Handle nginx configuration in mediawiki role
This commit is contained in:
parent
d5a03479af
commit
fdd1e5ce35
3 changed files with 96 additions and 3 deletions
|
@ -1,5 +1,8 @@
|
|||
---
|
||||
mediawiki_path: /var/www/wiki.ccchb.de/webroot/w
|
||||
mediawiki_domain: wiki.ccchb.de
|
||||
|
||||
mediawiki_webroot: /var/www/wiki.ccchb.de/webroot
|
||||
mediawiki_path: /w
|
||||
|
||||
mediawiki_extensions:
|
||||
- CategoryTree
|
||||
|
@ -21,3 +24,23 @@ mediawiki_skins:
|
|||
mediawiki_sitename: "CCC Bremen"
|
||||
|
||||
mediawiki_email: "webmaster@ccchb.de"
|
||||
|
||||
mediawiki_install_nginx: true
|
||||
mediawiki_php_socket: "unix:/run/php/php7.3-fpm.sock"
|
||||
|
||||
mediawiki_nginx_conf: |
|
||||
listen [::]:443 ssl http2;
|
||||
listen 443 ssl http2;
|
||||
|
||||
server_name {{ mediawiki_domain }};
|
||||
|
||||
root {{ mediawiki_webroot }};
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/{{ mediawiki_domain }}/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/{{ mediawiki_domain }}/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/{{ mediawiki_domain }}/chain.pem;
|
||||
|
||||
client_max_body_size 100M;
|
||||
|
||||
include snippets/certbot.conf;
|
||||
...
|
||||
|
|
|
@ -2,8 +2,20 @@
|
|||
- name: Configure Mediawiki
|
||||
template:
|
||||
src: LocalSettings.php.j2
|
||||
dest: "{{ mediawiki_path }}/LocalSettings.php"
|
||||
dest: "{{ mediawiki_webroot }}/{{ mediawiki_path }}/LocalSettings.php"
|
||||
owner: www-data
|
||||
group: www-data
|
||||
mode: '0600'
|
||||
|
||||
|
||||
- name: Install nginx site
|
||||
template:
|
||||
src: nginx.j2
|
||||
dest: /etc/nginx/sites-available/{{ mediawiki_domain }}
|
||||
when: mediawiki_install_nginx
|
||||
|
||||
- name: Activate site {{ mediawiki_install_nginx }}
|
||||
file:
|
||||
src: /etc/nginx/sites-available/{{ mediawiki_domain }}
|
||||
dest: /etc/nginx/sites-enabled/{{ mediawiki_domain }}
|
||||
when: mediawiki_install_nginx
|
||||
...
|
||||
|
|
58
roles/mediawiki/templates/nginx.j2
Normal file
58
roles/mediawiki/templates/nginx.j2
Normal file
|
@ -0,0 +1,58 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
server {
|
||||
{{ mediawiki_nginx_conf }}
|
||||
|
||||
location ~ ^{{ mediawiki_path }}/(index|load|api|thumb|opensearch_desc|rest|img_auth)\.php$ {
|
||||
include fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_pass {{ mediawiki_php_socket }};
|
||||
}
|
||||
|
||||
# Images
|
||||
location {{ mediawiki_path }}/images {
|
||||
# Separate location for images/ so .php execution won't apply
|
||||
}
|
||||
location {{ mediawiki_path }}/images/deleted {
|
||||
# Deny access to deleted images folder
|
||||
deny all;
|
||||
}
|
||||
# MediaWiki assets (usually images)
|
||||
location ~ ^{{ mediawiki_path }}/resources/(assets|lib|src) {
|
||||
try_files $uri 404;
|
||||
add_header Cache-Control "public";
|
||||
expires 7d;
|
||||
}
|
||||
# Assets, scripts and styles from skins and extensions
|
||||
location ~ ^{{ mediawiki_path }}/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg|wasm)$ {
|
||||
try_files $uri 404;
|
||||
add_header Cache-Control "public";
|
||||
expires 7d;
|
||||
}
|
||||
# Favicon
|
||||
location = /favicon.ico {
|
||||
add_header Cache-Control "public";
|
||||
expires 7d;
|
||||
}
|
||||
|
||||
location {{ mediawiki_path }}/rest.php/ {
|
||||
try_files $uri $uri/ {{ mediawiki_path }}/rest.php?$query_string;
|
||||
}
|
||||
|
||||
# Handling for the article path (pretty URLs)
|
||||
location /wiki/ {
|
||||
rewrite ^/wiki/(?<pagename>.*)$ {{ mediawiki_path }}/index.php;
|
||||
}
|
||||
|
||||
# Allow robots.txt in case you have one
|
||||
location = /robots.txt {
|
||||
}
|
||||
# Explicit access to the root website, redirect to main page (adapt as needed)
|
||||
location = / {
|
||||
return 301 /wiki/Hauptseite;
|
||||
}
|
||||
|
||||
location / {
|
||||
return 404;
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue