Add geoip2 support for nginx
ci/woodpecker/push/lint Pipeline was successful
Details
ci/woodpecker/push/lint Pipeline was successful
Details
This commit is contained in:
parent
4f1b54547b
commit
b7706355bf
|
@ -7,3 +7,4 @@ nginx_become_user: root
|
|||
nginx_default_package: nginx
|
||||
nginx_root: /var/www
|
||||
nginx_vhosts: []
|
||||
nginx_enable_geoip2: false
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
# Ansible managed
|
||||
|
||||
geoip2 /var/lib/GeoIP/GeoLite2-Country.mmdb {
|
||||
auto_reload 5m;
|
||||
$geoip2_metadata_country_build metadata build_epoch;
|
||||
$geoip2_data_country_code source=$remote_addr country iso_code;
|
||||
$geoip2_data_country_name country names en;
|
||||
}
|
||||
|
||||
geoip2 /var/lib/GeoIP/GeoLite2-City.mmdb {
|
||||
$geoip2_data_city_name city names en;
|
||||
}
|
||||
|
||||
log_format custom '$remote_addr - $remote_user [$time_local]'
|
||||
' "$request" $status $body_bytes_sent'
|
||||
' "$http_referer" "$http_user_agent"'
|
||||
' "$request_time" "$upstream_connect_time"'
|
||||
' "$geoip2_data_country_code" "$geoip2_data_country_name"'
|
||||
' "$geoip2_data_city_name"';
|
|
@ -49,6 +49,16 @@
|
|||
line: "\tgzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;"
|
||||
notify: systemctl reload nginx
|
||||
|
||||
- name: add geoip2 config
|
||||
ansible.builtin.copy:
|
||||
src: etc/nginx/conf.d/geoip2.conf
|
||||
dest: /etc/nginx/conf.d/geoip2.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0640
|
||||
when: nginx_enable_geoip2
|
||||
notify: systemctl reload nginx
|
||||
|
||||
- import_tasks: create-vhosts.yml
|
||||
|
||||
become: "{{ nginx_become }}"
|
||||
|
|
|
@ -94,6 +94,6 @@ server {
|
|||
|
||||
error_page 404 /404.html;
|
||||
|
||||
access_log {{ nginx_root }}/{{ item.servername }}/logs/access.log;
|
||||
access_log {{ nginx_root }}/{{ item.servername }}/logs/access.log{% if nginx_enable_geoip2 %} custom{% endif %};
|
||||
error_log {{ nginx_root }}/{{ item.servername }}/logs/error.log;
|
||||
}
|
||||
|
|
|
@ -22,6 +22,7 @@
|
|||
snake_oil_cert_domains:
|
||||
- example.org
|
||||
- example2.org
|
||||
nginx_default_package: nginx-full
|
||||
nginx_vhosts:
|
||||
- servername: example.org
|
||||
serveralias:
|
||||
|
@ -42,6 +43,7 @@
|
|||
ssl_trusted_certificate: /var/lib/snakeoil/certs/example2.org/fullchain.pem
|
||||
is_reverse_proxy_site: true
|
||||
proxy_pass: http://localhost:5000/
|
||||
nginx_enable_geoip2: true
|
||||
dehydrated_email: test@example.org
|
||||
dehydrated_domains:
|
||||
- example.org www.example.org
|
||||
|
@ -104,12 +106,12 @@
|
|||
# - ../roles/iptables
|
||||
# - ../roles/sshd
|
||||
# - ../roles/fail2ban
|
||||
# - ../roles/snake_oil_cert
|
||||
- ../roles/snake_oil_cert
|
||||
# - ../roles/users
|
||||
# - ../roles/dehydrated
|
||||
# - ../roles/telegraf
|
||||
- ../roles/geoipupdate
|
||||
# - ../roles/nginx
|
||||
- ../roles/nginx
|
||||
# - ../roles/headscale
|
||||
# - ../roles/admin
|
||||
# - ../roles/docker
|
||||
|
|
Loading…
Reference in New Issue