Add legacy nginx service

deploy.yaml

@@ -5,6 +5,7 @@
   vars_files:
     - vars/environment.yml
     - vars/services.yml
+    - vars/databases.yml
 
   tasks:
     - name: Deploy services

roles/kadet.docker-swarm/tasks/main.yml

@@ -11,7 +11,3 @@
     driver: "{{ item.driver|default('overlay') }}"
     scope: swarm
   loop: "{{ swarm_global_networks }}"
-
-- name: Set swarm_host_address fact
-  set_fact:
-    swarm_host_address: "{{ ansible_docker0.ipv4.address }}"

services/gitea/tasks/setup.yml

@@ -4,6 +4,8 @@
     path: "{{ repositories_path }}"
     state: directory
     owner: "{{ ansible_user }}"
+  tags:
+    - setup
 
 - name: 'Create git user for ssh access'
   user:
@@ -14,6 +16,8 @@
     state: present
     generate_ssh_key: yes
   register: git_user
+  tags:
+    - setup
 
 - name: 'Add host key for gitea SSH passthrough'
   ansible.posix.authorized_key:
@@ -21,14 +25,20 @@
     key: "{{ git_user.ssh_public_key }}"
     state: present
     manage_dir: False
+  tags:
+    - setup
 
 - name: 'Ensure /app/gitea exists'
   file:
     path: "/app/gitea"
     state: directory
+  tags:
+    - setup
 
 - name: 'Copy gitea-ssh-forward script to remote'
   copy:
     src: "{{ service_path }}/bin/gitea-ssh-forward"
     dest: "/app/gitea/gitea"
-
+    mode: +x
+  tags:
+    - setup

services/legacy/config/nginx.conf

@@ -0,0 +1,28 @@
+user              {{ www_user.uid }};
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+    gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+}

services/legacy/sites/default.conf

@@ -0,0 +1,43 @@
+server {
+    listen       80;
+
+    #charset koi8-r;
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    location / {
+        root   /usr/share/nginx/html;
+        index  index.html index.htm;
+    }
+
+    #error_page  404              /404.html;
+
+    # redirect server error pages to the static page /50x.html
+    #
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/nginx/html;
+    }
+
+    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
+    #
+    #location ~ \.php$ {
+    #    proxy_pass   http://127.0.0.1;
+    #}
+
+    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+    #
+    #location ~ \.php$ {
+    #    root           html;
+    #    fastcgi_pass   127.0.0.1:9000;
+    #    fastcgi_index  index.php;
+    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+    #    include        fastcgi_params;
+    #}
+
+    # deny access to .htaccess files, if Apache's document root
+    # concurs with nginx's one
+    #
+    #location ~ /\.ht {
+    #    deny  all;
+    #}
+}

services/legacy/stack.yml

@@ -0,0 +1,15 @@
+version: "{{ compose_version }}"
+
+services:
+  nginx:
+    image: nginx:latest
+    networks:
+      - "{{ ingress_network }}"
+      - default
+    volumes:
+      - "{{ www_root }}:/var/www"
+      - "{{ remote_service_path }}/sites:/etc/nginx/conf.d:ro"
+    deploy:
+      labels:
+        - traefik.enable=true
+        - traefik.http.services.{{ service }}.loadbalancer.server.port=80

services/legacy/tasks/config.yml

@@ -0,0 +1,18 @@
+---
+- name: 'Ensure sites config directory exists'
+  file:
+    path: "{{ remote_service_path }}/sites"
+    state: directory
+    owner: "{{ ansible_user }}"
+  tags:
+    - config
+
+- name: 'Copy sites configuration to remote server'
+  template:
+    src: "{{ file }}"
+    dest: "{{ remote_service_path }}/sites/{{ file|basename }}"
+  with_fileglob: "{{ service_path }}/sites/*"
+  loop_control:
+    loop_var: file
+  tags:
+    - config

services/legacy/tasks/setup.yml

@@ -0,0 +1,30 @@
+---
+- name: Create www-data user for ssh access for legacy services
+  user:
+    name: www-data
+    group: www-data
+    shell: /bin/bash
+    system: yes
+    password: '!'
+    state: present
+  register: www_user
+  tags:
+    - setup
+
+- name: Add users to www-data group
+  user:
+    user: "{{ user }}"
+    groups: docker
+    append: yes
+  loop: "{{ www_data_users }}"
+  loop_control:
+    loop_var: user 
+
+- name: Ensure WWW root exists for legacy services
+  file:
+    path: "{{ www_root }}"
+    state: directory
+    owner: "{{ www_user.uid }}"
+    group: "{{ www_user.group }}"
+    mode: g+rw
+

services/legacy/vars/main.yml

@@ -0,0 +1,5 @@
+---
+www_root: /var/www
+www_data_users: []
+
+php_versions: ['7.1', '7.3']

services/traefik/config/dynamic/nginx.yaml

@@ -0,0 +1,6 @@
+---
+http:
+  routers:
+    nginx:
+      rule: Host(`{{ main_domain }}`)
+      service: legacy@docker

vars/environment.yml

@@ -11,3 +11,4 @@ pip_executable: pip3
 swarm_addr: eth0
 swarm_global_networks:
  - name: traefik
+swarm_host_address: "{{ ansible_docker0.ipv4.address }}"

vars/services.yml

@@ -33,3 +33,5 @@ service_config:
       user: gitea
       password: "{{ mysql_user_passwords['gitea'] }}"
 
+  legacy:
+    www_data_users: ["{{ ansible_user }}"]