diff options
| -rw-r--r-- | README.org | 4 | ||||
| -rw-r--r-- | docker-playbook.yml | 2 | ||||
| -rw-r--r-- | prod-playbook.yml | 4 | ||||
| -rw-r--r-- | roles/pad-proxy/defaults/main.yml | 1 | ||||
| -rw-r--r-- | roles/pad-proxy/tasks/main.yml | 16 | ||||
| -rw-r--r-- | roles/pad-proxy/templates/etherpad.nginx.conf | 34 | ||||
| -rw-r--r-- | roles/wiki/tasks/docker.yml | 6 | ||||
| -rw-r--r-- | roles/wiki/tasks/main.yml | 5 | ||||
| -rwxr-xr-x | roles/wiki/templates/htmlscrubber.pm | 2 |
9 files changed, 58 insertions, 16 deletions
@@ -87,4 +87,8 @@ curl http://localhost:9001/api/1/createPad?apikey=b7a15dc34cc7f6917cca6cd9a2b4b9 ** Useful https://github.com/systemli/ansible-role-etherpad https://gist.github.com/aaronpk/7307172 +* Pad proxy +ansible-playbook -i inventory.yml prod-playbook.yml --tags proxy --extra-vars='{"use_wikimedia": false}' + +ansible-playbook -i inventory.yml prod-playbook.yml --tags proxy --extra-vars='{"use_wikimedia": true}' diff --git a/docker-playbook.yml b/docker-playbook.yml index dc29381..60f83cf 100644 --- a/docker-playbook.yml +++ b/docker-playbook.yml @@ -17,7 +17,7 @@ volumes: "{{ ikiwiki_git_source }}:{{ ikiwiki_git_source_mount }}" published_ports: - "28080:80" - - "2022:22" + - "2222:22" - name: Create a pad container to be provisioned later tags: pad hosts: localhost diff --git a/prod-playbook.yml b/prod-playbook.yml index 063015d..81b6911 100644 --- a/prod-playbook.yml +++ b/prod-playbook.yml @@ -5,6 +5,10 @@ - include_vars: file: prod-vars.yml - name: Set up wiki for publishing + hosts: front + roles: + - wiki +- name: Set up wiki for publishing hosts: publish roles: - wiki-edit diff --git a/roles/pad-proxy/defaults/main.yml b/roles/pad-proxy/defaults/main.yml index c548560..cec03da 100644 --- a/roles/pad-proxy/defaults/main.yml +++ b/roles/pad-proxy/defaults/main.yml @@ -1 +1,2 @@ etherpad_server_name: pad.emacsconf.org +etherpad_tls: /etc/nginx/tls/emacsconf.org.conf diff --git a/roles/pad-proxy/tasks/main.yml b/roles/pad-proxy/tasks/main.yml index d47573a..8de72df 100644 --- a/roles/pad-proxy/tasks/main.yml +++ b/roles/pad-proxy/tasks/main.yml @@ -9,19 +9,13 @@ - name: Add proxy configuration template: src: etherpad.nginx.conf - dest: /etc/nginx/sites-available/etherpad.conf - when: not use_wikimedia - - name: Add rewrite configuration - template: - src: wikimedia.etherpad.nginx.conf - dest: /etc/nginx/sites-available/etherpad.conf - when: use_wikimedia + dest: /etc/nginx/sites-available/pad.emacsconf.org - name: Enable site file: - src: /etc/nginx/sites-available/etherpad.conf - dest: /etc/nginx/sites-enabled/etherpad.conf + src: /etc/nginx/sites-available/pad.emacsconf.org + dest: /etc/nginx/sites-enabled/pad.emacsconf.org state: link - - name: Restart nginx + - name: Reload nginx service: name: nginx - state: restarted + state: reloaded diff --git a/roles/pad-proxy/templates/etherpad.nginx.conf b/roles/pad-proxy/templates/etherpad.nginx.conf index 92ba974..90a7c1c 100644 --- a/roles/pad-proxy/templates/etherpad.nginx.conf +++ b/roles/pad-proxy/templates/etherpad.nginx.conf @@ -5,6 +5,19 @@ upstream etherpad_upstream { server { listen 80; server_name {{ etherpad_server_name }}; + {% if etherpad_tls %} + include snippets/well-known-acme-challenge.conf; + location / { + return 302 https://$server_name$request_uri; + } + } + server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ etherpad_server_name }}; + include {{ etherpad_tls }}; + + {% endif %} access_log /var/log/nginx/{{ etherpad_server_name }}.access.log; location ~ ^/(locales/|locales.json|admin/|static/|pluginfw/|javascripts/|socket.io/|ep/|minified/|api/|ro/|error/|jserror/|favicon.ico|robots.txt) { proxy_buffering off; @@ -12,7 +25,24 @@ server { } location /p/ { rewrite ^/p/(.*) /$1 redirect; + } + location /direct/ { + rewrite /direct/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://etherpad_upstream/p/; } + + {% if use_wikimedia %} + location ~ ^/$ { + return 302 https://etherpad.wikimedia.org/p/emacsconf-2022; + } + location / { + rewrite /(.*) https://etherpad.wikimedia.org/p/emacsconf-$1 redirect; + } + {% else %} location ~ ^/$ { proxy_buffering off; proxy_pass http://etherpad_upstream; @@ -29,5 +59,7 @@ server { proxy_pass http://etherpad_upstream/p/; proxy_redirect / /p/; proxy_read_timeout 90; - } + } + {% endif %} } + diff --git a/roles/wiki/tasks/docker.yml b/roles/wiki/tasks/docker.yml index a5d73e2..1a759a4 100644 --- a/roles/wiki/tasks/docker.yml +++ b/roles/wiki/tasks/docker.yml @@ -2,7 +2,7 @@ apt: pkg: - lighttpd - - supervisor + - supervisord - name: Create the anon user user: name: anon @@ -43,3 +43,7 @@ service: name: lighttpd state: started +- name: Start supervisord + service: + name: supervisor + state: restarted diff --git a/roles/wiki/tasks/main.yml b/roles/wiki/tasks/main.yml index 0fa2336..35c297d 100644 --- a/roles/wiki/tasks/main.yml +++ b/roles/wiki/tasks/main.yml @@ -35,9 +35,10 @@ dest: "{{ ikiwiki_path }}/emacsconf.setup" owner: ikiwiki - name: Copy Ikiwiki plugins + tags: wiki-plugins template: src: "{{ item }}" - dest: "{{ ikiwiki_plugin_path }}" + dest: "{{ ikiwiki_plugin_path }}/{{ item }}" loop: - copyright.pm - htmlscrubber.pm @@ -45,12 +46,14 @@ - include: docker.yml when: docker is true - name: Chown all the files to ikiwiki + tags: wiki-plugins file: dest: "{{ ikiwiki_path }}" owner: ikiwiki group: ikiwiki recurse: true - name: Regenerate all the files + tags: wiki-regenerate, wiki-plugins shell: ikiwiki --setup "{{ ikiwiki_path }}/emacsconf.setup" --rebuild --wrappers register: output - debug: diff --git a/roles/wiki/templates/htmlscrubber.pm b/roles/wiki/templates/htmlscrubber.pm index 904a2dc..bd9ff90 100755 --- a/roles/wiki/templates/htmlscrubber.pm +++ b/roles/wiki/templates/htmlscrubber.pm @@ -91,7 +91,7 @@ sub scrubber { }], default => [undef, { ( map { $_ => 1 } qw{ - version xmlns x y fill font-size stroke stroke-dasharray transform + version xmlns x y fill font-size font-weight stroke stroke-width stroke-dasharray transform data-start data-end data-video data-target data-tracks kind label srclang default abbr accept accept-charset accesskey |