From 12d3aeb0cddc961df414f95113cdca4532d292d9 Mon Sep 17 00:00:00 2001 From: Muhammed Hussein Karimi Date: Mon, 11 Oct 2021 23:48:01 +0330 Subject: [PATCH 01/19] ansible playbook added this playbook will install docker then install uptime kuma using docker and install and configure nginx with ssl --- ansible/README.md | 10 +++ ansible/playbook.yml | 7 ++ ansible/roles/docker/tasks/main.yml | 44 +++++++++ ansible/roles/nginx/files/README.md | 2 + ansible/roles/nginx/tasks/main.yml | 29 ++++++ .../roles/nginx/templates/docker-compose.yml | 8 ++ ansible/roles/nginx/templates/nginx.conf | 90 +++++++++++++++++++ ansible/roles/uptime-kuma/tasks/main.yml | 23 +++++ .../uptime-kuma/templates/docker-compose.yml | 10 +++ 9 files changed, 223 insertions(+) create mode 100644 ansible/README.md create mode 100644 ansible/playbook.yml create mode 100644 ansible/roles/docker/tasks/main.yml create mode 100644 ansible/roles/nginx/files/README.md create mode 100644 ansible/roles/nginx/tasks/main.yml create mode 100644 ansible/roles/nginx/templates/docker-compose.yml create mode 100644 ansible/roles/nginx/templates/nginx.conf create mode 100644 ansible/roles/uptime-kuma/tasks/main.yml create mode 100644 ansible/roles/uptime-kuma/templates/docker-compose.yml diff --git a/ansible/README.md b/ansible/README.md new file mode 100644 index 00000000..2de04729 --- /dev/null +++ b/ansible/README.md @@ -0,0 +1,10 @@ +# Ansible Playbook to install uptime kuma using docker + +This playbook comes with three roles + + 1. docker (to install docker) + 2. nginx (to install nginx using docker with ssl) + 3. uptime kuma (to install uptime kuma using docker) + +To see more info see docker-compose, tasks and config files +I will try to make this readme better \ No newline at end of file diff --git a/ansible/playbook.yml b/ansible/playbook.yml new file mode 100644 index 00000000..f62b24f0 --- /dev/null +++ b/ansible/playbook.yml @@ -0,0 +1,7 @@ +- name: install uptime kuma with nginx connected + hosts: all + roles: + - {role: docker, tags: ["docker"]} + - {role: kuma, tags: ["kuma"]} + - {role: nginx, tags: ["nginx"]} + \ No newline at end of file diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml new file mode 100644 index 00000000..cf7a619a --- /dev/null +++ b/ansible/roles/docker/tasks/main.yml @@ -0,0 +1,44 @@ +- name: Ensure docker and docker-compose and essentional libs are installed + package: + name: "{{item}}" + state: present + loop: + - docker.io + - docker-compose + - python-pip + - python3-docker + - python3-pip + - libssl-dev + - libffi-dev + - python-setuptools + +- name: Ensure docker-compose is installed via pip + pip: + name: "{{item}}" + executable: pip3 + loop: + - docker + # - docker-compose + +### FIX a BUG: https://github.com/docker/docker-py/issues/1502#issuecomment-506544849 +- name: FIX a BUG Uninstall pip's backports.ssl-match-hostname + pip: + name: backports.ssl-match-hostname + executable: pip + state: absent +- name: FIX a BUG install Debian's python-backports.ssl-match-hostname package + package: + name: python-backports.ssl-match-hostname + state: present + +- name: Ensure docker service is enabled and up + systemd: + name: docker + state: started + enabled: yes + +- name: Ensure docker socket is enabled and up + systemd: + name: docker.socket + state: started + enabled: yes \ No newline at end of file diff --git a/ansible/roles/nginx/files/README.md b/ansible/roles/nginx/files/README.md new file mode 100644 index 00000000..71f91486 --- /dev/null +++ b/ansible/roles/nginx/files/README.md @@ -0,0 +1,2 @@ +## Your ssl certs will go here +put them in ssl directory see nginx.conf for more info \ No newline at end of file diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml new file mode 100644 index 00000000..a149f19b --- /dev/null +++ b/ansible/roles/nginx/tasks/main.yml @@ -0,0 +1,29 @@ +- name: Ensure Volumes & Files directories exists + file: + dest: "{{item}}" + state: directory + loop: + - /compose + - /compose/nginx + - /compose/volumes + - /compose/volumes/nginx + +- name: Ensure docker-compose file has been updated + template: + src: "{{item}}" + dest: /compose/nginx/ + loop: + - docker-compose.yml + +- name: Ensure nginx config directory exist + copy: + src: nginx + dest: /compose/volumes/nginx/ + mode: 'preserve' + group: root + owner: root + +- name: Ensure config files are updated + template: + src: "nginx.conf" + dest: /compose/volumes/nginx/nginx.conf diff --git a/ansible/roles/nginx/templates/docker-compose.yml b/ansible/roles/nginx/templates/docker-compose.yml new file mode 100644 index 00000000..1e7abb85 --- /dev/null +++ b/ansible/roles/nginx/templates/docker-compose.yml @@ -0,0 +1,8 @@ +version: '3.3' +services: + nginx: + network_mode: host + restart: always + image: nginx:1.21.3-alpine + volumes: + - '/compose/volumes/nginx/:/etc/nginx/' \ No newline at end of file diff --git a/ansible/roles/nginx/templates/nginx.conf b/ansible/roles/nginx/templates/nginx.conf new file mode 100644 index 00000000..ad14a598 --- /dev/null +++ b/ansible/roles/nginx/templates/nginx.conf @@ -0,0 +1,90 @@ +user nginx; +worker_processes auto; + +pid /var/run/nginx.pid; +error_log /var/log/nginx/error.log; + +events { + worker_connections 2048; +} + +http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + server_tokens off; + + default_type application/octet-stream; + + + ### SSL Settings for all servers (https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.2&config=intermediate) + # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate + ssl_certificate /etc/nginx/ssl/status.yoursite.fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/status.yoursite.privkey.pem; + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; # about 40000 sessions + ssl_session_tickets off; + + # intermediate configuration + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; + ssl_prefer_server_ciphers off; + + # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/nginx/ssl/dhparam.pem (TODO: check if it's secure to use others DH parameters!) + # openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096 + ssl_dhparam /etc/nginx/ssl/dhparam.pem; + + # HSTS (ngx_http_headers_module is required) (63072000 seconds) + add_header Strict-Transport-Security "max-age=63072000" always; + + # OCSP stapling + ssl_stapling on; + ssl_stapling_verify on; + + log_format main '$remote_addr - $remote_user [$time_local] "$request_method $scheme://$host$request_uri $server_protocol" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent" $request_time $upstream_response_time UPA:$upstream_addr BYS:$bytes_sent BYR:$request_length'; + access_log /var/log/nginx/access.log main; + + ### Set additional headers to be send to upstream + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + + # Remove Headers that gonna be sent to client + proxy_hide_header X-Powered-By; + proxy_hide_header Server; + + # Redirect HTTP request to HTTPS + server { + listen 80 default_server; + server_name status.yoursite; + return 302 https://$host$request_uri; + } + + server { + server_name status.yoursite; + listen 443 ssl http2 default_server; + + access_log /var/log/nginx/yoursite.access.log main; + error_log /var/log/nginx/yoursite.error.log; + + location / { + # rewrite ^/(.*)/$ /$1 permanent; + ### redirect urls with trailing slash to non-trailing slash + # https://serverfault.dev/questions/597302/removing-the-trailing-slash-from-a-url-with-nginx + # location ~ (?.+)/$ { + # return 302 https://$host$no_slash; + # } + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://localhost:3001/; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + } +} diff --git a/ansible/roles/uptime-kuma/tasks/main.yml b/ansible/roles/uptime-kuma/tasks/main.yml new file mode 100644 index 00000000..bd42148a --- /dev/null +++ b/ansible/roles/uptime-kuma/tasks/main.yml @@ -0,0 +1,23 @@ +- name: Ensure Volumes & Files directories exists + file: + dest: "{{item}}" + state: directory + loop: + - /compose + - /compose/kuma + - /compose/volumes + - /compose/volumes/kuma + +- name: Ensure docker-compose file has been updated + template: + src: "{{item}}" + dest: /compose/kuma/ + loop: + - docker-compose.yml + +- name: Ensure uptime-kuma is up + docker_compose: + state: present + project_src: /compose/kuma + pull: yes + diff --git a/ansible/roles/uptime-kuma/templates/docker-compose.yml b/ansible/roles/uptime-kuma/templates/docker-compose.yml new file mode 100644 index 00000000..43705e14 --- /dev/null +++ b/ansible/roles/uptime-kuma/templates/docker-compose.yml @@ -0,0 +1,10 @@ +version: '3.3' +services: + uptime-kuma: + restart: always + ports: + - '127.0.0.1:3001:3001' + volumes: + - '/compose/volumes/uptime-kuma:/app/data' + container_name: uptime-kuma + image: 'louislam/uptime-kuma:latest' From 166c4d6b5fef938f2f6d16bdd47f10487ade82e0 Mon Sep 17 00:00:00 2001 From: Muhammed Hussein karimi Date: Mon, 11 Oct 2021 23:51:17 +0330 Subject: [PATCH 02/19] Update README.md --- ansible/README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/ansible/README.md b/ansible/README.md index 2de04729..4220dc80 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -7,4 +7,7 @@ This playbook comes with three roles 3. uptime kuma (to install uptime kuma using docker) To see more info see docker-compose, tasks and config files -I will try to make this readme better \ No newline at end of file +I will try to make this readme better + + +> Replace status.yoursite with your domain name From 5db728841bda400c0df0a29737c74a901d29f80e Mon Sep 17 00:00:00 2001 From: Muhammed Hussein karimi Date: Tue, 12 Oct 2021 07:57:44 +0330 Subject: [PATCH 03/19] somthing was missing in nginx tasks --- ansible/roles/nginx/tasks/main.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml index a149f19b..a810b5bc 100644 --- a/ansible/roles/nginx/tasks/main.yml +++ b/ansible/roles/nginx/tasks/main.yml @@ -27,3 +27,9 @@ template: src: "nginx.conf" dest: /compose/volumes/nginx/nginx.conf + +- name: Ensure uptime-kuma is up + docker_compose: + state: present + project_src: /compose/kuma + pull: no From de6437e494431faf78b7d0240233b386e430ac18 Mon Sep 17 00:00:00 2001 From: Muhammed Hussein karimi Date: Tue, 12 Oct 2021 08:08:07 +0330 Subject: [PATCH 04/19] Apply suggestion (nginx version and config) Co-authored-by: Adam Stachowicz --- ansible/roles/nginx/templates/docker-compose.yml | 2 +- ansible/roles/nginx/templates/nginx.conf | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/ansible/roles/nginx/templates/docker-compose.yml b/ansible/roles/nginx/templates/docker-compose.yml index 1e7abb85..02b367e4 100644 --- a/ansible/roles/nginx/templates/docker-compose.yml +++ b/ansible/roles/nginx/templates/docker-compose.yml @@ -3,6 +3,6 @@ services: nginx: network_mode: host restart: always - image: nginx:1.21.3-alpine + image: nginx:stable-alpine volumes: - '/compose/volumes/nginx/:/etc/nginx/' \ No newline at end of file diff --git a/ansible/roles/nginx/templates/nginx.conf b/ansible/roles/nginx/templates/nginx.conf index ad14a598..3fb78fed 100644 --- a/ansible/roles/nginx/templates/nginx.conf +++ b/ansible/roles/nginx/templates/nginx.conf @@ -18,7 +18,6 @@ http { default_type application/octet-stream; - ### SSL Settings for all servers (https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.2&config=intermediate) # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate ssl_certificate /etc/nginx/ssl/status.yoursite.fullchain.pem; @@ -53,7 +52,6 @@ http { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - # Remove Headers that gonna be sent to client proxy_hide_header X-Powered-By; proxy_hide_header Server; From 97fe7c001c2ea0b2a283089a4e898ed97046921b Mon Sep 17 00:00:00 2001 From: Muhammed Hussein karimi Date: Tue, 12 Oct 2021 19:35:25 +0330 Subject: [PATCH 05/19] Uaing alpine image --- ansible/roles/uptime-kuma/templates/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/roles/uptime-kuma/templates/docker-compose.yml b/ansible/roles/uptime-kuma/templates/docker-compose.yml index 43705e14..54cca27d 100644 --- a/ansible/roles/uptime-kuma/templates/docker-compose.yml +++ b/ansible/roles/uptime-kuma/templates/docker-compose.yml @@ -7,4 +7,4 @@ services: volumes: - '/compose/volumes/uptime-kuma:/app/data' container_name: uptime-kuma - image: 'louislam/uptime-kuma:latest' + image: 'louislam/uptime-kuma:alpine' From f0632f32ee25760e1d057f06c59375c9e6f10979 Mon Sep 17 00:00:00 2001 From: Muhammed Hussein karimi Date: Fri, 22 Oct 2021 20:17:34 +0330 Subject: [PATCH 06/19] remove docker role --- ansible/roles/docker/tasks/main.yml | 44 ----------------------------- 1 file changed, 44 deletions(-) delete mode 100644 ansible/roles/docker/tasks/main.yml diff --git a/ansible/roles/docker/tasks/main.yml b/ansible/roles/docker/tasks/main.yml deleted file mode 100644 index cf7a619a..00000000 --- a/ansible/roles/docker/tasks/main.yml +++ /dev/null @@ -1,44 +0,0 @@ -- name: Ensure docker and docker-compose and essentional libs are installed - package: - name: "{{item}}" - state: present - loop: - - docker.io - - docker-compose - - python-pip - - python3-docker - - python3-pip - - libssl-dev - - libffi-dev - - python-setuptools - -- name: Ensure docker-compose is installed via pip - pip: - name: "{{item}}" - executable: pip3 - loop: - - docker - # - docker-compose - -### FIX a BUG: https://github.com/docker/docker-py/issues/1502#issuecomment-506544849 -- name: FIX a BUG Uninstall pip's backports.ssl-match-hostname - pip: - name: backports.ssl-match-hostname - executable: pip - state: absent -- name: FIX a BUG install Debian's python-backports.ssl-match-hostname package - package: - name: python-backports.ssl-match-hostname - state: present - -- name: Ensure docker service is enabled and up - systemd: - name: docker - state: started - enabled: yes - -- name: Ensure docker socket is enabled and up - systemd: - name: docker.socket - state: started - enabled: yes \ No newline at end of file From d6f79ee80bcff7ba4a0600cfa124a428639f7666 Mon Sep 17 00:00:00 2001 From: Muhammed Hussein karimi Date: Fri, 22 Oct 2021 20:18:51 +0330 Subject: [PATCH 07/19] Using geerlingguy ansible role for docker compose --- ansible/playbook.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index f62b24f0..04006a41 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -1,7 +1,7 @@ - name: install uptime kuma with nginx connected hosts: all roles: - - {role: docker, tags: ["docker"]} - - {role: kuma, tags: ["kuma"]} - - {role: nginx, tags: ["nginx"]} - \ No newline at end of file + - {role: geerlingguy.docker, tags: ["docker"]} + - {role: kuma, tags: ["kuma"]} + - {role: nginx, tags: ["nginx"]} + From a81cc92b07e92f7a70f50fbd335cd8e5772faf02 Mon Sep 17 00:00:00 2001 From: Muhammed Hussein Karimi Date: Fri, 22 Oct 2021 20:39:43 +0330 Subject: [PATCH 08/19] Fix name for docker_compose ansible module to make it working with newer ansible --- ansible/roles/nginx/tasks/main.yml | 2 +- ansible/roles/uptime-kuma/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml index a810b5bc..511af41f 100644 --- a/ansible/roles/nginx/tasks/main.yml +++ b/ansible/roles/nginx/tasks/main.yml @@ -29,7 +29,7 @@ dest: /compose/volumes/nginx/nginx.conf - name: Ensure uptime-kuma is up - docker_compose: + community.docker.docker_compose: state: present project_src: /compose/kuma pull: no diff --git a/ansible/roles/uptime-kuma/tasks/main.yml b/ansible/roles/uptime-kuma/tasks/main.yml index bd42148a..304bc291 100644 --- a/ansible/roles/uptime-kuma/tasks/main.yml +++ b/ansible/roles/uptime-kuma/tasks/main.yml @@ -16,7 +16,7 @@ - docker-compose.yml - name: Ensure uptime-kuma is up - docker_compose: + community.docker.docker_compose: state: present project_src: /compose/kuma pull: yes From e0e5f3518a4e869de6627dc8c97939352ca82f9d Mon Sep 17 00:00:00 2001 From: Muhammed Hussein Karimi Date: Fri, 22 Oct 2021 20:40:01 +0330 Subject: [PATCH 09/19] ansible requirements added --- ansible/ansible-requirements.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ansible/ansible-requirements.yml diff --git a/ansible/ansible-requirements.yml b/ansible/ansible-requirements.yml new file mode 100644 index 00000000..e7a27c42 --- /dev/null +++ b/ansible/ansible-requirements.yml @@ -0,0 +1,5 @@ +roles: + - src: geerlingguy.docker + +collections: + - name: community.docker From 90ebf4f66c128ebd30a1a705d4b452c34334de3b Mon Sep 17 00:00:00 2001 From: Muhammed Hussein Karimi Date: Fri, 22 Oct 2021 20:52:13 +0330 Subject: [PATCH 10/19] using variables for domain and guid to run added to readme --- ansible/README.md | 10 ++++++++-- ansible/roles/nginx/templates/nginx.conf | 8 ++++---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/ansible/README.md b/ansible/README.md index 4220dc80..fd255f56 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -9,5 +9,11 @@ This playbook comes with three roles To see more info see docker-compose, tasks and config files I will try to make this readme better - -> Replace status.yoursite with your domain name +## To run it +1. run `ansible-galaxy install -r ansible-requirements.yml` to get requirements +2. prepare inventory hosts +3. to run playbook +```bash +ansible-playbook ./playbook.yml -i --extra-vars "kuma_domain=" +``` +you can use other ansible playbook options too diff --git a/ansible/roles/nginx/templates/nginx.conf b/ansible/roles/nginx/templates/nginx.conf index 3fb78fed..fc23747e 100644 --- a/ansible/roles/nginx/templates/nginx.conf +++ b/ansible/roles/nginx/templates/nginx.conf @@ -20,8 +20,8 @@ http { ### SSL Settings for all servers (https://ssl-config.mozilla.org/#server=nginx&server-version=1.17.2&config=intermediate) # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate - ssl_certificate /etc/nginx/ssl/status.yoursite.fullchain.pem; - ssl_certificate_key /etc/nginx/ssl/status.yoursite.privkey.pem; + ssl_certificate /etc/nginx/ssl/{{ kuma_domain }}.fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/{{ kuma_domain }}.privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:MozSSL:10m; # about 40000 sessions ssl_session_tickets off; @@ -59,12 +59,12 @@ http { # Redirect HTTP request to HTTPS server { listen 80 default_server; - server_name status.yoursite; + server_name {{ kuma_domain }}; return 302 https://$host$request_uri; } server { - server_name status.yoursite; + server_name {{ kuma_domain }}; listen 443 ssl http2 default_server; access_log /var/log/nginx/yoursite.access.log main; From 133def93fe93abc16726e87778ef2abdfd82bcaf Mon Sep 17 00:00:00 2001 From: Muhammed Hussein Karimi Date: Fri, 22 Oct 2021 20:56:58 +0330 Subject: [PATCH 11/19] typo fix --- ansible/roles/nginx/tasks/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml index 511af41f..2b7b08a5 100644 --- a/ansible/roles/nginx/tasks/main.yml +++ b/ansible/roles/nginx/tasks/main.yml @@ -28,8 +28,8 @@ src: "nginx.conf" dest: /compose/volumes/nginx/nginx.conf -- name: Ensure uptime-kuma is up +- name: Ensure nginx is up community.docker.docker_compose: state: present - project_src: /compose/kuma + project_src: /compose/nginx pull: no From 177a9598ea743858b1d35f2a23947bd8890f1792 Mon Sep 17 00:00:00 2001 From: Muhammed Hussein Karimi Date: Fri, 22 Oct 2021 21:08:19 +0330 Subject: [PATCH 12/19] better ssl handling --- ansible/.gitignore | 1 + ansible/README.md | 9 ++++++++- ansible/roles/nginx/files/README.md | 2 -- ansible/roles/nginx/tasks/main.yml | 4 ++-- 4 files changed, 11 insertions(+), 5 deletions(-) create mode 100644 ansible/.gitignore delete mode 100644 ansible/roles/nginx/files/README.md diff --git a/ansible/.gitignore b/ansible/.gitignore new file mode 100644 index 00000000..ec2ba683 --- /dev/null +++ b/ansible/.gitignore @@ -0,0 +1 @@ +roles/nginx/files/ssl/* diff --git a/ansible/README.md b/ansible/README.md index fd255f56..659f56c5 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -12,8 +12,15 @@ I will try to make this readme better ## To run it 1. run `ansible-galaxy install -r ansible-requirements.yml` to get requirements 2. prepare inventory hosts -3. to run playbook +3. put your certificates in files section in nginx role with this structure below: +``` +ansible -> roles -> nginx -> ssl -> .fullchain.pem +ansible -> roles -> nginx -> ssl -> .privkey.pem +``` +4. to run playbook ```bash ansible-playbook ./playbook.yml -i --extra-vars "kuma_domain=" ``` you can use other ansible playbook options too + +> Note: Replace `` with your desired domain for uptime kuma diff --git a/ansible/roles/nginx/files/README.md b/ansible/roles/nginx/files/README.md deleted file mode 100644 index 71f91486..00000000 --- a/ansible/roles/nginx/files/README.md +++ /dev/null @@ -1,2 +0,0 @@ -## Your ssl certs will go here -put them in ssl directory see nginx.conf for more info \ No newline at end of file diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml index 2b7b08a5..11ca80fa 100644 --- a/ansible/roles/nginx/tasks/main.yml +++ b/ansible/roles/nginx/tasks/main.yml @@ -17,8 +17,8 @@ - name: Ensure nginx config directory exist copy: - src: nginx - dest: /compose/volumes/nginx/ + src: ssl + dest: /compose/volumes/nginx/ssl mode: 'preserve' group: root owner: root From c42c985e9e118ca1563d34f7d1f7a391ed14dfdc Mon Sep 17 00:00:00 2001 From: Muhammed Hussein Karimi Date: Fri, 22 Oct 2021 21:30:56 +0330 Subject: [PATCH 13/19] installing docker python library see https://github.com/geerlingguy/ansible-role-docker#use-with-ansible-and-docker-python-library --- ansible/ansible-requirements.yml | 1 + ansible/playbook.yml | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ansible/ansible-requirements.yml b/ansible/ansible-requirements.yml index e7a27c42..326654cc 100644 --- a/ansible/ansible-requirements.yml +++ b/ansible/ansible-requirements.yml @@ -1,5 +1,6 @@ roles: - src: geerlingguy.docker + - src: geerlingguy.pip collections: - name: community.docker diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 04006a41..5d298ffc 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -1,7 +1,13 @@ - name: install uptime kuma with nginx connected hosts: all + + vars: + pip_install_packages: + - name: docker + roles: - {role: geerlingguy.docker, tags: ["docker"]} + - {role: geerlingguy.pip, tags: ["docker"]} - {role: kuma, tags: ["kuma"]} - {role: nginx, tags: ["nginx"]} - + From 91649e7956ef508a46d80bcd33a361b5fa198de8 Mon Sep 17 00:00:00 2001 From: Muhammed Hussein Karimi Date: Sat, 23 Oct 2021 22:50:02 +0330 Subject: [PATCH 14/19] change docker compose version --- ansible/playbook.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 5d298ffc..3900f77d 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -4,6 +4,7 @@ vars: pip_install_packages: - name: docker + docker_compose_version: "v2.0.1" roles: - {role: geerlingguy.docker, tags: ["docker"]} From 17a572112ced86fb41c13934a1fcead9796de778 Mon Sep 17 00:00:00 2001 From: Muhammed Hussein Karimi Date: Sat, 23 Oct 2021 23:04:47 +0330 Subject: [PATCH 15/19] better readme --- ansible/README.md | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/ansible/README.md b/ansible/README.md index 659f56c5..9068ca8b 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -2,22 +2,23 @@ This playbook comes with three roles - 1. docker (to install docker) - 2. nginx (to install nginx using docker with ssl) - 3. uptime kuma (to install uptime kuma using docker) +1. docker (to install docker) +2. nginx (to install nginx using docker with ssl) +3. uptime kuma (to install uptime kuma using docker) To see more info see docker-compose, tasks and config files I will try to make this readme better ## To run it -1. run `ansible-galaxy install -r ansible-requirements.yml` to get requirements -2. prepare inventory hosts -3. put your certificates in files section in nginx role with this structure below: +1. install ansible see [here](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) +2. run `ansible-galaxy install -r ansible-requirements.yml` to get requirements +3. prepare inventory hosts +4. put your certificates in files section in nginx role with this structure below: ``` ansible -> roles -> nginx -> ssl -> .fullchain.pem ansible -> roles -> nginx -> ssl -> .privkey.pem ``` -4. to run playbook +5. to run playbook ```bash ansible-playbook ./playbook.yml -i --extra-vars "kuma_domain=" ``` From 4ccff95d9c7da0f7a89c19b61bec5cba54ab8339 Mon Sep 17 00:00:00 2001 From: Muhammed Hussein Karimi Date: Sun, 24 Oct 2021 11:42:09 +0330 Subject: [PATCH 16/19] add some information to readme (It should be final) --- ansible/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/ansible/README.md b/ansible/README.md index 9068ca8b..d4839e02 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -25,3 +25,4 @@ ansible-playbook ./playbook.yml -i --extra-vars "kuma_doma you can use other ansible playbook options too > Note: Replace `` with your desired domain for uptime kuma +> If you are not using root user as your ansible_user use -bK option to become root From 9a36e227a3efc40549560e60cb53fde3b8691ced Mon Sep 17 00:00:00 2001 From: Muhammed Hussein Karimi Date: Mon, 8 Nov 2021 21:01:52 +0330 Subject: [PATCH 17/19] docker-compose is made in one, volume for error & access log, better tagging for docker --- ansible/README.md | 5 ++++- ansible/roles/nginx/tasks/main.yml | 15 +-------------- ansible/roles/nginx/templates/docker-compose.yml | 8 -------- ansible/roles/nginx/templates/nginx.conf | 6 +++--- ansible/roles/uptime-kuma/defaults/main.yml | 3 +++ .../uptime-kuma/templates/docker-compose.yml | 15 ++++++++++++--- 6 files changed, 23 insertions(+), 29 deletions(-) delete mode 100644 ansible/roles/nginx/templates/docker-compose.yml create mode 100644 ansible/roles/uptime-kuma/defaults/main.yml diff --git a/ansible/README.md b/ansible/README.md index d4839e02..ef0e7b03 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -20,9 +20,12 @@ ansible -> roles -> nginx -> ssl -> .privkey.pem ``` 5. to run playbook ```bash -ansible-playbook ./playbook.yml -i --extra-vars "kuma_domain=" +ansible-playbook ./playbook.yml -i -e "kuma_domain=" -e "kuma_image_os=" -e "kuma_image_version=" ``` you can use other ansible playbook options too > Note: Replace `` with your desired domain for uptime kuma +> replace `` with a version from https://github.com/louislam/uptime-kuma/releases +> replace `` with one of options +> `-e "kuma_image_os=" -e "kuma_image_version="` is not required and you can remove this part or change only one of them (kuma_image_os is debian & kuma_image_version is 1 by default) > If you are not using root user as your ansible_user use -bK option to become root diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml index 11ca80fa..25cf89ea 100644 --- a/ansible/roles/nginx/tasks/main.yml +++ b/ansible/roles/nginx/tasks/main.yml @@ -4,16 +4,9 @@ state: directory loop: - /compose - - /compose/nginx - /compose/volumes - /compose/volumes/nginx - -- name: Ensure docker-compose file has been updated - template: - src: "{{item}}" - dest: /compose/nginx/ - loop: - - docker-compose.yml + - /compose/volumes/nginx/log/{{ kuma_domain }} - name: Ensure nginx config directory exist copy: @@ -27,9 +20,3 @@ template: src: "nginx.conf" dest: /compose/volumes/nginx/nginx.conf - -- name: Ensure nginx is up - community.docker.docker_compose: - state: present - project_src: /compose/nginx - pull: no diff --git a/ansible/roles/nginx/templates/docker-compose.yml b/ansible/roles/nginx/templates/docker-compose.yml deleted file mode 100644 index 02b367e4..00000000 --- a/ansible/roles/nginx/templates/docker-compose.yml +++ /dev/null @@ -1,8 +0,0 @@ -version: '3.3' -services: - nginx: - network_mode: host - restart: always - image: nginx:stable-alpine - volumes: - - '/compose/volumes/nginx/:/etc/nginx/' \ No newline at end of file diff --git a/ansible/roles/nginx/templates/nginx.conf b/ansible/roles/nginx/templates/nginx.conf index fc23747e..2e348623 100644 --- a/ansible/roles/nginx/templates/nginx.conf +++ b/ansible/roles/nginx/templates/nginx.conf @@ -67,8 +67,8 @@ http { server_name {{ kuma_domain }}; listen 443 ssl http2 default_server; - access_log /var/log/nginx/yoursite.access.log main; - error_log /var/log/nginx/yoursite.error.log; + access_log /var/log/nginx/{{ kuma_domain }}.access.log main; + error_log /var/log/nginx/{{ kuma_domain }}.error.log; location / { # rewrite ^/(.*)/$ /$1 permanent; @@ -79,7 +79,7 @@ http { # } proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://localhost:3001/; + proxy_pass http://uptime-kuma:3001/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; diff --git a/ansible/roles/uptime-kuma/defaults/main.yml b/ansible/roles/uptime-kuma/defaults/main.yml new file mode 100644 index 00000000..7f289686 --- /dev/null +++ b/ansible/roles/uptime-kuma/defaults/main.yml @@ -0,0 +1,3 @@ +--- +kuma_image_version: '1' +kuma_image_os: 'debian' diff --git a/ansible/roles/uptime-kuma/templates/docker-compose.yml b/ansible/roles/uptime-kuma/templates/docker-compose.yml index 54cca27d..f87afc28 100644 --- a/ansible/roles/uptime-kuma/templates/docker-compose.yml +++ b/ansible/roles/uptime-kuma/templates/docker-compose.yml @@ -2,9 +2,18 @@ version: '3.3' services: uptime-kuma: restart: always - ports: - - '127.0.0.1:3001:3001' + expose: + - 3001 volumes: - '/compose/volumes/uptime-kuma:/app/data' container_name: uptime-kuma - image: 'louislam/uptime-kuma:alpine' + image: 'louislam/uptime-kuma:{{kuma_image_version}}-{{kuma_image_os}}' + + nginx: + depends_on: + - uptime-kuma + restart: always + image: nginx:stable-alpine + volumes: + - '/compose/volumes/nginx/:/etc/nginx/' + - '/compose/volumes/nginx/log/{{ kuma_domain }}:/var/log/nginx/{{ kuma_domain }}/' From 8f7ca1f4db176349ea4fd27f10d4671958612d06 Mon Sep 17 00:00:00 2001 From: Muhammed Hussein Karimi Date: Mon, 8 Nov 2021 21:06:58 +0330 Subject: [PATCH 18/19] I forgot to commit this part :) --- ansible/roles/uptime-kuma/templates/docker-compose.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ansible/roles/uptime-kuma/templates/docker-compose.yml b/ansible/roles/uptime-kuma/templates/docker-compose.yml index f87afc28..7af4c1cc 100644 --- a/ansible/roles/uptime-kuma/templates/docker-compose.yml +++ b/ansible/roles/uptime-kuma/templates/docker-compose.yml @@ -2,6 +2,8 @@ version: '3.3' services: uptime-kuma: restart: always + networks: + - uptime-kuma expose: - 3001 volumes: @@ -10,6 +12,11 @@ services: image: 'louislam/uptime-kuma:{{kuma_image_version}}-{{kuma_image_os}}' nginx: + ports: + - 443:443 + - 80:80 + networks: + - uptime-kuma depends_on: - uptime-kuma restart: always @@ -17,3 +24,6 @@ services: volumes: - '/compose/volumes/nginx/:/etc/nginx/' - '/compose/volumes/nginx/log/{{ kuma_domain }}:/var/log/nginx/{{ kuma_domain }}/' + +networks: + uptime-kuma: From 2c0e22ad31dee8c695d082553d2360b433d1a348 Mon Sep 17 00:00:00 2001 From: Muhammed Hussein Karimi Date: Tue, 14 Dec 2021 01:14:44 +0330 Subject: [PATCH 19/19] some minor features and fixes for ansible role --- ansible/README.md | 11 +++++++++-- ansible/playbook.yml | 9 +++++++-- ansible/roles/nginx/tasks/main.yml | 4 ++-- ansible/roles/uptime-kuma/defaults/main.yml | 1 + ansible/roles/uptime-kuma/tasks/main.yml | 1 - .../roles/uptime-kuma/templates/docker-compose.yml | 2 +- 6 files changed, 20 insertions(+), 8 deletions(-) diff --git a/ansible/README.md b/ansible/README.md index ef0e7b03..51caa13c 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -15,8 +15,8 @@ I will try to make this readme better 3. prepare inventory hosts 4. put your certificates in files section in nginx role with this structure below: ``` -ansible -> roles -> nginx -> ssl -> .fullchain.pem -ansible -> roles -> nginx -> ssl -> .privkey.pem +ansible -> roles -> nginx -> files -> ssl -> .fullchain.pem +ansible -> roles -> nginx -> files -> ssl -> .privkey.pem ``` 5. to run playbook ```bash @@ -25,7 +25,14 @@ ansible-playbook ./playbook.yml -i -e "kuma_domain= Note: Replace `` with your desired domain for uptime kuma + > replace `` with a version from https://github.com/louislam/uptime-kuma/releases > replace `` with one of options + > `-e "kuma_image_os=" -e "kuma_image_version="` is not required and you can remove this part or change only one of them (kuma_image_os is debian & kuma_image_version is 1 by default) + > If you are not using root user as your ansible_user use -bK option to become root + +> instead of `-e "kuma_image_os=" -e "kuma_image_version="` You can use `-e kuma_tag=` and replace `` with your desired tag (e.g. `latest`) + +> you can also create a yaml file with variables that you want to set & use it (also: ansible-vars) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 3900f77d..dc21e249 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -6,9 +6,14 @@ - name: docker docker_compose_version: "v2.0.1" + tasks: + - name: Ensure {{inventory_hostname}} is set as hostname + hostname: + name: "{{inventory_hostname}}" + tags: ["hostname"] + roles: - {role: geerlingguy.docker, tags: ["docker"]} - {role: geerlingguy.pip, tags: ["docker"]} - - {role: kuma, tags: ["kuma"]} + - {role: uptime-kuma, tags: ["kuma"]} - {role: nginx, tags: ["nginx"]} - diff --git a/ansible/roles/nginx/tasks/main.yml b/ansible/roles/nginx/tasks/main.yml index 25cf89ea..ea0da9a3 100644 --- a/ansible/roles/nginx/tasks/main.yml +++ b/ansible/roles/nginx/tasks/main.yml @@ -8,10 +8,10 @@ - /compose/volumes/nginx - /compose/volumes/nginx/log/{{ kuma_domain }} -- name: Ensure nginx config directory exist +- name: Ensure nginx SSL certificates exist copy: src: ssl - dest: /compose/volumes/nginx/ssl + dest: /compose/volumes/nginx mode: 'preserve' group: root owner: root diff --git a/ansible/roles/uptime-kuma/defaults/main.yml b/ansible/roles/uptime-kuma/defaults/main.yml index 7f289686..c2f5d1bc 100644 --- a/ansible/roles/uptime-kuma/defaults/main.yml +++ b/ansible/roles/uptime-kuma/defaults/main.yml @@ -1,3 +1,4 @@ --- kuma_image_version: '1' kuma_image_os: 'debian' +kuma_tag: "{{kuma_image_version}}-{{kuma_image_os}}" diff --git a/ansible/roles/uptime-kuma/tasks/main.yml b/ansible/roles/uptime-kuma/tasks/main.yml index 304bc291..11893e93 100644 --- a/ansible/roles/uptime-kuma/tasks/main.yml +++ b/ansible/roles/uptime-kuma/tasks/main.yml @@ -20,4 +20,3 @@ state: present project_src: /compose/kuma pull: yes - diff --git a/ansible/roles/uptime-kuma/templates/docker-compose.yml b/ansible/roles/uptime-kuma/templates/docker-compose.yml index 7af4c1cc..3357bdc6 100644 --- a/ansible/roles/uptime-kuma/templates/docker-compose.yml +++ b/ansible/roles/uptime-kuma/templates/docker-compose.yml @@ -9,7 +9,7 @@ services: volumes: - '/compose/volumes/uptime-kuma:/app/data' container_name: uptime-kuma - image: 'louislam/uptime-kuma:{{kuma_image_version}}-{{kuma_image_os}}' + image: 'louislam/uptime-kuma:{{kuma_tag}}' nginx: ports: