Handle nginx configuration in mediawiki role

This commit is contained in:
Fritz Grimpen 2021-02-02 22:02:44 +00:00
parent d5a03479af
commit fdd1e5ce35
3 changed files with 96 additions and 3 deletions

View file

@ -1,5 +1,8 @@
--- ---
mediawiki_path: /var/www/wiki.ccchb.de/webroot/w mediawiki_domain: wiki.ccchb.de
mediawiki_webroot: /var/www/wiki.ccchb.de/webroot
mediawiki_path: /w
mediawiki_extensions: mediawiki_extensions:
- CategoryTree - CategoryTree
@ -21,3 +24,23 @@ mediawiki_skins:
mediawiki_sitename: "CCC Bremen" mediawiki_sitename: "CCC Bremen"
mediawiki_email: "webmaster@ccchb.de" mediawiki_email: "webmaster@ccchb.de"
mediawiki_install_nginx: true
mediawiki_php_socket: "unix:/run/php/php7.3-fpm.sock"
mediawiki_nginx_conf: |
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name {{ mediawiki_domain }};
root {{ mediawiki_webroot }};
ssl_certificate /etc/letsencrypt/live/{{ mediawiki_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ mediawiki_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ mediawiki_domain }}/chain.pem;
client_max_body_size 100M;
include snippets/certbot.conf;
...

View file

@ -2,8 +2,20 @@
- name: Configure Mediawiki - name: Configure Mediawiki
template: template:
src: LocalSettings.php.j2 src: LocalSettings.php.j2
dest: "{{ mediawiki_path }}/LocalSettings.php" dest: "{{ mediawiki_webroot }}/{{ mediawiki_path }}/LocalSettings.php"
owner: www-data owner: www-data
group: www-data group: www-data
mode: '0600' mode: '0600'
- name: Install nginx site
template:
src: nginx.j2
dest: /etc/nginx/sites-available/{{ mediawiki_domain }}
when: mediawiki_install_nginx
- name: Activate site {{ mediawiki_install_nginx }}
file:
src: /etc/nginx/sites-available/{{ mediawiki_domain }}
dest: /etc/nginx/sites-enabled/{{ mediawiki_domain }}
when: mediawiki_install_nginx
...

View file

@ -0,0 +1,58 @@
# {{ ansible_managed }}
server {
{{ mediawiki_nginx_conf }}
location ~ ^{{ mediawiki_path }}/(index|load|api|thumb|opensearch_desc|rest|img_auth)\.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass {{ mediawiki_php_socket }};
}
# Images
location {{ mediawiki_path }}/images {
# Separate location for images/ so .php execution won't apply
}
location {{ mediawiki_path }}/images/deleted {
# Deny access to deleted images folder
deny all;
}
# MediaWiki assets (usually images)
location ~ ^{{ mediawiki_path }}/resources/(assets|lib|src) {
try_files $uri 404;
add_header Cache-Control "public";
expires 7d;
}
# Assets, scripts and styles from skins and extensions
location ~ ^{{ mediawiki_path }}/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg|wasm)$ {
try_files $uri 404;
add_header Cache-Control "public";
expires 7d;
}
# Favicon
location = /favicon.ico {
add_header Cache-Control "public";
expires 7d;
}
location {{ mediawiki_path }}/rest.php/ {
try_files $uri $uri/ {{ mediawiki_path }}/rest.php?$query_string;
}
# Handling for the article path (pretty URLs)
location /wiki/ {
rewrite ^/wiki/(?<pagename>.*)$ {{ mediawiki_path }}/index.php;
}
# Allow robots.txt in case you have one
location = /robots.txt {
}
# Explicit access to the root website, redirect to main page (adapt as needed)
location = / {
return 301 /wiki/Hauptseite;
}
location / {
return 404;
}
}