mirror of https://dev.ccchb.de/ccchb/ansible.git
Handle nginx configuration in mediawiki role
This commit is contained in:
parent
d5a03479af
commit
fdd1e5ce35
|
@ -1,5 +1,8 @@
|
||||||
---
|
---
|
||||||
mediawiki_path: /var/www/wiki.ccchb.de/webroot/w
|
mediawiki_domain: wiki.ccchb.de
|
||||||
|
|
||||||
|
mediawiki_webroot: /var/www/wiki.ccchb.de/webroot
|
||||||
|
mediawiki_path: /w
|
||||||
|
|
||||||
mediawiki_extensions:
|
mediawiki_extensions:
|
||||||
- CategoryTree
|
- CategoryTree
|
||||||
|
@ -21,3 +24,23 @@ mediawiki_skins:
|
||||||
mediawiki_sitename: "CCC Bremen"
|
mediawiki_sitename: "CCC Bremen"
|
||||||
|
|
||||||
mediawiki_email: "webmaster@ccchb.de"
|
mediawiki_email: "webmaster@ccchb.de"
|
||||||
|
|
||||||
|
mediawiki_install_nginx: true
|
||||||
|
mediawiki_php_socket: "unix:/run/php/php7.3-fpm.sock"
|
||||||
|
|
||||||
|
mediawiki_nginx_conf: |
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
listen 443 ssl http2;
|
||||||
|
|
||||||
|
server_name {{ mediawiki_domain }};
|
||||||
|
|
||||||
|
root {{ mediawiki_webroot }};
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/{{ mediawiki_domain }}/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/{{ mediawiki_domain }}/privkey.pem;
|
||||||
|
ssl_trusted_certificate /etc/letsencrypt/live/{{ mediawiki_domain }}/chain.pem;
|
||||||
|
|
||||||
|
client_max_body_size 100M;
|
||||||
|
|
||||||
|
include snippets/certbot.conf;
|
||||||
|
...
|
||||||
|
|
|
@ -2,8 +2,20 @@
|
||||||
- name: Configure Mediawiki
|
- name: Configure Mediawiki
|
||||||
template:
|
template:
|
||||||
src: LocalSettings.php.j2
|
src: LocalSettings.php.j2
|
||||||
dest: "{{ mediawiki_path }}/LocalSettings.php"
|
dest: "{{ mediawiki_webroot }}/{{ mediawiki_path }}/LocalSettings.php"
|
||||||
owner: www-data
|
owner: www-data
|
||||||
group: www-data
|
group: www-data
|
||||||
mode: '0600'
|
mode: '0600'
|
||||||
|
|
||||||
|
- name: Install nginx site
|
||||||
|
template:
|
||||||
|
src: nginx.j2
|
||||||
|
dest: /etc/nginx/sites-available/{{ mediawiki_domain }}
|
||||||
|
when: mediawiki_install_nginx
|
||||||
|
|
||||||
|
- name: Activate site {{ mediawiki_install_nginx }}
|
||||||
|
file:
|
||||||
|
src: /etc/nginx/sites-available/{{ mediawiki_domain }}
|
||||||
|
dest: /etc/nginx/sites-enabled/{{ mediawiki_domain }}
|
||||||
|
when: mediawiki_install_nginx
|
||||||
|
...
|
||||||
|
|
|
@ -0,0 +1,58 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
server {
|
||||||
|
{{ mediawiki_nginx_conf }}
|
||||||
|
|
||||||
|
location ~ ^{{ mediawiki_path }}/(index|load|api|thumb|opensearch_desc|rest|img_auth)\.php$ {
|
||||||
|
include fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_pass {{ mediawiki_php_socket }};
|
||||||
|
}
|
||||||
|
|
||||||
|
# Images
|
||||||
|
location {{ mediawiki_path }}/images {
|
||||||
|
# Separate location for images/ so .php execution won't apply
|
||||||
|
}
|
||||||
|
location {{ mediawiki_path }}/images/deleted {
|
||||||
|
# Deny access to deleted images folder
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
# MediaWiki assets (usually images)
|
||||||
|
location ~ ^{{ mediawiki_path }}/resources/(assets|lib|src) {
|
||||||
|
try_files $uri 404;
|
||||||
|
add_header Cache-Control "public";
|
||||||
|
expires 7d;
|
||||||
|
}
|
||||||
|
# Assets, scripts and styles from skins and extensions
|
||||||
|
location ~ ^{{ mediawiki_path }}/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg|wasm)$ {
|
||||||
|
try_files $uri 404;
|
||||||
|
add_header Cache-Control "public";
|
||||||
|
expires 7d;
|
||||||
|
}
|
||||||
|
# Favicon
|
||||||
|
location = /favicon.ico {
|
||||||
|
add_header Cache-Control "public";
|
||||||
|
expires 7d;
|
||||||
|
}
|
||||||
|
|
||||||
|
location {{ mediawiki_path }}/rest.php/ {
|
||||||
|
try_files $uri $uri/ {{ mediawiki_path }}/rest.php?$query_string;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Handling for the article path (pretty URLs)
|
||||||
|
location /wiki/ {
|
||||||
|
rewrite ^/wiki/(?<pagename>.*)$ {{ mediawiki_path }}/index.php;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Allow robots.txt in case you have one
|
||||||
|
location = /robots.txt {
|
||||||
|
}
|
||||||
|
# Explicit access to the root website, redirect to main page (adapt as needed)
|
||||||
|
location = / {
|
||||||
|
return 301 /wiki/Hauptseite;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 404;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue