opdavies/oliverdavies.uk-drupal-old
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
oliverdavies.uk-drupal-old/tools/ansible/vars/provision_vars.yml
Oliver Davies fd274cda97 Remove references to slides 
This is not being done with Nginx. I've pushed the slides to Netlify and
added CNAME records in Cloudflare to serve them as subdomains as
oliverdavies.uk in the same way that I am for Rebuilding Bartik,
Rebuilding Acquia etc.

Fixes #221
2020-09-09 08:43:34 +01:00

159 lines
4.3 KiB
YAML
Raw Blame History

---
security_ssh_permit_root_login: 'yes'
security_ssh_port: 2849
firewall_allowed_tcp_ports:
- 80
- 443
- 2849
php_default_version_debian: '{{ php_version }}'
php_enable_php_fpm: true
php_version: 7.4
php_webserver_daemon: nginx
php_packages:
- 'php{{ php_version }}-cli'
- 'php{{ php_version }}-common'
- 'php{{ php_version }}-fpm'
- 'php{{ php_version }}-gd'
- 'php{{ php_version }}-mbstring'
- 'php{{ php_version }}-mysql'
- 'php{{ php_version }}-pdo'
- 'php{{ php_version }}-xml'
app_mysql_user: '{{ vault_app_mysql_user }}'
app_mysql_password: '{{ vault_app_mysql_password }}'
mysql_packages:
- mariadb-client
- mariadb-server
- python-mysqldb
mysql_databases:
- name: oliverdavies_uk
nginx_remove_default_vhost: true
nginx_server_tokens: 'off'
nginx_vhosts:
- listen: 80 default_server
server_name: oliverdavies.uk www.oliverdavies.uk
return: 301 https://www.oliverdavies.uk$request_uri
filename: www.oliverdavies.uk.80.conf
- listen: 443 ssl
server_name: oliverdavies.uk
return: 301 https://www.oliverdavies.uk$request_uri
filename: oliverdavies.uk.443.conf
extra_parameters: |
ssl_certificate /etc/letsencrypt/live/oliverdavies.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oliverdavies.uk/privkey.pem;
- listen: 443 ssl default_server
server_name: www.oliverdavies.uk
root: '{{ project_root_path }}/{{ ansistrano_current_dir }}/{{ project_web_dir }}'
index: index.php index.html
extra_parameters: |
ssl_certificate /etc/letsencrypt/live/oliverdavies.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oliverdavies.uk/privkey.pem;
location ~ ^/images/(.*) {
return 301 /sites/default/files/images/$1;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Very rarely should these ever be accessed outside of your lan
location ~* \.(txt|log)$ {
allow 192.168.0.0/16;
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to scripts in site files directory
location ~ ^/sites/[^/]+/files/.*\.php$ {
deny all;
}
# Allow "Well-Known URIs" as per RFC 5785
location ~* ^/.well-known/ {
allow all;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
try_files $uri /index.php?$query_string; # For Drupal >= 7
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
# Don't allow direct access to PHP files in the vendor directory.
location ~ /vendor/.*\.php$ {
deny all;
return 404;
}
location ~ '\.php$|^/update.php' {
try_files $uri =404;
fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param QUERY_STRING $query_string;
fastcgi_intercept_errors on;
fastcgi_pass localhost:9000;
}
# Fighting with Styles? This little gem is amazing.
# location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
try_files $uri @rewrite;
}
# Handle private files through Drupal.
location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
try_files $uri /index.php?$query_string;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
try_files $uri @rewrite;
expires max;
log_not_found off;
}
# Enforce clean URLs
if ($request_uri ~* "^(.*/)index\.php(.*)") {
return 307 $1$2;
}
certbot_create_if_missing: true
certbot_create_method: standalone
certbot_admin_email: oliver+certbot@oliverdavies.uk
certbot_certs:
- domains:
- oliverdavies.uk
- www.oliverdavies.uk
Reference in a new issue View git blame Copy permalink