From a394d3fe43a16d7e6dfbdf67e69d8149fc1a2532 Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Tue, 25 Jan 2022 10:37:11 +0100 Subject: [PATCH 01/10] Ajouter les alias de domaines --- roles/nextcloud_instance/tasks/install.yml | 38 ++++++++++++++++++++ roles/nextcloud_instance/tasks/uninstall.yml | 19 ++++++++++ 2 files changed, 57 insertions(+) diff --git a/roles/nextcloud_instance/tasks/install.yml b/roles/nextcloud_instance/tasks/install.yml index e61f7118..9e10706d 100644 --- a/roles/nextcloud_instance/tasks/install.yml +++ b/roles/nextcloud_instance/tasks/install.yml @@ -122,3 +122,41 @@ - import_role: name: _app_monit + + +# Ajout des alias + - name: Add alias domains + block: + - name: "template {{ rev_proxy }}_app.j2 {{ app_instance_id }}" + template: + src: "{{ rev_proxy }}_app.j2" + dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}_alias_{{ a_domain }}.conf" + tags: + - rev_proxy + + - name: "enable site for {{ a_domain }}" + file: + state: link + path: "/etc/{{ rev_proxy }}/sites-enabled/{{ app_instance_id }}_alias_{{ a_domain }}.conf" + src: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}_alias_{{ a_domain }}.conf" + + - name: "test certificate presence" + stat: + path: "{{ letsencrypt_cert_root }}/{{ a_domain | quote }}" + register: cert + + - name: "stop nginx" + service: name=nginx state=stopped + when: (rev_proxy == "nginx") and not (cert.stat.exists) + + - name: "letsencrypt certificate for {{ a_domain }}" + command: "certbot certonly --standalone --agree-tos -n -m {{ base_postmaster | mandatory }} -d {{ app_domain | quote }}" + when: not (cert.stat.exists) + + - name: "start nginx" + service: name=nginx state=started + when: (rev_proxy == "nginx") and not (cert.stat.exists) + + loop: "{{ alias_domain | default([]) }}" + loop_control: + loop_var: a_domain \ No newline at end of file diff --git a/roles/nextcloud_instance/tasks/uninstall.yml b/roles/nextcloud_instance/tasks/uninstall.yml index ad8c2996..bb6b9acf 100644 --- a/roles/nextcloud_instance/tasks/uninstall.yml +++ b/roles/nextcloud_instance/tasks/uninstall.yml @@ -51,3 +51,22 @@ state: absent path: "/etc/{{ rev_proxy }}/sites-enabled/{{ app_instance_id }}.conf" notify: reload {{ rev_proxy }} nextcloud_instance + + - name: remove alias domains + block: + - name: "test certificate presence" + stat: + path: "{{ letsencrypt_cert_root }}/{{ a_domain | quote }}" + register: cert + tags: + - revoke_certificate + + - name: "revoke and delete certificate for {{ a_domain }}" + command: "certbot revoke --delete-after-revoke --cert-path /etc/letsencrypt/live/{{ a_domain }}/fullchain.pem" + when: cert.stat.exists + tags: + - revoke_certificate + + loop: "{{ alias_domain | default([]) }}" + loop_control: + loop_var: a_domain -- GitLab From 2b3b6061558ab72cdff33020cfc25fb275b0c282 Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Tue, 25 Jan 2022 11:58:53 +0100 Subject: [PATCH 02/10] [fix] Nextcloud configuration --- .../nextcloud_instance/templates/nextcloud_app_install.j2 | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/roles/nextcloud_instance/templates/nextcloud_app_install.j2 b/roles/nextcloud_instance/templates/nextcloud_app_install.j2 index 3ecf1479..d6b26eb5 100644 --- a/roles/nextcloud_instance/templates/nextcloud_app_install.j2 +++ b/roles/nextcloud_instance/templates/nextcloud_app_install.j2 @@ -12,6 +12,14 @@ sudo -u www-data php occ maintenance:install \ --admin-pass "{{ nextcloud_default_password | mandatory }}" sudo -u www-data php occ config:system:set trusted_domains 0 --value="{{ app_domain }}" + +{% if alias_domain is defined %} +{% set inc = 1 %} +{% for domain_t in alias_domain %} +sudo -u www-data php occ config:system:set trusted_domains {{ inc }} --value="{{ domain_t }}" +{% set inc = inc + 1 %} +{% endif %} + sudo -u www-data php occ config:system:set overwrite.cli.url --value="https://{{ app_domain }}" sudo -u www-data php occ config:system:set redis host port -- GitLab From 663504578c8f0ab940040abb094646e718275d2f Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Tue, 25 Jan 2022 16:05:46 +0100 Subject: [PATCH 03/10] [wip] try loop over alias domain and apply tasks --- .../nextcloud_instance/tasks/alias_create.yml | 30 +++++++++++++++++ roles/nextcloud_instance/tasks/install.yml | 32 +------------------ 2 files changed, 31 insertions(+), 31 deletions(-) create mode 100644 roles/nextcloud_instance/tasks/alias_create.yml diff --git a/roles/nextcloud_instance/tasks/alias_create.yml b/roles/nextcloud_instance/tasks/alias_create.yml new file mode 100644 index 00000000..d5958b61 --- /dev/null +++ b/roles/nextcloud_instance/tasks/alias_create.yml @@ -0,0 +1,30 @@ +--- +- name: "template {{ rev_proxy }}_app.j2 {{ app_instance_id }}" + template: + src: "{{ rev_proxy }}_app.j2" + dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}_alias_{{ a_domain }}.conf" + tags: + - rev_proxy + +- name: "enable site for {{ a_domain }}" + file: + state: link + path: "/etc/{{ rev_proxy }}/sites-enabled/{{ app_instance_id }}_alias_{{ a_domain }}.conf" + src: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}_alias_{{ a_domain }}.conf" + +- name: "test certificate presence" + stat: + path: "{{ letsencrypt_cert_root }}/{{ a_domain | quote }}" + register: cert + +- name: "stop nginx" + service: name=nginx state=stopped + when: (rev_proxy == "nginx") and not (cert.stat.exists) + +- name: "letsencrypt certificate for {{ a_domain }}" + command: "certbot certonly --standalone --agree-tos -n -m {{ base_postmaster | mandatory }} -d {{ a_domain | quote }}" + when: not (cert.stat.exists) + +- name: "start nginx" + service: name=nginx state=started + when: (rev_proxy == "nginx") and not (cert.stat.exists) diff --git a/roles/nextcloud_instance/tasks/install.yml b/roles/nextcloud_instance/tasks/install.yml index 9e10706d..fa7e4dc6 100644 --- a/roles/nextcloud_instance/tasks/install.yml +++ b/roles/nextcloud_instance/tasks/install.yml @@ -126,37 +126,7 @@ # Ajout des alias - name: Add alias domains - block: - - name: "template {{ rev_proxy }}_app.j2 {{ app_instance_id }}" - template: - src: "{{ rev_proxy }}_app.j2" - dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}_alias_{{ a_domain }}.conf" - tags: - - rev_proxy - - - name: "enable site for {{ a_domain }}" - file: - state: link - path: "/etc/{{ rev_proxy }}/sites-enabled/{{ app_instance_id }}_alias_{{ a_domain }}.conf" - src: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}_alias_{{ a_domain }}.conf" - - - name: "test certificate presence" - stat: - path: "{{ letsencrypt_cert_root }}/{{ a_domain | quote }}" - register: cert - - - name: "stop nginx" - service: name=nginx state=stopped - when: (rev_proxy == "nginx") and not (cert.stat.exists) - - - name: "letsencrypt certificate for {{ a_domain }}" - command: "certbot certonly --standalone --agree-tos -n -m {{ base_postmaster | mandatory }} -d {{ app_domain | quote }}" - when: not (cert.stat.exists) - - - name: "start nginx" - service: name=nginx state=started - when: (rev_proxy == "nginx") and not (cert.stat.exists) - + include_tasks: alias-create.yml loop: "{{ alias_domain | default([]) }}" loop_control: loop_var: a_domain \ No newline at end of file -- GitLab From 26b46186020d437aa3b74a753b3796b98613725d Mon Sep 17 00:00:00 2001 From: Admin paquerette Date: Tue, 25 Jan 2022 16:31:11 +0100 Subject: [PATCH 04/10] [fix] quelques corrections --- .../nextcloud_instance/tasks/alias_create.yml | 61 +++++++++++-------- roles/nextcloud_instance/tasks/install.yml | 8 ++- roles/nextcloud_instance/tasks/uninstall.yml | 11 ++-- 3 files changed, 48 insertions(+), 32 deletions(-) diff --git a/roles/nextcloud_instance/tasks/alias_create.yml b/roles/nextcloud_instance/tasks/alias_create.yml index d5958b61..22297489 100644 --- a/roles/nextcloud_instance/tasks/alias_create.yml +++ b/roles/nextcloud_instance/tasks/alias_create.yml @@ -1,30 +1,43 @@ --- -- name: "template {{ rev_proxy }}_app.j2 {{ app_instance_id }}" - template: - src: "{{ rev_proxy }}_app.j2" - dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}_alias_{{ a_domain }}.conf" - tags: - - rev_proxy +- name: Alias_create + block: + - name: "template {{ rev_proxy }}_nextcloud.j2 {{ app_instance_id }}" + template: + src: "{{ rev_proxy }}_nextcloud.j2" + dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}_alias_{{ a_domain }}.conf" + tags: + - rev_proxy + - nc_alias_create -- name: "enable site for {{ a_domain }}" - file: - state: link - path: "/etc/{{ rev_proxy }}/sites-enabled/{{ app_instance_id }}_alias_{{ a_domain }}.conf" - src: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}_alias_{{ a_domain }}.conf" + - name: "enable site for {{ a_domain }}" + file: + state: link + path: "/etc/{{ rev_proxy }}/sites-enabled/{{ app_instance_id }}_alias_{{ a_domain }}.conf" + src: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}_alias_{{ a_domain }}.conf" + tags: + - nc_alias_create -- name: "test certificate presence" - stat: - path: "{{ letsencrypt_cert_root }}/{{ a_domain | quote }}" - register: cert + - name: "test certificate presence" + stat: + path: "{{ letsencrypt_cert_root }}/{{ a_domain | quote }}" + register: cert + tags: + - nc_alias_create -- name: "stop nginx" - service: name=nginx state=stopped - when: (rev_proxy == "nginx") and not (cert.stat.exists) + - name: "stop nginx" + service: name=nginx state=stopped + when: (rev_proxy == "nginx") and not (cert.stat.exists) + tags: + - nc_alias_create -- name: "letsencrypt certificate for {{ a_domain }}" - command: "certbot certonly --standalone --agree-tos -n -m {{ base_postmaster | mandatory }} -d {{ a_domain | quote }}" - when: not (cert.stat.exists) + - name: "letsencrypt certificate for {{ a_domain }}" + command: "certbot certonly --standalone --agree-tos -n -m {{ base_postmaster | mandatory }} -d {{ a_domain | quote }}" + when: not (cert.stat.exists) + tags: + - nc_alias_create -- name: "start nginx" - service: name=nginx state=started - when: (rev_proxy == "nginx") and not (cert.stat.exists) + - name: "start nginx" + service: name=nginx state=started + when: (rev_proxy == "nginx") and not (cert.stat.exists) + tags: + - nc_alias_create diff --git a/roles/nextcloud_instance/tasks/install.yml b/roles/nextcloud_instance/tasks/install.yml index fa7e4dc6..7aa5de12 100644 --- a/roles/nextcloud_instance/tasks/install.yml +++ b/roles/nextcloud_instance/tasks/install.yml @@ -126,7 +126,9 @@ # Ajout des alias - name: Add alias domains - include_tasks: alias-create.yml - loop: "{{ alias_domain | default([]) }}" + include_tasks: alias_create.yml + loop: "{{ alias_domains | default([]) }}" loop_control: - loop_var: a_domain \ No newline at end of file + loop_var: a_domain + tags: + - nc_alias_create diff --git a/roles/nextcloud_instance/tasks/uninstall.yml b/roles/nextcloud_instance/tasks/uninstall.yml index bb6b9acf..15496f0f 100644 --- a/roles/nextcloud_instance/tasks/uninstall.yml +++ b/roles/nextcloud_instance/tasks/uninstall.yml @@ -60,13 +60,14 @@ register: cert tags: - revoke_certificate - + loop: "{{ alias_domain | default([]) }}" + loop_control: + loop_var: a_domain - name: "revoke and delete certificate for {{ a_domain }}" command: "certbot revoke --delete-after-revoke --cert-path /etc/letsencrypt/live/{{ a_domain }}/fullchain.pem" when: cert.stat.exists tags: - revoke_certificate - - loop: "{{ alias_domain | default([]) }}" - loop_control: - loop_var: a_domain + loop: "{{ alias_domain | default([]) }}" + loop_control: + loop_var: a_domain -- GitLab From a83d312eaebd3c669d668f2e07e87857b6a7d91b Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Tue, 25 Jan 2022 16:38:36 +0100 Subject: [PATCH 05/10] [fix] Correction configuration nginx --- .../nextcloud_instance/tasks/alias_create.yml | 2 +- roles/nextcloud_instance/tasks/main.yml | 2 +- .../templates/nginx_nextcloud_alias.j2 | 156 ++++++++++++++++++ 3 files changed, 158 insertions(+), 2 deletions(-) create mode 100644 roles/nextcloud_instance/templates/nginx_nextcloud_alias.j2 diff --git a/roles/nextcloud_instance/tasks/alias_create.yml b/roles/nextcloud_instance/tasks/alias_create.yml index d5958b61..54f7f432 100644 --- a/roles/nextcloud_instance/tasks/alias_create.yml +++ b/roles/nextcloud_instance/tasks/alias_create.yml @@ -1,7 +1,7 @@ --- - name: "template {{ rev_proxy }}_app.j2 {{ app_instance_id }}" template: - src: "{{ rev_proxy }}_app.j2" + src: "{{ rev_proxy }}_app_alias.j2" dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}_alias_{{ a_domain }}.conf" tags: - rev_proxy diff --git a/roles/nextcloud_instance/tasks/main.yml b/roles/nextcloud_instance/tasks/main.yml index dd92f233..c8c27d2d 100644 --- a/roles/nextcloud_instance/tasks/main.yml +++ b/roles/nextcloud_instance/tasks/main.yml @@ -17,4 +17,4 @@ - import_role: name: _app_restore_instance - when: app_run == 'restore' + when: app_run == 'restore' \ No newline at end of file diff --git a/roles/nextcloud_instance/templates/nginx_nextcloud_alias.j2 b/roles/nextcloud_instance/templates/nginx_nextcloud_alias.j2 new file mode 100644 index 00000000..f56194a1 --- /dev/null +++ b/roles/nextcloud_instance/templates/nginx_nextcloud_alias.j2 @@ -0,0 +1,156 @@ +upstream php-handler{{ app_instance_id }} { + #server 127.0.0.1:9000; + server unix:/var/run/php/php{{ php_version }}-fpm.sock; + #server unix:/var/run/php5-fpm.sock; +} + +map $http_user_agent $log_ua { + ~Monit 0; + default 1; +} + +server { + listen 80; + listen [::]:80; + server_name {{ a_domain | mandatory }}; + # enforce https + return 301 https://$server_name$request_uri; +} + +server { + + # Both IpV6 and IpV4 + # + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name {{ a_domain | mandatory }}; + + ssl_certificate /etc/letsencrypt/live/{{ a_domain }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ a_domain }}/privkey.pem; + + # Add headers to serve security related headers + # Before enabling Strict-Transport-Security headers please read into this + # topic first. + # add_header Strict-Transport-Security "max-age=15768000; + # includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Strict-Transport-Security "max-age=15768000"; + add_header Referrer-Policy no-referrer; + add_header X-Frame-Options "SAMEORIGIN" always; + + # Path to the root of your installation + root {{ app_instance_root }}/; + + access_log {{ www_log | mandatory }}/{{ app_instance_id }}/access.log combined if=$log_ua; + error_log {{ www_log | mandatory }}/{{ app_instance_id }}/error.log; + + location = /robots.txt { + allow all; + log_not_found off; + access_log off; + } + + # Make a regex exception for `/.well-known` so that clients can still + # access it despite the existence of the regex rule + # `location ~ /(\.|autotest|...)` which would otherwise handle requests + # for `/.well-known`. + location ^~ /.well-known { + # The following 6 rules are borrowed from `.htaccess` + + location = /.well-known/carddav { return 301 /remote.php/dav/; } + location = /.well-known/caldav { return 301 /remote.php/dav/; } + # Anything else is dynamically handled by Nextcloud + location ^~ /.well-known { return 301 /index.php$uri; } + + try_files $uri $uri/ =404; + } + + # set max upload size + client_max_body_size 512M; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + # Uncomment if your server is build with the ngx_pagespeed module + # This module is currently not supported. + #pagespeed off; + + location / { + rewrite ^ /index.php$uri; + } + + location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + deny all; + } + location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } + + location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) { + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param HTTPS on; + #Avoid sending the security headers twice + fastcgi_param modHeadersAvailable true; + fastcgi_param front_controller_active true; + fastcgi_pass php-handler{{ app_instance_id }}; + fastcgi_intercept_errors on; + fastcgi_request_buffering off; + } + + location ~ ^/(?:updater|ocs-provider)(?:$|/) { + try_files $uri/ =404; + index index.php; + } + + # Adding the cache control header for js and css files + # Make sure it is BELOW the PHP block + location ~ \.(?:css|js|woff|svg|gif)$ { + try_files $uri /index.php$uri$is_args$args; + add_header Cache-Control "public, max-age=15778463"; + # Add headers to serve security related headers (It is intended to + # have those duplicated to the ones above) + # Before enabling Strict-Transport-Security headers please read into + # this topic first. + # add_header Strict-Transport-Security "max-age=15768000; + # includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + # Optional: Don't log access to assets + access_log off; + } + + location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { + try_files $uri /index.php$uri$is_args$args; + # Optional: Don't log access to other assets + access_log off; + } +} \ No newline at end of file -- GitLab From 745c830496e2225460069f957876a7637a510aa4 Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Wed, 26 Jan 2022 10:23:16 +0100 Subject: [PATCH 06/10] [fix] alias --- roles/nextcloud_instance/tasks/alias_create.yml | 14 ++++++++++++++ roles/nextcloud_instance/tasks/install.yml | 6 ++++++ 2 files changed, 20 insertions(+) diff --git a/roles/nextcloud_instance/tasks/alias_create.yml b/roles/nextcloud_instance/tasks/alias_create.yml index 0273dc20..c1e11546 100644 --- a/roles/nextcloud_instance/tasks/alias_create.yml +++ b/roles/nextcloud_instance/tasks/alias_create.yml @@ -39,5 +39,19 @@ - name: "start nginx" service: name=nginx state=started when: (rev_proxy == "nginx") and not (cert.stat.exists) + tags: + - nc_alias_create + + - name: "Add alias to Nextcloud configuration" + shell: "/usr/bin/php {{ app_instance_root }}/occ config:system:set trusted_domains {{ inc }} --value=\"{{ a_domain }}\"" + become_user: "{{ app_user }}" + tags: + - nc_alias_create + + - name: "Define new disk structure" + set_fact: + inc: {{ inc + 1 }} + tags: + - nc_alias_create tags: - nc_alias_create diff --git a/roles/nextcloud_instance/tasks/install.yml b/roles/nextcloud_instance/tasks/install.yml index 7aa5de12..0fccd67a 100644 --- a/roles/nextcloud_instance/tasks/install.yml +++ b/roles/nextcloud_instance/tasks/install.yml @@ -125,6 +125,12 @@ # Ajout des alias + - name: "Define new disk structure" + set_fact: + inc: 1 + tags: + - nc_alias_create + - name: Add alias domains include_tasks: alias_create.yml loop: "{{ alias_domains | default([]) }}" -- GitLab From 7a0f24d357245c9c5066dee16f6a74fd90ec3d62 Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Wed, 26 Jan 2022 10:30:58 +0100 Subject: [PATCH 07/10] [fix] user --- roles/nextcloud_instance/tasks/alias_create.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud_instance/tasks/alias_create.yml b/roles/nextcloud_instance/tasks/alias_create.yml index c1e11546..b442d817 100644 --- a/roles/nextcloud_instance/tasks/alias_create.yml +++ b/roles/nextcloud_instance/tasks/alias_create.yml @@ -44,7 +44,7 @@ - name: "Add alias to Nextcloud configuration" shell: "/usr/bin/php {{ app_instance_root }}/occ config:system:set trusted_domains {{ inc }} --value=\"{{ a_domain }}\"" - become_user: "{{ app_user }}" + become_user: "www-data" tags: - nc_alias_create -- GitLab From 8c538337de178acfd6bca328ed09a6c475b4deff Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Wed, 26 Jan 2022 10:34:03 +0100 Subject: [PATCH 08/10] [fix] inc --- roles/nextcloud_instance/tasks/alias_create.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud_instance/tasks/alias_create.yml b/roles/nextcloud_instance/tasks/alias_create.yml index b442d817..6b1f5da5 100644 --- a/roles/nextcloud_instance/tasks/alias_create.yml +++ b/roles/nextcloud_instance/tasks/alias_create.yml @@ -50,7 +50,7 @@ - name: "Define new disk structure" set_fact: - inc: {{ inc + 1 }} + inc: "{{ inc + 1 }}" tags: - nc_alias_create tags: -- GitLab From 35251002444ed8bddb7e28213771770b1485c767 Mon Sep 17 00:00:00 2001 From: Julien GOMES DIAS Date: Wed, 26 Jan 2022 10:36:00 +0100 Subject: [PATCH 09/10] [fix] php version --- roles/nextcloud_instance/tasks/alias_create.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nextcloud_instance/tasks/alias_create.yml b/roles/nextcloud_instance/tasks/alias_create.yml index 6b1f5da5..53790a73 100644 --- a/roles/nextcloud_instance/tasks/alias_create.yml +++ b/roles/nextcloud_instance/tasks/alias_create.yml @@ -43,7 +43,7 @@ - nc_alias_create - name: "Add alias to Nextcloud configuration" - shell: "/usr/bin/php {{ app_instance_root }}/occ config:system:set trusted_domains {{ inc }} --value=\"{{ a_domain }}\"" + shell: "/usr/bin/php{{ php_version }} {{ app_instance_root }}/occ config:system:set trusted_domains {{ inc }} --value=\"{{ a_domain }}\"" become_user: "www-data" tags: - nc_alias_create -- GitLab From cc22bc1db40ec88d71f165c34e97af21847d0921 Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Mon, 29 Aug 2022 17:09:47 +0100 Subject: [PATCH 10/10] [fix] remove alias --- roles/nextcloud_instance/readme.md | 2 +- roles/nextcloud_instance/tasks/uninstall.yml | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/roles/nextcloud_instance/readme.md b/roles/nextcloud_instance/readme.md index fad10e62..c4034cfc 100644 --- a/roles/nextcloud_instance/readme.md +++ b/roles/nextcloud_instance/readme.md @@ -1,4 +1,4 @@ - +# Nextcloud ## Create a volume diff --git a/roles/nextcloud_instance/tasks/uninstall.yml b/roles/nextcloud_instance/tasks/uninstall.yml index 15496f0f..ef6edc8c 100644 --- a/roles/nextcloud_instance/tasks/uninstall.yml +++ b/roles/nextcloud_instance/tasks/uninstall.yml @@ -71,3 +71,12 @@ loop: "{{ alias_domain | default([]) }}" loop_control: loop_var: a_domain + - name: "disable site for {{ app_domain }}" + file: + state: absent + path: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}_alias_{{ a_domain }}.conf" + notify: reload {{ rev_proxy }} nextcloud_instance + loop: "{{ alias_domain | default([]) }}" + loop_control: + loop_var: a_domain + -- GitLab