack/tasks/mysql.yml new file mode 100644 index 0000000..9b91121 --- /dev/null +++ b/roles/stack/tasks/mysql.yml @@ -0,0 +1,57 @@ +--- +- include: roles/stack/tasks/php.yml + +# Setup MySQL Stack + +- include: roles/stack/tasks/{{ ansible_distribution | lower }}/mysql_repo.yml + +- name: Installing MariaDB, Hold on... + apt: name={{ item }} state=present + with_items: + - mariadb-server + - mariadb-client + - libmariadbclient-dev + register: package_install + # The notify will call the ../handlers/main.yml + notify: service mysql restart + +# To Secure MariaDB Installation +# We first have to set root user password +# For MariaDB root user password setup we need following things +# Packages: python3-dev python3-pip & mysqlclient +# Pyhton mysqlclient support Python3.x +# Refer - https://github.com/PyMySQL/mysqlclient-python +- name: Installing Python mysqlclient package, Hold on... + pip: name=mysqlclient state=present + when: package_install.changed == True + +- include: roles/libs/tasks/random_password.yml + when: package_install.changed == True + +- name: Setup MariaDB root password, Hold on... + mysql_user: name=root password={{ random_password.stdout }} state=present host_all=yes + when: package_install.changed == True + +- name: Creating /root/.my.cnf file, Hold on... + template: src=mysql/my.cnf dest=/root/.my.cnf owner=root group=root mode=0600 + when: package_install.changed == True + +- name: Tunning MySQL Variables, Hold on... + lineinfile: + dest: /etc/mysql/my.cnf + regexp: "{{ item.regexp }}" + backrefs: yes + line: "{{ item.line }}" + with_items: + - { regexp: '^skip-external-locking', line: 'skip-external-locking\nskip-name-resolve' } + - { regexp: '^connect_timeout', line: 'connect_timeout = 10' } + - { regexp: '^wait_timeout', line: "wait_timeout = 60\ninteractive_timeout = 30" } + when: package_install.changed == True + + +- name: Installing MySQLTunner Script, Hold on... + get_url: + url: http://mysqltuner.pl/ + dest: /usr/local/bin/mysqltuner + mode: 755 + when: package_install.changed == True diff --git a/roles/stack/tasks/nginx.yml b/roles/stack/tasks/nginx.yml new file mode 100644 index 0000000..531d3fb --- /dev/null +++ b/roles/stack/tasks/nginx.yml @@ -0,0 +1,44 @@ +--- +# Setup NGINX Stack + +- include: roles/stack/tasks/{{ ansible_distribution | lower }}/nginx_repo.yml + +- name: Installing NGINX, Hold on... + apt: name=nginx-pagespeed state=present + register: package_install + # The notify will call the ../handlers/main.yml + notify: service nginx restart + +- name: Setup NGINX conf.d Files, Hold on... + copy: + src: ../templates/nginx/conf.d/ + dest: /etc/nginx/conf.d/ + when: package_install.changed == True + +- name: Setup AnsiPress NGINX Files, Hold on... + copy: + src: ../templates/nginx/ansipress + dest: /etc/nginx/ + when: package_install.changed == True + +- name: Checking /etc/nginx/htpasswd File, Hold on... + stat: + path: /etc/nginx/htpasswd + register: setup_http_auth + +# Gererate Random Password For HTTP AUTH +- include: roles/libs/tasks/random_password.yml + when: setup_http_auth.stat.islnk is not defined + +- name: Setup HTTP AUTH, Hold On... + htpasswd: + path: /etc/nginx/htpasswd + name: AnsiPress + password: "{{ random_password.stdout }}" + when: setup_http_auth.stat.islnk is not defined + +# Save the HTTP_AUTH_Password Value +- name: Set HTTP_AUTH_Password Variable, Hold on... + set_fact: + http_auth_pass: "{{ random_password.stdout }}" + when: setup_http_auth.stat.islnk is not defined diff --git a/roles/stack/tasks/php.yml b/roles/stack/tasks/php.yml new file mode 100644 index 0000000..4d2feb6 --- /dev/null +++ b/roles/stack/tasks/php.yml @@ -0,0 +1,105 @@ +--- +- include: roles/stack/tasks/nginx.yml + +# Setup PHP Stack + +- include: roles/stack/tasks/{{ ansible_distribution | lower }}/php_repo.yml + +- name: Installing PHP, Hold on... + apt: name={{ item }} state=present + with_items: + - php7.1-gd + - php7.1-cli + - php7.1-fpm + - php7.1-curl + - php7.1-imap + - php7.1-mysql + - php7.1-redis + - php7.1-geoip + - php7.1-common + - php7.1-mcrypt + - php7.1-xdebug + - php7.1-xmlrpc + - php7.1-opcache + - php7.1-memcache + - php7.1-mbstring + - php7.1-readline + register: package_install + # The notify will call the ../handlers/main.yml + notify: service php7.1-fpm restart + +- name: Creating PHP Log Directory, Hold on... + file: + path: /var/log/php/ + state: directory + mode: 0755 + when: package_install.changed == True + +- name: Tunning php.ini Variables, Hold on... + lineinfile: + dest: /etc/php/7.1/fpm/php.ini + regexp: "{{ item.regexp }}" + backrefs: yes + line: "{{ item.line }}" + with_items: + - { regexp: '^expose_php', line: 'expose_php = Off' } + - { regexp: '^post_max_size', line: 'post_max_size = 100M' } + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M' } + - { regexp: '^max_execution_time', line: 'max_execution_time = 300' } + - { regexp: '^;date.timezone', line: 'date.timezone = UTC' } + when: package_install.changed == True + +- name: Changing PHP-FPM Log Location, Hold on... + lineinfile: + dest: /etc/php/7.1/fpm/php-fpm.conf + regexp: "{{ item.regexp }}" + backrefs: yes + line: "{{ item.line }}" + with_items: + - { regexp: '^error_log', line: 'error_log = /var/log/php/fpm.log' } + - { regexp: '^include=', line: 'include=/etc/php/7.1/fpm/pool.d/www.conf' } + when: package_install.changed == True + notify: service php7.1-fpm restart + +- name: Tunning PHP WWW Pool Variables, Hold on... + lineinfile: + dest: /etc/php/7.1/fpm/pool.d/www.conf + regexp: "{{ item.regexp }}" + backrefs: yes + line: "{{ item.line }}" + with_items: + - { regexp: '^listen = ', line: 'listen = 127.0.0.1:9000' } + - { regexp: '^;ping.path', line: 'ping.path = /ping' } + - { regexp: '^;ping.response', line: 'ping.response = pong' } + - { regexp: '^;pm.status_path', line: 'pm.status_path = /status' } + - { regexp: '^;request_terminate_timeout', line: 'request_terminate_timeout = 300' } + - { regexp: '^pm = dynamic', line: 'pm = ondemand' } + - { regexp: '^;pm.max_requests', line: 'pm.max_requests = 250' } + - { regexp: '^pm.max_children', line: 'pm.max_children = 25' } + - { regexp: '^pm.start_servers', line: 'pm.start_servers = 15' } + - { regexp: '^pm.min_spare_servers', line: 'pm.min_spare_servers = 10' } + - { regexp: '^pm.max_spare_servers', line: 'pm.max_spare_servers = 20' } + when: package_install.changed == True + +- name: Creating PHP Debug Pool, Hold on... + shell: cp -av /etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/debug.conf +# Ansible Copy Module bug https://github.com/ansible/ansible/issues/14341#issuecomment-275057426 +# copy: +# src: /etc/php/7.1/fpm/pool.d/www.conf +# dest: /etc/php/7.1/fpm/pool.d/debug.conf +# remote_src: true + when: package_install.changed == True + +- name: Tunning PHP Debug Pool Variables, Hold on... + lineinfile: + dest: /etc/php/7.1/fpm/pool.d/debug.conf + regexp: "{{ item.regexp }}" + backrefs: yes + line: "{{ item.line }}" + with_items: + - { regexp: '^\[www\]', line: "[debug]" } + - { regexp: '^listen = 127.0.0.1:9000', line: 'listen = 127.0.0.1:9001' } + - { regexp: '^;slowlog', line: 'slowlog = /var/log/php/$pool.log.slow' } + - { regexp: '^;request_slowlog_timeout', line: 'request_slowlog_timeout = 10s' } + - { regexp: '^;php_admin_value\[memory_limit\]', line: ";php_admin_value[memory_limit] = 32M \nphp_admin_value[xdebug.profiler_output_dir] = /tmp/ \nphp_admin_value[xdebug.profiler_output_name] = cachegrind.out.%p-%H-%R \nphp_admin_flag[xdebug.profiler_enable_trigger] = on \nphp_admin_flag[xdebug.profiler_enable] = off" } + when: package_install.changed == True diff --git a/roles/stack/tasks/ubuntu/mysql_repo.yml b/roles/stack/tasks/ubuntu/mysql_repo.yml new file mode 100644 index 0000000..66dd22e --- /dev/null +++ b/roles/stack/tasks/ubuntu/mysql_repo.yml @@ -0,0 +1,13 @@ +--- +# Setup MySQL Repository + +- name: Adding MariaDB Repository Key, Hold on... + apt_key: keyserver=keyserver.ubuntu.com id=0xF1656F24C74CD1D8 + register: apt_key + +- name: Adding MariaDB Repository, Hold on... + apt_repository: repo='deb [arch=amd64,i386,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main' state=present filename=mariadb + register: repository + +- include: roles/libs/tasks/apt/update.yml + when: repository.changed == True or apt_key.changed == True diff --git a/roles/website/tasks/repo_ubuntu.yml b/roles/stack/tasks/ubuntu/nginx_repo.yml similarity index 55% rename from roles/website/tasks/repo_ubuntu.yml rename to roles/stack/tasks/ubuntu/nginx_repo.yml index 64fc970..17773f3 100644 --- a/roles/website/tasks/repo_ubuntu.yml +++ b/roles/stack/tasks/ubuntu/nginx_repo.yml @@ -1,5 +1,5 @@ --- -# Setup Ubuntu Repository +# Setup NGINX Repository - name: Adding NGINX Repository Key, Hold on... apt_key: @@ -13,17 +13,5 @@ register: repository when: ansible_distribution == 'Ubuntu' -- name: Adding PHP Repository, Hold on... - apt_repository: repo=ppa:ondrej/php - register: repository - -- name: Adding MariaDB Repository Key, Hold on... - apt_key: keyserver=keyserver.ubuntu.com id=0xF1656F24C74CD1D8 - register: apt_key - -- name: Adding MariaDB Repository, Hold on... - apt_repository: repo='deb [arch=amd64,i386,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main' state=present filename=mariadb - register: repository - - include: roles/libs/tasks/apt/update.yml when: repository.changed == True or apt_key.changed == True diff --git a/roles/stack/tasks/ubuntu/php_repo.yml b/roles/stack/tasks/ubuntu/php_repo.yml new file mode 100644 index 0000000..4d6a6d6 --- /dev/null +++ b/roles/stack/tasks/ubuntu/php_repo.yml @@ -0,0 +1,9 @@ +--- +# Setup PHP Repository + +- name: Adding PHP Repository, Hold on... + apt_repository: repo=ppa:ondrej/php + register: repository + +- include: roles/libs/tasks/apt/update.yml + when: repository.changed == True or apt_key.changed == True diff --git a/roles/website/templates/mysql/my.cnf b/roles/stack/templates/mysql/my.cnf similarity index 100% rename from roles/website/templates/mysql/my.cnf rename to roles/stack/templates/mysql/my.cnf diff --git a/roles/website/templates/nginx/ansipress/acl.conf b/roles/stack/templates/nginx/ansipress/acl.conf similarity index 100% rename from roles/website/templates/nginx/ansipress/acl.conf rename to roles/stack/templates/nginx/ansipress/acl.conf diff --git a/roles/website/templates/nginx/ansipress/expires.conf b/roles/stack/templates/nginx/ansipress/expires.conf similarity index 100% rename from roles/website/templates/nginx/ansipress/expires.conf rename to roles/stack/templates/nginx/ansipress/expires.conf diff --git a/roles/website/templates/nginx/ansipress/locations.conf b/roles/stack/templates/nginx/ansipress/locations.conf similarity index 100% rename from roles/website/templates/nginx/ansipress/locations.conf rename to roles/stack/templates/nginx/ansipress/locations.conf diff --git a/roles/website/templates/nginx/ansipress/pagespeed.conf b/roles/stack/templates/nginx/ansipress/pagespeed.conf similarity index 100% rename from roles/website/templates/nginx/ansipress/pagespeed.conf rename to roles/stack/templates/nginx/ansipress/pagespeed.conf diff --git a/roles/website/templates/nginx/ansipress/protect-system-files.conf b/roles/stack/templates/nginx/ansipress/protect-system-files.conf similarity index 100% rename from roles/website/templates/nginx/ansipress/protect-system-files.conf rename to roles/stack/templates/nginx/ansipress/protect-system-files.conf diff --git a/roles/website/templates/nginx/ansipress/status.conf b/roles/stack/templates/nginx/ansipress/status.conf similarity index 100% rename from roles/website/templates/nginx/ansipress/status.conf rename to roles/stack/templates/nginx/ansipress/status.conf diff --git a/roles/website/templates/nginx/conf.d/pagespeed.conf b/roles/stack/templates/nginx/conf.d/pagespeed.conf similarity index 100% rename from roles/website/templates/nginx/conf.d/pagespeed.conf rename to roles/stack/templates/nginx/conf.d/pagespeed.conf diff --git a/roles/website/handlers/main.yml b/roles/website/handlers/main.yml index 70fd91a..f44bda6 100644 --- a/roles/website/handlers/main.yml +++ b/roles/website/handlers/main.yml @@ -1,7 +1,4 @@ --- -- name: service memcached restart - service: name=memcached state=restarted - - name: service nginx reload service: name=nginx state=reloaded @@ -10,11 +7,5 @@ - name: service fail2ban restart service: name=fail2ban state=restarted -- name: service php7.1-fpm restart - service: name=php7.1-fpm state=restarted - - name: service php7.1-{{ username | lower }} restart service: name=php7.1-{{ username | lower }} state=restarted - -- name: service mysql restart - service: name=mysql state=restarted diff --git a/roles/website/tasks/html.yml b/roles/website/tasks/html.yml index c91960e..0e90cb1 100644 --- a/roles/website/tasks/html.yml +++ b/roles/website/tasks/html.yml @@ -1,49 +1,12 @@ --- -# Setup NGINX PlayBook - -- name: Installing NGINX, Hold on... - apt: name=nginx-pagespeed state=present - register: package_install - -- name: Setup NGINX conf.d Files, Hold on... - copy: - src: ../templates/nginx/conf.d/ - dest: /etc/nginx/conf.d/ - when: package_install.changed == True - -- name: Setup AnsiPress NGINX Files, Hold on... - copy: - src: ../templates/nginx/ansipress - dest: /etc/nginx/ - when: package_install.changed == True - -- name: Checking /etc/nginx/htpasswd File, Hold on... - stat: - path: /etc/nginx/htpasswd - register: setup_http_auth - -# Gererate Random Password For HTTP AUTH -- include: roles/libs/tasks/random_password.yml - when: setup_http_auth.stat.islnk is not defined - -- name: Setup HTTP AUTH, Hold On... - htpasswd: - path: /etc/nginx/htpasswd - name: AnsiPress - password: "{{ random_password.stdout }}" - when: setup_http_auth.stat.islnk is not defined - -# Save the HTTP_AUTH_Password Value -- set_fact: - http_auth_pass: "{{ random_password.stdout }}" - when: setup_http_auth.stat.islnk is not defined +# Setup NGINX Website Configuration # We need PHP Pool Number # In Order to setup PHP/MySQL/WordPress website template # We need to replace php_pool variable on those templates - name: Calculate PHP Pool Value, Hold on... include: roles/libs/tasks/php_pool.yml - when: website_type != "html" and website_type != "HTML" + when: website_type != "html" - name: Check /etc/nginx/sites-available/{{ website_name | lower }}.conf, Hold on... stat: @@ -52,11 +15,11 @@ - name: Setup HTML, PHP or MySQL website NGINX Configuration, Hold on... template: src={{ website_type | lower }}/basic.conf dest=/etc/nginx/sites-available/{{ website_name | lower }}.conf - when: site_config.stat.islnk is not defined and (website_type == "html" or website_type == "php" or website_type == "mysql" or website_type == "HTML" or website_type == "PHP" or website_type == "MYSQL") + when: site_config.stat.islnk is not defined and (website_type == "html" or website_type == "php" or website_type == "mysql") - name: Setup WordPress website NGINX Configuration, Hold on... template: src=wordpress/{{ website_type | lower }}.conf dest=/etc/nginx/sites-available/{{ website_name | lower }}.conf - when: site_config.stat.islnk is not defined and (website_type == "wp" or website_type == "w3tc" or website_type == "wpfc" or website_type == "WP" or website_type == "W3TC" or website_type == "WPFC") + when: site_config.stat.islnk is not defined and (website_type == "wp" or website_type == "w3tc" or website_type == "wpfc") - name: Enabling {{ website_name | lower }} Website, Hold on... file: diff --git a/roles/website/tasks/main.yml b/roles/website/tasks/main.yml index 2da42fd..6b4ebcb 100644 --- a/roles/website/tasks/main.yml +++ b/roles/website/tasks/main.yml @@ -1,5 +1,2 @@ --- -- include: roles/website/tasks/memcached.yml -- include: roles/website/tasks/repo_{{ ansible_distribution | lower }}.yml - include: roles/website/tasks/{{ website_type | lower }}.yml -- include: roles/website/tasks/print.yml diff --git a/roles/website/tasks/mysql.yml b/roles/website/tasks/mysql.yml index da479fe..2df2977 100644 --- a/roles/website/tasks/mysql.yml +++ b/roles/website/tasks/mysql.yml @@ -1,60 +1,7 @@ --- -# Setup MySQL PlayBook - - include: roles/website/tasks/php.yml -- name: Installing MariaDB, Hold on... - apt: name={{ item }} state=present - with_items: - - mariadb-server - - mariadb-client - - libmariadbclient-dev - register: package_install - # The notify will call the ../handlers/main.yml - notify: service mysql restart - -# To Secure MariaDB Installation -# We first have to set root user password -# For MariaDB root user password setup we need following things -# Packages: python3-dev python3-pip & mysqlclient -# Pyhton mysqlclient support Python3.x -# Refer - https://github.com/PyMySQL/mysqlclient-python -- name: Installing Python mysqlclient package, Hold on... - pip: name=mysqlclient state=present - when: package_install.changed == True - -- include: roles/libs/tasks/random_password.yml - when: package_install.changed == True - -- name: Setup MariaDB root password, Hold on... - mysql_user: name=root password={{ random_password.stdout }} state=present host_all=yes - when: package_install.changed == True - -- name: Creating /root/.my.cnf file, Hold on... - template: src=mysql/my.cnf dest=/root/.my.cnf owner=root group=root mode=0600 - when: package_install.changed == True - -- name: Tunning MySQL Variables, Hold on... - lineinfile: - dest: /etc/mysql/my.cnf - regexp: "{{ item.regexp }}" - backrefs: yes - line: "{{ item.line }}" - with_items: - - { regexp: '^skip-external-locking', line: 'skip-external-locking\nskip-name-resolve' } - - { regexp: '^connect_timeout', line: 'connect_timeout = 10' } - - { regexp: '^wait_timeout', line: "wait_timeout = 60\ninteractive_timeout = 30" } - when: package_install.changed == True - - -- name: Installing MySQLTunner Script, Hold on... - get_url: - url: http://mysqltuner.pl/ - dest: /usr/local/bin/mysqltuner - mode: 755 - when: package_install.changed == True - - +# Setup MySQL Database # Generate MySQL DB Name - name: "Generate MySQl DB Name, Hold on..." shell: echo "{{ website_name | lower }}" | tr '.' '_' @@ -82,4 +29,4 @@ - name: Generate Databae Config File for MySQL Website, Hold on... template: src=mysql/config.php dest=/home/{{ username | lower }}/vhosts/{{ website_name | lower }}/config.php - when: website_type == "mysql" or website_type == "MYSQL" + when: website_type == "mysql" diff --git a/roles/website/tasks/php.yml b/roles/website/tasks/php.yml index c1ac6ca..3a39071 100644 --- a/roles/website/tasks/php.yml +++ b/roles/website/tasks/php.yml @@ -1,105 +1,7 @@ --- -# Setup PHP PlayBook - - include: roles/website/tasks/html.yml -- name: Installing PHP, Hold on... - apt: name={{ item }} state=present - with_items: - - php7.1-gd - - php7.1-cli - - php7.1-fpm - - php7.1-curl - - php7.1-imap - - php7.1-mysql - - php7.1-redis - - php7.1-geoip - - php7.1-common - - php7.1-mcrypt - - php7.1-xdebug - - php7.1-xmlrpc - - php7.1-opcache - - php7.1-memcache - - php7.1-mbstring - - php7.1-readline - register: package_install - -- name: Creating PHP Log Directory, Hold on... - file: - path: /var/log/php/ - state: directory - mode: 0755 - when: package_install.changed == True - -- name: Tunning php.ini Variables, Hold on... - lineinfile: - dest: /etc/php/7.1/fpm/php.ini - regexp: "{{ item.regexp }}" - backrefs: yes - line: "{{ item.line }}" - with_items: - - { regexp: '^expose_php', line: 'expose_php = Off' } - - { regexp: '^post_max_size', line: 'post_max_size = 100M' } - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M' } - - { regexp: '^max_execution_time', line: 'max_execution_time = 300' } - - { regexp: '^;date.timezone', line: 'date.timezone = UTC' } - when: package_install.changed == True - -- name: Changing PHP-FPM Log Location, Hold on... - lineinfile: - dest: /etc/php/7.1/fpm/php-fpm.conf - regexp: "{{ item.regexp }}" - backrefs: yes - line: "{{ item.line }}" - with_items: - - { regexp: '^error_log', line: 'error_log = /var/log/php/fpm.log' } - - { regexp: '^include=', line: 'include=/etc/php/7.1/fpm/pool.d/www.conf' } - when: package_install.changed == True - notify: service php7.1-fpm restart - -- name: Tunning PHP WWW Pool Variables, Hold on... - lineinfile: - dest: /etc/php/7.1/fpm/pool.d/www.conf - regexp: "{{ item.regexp }}" - backrefs: yes - line: "{{ item.line }}" - with_items: - - { regexp: '^listen = ', line: 'listen = 127.0.0.1:9000' } - - { regexp: '^;ping.path', line: 'ping.path = /ping' } - - { regexp: '^;ping.response', line: 'ping.response = pong' } - - { regexp: '^;pm.status_path', line: 'pm.status_path = /status' } - - { regexp: '^;request_terminate_timeout', line: 'request_terminate_timeout = 300' } - - { regexp: '^pm = dynamic', line: 'pm = ondemand' } - - { regexp: '^;pm.max_requests', line: 'pm.max_requests = 250' } - - { regexp: '^pm.max_children', line: 'pm.max_children = 25' } - - { regexp: '^pm.start_servers', line: 'pm.start_servers = 15' } - - { regexp: '^pm.min_spare_servers', line: 'pm.min_spare_servers = 10' } - - { regexp: '^pm.max_spare_servers', line: 'pm.max_spare_servers = 20' } - when: package_install.changed == True - -- name: Creating PHP Debug Pool, Hold on... - shell: cp -av /etc/php/7.1/fpm/pool.d/www.conf /etc/php/7.1/fpm/pool.d/debug.conf -# Ansible Copy Module bug https://github.com/ansible/ansible/issues/14341#issuecomment-275057426 -# copy: -# src: /etc/php/7.1/fpm/pool.d/www.conf -# dest: /etc/php/7.1/fpm/pool.d/debug.conf -# remote_src: true - when: package_install.changed == True - -- name: Tunning PHP Debug Pool Variables, Hold on... - lineinfile: - dest: /etc/php/7.1/fpm/pool.d/debug.conf - regexp: "{{ item.regexp }}" - backrefs: yes - line: "{{ item.line }}" - with_items: - - { regexp: '^\[www\]', line: "[debug]" } - - { regexp: '^listen = 127.0.0.1:9000', line: 'listen = 127.0.0.1:9001' } - - { regexp: '^;slowlog', line: 'slowlog = /var/log/php/$pool.log.slow' } - - { regexp: '^;request_slowlog_timeout', line: 'request_slowlog_timeout = 10s' } - - { regexp: '^;php_admin_value\[memory_limit\]', line: ";php_admin_value[memory_limit] = 32M \nphp_admin_value[xdebug.profiler_output_dir] = /tmp/ \nphp_admin_value[xdebug.profiler_output_name] = cachegrind.out.%p-%H-%R \nphp_admin_flag[xdebug.profiler_enable_trigger] = on \nphp_admin_flag[xdebug.profiler_enable] = off" } - when: package_install.changed == True - +# Setup PHP Website Pool - name: Setup {{ username | lower }} Pool, Hold on... template: src=php/pool.conf dest=/etc/php/7.1/fpm/pool.d/{{ username | lower }}.conf when: setup_user.changed == True diff --git a/roles/website/tasks/repo_debian.yml b/roles/website/tasks/repo_debian.yml deleted file mode 100644 index 5c03987..0000000 --- a/roles/website/tasks/repo_debian.yml +++ /dev/null @@ -1,36 +0,0 @@ ---- -# Setup Debian Repository - -- name: Adding NGINX Repository Key, Hold on... - apt_key: - id: B9C9F7DE - url: http://download.opensuse.org/repositories/home:AnsiPress/{{ ansible_distribution }}_8.0/Release.key - register: apt_key - when: ansible_distribution == 'Debian' - -- name: Adding NGINX Repository, Hold on... - apt_repository: repo='deb http://download.opensuse.org/repositories/home:/AnsiPress/{{ ansible_distribution }}_8.0/ /' state=present filename=nginx - register: repository - when: ansible_distribution == 'Debian' - -- name: Adding PHP Repository Key, Hold on... - apt_key: - url: https://packages.sury.org/php/apt.gpg - register: apt_key - when: ansible_distribution == 'Debian' - -- name: Adding PHP Repository, Hold on... - apt_repository: repo='deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main' state=present filename=php - register: repository - when: ansible_distribution == 'Debian' - -- name: Adding MariaDB Repository Key, Hold on... - apt_key: keyserver=keyserver.ubuntu.com id=0xcbcb082a1bb943db - register: apt_key - -- name: Adding MariaDB Repository, Hold on... - apt_repository: repo='deb [arch=amd64,i386,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.1/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main' state=present filename=mariadb - register: repository - -- include: roles/libs/tasks/apt/update.yml - when: repository.changed == True or apt_key.changed == True diff --git a/roles/website/tasks/wp.yml b/roles/website/tasks/wp.yml index 4c69c89..73853d0 100644 --- a/roles/website/tasks/wp.yml +++ b/roles/website/tasks/wp.yml @@ -36,14 +36,7 @@ url: https://raw.githubusercontent.com/AnsiPress/AnsiTools/master/cache/purge.php dest: /home/{{ username | lower }}/vhosts/{{ website_name | lower }}/htdocs/ mode: 644 - when: website_type == "wpfc" or website_type == "WPFC" + when: website_type == "wpfc" - name: Fixing WordPress Permissions, Hold On shell: find /home/{{ username | lower }}/vhosts/{{ website_name | lower }} -type d -exec chmod 750 {} \; && find /home/{{ username | lower }}/vhosts/{{ website_name | lower }} -type f -exec chmod 640 {} \; && chown -R {{ username | lower }}:{{ username | lower }} /home/{{ username | lower }}/vhosts/{{ website_name | lower }} - -- name: Getting WordPress Setup Information, Hold on... - debug: - msg: "{{ item }}" - with_items: - - WordPress Username = {{ username | lower }} - - WordPress Password = {{ random_password.stdout }} diff --git a/setup.yml b/setup.yml index c8baf7d..3898456 100644 --- a/setup.yml +++ b/setup.yml @@ -12,5 +12,7 @@ - bootstrap - security - reboot + - stack - user - website + - print From a03ed613123e626bd481ebdfcf591112a6c8340a Mon Sep 17 00:00:00 2001 From: Mitesh Shah Date: Thu, 18 May 2017 13:25:21 +0530 Subject: [PATCH 33/33] Updated CHANGELOG.txt --- CHANGELOG.txt | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 0b4ea30..b71eb2e 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,11 @@ +v0.2.0-beta - May 17, 2017 +- Debian 8 +- UTC TimeZone +- Fail2Ban Support +- PageSpeed Configuration +- WooCommerce Cache Bypass +- Fix #14 #21 #24 #25 + v0.1.0-beta - March 1, 2017 - First Beta Release - NGINX PageSpeed Support @@ -10,4 +18,3 @@ v0.1.0-beta - March 1, 2017 4. WordPress 5. WordPress W3TC (W3 Total Cache) 6. WordPress FastCGI Cache -