summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--README.org4
-rw-r--r--docker-playbook.yml2
-rw-r--r--prod-playbook.yml4
-rw-r--r--roles/pad-proxy/defaults/main.yml1
-rw-r--r--roles/pad-proxy/tasks/main.yml16
-rw-r--r--roles/pad-proxy/templates/etherpad.nginx.conf34
-rw-r--r--roles/wiki/tasks/docker.yml6
-rw-r--r--roles/wiki/tasks/main.yml5
-rwxr-xr-xroles/wiki/templates/htmlscrubber.pm2
9 files changed, 58 insertions, 16 deletions
diff --git a/README.org b/README.org
index 643817f..551496e 100644
--- a/README.org
+++ b/README.org
@@ -87,4 +87,8 @@ curl http://localhost:9001/api/1/createPad?apikey=b7a15dc34cc7f6917cca6cd9a2b4b9
** Useful
https://github.com/systemli/ansible-role-etherpad
https://gist.github.com/aaronpk/7307172
+* Pad proxy
+ansible-playbook -i inventory.yml prod-playbook.yml --tags proxy --extra-vars='{"use_wikimedia": false}'
+
+ansible-playbook -i inventory.yml prod-playbook.yml --tags proxy --extra-vars='{"use_wikimedia": true}'
diff --git a/docker-playbook.yml b/docker-playbook.yml
index dc29381..60f83cf 100644
--- a/docker-playbook.yml
+++ b/docker-playbook.yml
@@ -17,7 +17,7 @@
volumes: "{{ ikiwiki_git_source }}:{{ ikiwiki_git_source_mount }}"
published_ports:
- "28080:80"
- - "2022:22"
+ - "2222:22"
- name: Create a pad container to be provisioned later
tags: pad
hosts: localhost
diff --git a/prod-playbook.yml b/prod-playbook.yml
index 063015d..81b6911 100644
--- a/prod-playbook.yml
+++ b/prod-playbook.yml
@@ -5,6 +5,10 @@
- include_vars:
file: prod-vars.yml
- name: Set up wiki for publishing
+ hosts: front
+ roles:
+ - wiki
+- name: Set up wiki for publishing
hosts: publish
roles:
- wiki-edit
diff --git a/roles/pad-proxy/defaults/main.yml b/roles/pad-proxy/defaults/main.yml
index c548560..cec03da 100644
--- a/roles/pad-proxy/defaults/main.yml
+++ b/roles/pad-proxy/defaults/main.yml
@@ -1 +1,2 @@
etherpad_server_name: pad.emacsconf.org
+etherpad_tls: /etc/nginx/tls/emacsconf.org.conf
diff --git a/roles/pad-proxy/tasks/main.yml b/roles/pad-proxy/tasks/main.yml
index d47573a..8de72df 100644
--- a/roles/pad-proxy/tasks/main.yml
+++ b/roles/pad-proxy/tasks/main.yml
@@ -9,19 +9,13 @@
- name: Add proxy configuration
template:
src: etherpad.nginx.conf
- dest: /etc/nginx/sites-available/etherpad.conf
- when: not use_wikimedia
- - name: Add rewrite configuration
- template:
- src: wikimedia.etherpad.nginx.conf
- dest: /etc/nginx/sites-available/etherpad.conf
- when: use_wikimedia
+ dest: /etc/nginx/sites-available/pad.emacsconf.org
- name: Enable site
file:
- src: /etc/nginx/sites-available/etherpad.conf
- dest: /etc/nginx/sites-enabled/etherpad.conf
+ src: /etc/nginx/sites-available/pad.emacsconf.org
+ dest: /etc/nginx/sites-enabled/pad.emacsconf.org
state: link
- - name: Restart nginx
+ - name: Reload nginx
service:
name: nginx
- state: restarted
+ state: reloaded
diff --git a/roles/pad-proxy/templates/etherpad.nginx.conf b/roles/pad-proxy/templates/etherpad.nginx.conf
index 92ba974..90a7c1c 100644
--- a/roles/pad-proxy/templates/etherpad.nginx.conf
+++ b/roles/pad-proxy/templates/etherpad.nginx.conf
@@ -5,6 +5,19 @@ upstream etherpad_upstream {
server {
listen 80;
server_name {{ etherpad_server_name }};
+ {% if etherpad_tls %}
+ include snippets/well-known-acme-challenge.conf;
+ location / {
+ return 302 https://$server_name$request_uri;
+ }
+ }
+ server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name {{ etherpad_server_name }};
+ include {{ etherpad_tls }};
+
+ {% endif %}
access_log /var/log/nginx/{{ etherpad_server_name }}.access.log;
location ~ ^/(locales/|locales.json|admin/|static/|pluginfw/|javascripts/|socket.io/|ep/|minified/|api/|ro/|error/|jserror/|favicon.ico|robots.txt) {
proxy_buffering off;
@@ -12,7 +25,24 @@ server {
}
location /p/ {
rewrite ^/p/(.*) /$1 redirect;
+ }
+ location /direct/ {
+ rewrite /direct/(.*) /$1 break;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass http://etherpad_upstream/p/;
}
+
+ {% if use_wikimedia %}
+ location ~ ^/$ {
+ return 302 https://etherpad.wikimedia.org/p/emacsconf-2022;
+ }
+ location / {
+ rewrite /(.*) https://etherpad.wikimedia.org/p/emacsconf-$1 redirect;
+ }
+ {% else %}
location ~ ^/$ {
proxy_buffering off;
proxy_pass http://etherpad_upstream;
@@ -29,5 +59,7 @@ server {
proxy_pass http://etherpad_upstream/p/;
proxy_redirect / /p/;
proxy_read_timeout 90;
- }
+ }
+ {% endif %}
}
+
diff --git a/roles/wiki/tasks/docker.yml b/roles/wiki/tasks/docker.yml
index a5d73e2..1a759a4 100644
--- a/roles/wiki/tasks/docker.yml
+++ b/roles/wiki/tasks/docker.yml
@@ -2,7 +2,7 @@
apt:
pkg:
- lighttpd
- - supervisor
+ - supervisord
- name: Create the anon user
user:
name: anon
@@ -43,3 +43,7 @@
service:
name: lighttpd
state: started
+- name: Start supervisord
+ service:
+ name: supervisor
+ state: restarted
diff --git a/roles/wiki/tasks/main.yml b/roles/wiki/tasks/main.yml
index 0fa2336..35c297d 100644
--- a/roles/wiki/tasks/main.yml
+++ b/roles/wiki/tasks/main.yml
@@ -35,9 +35,10 @@
dest: "{{ ikiwiki_path }}/emacsconf.setup"
owner: ikiwiki
- name: Copy Ikiwiki plugins
+ tags: wiki-plugins
template:
src: "{{ item }}"
- dest: "{{ ikiwiki_plugin_path }}"
+ dest: "{{ ikiwiki_plugin_path }}/{{ item }}"
loop:
- copyright.pm
- htmlscrubber.pm
@@ -45,12 +46,14 @@
- include: docker.yml
when: docker is true
- name: Chown all the files to ikiwiki
+ tags: wiki-plugins
file:
dest: "{{ ikiwiki_path }}"
owner: ikiwiki
group: ikiwiki
recurse: true
- name: Regenerate all the files
+ tags: wiki-regenerate, wiki-plugins
shell: ikiwiki --setup "{{ ikiwiki_path }}/emacsconf.setup" --rebuild --wrappers
register: output
- debug:
diff --git a/roles/wiki/templates/htmlscrubber.pm b/roles/wiki/templates/htmlscrubber.pm
index 904a2dc..bd9ff90 100755
--- a/roles/wiki/templates/htmlscrubber.pm
+++ b/roles/wiki/templates/htmlscrubber.pm
@@ -91,7 +91,7 @@ sub scrubber {
}],
default => [undef, { (
map { $_ => 1 } qw{
- version xmlns x y fill font-size stroke stroke-dasharray transform
+ version xmlns x y fill font-size font-weight stroke stroke-width stroke-dasharray transform
data-start data-end data-video data-target data-tracks
kind label srclang default
abbr accept accept-charset accesskey