From 9103f72d1221a622ffdead207b27abd9e9910a18 Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Wed, 23 Mar 2022 15:07:12 +0100 Subject: [PATCH 1/9] add role humhub --- roles/humhub/.travis.yml | 29 ++++++++ roles/humhub/README.md | 38 ++++++++++ roles/humhub/defaults/main.yml | 21 ++++++ roles/humhub/handlers/main.yml | 2 + roles/humhub/meta/main.yml | 52 ++++++++++++++ roles/humhub/tasks/configure.yml | 22 ++++++ roles/humhub/tasks/install.yml | 56 +++++++++++++++ roles/humhub/tasks/main.yml | 46 ++++++++++++ roles/humhub/tasks/uninstall.yml | 0 roles/humhub/templates/common_php.j2 | 38 ++++++++++ roles/humhub/templates/nginx_app.j2 | 101 +++++++++++++++++++++++++++ roles/humhub/tests/inventory | 2 + roles/humhub/tests/test.yml | 5 ++ roles/humhub/vars/main.yml | 18 +++++ 14 files changed, 430 insertions(+) create mode 100644 roles/humhub/.travis.yml create mode 100644 roles/humhub/README.md create mode 100644 roles/humhub/defaults/main.yml create mode 100644 roles/humhub/handlers/main.yml create mode 100644 roles/humhub/meta/main.yml create mode 100644 roles/humhub/tasks/configure.yml create mode 100644 roles/humhub/tasks/install.yml create mode 100644 roles/humhub/tasks/main.yml create mode 100644 roles/humhub/tasks/uninstall.yml create mode 100644 roles/humhub/templates/common_php.j2 create mode 100644 roles/humhub/templates/nginx_app.j2 create mode 100644 roles/humhub/tests/inventory create mode 100644 roles/humhub/tests/test.yml create mode 100644 roles/humhub/vars/main.yml diff --git a/roles/humhub/.travis.yml b/roles/humhub/.travis.yml new file mode 100644 index 00000000..36bbf620 --- /dev/null +++ b/roles/humhub/.travis.yml @@ -0,0 +1,29 @@ +--- +language: python +python: "2.7" + +# Use the new container infrastructure +sudo: false + +# Install ansible +addons: + apt: + packages: + - python-pip + +install: + # Install ansible + - pip install ansible + + # Check ansible version + - ansible --version + + # Create ansible.cfg with correct roles_path + - printf '[defaults]\nroles_path=../' >ansible.cfg + +script: + # Basic role syntax check + - ansible-playbook tests/test.yml -i tests/inventory --syntax-check + +notifications: + webhooks: https://galaxy.ansible.com/api/v1/notifications/ \ No newline at end of file diff --git a/roles/humhub/README.md b/roles/humhub/README.md new file mode 100644 index 00000000..225dd44b --- /dev/null +++ b/roles/humhub/README.md @@ -0,0 +1,38 @@ +Role Name +========= + +A brief description of the role goes here. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/humhub/defaults/main.yml b/roles/humhub/defaults/main.yml new file mode 100644 index 00000000..3c26f185 --- /dev/null +++ b/roles/humhub/defaults/main.yml @@ -0,0 +1,21 @@ +--- +app_version: 1.1.14 + +app_user_chrooted: "yes" + +php_composer: "no" +python3: "no" +app_wsgi: "no" + +# +# smtp default parameters +# + +smtp_security: STARTTLS +smtp_host: false +smtp_user: null +smtp_pass: null +smtp_port: 587 + + +app_backup_data: "yes" \ No newline at end of file diff --git a/roles/humhub/handlers/main.yml b/roles/humhub/handlers/main.yml new file mode 100644 index 00000000..2b1de011 --- /dev/null +++ b/roles/humhub/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for humhub diff --git a/roles/humhub/meta/main.yml b/roles/humhub/meta/main.yml new file mode 100644 index 00000000..c572acc9 --- /dev/null +++ b/roles/humhub/meta/main.yml @@ -0,0 +1,52 @@ +galaxy_info: + author: your name + description: your role description + company: your company (optional) + + # If the issue tracker for your role is not on github, uncomment the + # next line and provide a value + # issue_tracker_url: http://example.com/issue/tracker + + # Choose a valid license ID from https://spdx.org - some suggested licenses: + # - BSD-3-Clause (default) + # - MIT + # - GPL-2.0-or-later + # - GPL-3.0-only + # - Apache-2.0 + # - CC-BY-4.0 + license: license (GPL-2.0-or-later, MIT, etc) + + min_ansible_version: 2.1 + + # If this a Container Enabled role, provide the minimum Ansible Container version. + # min_ansible_container_version: + + # + # Provide a list of supported platforms, and for each platform a list of versions. + # If you don't wish to enumerate all versions for a particular platform, use 'all'. + # To view available platforms and versions (or releases), visit: + # https://galaxy.ansible.com/api/v1/platforms/ + # + # platforms: + # - name: Fedora + # versions: + # - all + # - 25 + # - name: SomePlatform + # versions: + # - all + # - 1.0 + # - 7 + # - 99.99 + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is a keyword that describes + # and categorizes the role. Users find roles by searching for tags. Be sure to + # remove the '[]' above, if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of alphanumeric characters. + # Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. Be sure to remove the '[]' above, + # if you add dependencies to this list. diff --git a/roles/humhub/tasks/configure.yml b/roles/humhub/tasks/configure.yml new file mode 100644 index 00000000..509d6200 --- /dev/null +++ b/roles/humhub/tasks/configure.yml @@ -0,0 +1,22 @@ +--- + +- name: "Configuring Garradin" + template: + src: "config.local.php.j2" + dest: "{{ app_instance_root }}/config.local.php" + owner: "{{ app_user }}" + group: "{{ app_group }}" + backup: yes + mode: 0660 + tags: + - garradin_local_conf + +- name: "cron mode for background jobs" + cron: + name: "{{ app_instance_root }}/scripts/cron.php >/dev/null 2>&1" + user: "{{ app_user }}" + day: "*/1" + job: "php -f {{ app_instance_root }}/cron.php >/dev/null 2>&1" + tags: + - garradin_cron + diff --git a/roles/humhub/tasks/install.yml b/roles/humhub/tasks/install.yml new file mode 100644 index 00000000..b05cd3d7 --- /dev/null +++ b/roles/humhub/tasks/install.yml @@ -0,0 +1,56 @@ +--- + +- import_role: + name: _web_app + +- name: "template {{ rev_proxy }}_app.j2 {{ app_instance_id }}" + template: + src: "{{ rev_proxy }}_app.j2" + dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" + when: app_wsgi == "no" + notify: reload {{ rev_proxy }} web_app + tags: + - garradin_rev_proxy + +- name: "Configuration of Humhub (common)" + template: + src: "common_php.j2" + dest: "{{ app_instance_root }}/protected/config/common.php" + tags: + - humhub_common + - humhub_conf + +- name: Check if app folder exists + stat: + path: "{{ app_instance_root }}" + register: app_folder + +- name: Check if data folder exists + stat: + path: "{{ app_data }}" + register: data_folder + tags: "data_setup" + +- name: "dir {{ app_data }}" + file: + path: "{{ app_data }}" + state: directory + mode: 0700 + group: "www-data" + owner: "{{ app_user }}" + when: data_folder.stat.exists == false and app_folder.stat.exists + tags: "data_setup" + +- name: Import Backup Role + import_role: + name: _app_backup + +- name: "Cron Humhub - queue" + cron: + name: "Cron Humhub - queue" + job: "/usr/bin/php{{ php_version }} {{ app_instance_root }}/protected/yii queue/run >/dev/null 2>&1" + +- name: "Cron Humhub - cron" + cron: + name: "Cron Humhub - cron" + job: "/usr/bin/php{{ php_version }} {{ app_instance_root }}/protected/yii cron/run >/dev/null 2>&1" diff --git a/roles/humhub/tasks/main.yml b/roles/humhub/tasks/main.yml new file mode 100644 index 00000000..9bcc016b --- /dev/null +++ b/roles/humhub/tasks/main.yml @@ -0,0 +1,46 @@ +--- + +- import_role: + name: _web_app + +- name: Restic Role + import_role: + name: restic + tags: "restic_humhub" + +- name: "template {{ rev_proxy }}_app.j2 {{ app_instance_id }}" + template: + src: "{{ rev_proxy }}_app.j2" + dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" + when: app_wsgi == "no" + notify: reload {{ rev_proxy }} web_app + tags: + - garradin_rev_proxy + +- name: Check if app folder exists + stat: + path: "{{ app_instance_root }}" + register: app_folder + +- name: Check if data folder exists + stat: + path: "{{ app_data }}" + register: data_folder + tags: "data_setup" + +- name: "dir {{ app_data }}" + file: + path: "{{ app_data }}" + state: directory + mode: 0700 + group: "www-data" + owner: "{{ app_user }}" + when: data_folder.stat.exists == false and app_folder.stat.exists + tags: "data_setup" + +- name: Configuring garradin if app folder exists + import_tasks: configure.yml + when: app_folder.stat.exists + tags: + - garradin_configure + diff --git a/roles/humhub/tasks/uninstall.yml b/roles/humhub/tasks/uninstall.yml new file mode 100644 index 00000000..e69de29b diff --git a/roles/humhub/templates/common_php.j2 b/roles/humhub/templates/common_php.j2 new file mode 100644 index 00000000..5ae82ddf --- /dev/null +++ b/roles/humhub/templates/common_php.j2 @@ -0,0 +1,38 @@ + [ + 'cache' => [ + 'class' => 'yii\redis\Cache', + 'redis' => [ + 'hostname' => 'localhost', + 'port' => 6379, + 'database' => 0, + ] + ], + 'db' => [ + 'dsn' => 'mysql:host=localhost;dbname={{ database_name }}', + 'username' => '{{ database_user }}', + 'password' => '{{ database_password }}', + ], + ], + + 'modules' => [ + 'file' => [ + 'imageMaxResolution' => '1920x1080', + 'imageJpegQuality' => 75, + 'imagePngCompressionLevel' => 9, + 'imageWebpQuality' => 75, + ], + 'user' => [ + 'minimumUsernameLength' => 1 + ] + ], + +]; \ No newline at end of file diff --git a/roles/humhub/templates/nginx_app.j2 b/roles/humhub/templates/nginx_app.j2 new file mode 100644 index 00000000..b45db612 --- /dev/null +++ b/roles/humhub/templates/nginx_app.j2 @@ -0,0 +1,101 @@ +upstream php-handler{{ app_instance_id }} { + server unix:/var/run/php/php{{ php_version }}-fpm-{{ app_user }}.sock; +} + + +map $http_user_agent $log_ua { + ~Monit 0; + default 1; +} + +server { + listen 80; + listen [::]:80; + server_name {{ app_domain | mandatory }}; + # enforce https + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ app_domain }}; + + ssl_certificate /etc/letsencrypt/live/{{ app_domain }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ app_domain }}/privkey.pem; + + # Add headers to serve security related headers + # Before enabling Strict-Transport-Security headers please read into this + # topic first. + # add_header Strict-Transport-Security "max-age=15768000; + # includeSubDomains; preload;"; + # + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag all; # https://developers.google.com/search/docs/advanced/robots/robots_meta_tag + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Strict-Transport-Security "max-age=15768000"; + + access_log {{ www_log }}/{{ app_instance_id }}/access.log combined if=$log_ua; + error_log {{ www_log }}/{{ app_instance_id }}/error.log; + + include {{ app_instance_www_root }}/nginx/*.conf; + + + # set max upload size + client_max_body_size 512M; + fastcgi_buffers 64 4K; + + # Enable gzip but do not remove ETag headers + gzip on; + gzip_vary on; + gzip_comp_level 4; + gzip_min_length 256; + gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; + gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; + + location / { + + # Path to source + alias {{ app_instance_www_root }}/www/; + + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } + + index index.php index.html ; + try_files $uri $uri/ /index.php?$args; + + location ~ \.php$ { + if (!-e $request_filename) { + rewrite ^/?(.*)$ /_route.php?/$1 last; + break; + } + fastcgi_pass unix:/var/run/php/php{{ php_version }}-fpm-{{ app_user }}.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + + # Increase size limit + client_max_body_size 2M; + } + + location ~ ^/(protected|framework|themes/\w+/views|\.|uploads/file) { + deny all; + } + + location ~ ^/(assets|static|themes|uploads) { + expires 10d; + add_header Cache-Control "public, no-transform"; + } + +} diff --git a/roles/humhub/tests/inventory b/roles/humhub/tests/inventory new file mode 100644 index 00000000..878877b0 --- /dev/null +++ b/roles/humhub/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/humhub/tests/test.yml b/roles/humhub/tests/test.yml new file mode 100644 index 00000000..a4e4c945 --- /dev/null +++ b/roles/humhub/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - humhub diff --git a/roles/humhub/vars/main.yml b/roles/humhub/vars/main.yml new file mode 100644 index 00000000..14c3ef63 --- /dev/null +++ b/roles/humhub/vars/main.yml @@ -0,0 +1,18 @@ +--- +app_program: "Humub" + +app_src_root_name: "humhub-{{ app_version }}" +packages_list: [ "redis", "php{{ php_version }}-redis", "php{{ php_version }}-fpm", "php{{ php_version }}-cli", "php{{ php_version }}-imagick", "php{{ php_version }}-curl", "php{{ php_version }}-bz2", "php{{ php_version }}-gd", "php{{ php_version }}-intl", "php{{ php_version }}-mysql", "php{{ php_version }}-zip", "php{{ php_version }}-apcu-bc", "php{{ php_version }}-apcu", "php{{ php_version }}-xml", "php{{ php_version }}-ldap" ] + +app_src: "https://www.humhub.com/download/package/humhub-{{ app_version }}.tar.gz" +php_version: "7.4" + +app_instance_root: "{{ www_root }}/{{ app_instance_id }}" +app_data: "{{ www_root }}/{{ app_instance_id }}.data" + +app_group: "{{ app_user }}" + +database_type: "mysql" +database_name: "{{ app_instance_id }}_db" +database_user: "{{ app_instance_id }}_usr" +database_password: "{{ app_instance_id }}_pwd" \ No newline at end of file -- GitLab From 19383c72c9de38db779b45e14c5c557b676f55df Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Wed, 23 Mar 2022 15:37:56 +0100 Subject: [PATCH 2/9] [fix] path and others --- roles/humhub/tasks/configure.yml | 22 ---------------------- roles/humhub/tasks/uninstall.yml | 3 +++ roles/humhub/templates/common_php.j2 | 4 ++++ 3 files changed, 7 insertions(+), 22 deletions(-) delete mode 100644 roles/humhub/tasks/configure.yml diff --git a/roles/humhub/tasks/configure.yml b/roles/humhub/tasks/configure.yml deleted file mode 100644 index 509d6200..00000000 --- a/roles/humhub/tasks/configure.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- - -- name: "Configuring Garradin" - template: - src: "config.local.php.j2" - dest: "{{ app_instance_root }}/config.local.php" - owner: "{{ app_user }}" - group: "{{ app_group }}" - backup: yes - mode: 0660 - tags: - - garradin_local_conf - -- name: "cron mode for background jobs" - cron: - name: "{{ app_instance_root }}/scripts/cron.php >/dev/null 2>&1" - user: "{{ app_user }}" - day: "*/1" - job: "php -f {{ app_instance_root }}/cron.php >/dev/null 2>&1" - tags: - - garradin_cron - diff --git a/roles/humhub/tasks/uninstall.yml b/roles/humhub/tasks/uninstall.yml index e69de29b..36960b82 100644 --- a/roles/humhub/tasks/uninstall.yml +++ b/roles/humhub/tasks/uninstall.yml @@ -0,0 +1,3 @@ +--- +- import_role: + name: _web_app \ No newline at end of file diff --git a/roles/humhub/templates/common_php.j2 b/roles/humhub/templates/common_php.j2 index 5ae82ddf..3d9bf502 100644 --- a/roles/humhub/templates/common_php.j2 +++ b/roles/humhub/templates/common_php.j2 @@ -35,4 +35,8 @@ return [ ] ], + 'aliases' => [ + '@filestore' => '{{ app_data }}' + ] + ]; \ No newline at end of file -- GitLab From fe4971b7d9804badf104398ef87e5ca4674c6b24 Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Wed, 23 Mar 2022 15:39:51 +0100 Subject: [PATCH 3/9] [fix] path and others --- roles/humhub/tasks/main.yml | 48 +++++-------------------------------- 1 file changed, 6 insertions(+), 42 deletions(-) diff --git a/roles/humhub/tasks/main.yml b/roles/humhub/tasks/main.yml index 9bcc016b..e68deade 100644 --- a/roles/humhub/tasks/main.yml +++ b/roles/humhub/tasks/main.yml @@ -1,46 +1,10 @@ --- -- import_role: - name: _web_app +- import_tasks: install.yml + when: app_run in ['install', 'reinstall'] -- name: Restic Role - import_role: - name: restic - tags: "restic_humhub" - -- name: "template {{ rev_proxy }}_app.j2 {{ app_instance_id }}" - template: - src: "{{ rev_proxy }}_app.j2" - dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" - when: app_wsgi == "no" - notify: reload {{ rev_proxy }} web_app - tags: - - garradin_rev_proxy - -- name: Check if app folder exists - stat: - path: "{{ app_instance_root }}" - register: app_folder - -- name: Check if data folder exists - stat: - path: "{{ app_data }}" - register: data_folder - tags: "data_setup" - -- name: "dir {{ app_data }}" - file: - path: "{{ app_data }}" - state: directory - mode: 0700 - group: "www-data" - owner: "{{ app_user }}" - when: data_folder.stat.exists == false and app_folder.stat.exists - tags: "data_setup" - -- name: Configuring garradin if app folder exists - import_tasks: configure.yml - when: app_folder.stat.exists - tags: - - garradin_configure +#- import_tasks: upgrade.yml +# when: app_run == 'upgrade' +- import_tasks: uninstall.yml + when: app_run == 'uninstall' \ No newline at end of file -- GitLab From f6a0e3dd224413630b4ae64fb18733e3742d0eb8 Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Wed, 23 Mar 2022 16:37:35 +0100 Subject: [PATCH 4/9] [fix] path and others --- roles/humhub/defaults/main.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/roles/humhub/defaults/main.yml b/roles/humhub/defaults/main.yml index 3c26f185..111add29 100644 --- a/roles/humhub/defaults/main.yml +++ b/roles/humhub/defaults/main.yml @@ -1,5 +1,5 @@ --- -app_version: 1.1.14 +app_version: 1.10.3 app_user_chrooted: "yes" @@ -16,6 +16,3 @@ smtp_host: false smtp_user: null smtp_pass: null smtp_port: 587 - - -app_backup_data: "yes" \ No newline at end of file -- GitLab From e99f2364ebe4ff42c346e7f3bccc93c6fdd8b6a7 Mon Sep 17 00:00:00 2001 From: Admin paquerette Date: Fri, 1 Apr 2022 14:58:34 +0200 Subject: [PATCH 5/9] idem --- roles/humhub/vars/main.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/roles/humhub/vars/main.yml b/roles/humhub/vars/main.yml index 14c3ef63..b4e3b431 100644 --- a/roles/humhub/vars/main.yml +++ b/roles/humhub/vars/main.yml @@ -2,17 +2,16 @@ app_program: "Humub" app_src_root_name: "humhub-{{ app_version }}" -packages_list: [ "redis", "php{{ php_version }}-redis", "php{{ php_version }}-fpm", "php{{ php_version }}-cli", "php{{ php_version }}-imagick", "php{{ php_version }}-curl", "php{{ php_version }}-bz2", "php{{ php_version }}-gd", "php{{ php_version }}-intl", "php{{ php_version }}-mysql", "php{{ php_version }}-zip", "php{{ php_version }}-apcu-bc", "php{{ php_version }}-apcu", "php{{ php_version }}-xml", "php{{ php_version }}-ldap" ] +packages_list: [ "redis", "php{{ php_version }}-bz2", "php{{ php_version }}-redis", "php{{ php_version }}-fpm", "php{{ php_version }}-cli", "php{{ php_version }}-imagick", "php{{ php_version }}-curl", "php{{ php_version }}-bz2", "php{{ php_version }}-gd", "php{{ php_version }}-intl", "php{{ php_version }}-mysql", "php{{ php_version }}-zip", "php{{ php_version }}-apcu-bc", "php{{ php_version }}-apcu", "php{{ php_version }}-xml", "php{{ php_version }}-ldap" ] app_src: "https://www.humhub.com/download/package/humhub-{{ app_version }}.tar.gz" php_version: "7.4" -app_instance_root: "{{ www_root }}/{{ app_instance_id }}" -app_data: "{{ www_root }}/{{ app_instance_id }}.data" +app_data: "{{ app_instance_root }}/../{{ app_instance_id }}.data" app_group: "{{ app_user }}" database_type: "mysql" -database_name: "{{ app_instance_id }}_db" -database_user: "{{ app_instance_id }}_usr" -database_password: "{{ app_instance_id }}_pwd" \ No newline at end of file +#database_name: "{{ app_instance_id }}_db" +#database_user: "{{ app_instance_id }}_usr" +#database_password: "{{ app_instance_id }}_pwd" -- GitLab From 7995360f48a42f4e6d9f9c5fc56695416ebd8525 Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Fri, 8 Apr 2022 10:07:23 +0200 Subject: [PATCH 6/9] [fix] Humhub --- roles/humhub/handlers/main.yml | 2 ++ roles/humhub/templates/nginx_app.j2 | 20 ++++++++++---------- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/roles/humhub/handlers/main.yml b/roles/humhub/handlers/main.yml index 2b1de011..d8bc0990 100644 --- a/roles/humhub/handlers/main.yml +++ b/roles/humhub/handlers/main.yml @@ -1,2 +1,4 @@ --- # handlers file for humhub +- name: php-fpm reload humhub + service: name=php{{ php_version }}-fpm state=reloaded \ No newline at end of file diff --git a/roles/humhub/templates/nginx_app.j2 b/roles/humhub/templates/nginx_app.j2 index b45db612..a5760f75 100644 --- a/roles/humhub/templates/nginx_app.j2 +++ b/roles/humhub/templates/nginx_app.j2 @@ -85,17 +85,17 @@ server { fastcgi_param SCRIPT_FILENAME $request_filename; } - # Increase size limit - client_max_body_size 2M; - } + location ~ ^/(protected|framework|themes/\w+/views|\.|uploads/file) { + deny all; + } - location ~ ^/(protected|framework|themes/\w+/views|\.|uploads/file) { - deny all; - } + location ~ ^/(assets|static|themes|uploads) { + expires 10d; + add_header Cache-Control "public, no-transform"; + } - location ~ ^/(assets|static|themes|uploads) { - expires 10d; - add_header Cache-Control "public, no-transform"; - } + # Increase size limit + client_max_body_size 2M; + } } -- GitLab From e9ab2c7aef7eec94bf32fbad3010f898ef845d3c Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Mon, 16 May 2022 13:18:29 +0000 Subject: [PATCH 7/9] [fix] Notify + conf nginx (bon dossier) --- roles/humhub/handlers/main.yml | 4 +++- roles/humhub/tasks/install.yml | 3 ++- roles/humhub/templates/nginx_app.j2 | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/roles/humhub/handlers/main.yml b/roles/humhub/handlers/main.yml index d8bc0990..d2cb7173 100644 --- a/roles/humhub/handlers/main.yml +++ b/roles/humhub/handlers/main.yml @@ -1,4 +1,6 @@ --- # handlers file for humhub - name: php-fpm reload humhub - service: name=php{{ php_version }}-fpm state=reloaded \ No newline at end of file + service: name=php{{ php_version }}-fpm state=reloaded +- name: nginx reload humhub + service: name=nginx state=reloaded diff --git a/roles/humhub/tasks/install.yml b/roles/humhub/tasks/install.yml index b05cd3d7..4022146f 100644 --- a/roles/humhub/tasks/install.yml +++ b/roles/humhub/tasks/install.yml @@ -8,7 +8,7 @@ src: "{{ rev_proxy }}_app.j2" dest: "/etc/{{ rev_proxy }}/sites-available/{{ app_instance_id }}.conf" when: app_wsgi == "no" - notify: reload {{ rev_proxy }} web_app + notify: "nginx reload humhub" tags: - garradin_rev_proxy @@ -40,6 +40,7 @@ owner: "{{ app_user }}" when: data_folder.stat.exists == false and app_folder.stat.exists tags: "data_setup" + notify: "php-fpm reload humhub" - name: Import Backup Role import_role: diff --git a/roles/humhub/templates/nginx_app.j2 b/roles/humhub/templates/nginx_app.j2 index a5760f75..73658f34 100644 --- a/roles/humhub/templates/nginx_app.j2 +++ b/roles/humhub/templates/nginx_app.j2 @@ -63,7 +63,7 @@ server { location / { # Path to source - alias {{ app_instance_www_root }}/www/; + alias {{ app_instance_www_root }}/; if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; -- GitLab From acce034e457b7319245806f4e4ec03e4b8859916 Mon Sep 17 00:00:00 2001 From: Julien Gomes Dias Date: Mon, 16 May 2022 16:24:34 +0000 Subject: [PATCH 8/9] [fix] Ajout d'un README --- roles/humhub/README.md | 62 ++++++++++++++++-------------------------- 1 file changed, 24 insertions(+), 38 deletions(-) diff --git a/roles/humhub/README.md b/roles/humhub/README.md index 225dd44b..5aee64c4 100644 --- a/roles/humhub/README.md +++ b/roles/humhub/README.md @@ -1,38 +1,24 @@ -Role Name -========= - -A brief description of the role goes here. - -Requirements ------------- - -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. - -Role Variables --------------- - -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. - -Dependencies ------------- - -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. - -Example Playbook ----------------- - -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: - - - hosts: servers - roles: - - { role: username.rolename, x: 42 } - -License -------- - -BSD - -Author Information ------------------- - -An optional section for the role authors to include contact information, or a website (HTML is not allowed). +# HUMHUB + +Humhub is a company internal social network + +## Requirements +- PHP >=7.4 + +## Example Playbook + +```yaml +- role: humhub + description: test humhub + app_domain: humhub.example.com + app_instance_id: humhub + app_user: www-humhub + clear_app_user_password: ZdPreELr4b2XZazsFKjhXeD3FCxNhofZ + app_user_password: $6$$du/QXTiclJ1/Ns0RXJCXy6WBx7aN2gTMqJOzrWvzgYp3dQO.1j.pHngnbb8lBHZwIMu6JVuVRxCtrBnP1ts6D1 + php_version: 7.4 + restic_password: "1582369652dezs5z2d4" + database_password: ZdPreELr4b2XZazsFKjhXeD3FCxNhofZ +``` +### License + +GPLV3 -- GitLab From f2aa51e6cf30e2196e3058378754af28e17414a3 Mon Sep 17 00:00:00 2001 From: Admin paquerette Date: Thu, 19 May 2022 16:31:04 +0200 Subject: [PATCH 9/9] Downgrade composer pour ADM pour compat PHP 5.6 --- roles/adm_instance/scripts/install_composer.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/roles/adm_instance/scripts/install_composer.sh b/roles/adm_instance/scripts/install_composer.sh index 6f01e38f..ed3c0fbf 100644 --- a/roles/adm_instance/scripts/install_composer.sh +++ b/roles/adm_instance/scripts/install_composer.sh @@ -11,7 +11,8 @@ then exit 1 fi -php composer-setup.php --quiet +# La dernière version de composer qui supporte PHP 5.6 est 2.2.12 +php composer-setup.php --quiet --version=2.2.12 RESULT=$? rm composer-setup.php exit $RESULT -- GitLab