Add geoip2 support for nginx
All checks were successful
ci/woodpecker/push/lint Pipeline was successful
All checks were successful
ci/woodpecker/push/lint Pipeline was successful
This commit is contained in:
parent
4f1b54547b
commit
b7706355bf
|
@ -7,3 +7,4 @@ nginx_become_user: root
|
||||||
nginx_default_package: nginx
|
nginx_default_package: nginx
|
||||||
nginx_root: /var/www
|
nginx_root: /var/www
|
||||||
nginx_vhosts: []
|
nginx_vhosts: []
|
||||||
|
nginx_enable_geoip2: false
|
||||||
|
|
19
roles/nginx/files/etc/nginx/conf.d/geoip2.conf
Normal file
19
roles/nginx/files/etc/nginx/conf.d/geoip2.conf
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
# Ansible managed
|
||||||
|
|
||||||
|
geoip2 /var/lib/GeoIP/GeoLite2-Country.mmdb {
|
||||||
|
auto_reload 5m;
|
||||||
|
$geoip2_metadata_country_build metadata build_epoch;
|
||||||
|
$geoip2_data_country_code source=$remote_addr country iso_code;
|
||||||
|
$geoip2_data_country_name country names en;
|
||||||
|
}
|
||||||
|
|
||||||
|
geoip2 /var/lib/GeoIP/GeoLite2-City.mmdb {
|
||||||
|
$geoip2_data_city_name city names en;
|
||||||
|
}
|
||||||
|
|
||||||
|
log_format custom '$remote_addr - $remote_user [$time_local]'
|
||||||
|
' "$request" $status $body_bytes_sent'
|
||||||
|
' "$http_referer" "$http_user_agent"'
|
||||||
|
' "$request_time" "$upstream_connect_time"'
|
||||||
|
' "$geoip2_data_country_code" "$geoip2_data_country_name"'
|
||||||
|
' "$geoip2_data_city_name"';
|
|
@ -49,6 +49,16 @@
|
||||||
line: "\tgzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;"
|
line: "\tgzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;"
|
||||||
notify: systemctl reload nginx
|
notify: systemctl reload nginx
|
||||||
|
|
||||||
|
- name: add geoip2 config
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: etc/nginx/conf.d/geoip2.conf
|
||||||
|
dest: /etc/nginx/conf.d/geoip2.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0640
|
||||||
|
when: nginx_enable_geoip2
|
||||||
|
notify: systemctl reload nginx
|
||||||
|
|
||||||
- import_tasks: create-vhosts.yml
|
- import_tasks: create-vhosts.yml
|
||||||
|
|
||||||
become: "{{ nginx_become }}"
|
become: "{{ nginx_become }}"
|
||||||
|
|
|
@ -94,6 +94,6 @@ server {
|
||||||
|
|
||||||
error_page 404 /404.html;
|
error_page 404 /404.html;
|
||||||
|
|
||||||
access_log {{ nginx_root }}/{{ item.servername }}/logs/access.log;
|
access_log {{ nginx_root }}/{{ item.servername }}/logs/access.log{% if nginx_enable_geoip2 %} custom{% endif %};
|
||||||
error_log {{ nginx_root }}/{{ item.servername }}/logs/error.log;
|
error_log {{ nginx_root }}/{{ item.servername }}/logs/error.log;
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,6 +22,7 @@
|
||||||
snake_oil_cert_domains:
|
snake_oil_cert_domains:
|
||||||
- example.org
|
- example.org
|
||||||
- example2.org
|
- example2.org
|
||||||
|
nginx_default_package: nginx-full
|
||||||
nginx_vhosts:
|
nginx_vhosts:
|
||||||
- servername: example.org
|
- servername: example.org
|
||||||
serveralias:
|
serveralias:
|
||||||
|
@ -42,6 +43,7 @@
|
||||||
ssl_trusted_certificate: /var/lib/snakeoil/certs/example2.org/fullchain.pem
|
ssl_trusted_certificate: /var/lib/snakeoil/certs/example2.org/fullchain.pem
|
||||||
is_reverse_proxy_site: true
|
is_reverse_proxy_site: true
|
||||||
proxy_pass: http://localhost:5000/
|
proxy_pass: http://localhost:5000/
|
||||||
|
nginx_enable_geoip2: true
|
||||||
dehydrated_email: test@example.org
|
dehydrated_email: test@example.org
|
||||||
dehydrated_domains:
|
dehydrated_domains:
|
||||||
- example.org www.example.org
|
- example.org www.example.org
|
||||||
|
@ -104,12 +106,12 @@
|
||||||
# - ../roles/iptables
|
# - ../roles/iptables
|
||||||
# - ../roles/sshd
|
# - ../roles/sshd
|
||||||
# - ../roles/fail2ban
|
# - ../roles/fail2ban
|
||||||
# - ../roles/snake_oil_cert
|
- ../roles/snake_oil_cert
|
||||||
# - ../roles/users
|
# - ../roles/users
|
||||||
# - ../roles/dehydrated
|
# - ../roles/dehydrated
|
||||||
# - ../roles/telegraf
|
# - ../roles/telegraf
|
||||||
- ../roles/geoipupdate
|
- ../roles/geoipupdate
|
||||||
# - ../roles/nginx
|
- ../roles/nginx
|
||||||
# - ../roles/headscale
|
# - ../roles/headscale
|
||||||
# - ../roles/admin
|
# - ../roles/admin
|
||||||
# - ../roles/docker
|
# - ../roles/docker
|
||||||
|
|
Loading…
Reference in a new issue