Ansible and Docker Compose provisioning for torsion.org infrastructure.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

89 lines
2.7 KiB

- name: create directory for nginx configuration template file
file:
path: /etc/docker-gen/templates
state: directory
mode: 0700
tags:
- web_server
- name: copy nginx configuration template file
copy:
dest: /etc/docker-gen/templates/nginx.tmpl
src: nginx.tmpl
tags:
- web_server
- name: allow web server ports in firewall
ufw:
rule: allow
port: "{{ item }}"
proto: tcp
with_items:
- "80"
- "443"
tags:
- web_server
- name: make directory for client certificates
file: path=/etc/nginx/certs state=directory mode=0700
tags:
- web_server
- name: copy certificate authority for client certificates
copy: src=public_keys/certificate-authority dest=/etc/nginx/certs/ca.crt mode=0600
tags:
- web_server
- name: run web server containers
docker_compose:
project_name: web_server
pull: yes
definition:
version: '3'
services:
nginx:
image: nginx:1.21.0
container_name: nginx
restart: always
ports:
- "80:80"
- "443:443"
labels:
- com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy
volumes:
- /etc/nginx/certs:/etc/nginx/certs:ro
- /etc/nginx/conf.d:/etc/nginx/conf.d
- /etc/nginx/vhost.d:/etc/nginx/vhost.d
- /etc/nginx/htpasswd:/etc/nginx/htpasswd:ro
- /usr/share/nginx/html:/usr/share/nginx/html
nginx-docker-gen:
image: nginxproxy/docker-gen
restart: always
labels:
- com.github.jrcs.letsencrypt_nginx_proxy_companion.docker_gen
volumes:
- /etc/nginx/certs:/etc/nginx/certs:ro
- /etc/nginx/conf.d:/etc/nginx/conf.d
- /etc/nginx/vhost.d:/etc/nginx/vhost.d
- /etc/nginx/htpasswd:/etc/nginx/htpasswd:ro
- /etc/docker-gen/templates/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
command: "-notify-sighup nginx -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf"
depends_on:
- nginx
letsencrypt-nginx-proxy-companion:
image: nginxproxy/acme-companion
restart: always
volumes:
- /etc/nginx/certs:/etc/nginx/certs:rw
- /etc/nginx/vhost.d:/etc/nginx/vhost.d
- /usr/share/nginx/html:/usr/share/nginx/html
- /var/run/docker.sock:/var/run/docker.sock:ro
depends_on:
- nginx-docker-gen
networks:
default:
external:
name: shared
tags:
- web_server