Add frontend playbook
This commit is contained in:
parent
3bcffbe251
commit
4a625bf3eb
|
@ -4,3 +4,4 @@
|
|||
hosts: all
|
||||
roles:
|
||||
- nrpe
|
||||
- fic-frontend
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
nemunaire:$apr1$GCAyuMBH$BGenYoXt1ZX7x7bt6bPa0.
|
|
@ -0,0 +1 @@
|
|||
../../../../frontend/frontend
|
|
@ -0,0 +1,12 @@
|
|||
[Unit]
|
||||
Description=FIC Frontend service
|
||||
After=nginx.service
|
||||
|
||||
[Service]
|
||||
User=fic
|
||||
Group=nogroup
|
||||
WorkingDirectory=/home/fic
|
||||
ExecStart=/home/fic/frontend -teams ./TEAMS -submission ./submissions -start 1477954800 -duration 2065h
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -0,0 +1,179 @@
|
|||
server_tokens off;
|
||||
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;
|
||||
proxy_connect_timeout 1s;
|
||||
|
||||
server {
|
||||
listen 80 default;
|
||||
listen [::]:80 default;
|
||||
|
||||
root /home/fic/frontend-htdocs/;
|
||||
|
||||
error_page 401 /welcome.html;
|
||||
error_page 403 404 /e404.html;
|
||||
error_page 413 404 /e413.html;
|
||||
error_page 500 502 504 /e500.html;
|
||||
|
||||
location = / {
|
||||
auth_basic "Secure Zone";
|
||||
auth_basic_user_file ficpasswd;
|
||||
}
|
||||
location = /index.html {
|
||||
auth_basic "Secure Zone";
|
||||
auth_basic_user_file ficpasswd;
|
||||
}
|
||||
|
||||
location ~ ^/[0-9] {
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
location /edit {
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
|
||||
location /rank {
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
|
||||
location /files/ {
|
||||
alias /home/fic/FILES/;
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
location /wait.json {
|
||||
auth_basic "Secure Zone";
|
||||
auth_basic_user_file ficpasswd;
|
||||
|
||||
include /etc/nginx/auth.conf;
|
||||
|
||||
root /home/fic/TEAMS/$team/;
|
||||
expires epoch;
|
||||
add_header Cache-Control no-cache;
|
||||
}
|
||||
location /public.json {
|
||||
root /home/fic/TEAMS/;
|
||||
expires epoch;
|
||||
add_header Cache-Control no-cache;
|
||||
}
|
||||
location /stats.json {
|
||||
root /home/fic/TEAMS/;
|
||||
expires epoch;
|
||||
add_header Cache-Control no-cache;
|
||||
}
|
||||
location /my.json {
|
||||
auth_basic "Secure Zone";
|
||||
auth_basic_user_file ficpasswd;
|
||||
|
||||
include /etc/nginx/auth.conf;
|
||||
|
||||
root /home/fic/TEAMS/$team/;
|
||||
expires epoch;
|
||||
add_header Cache-Control no-cache;
|
||||
|
||||
if (!-f $document_root/../started) {
|
||||
rewrite ^/ /wait.json;
|
||||
}
|
||||
}
|
||||
location /teams.json {
|
||||
root /home/fic/TEAMS/;
|
||||
expires epoch;
|
||||
add_header Cache-Control no-cache;
|
||||
}
|
||||
location /themes.json {
|
||||
root /home/fic/TEAMS/;
|
||||
expires epoch;
|
||||
add_header Cache-Control no-cache;
|
||||
}
|
||||
|
||||
location /api/ {
|
||||
auth_basic "Secure Zone";
|
||||
auth_basic_user_file ficpasswd;
|
||||
|
||||
if ($remote_user !~ "^nemunaire|bombal_s$") {
|
||||
return 403;
|
||||
}
|
||||
|
||||
proxy_pass http://localhost:8081/admin/api/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host localhost;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /admin/ {
|
||||
auth_basic "Secure Zone";
|
||||
auth_basic_user_file ficpasswd;
|
||||
|
||||
if ($remote_user !~ "^nemunaire|bombal_s$") {
|
||||
return 403;
|
||||
}
|
||||
|
||||
proxy_pass http://localhost:8081;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host localhost;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /submit/ {
|
||||
auth_basic "Secure Zone";
|
||||
auth_basic_user_file ficpasswd;
|
||||
|
||||
include /etc/nginx/auth.conf;
|
||||
|
||||
rewrite ^/submit/(.*)$ /submission/$team/$1 break;
|
||||
|
||||
proxy_pass http://localhost:8080/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host localhost;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /submit/name {
|
||||
auth_basic "Secure Zone";
|
||||
auth_basic_user_file ficpasswd;
|
||||
|
||||
include /etc/nginx/auth.conf;
|
||||
|
||||
rewrite ^/submit/.*$ /chname/$team break;
|
||||
|
||||
proxy_pass http://localhost:8080/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host localhost;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /openhint/ {
|
||||
auth_basic "Secure Zone";
|
||||
auth_basic_user_file ficpasswd;
|
||||
|
||||
include /etc/nginx/auth.conf;
|
||||
|
||||
rewrite ^/openhint/(.*)$ /openhint/$team/$1 break;
|
||||
|
||||
proxy_pass http://localhost:8080/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host localhost;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location = /time.json {
|
||||
proxy_pass http://localhost:8080/time.json;
|
||||
proxy_method GET;
|
||||
proxy_pass_request_body off;
|
||||
proxy_set_header Content-Length "";
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host localhost;
|
||||
proxy_redirect off;
|
||||
proxy_cache STATIC;
|
||||
proxy_cache_valid 1s;
|
||||
}
|
||||
|
||||
location = /events.json {
|
||||
proxy_pass http://localhost:8081/api/events;
|
||||
proxy_method GET;
|
||||
proxy_pass_request_body off;
|
||||
proxy_set_header Content-Length "";
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host localhost;
|
||||
proxy_redirect off;
|
||||
proxy_cache STATIC;
|
||||
proxy_cache_valid 3s;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,179 @@
|
|||
server_tokens off;
|
||||
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;
|
||||
proxy_connect_timeout 1s;
|
||||
|
||||
server {
|
||||
listen 80 default;
|
||||
listen [::]:80 default;
|
||||
|
||||
root /home/fic/frontend-htdocs/;
|
||||
|
||||
error_page 401 /welcome.html;
|
||||
error_page 403 404 /e404.html;
|
||||
error_page 413 404 /e413.html;
|
||||
error_page 500 502 504 /e500.html;
|
||||
|
||||
location = / {
|
||||
auth_pam "Secure Zone";
|
||||
auth_pam_service_name "nginx-srs";
|
||||
}
|
||||
location = /index.html {
|
||||
auth_pam "Secure Zone";
|
||||
auth_pam_service_name "nginx-srs";
|
||||
}
|
||||
|
||||
location ~ ^/[0-9] {
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
location /edit {
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
|
||||
location /rank {
|
||||
rewrite ^/.*$ /index.html;
|
||||
}
|
||||
|
||||
location /files/ {
|
||||
alias /home/fic/FILES/;
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
location /wait.json {
|
||||
auth_pam "Secure Zone";
|
||||
auth_pam_service_name "nginx-srs";
|
||||
|
||||
include /etc/nginx/auth.conf;
|
||||
|
||||
root /home/fic/TEAMS/$team/;
|
||||
expires epoch;
|
||||
add_header Cache-Control no-cache;
|
||||
}
|
||||
location /public.json {
|
||||
root /home/fic/TEAMS/;
|
||||
expires epoch;
|
||||
add_header Cache-Control no-cache;
|
||||
}
|
||||
location /stats.json {
|
||||
root /home/fic/TEAMS/;
|
||||
expires epoch;
|
||||
add_header Cache-Control no-cache;
|
||||
}
|
||||
location /my.json {
|
||||
auth_pam "Secure Zone";
|
||||
auth_pam_service_name "nginx-srs";
|
||||
|
||||
include /etc/nginx/auth.conf;
|
||||
|
||||
root /home/fic/TEAMS/$team/;
|
||||
expires epoch;
|
||||
add_header Cache-Control no-cache;
|
||||
|
||||
if (!-f $document_root/../started) {
|
||||
rewrite ^/ /wait.json;
|
||||
}
|
||||
}
|
||||
location /teams.json {
|
||||
root /home/fic/TEAMS/;
|
||||
expires epoch;
|
||||
add_header Cache-Control no-cache;
|
||||
}
|
||||
location /themes.json {
|
||||
root /home/fic/TEAMS/;
|
||||
expires epoch;
|
||||
add_header Cache-Control no-cache;
|
||||
}
|
||||
|
||||
location /api/ {
|
||||
auth_pam "Secure Zone";
|
||||
auth_pam_service_name "nginx-srs";
|
||||
|
||||
if ($remote_user !~ "^nemunaire|bombal_s$") {
|
||||
return 403;
|
||||
}
|
||||
|
||||
proxy_pass http://localhost:8081/admin/api/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host localhost;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /admin/ {
|
||||
auth_pam "Secure Zone";
|
||||
auth_pam_service_name "nginx-srs";
|
||||
|
||||
if ($remote_user !~ "^nemunaire|bombal_s$") {
|
||||
return 403;
|
||||
}
|
||||
|
||||
proxy_pass http://localhost:8081;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host localhost;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /submit/ {
|
||||
auth_pam "Secure Zone";
|
||||
auth_pam_service_name "nginx-srs";
|
||||
|
||||
include /etc/nginx/auth.conf;
|
||||
|
||||
rewrite ^/submit/(.*)$ /submission/$team/$1 break;
|
||||
|
||||
proxy_pass http://localhost:8080/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host localhost;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /submit/name {
|
||||
auth_pam "Secure Zone";
|
||||
auth_pam_service_name "nginx-srs";
|
||||
|
||||
include /etc/nginx/auth.conf;
|
||||
|
||||
rewrite ^/submit/.*$ /chname/$team break;
|
||||
|
||||
proxy_pass http://localhost:8080/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host localhost;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location /openhint/ {
|
||||
auth_pam "Secure Zone";
|
||||
auth_pam_service_name "nginx-srs";
|
||||
|
||||
include /etc/nginx/auth.conf;
|
||||
|
||||
rewrite ^/openhint/(.*)$ /openhint/$team/$1 break;
|
||||
|
||||
proxy_pass http://localhost:8080/;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host localhost;
|
||||
proxy_redirect off;
|
||||
}
|
||||
|
||||
location = /time.json {
|
||||
proxy_pass http://localhost:8080/time.json;
|
||||
proxy_method GET;
|
||||
proxy_pass_request_body off;
|
||||
proxy_set_header Content-Length "";
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host localhost;
|
||||
proxy_redirect off;
|
||||
proxy_cache STATIC;
|
||||
proxy_cache_valid 1s;
|
||||
}
|
||||
|
||||
location = /events.json {
|
||||
proxy_pass http://localhost:8081/api/events;
|
||||
proxy_method GET;
|
||||
proxy_pass_request_body off;
|
||||
proxy_set_header Content-Length "";
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
proxy_set_header Host localhost;
|
||||
proxy_redirect off;
|
||||
proxy_cache STATIC;
|
||||
proxy_cache_valid 3s;
|
||||
}
|
||||
}
|
|
@ -0,0 +1 @@
|
|||
../../../../frontend/static/
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
- name: restart nginx
|
||||
service: name=nginx state=restarted
|
|
@ -0,0 +1,70 @@
|
|||
---
|
||||
- name: install nginx
|
||||
apt: name=nginx-extras
|
||||
|
||||
- name: create fic user
|
||||
user:
|
||||
name=fic
|
||||
home=/home/fic
|
||||
group=nogroup
|
||||
|
||||
- name: remove default configuration
|
||||
file:
|
||||
path=/etc/nginx/sites-enabled/default
|
||||
state=absent
|
||||
notify: restart nginx
|
||||
|
||||
- name: copy htdocs
|
||||
copy:
|
||||
src=static/
|
||||
dest=/home/fic/frontend-htdocs
|
||||
|
||||
- name: copy frontend binary
|
||||
copy:
|
||||
src=frontend
|
||||
mode=755
|
||||
dest=/home/fic/frontend
|
||||
|
||||
- name: copy htpasswd
|
||||
copy:
|
||||
src=ficpasswd
|
||||
dest=/etc/nginx/ficpasswd
|
||||
notify: restart nginx
|
||||
|
||||
#- name: copy frontend configuration
|
||||
# copy:
|
||||
# src=nginx-frontend-pam.conf
|
||||
# dest=/etc/nginx/sites-available/frontend
|
||||
# notify: restart nginx
|
||||
- name: copy frontend configuration
|
||||
copy:
|
||||
src=nginx-frontend-htpasswd.conf
|
||||
dest=/etc/nginx/sites-available/frontend
|
||||
notify: restart nginx
|
||||
|
||||
- name: activate frontend configuration
|
||||
file:
|
||||
src=/etc/nginx/sites-available/frontend
|
||||
path=/etc/nginx/sites-enabled/frontend
|
||||
state=link
|
||||
notify: restart nginx
|
||||
|
||||
- name: enable and start nginx
|
||||
service:
|
||||
name=nginx
|
||||
enabled=yes
|
||||
state=started
|
||||
|
||||
- name: add frontend service
|
||||
copy:
|
||||
src=frontend.service
|
||||
dest=/lib/systemd/system/fic-frontend.service
|
||||
|
||||
- name: reload systemd
|
||||
command: systemctl daemon-reload
|
||||
|
||||
- name: enable and start fic-frontend
|
||||
service:
|
||||
name=fic-frontend
|
||||
enabled=yes
|
||||
state=started
|
Loading…
Reference in New Issue