# NGINX REVERSE # Nginx Alpha (CT105) : 10.0.1.3 | 10.0.2.4 | 10.1.0.105 # Nginx Beta (CT106) : 10.0.1.4 | 10.0.2.5 | 10.1.0.106 # Gateway 10.0.1.0/24 -> 10.0.1.254 # Gateway 10.0.2.0/24 -> 10.0.2.254 # Gateway 10.1.0.0/24 -> 10.1.0.254 # Créer les conteneurs, les mets à jours, configure les mises à jours de sécurité automatique, # installe des paquets utile et ceux des services, met en place ferm via notre template. - hosts: localhost connection: local gather_facts: no tasks: - include_vars: /root/src/source_pve.yml - include_vars: /root/src/password_proxy.yml - name: Create LXC for Nginx Master (CT104) proxmox: api_user: root@pam api_password: "{{ pass_pve }}" api_host: '10.1.0.1' node: alpha cpus: 1 cores: 2 memory: 2048 disk: 16 swap: 1024 storage: local-zfs ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz' password: "{{ pass_nginx_alpha }}" hostname: NginxMaster vmid: 104 onboot: yes unprivileged: yes nameserver: '10.0.1.253' netif: '{"net0":"name=eth0,ip=10.0.1.3/24,gw=10.0.1.254,bridge=vmbr1,tag=20","net1":"name=eth1,ip=10.0.2.4/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net3":"name=eth3,ip=10.1.0.105/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}' pubkey: "{{ ssh_pub }}" state: present - name: Create LXC for Nginx Slave (CT105) proxmox: api_user: root@pam api_password: "{{ pass_pve }}" api_host: '10.1.0.1' node: beta cpus: 1 cores: 2 memory: 2048 disk: 16 swap: 1024 storage: local-zfs ostemplate: 'local:vztmpl/debian-10.0-standard_10.0-1_amd64.tar.gz' password: "{{ pass_nginx_slave }}" hostname: NginxSlave vmid: 105 onboot: yes unprivileged: yes nameserver: '10.0.1.253' netif: '{"net0":"name=eth0,ip=10.0.1.4/24,gw=10.0.1.254,bridge=vmbr1,tag=20","net1":"name=eth1,ip=10.0.2.5/24,gw=10.0.2.254,bridge=vmbr1,tag=30","net3":"name=eth3,ip=10.1.0.106/24,gw=10.1.0.254,bridge=vmbr2,tag=100"}' pubkey: "{{ ssh_pub }}" state: present - name: Start Proxy container proxmox: api_user: root@pam api_password: "{{ pass_pve }}" api_host: '10.1.0.1' vmid: "{{ item }}" state: started with_items: - '104' - '105' - hosts: zoneproxy tasks: - name: Set timezone for Proxy timezone: name: Europe/Paris - name: APT configuration for Proxy copy: dest: "/etc/apt/apt.conf.d/01proxy" content: | Acquire::http { Proxy "http://10.0.1.252:9999"; }; - name: WGET configuration for Proxy copy: dest: "/root/.wgetrc" content: | http_proxy = http://10.0.1.252:3128/ https_proxy = http://10.0.1.252:3128/ use_proxy = on - name: Apt Update for Proxy apt: update_cache: yes - name: Apt Upgrade for Proxy apt: upgrade: dist - name: Install utils for Proxy apt: pkg: - vim - net-tools - nmap - dnsutils - ferm - unattended-upgrades - apt-listchanges - wget - curl - git - name: Unattended-Upgrades Activation for Proxy shell: | echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | debconf-set-selections dpkg-reconfigure -f noninteractive unattended-upgrades echo 'Unattended-Upgrade::Mail "root";' >> /etc/apt/apt.conf.d/50unattended-upgrades - hosts: nginx tasks: - name: Install requirement for Nginx apt: pkg: - nginx - name: Enable service for Nginx systemd: name: "{{ item }}" enabled: yes with_items: - 'nginx' - name: Prepare NGINX for Nginx file: path: "{{ item }}" state: absent with_items: - '/etc/nginx/sites-enabled/default' - '/etc/nginx/sites-available/default' - name: Prepare Nginx for Nginx file: path: "{{ item }}" state: directory with_items: - '/home/hasync/letsencrypt-requests' - '/etc/ssl/letsencrypt' - name: Copy webhost deploy script for Nginx copy: src: /root/src/script_nginx.sh dest: /root/deploy-webhost.sh owner: root group: root mode: '0740' - name: Copy ferm configuration for Nginx copy: src: /root/src/ferm/nginx_ferm.conf dest: /etc/ferm/ferm.conf owner: root group: root mode: '0640' - name: Restart ferm for Nginx systemd: name: "ferm" state: restarted