Created
June 27, 2017 10:58
-
-
Save JamesTheHacker/d15f4b8b8782b4fb2407700546275817 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- name: Install haproxy | |
apt: name=haproxy state=latest | |
- name: Creating /var/www directory | |
file: | |
path: /var/www | |
state: directory | |
owner: "{{ user }}" | |
group: "{{ user }}" | |
- name: Creating /etc/haproxy/certs directory | |
file: | |
path: /etc/haproxy/certs | |
state: directory | |
- name: Copying haproxy .cfg file | |
template: | |
src: templates/haproxy.j2 | |
dest: /etc/haproxy.cfg | |
owner: root | |
group: root | |
notify: | |
- restart haproxy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- name: Creating unprivileged user | |
user: | |
name: "{{ user }}" | |
state: present | |
password: "{{ user_pass }}" | |
- name: Updating packages | |
shell: apt-get update | |
- name: Installing Required packages | |
apt: name={{ item }} state=latest | |
with_items: | |
- build-essential | |
- iptables-persistent | |
- apt-transport-https | |
- python-openssl | |
- nodejs | |
- include: nodejs.yml | |
- include: haproxy.yml | |
- include: letsencrypt-dns.yml | |
- include: deploy.yml | |
- include: daemonize-nodeapp.yml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
log /dev/log local0 | |
log /dev/log local1 notice | |
chroot /var/lib/haproxy | |
stats socket /run/haproxy/admin.socket mode 660 level admin | |
stats timeout 30s | |
user haproxy | |
group haproxy | |
daemon | |
maxconn 2048 | |
tune.ssl.default-dh-param 2048 | |
defaults | |
log global | |
mode http | |
option httplog | |
option dontlognull | |
option forwardfor | |
option http-server-close | |
frontend www-http | |
bind {{ server.droplet.ip_address }}:80 | |
reqadd X-Forwarded-Proto:\ http | |
default_backend www-backend | |
frontend www-https | |
bind {{ server.droplet.ip_address }}:443 ssl crt /etc/haproxy/certs/{{ domain }}.pem | |
reqadd X-Forwarded-Proto:\ https | |
default_backend www-backend | |
backend www-backend | |
redirect scheme https if !{ ssl_fc } | |
mode http | |
balance roundrobin | |
stick-table type ip size 200k expire 100m | |
stick on src | |
server www-1 127.0.0.1:5001 check | |
server www-2 127.0.0.1:5002 check | |
server www-3 127.0.0.1:5003 check |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- hosts: localhost | |
tasks: | |
- name: Spinning up a new droplet | |
digital_ocean: | |
state: present | |
command: droplet | |
name: "{{ domain }}" | |
ssh_key_ids: | |
- "{{ ssh_key_id }}" | |
size_id: 512mb | |
region_id: lon1 | |
image_id: debian-9-x64 | |
api_token: "{{ api_token }}" | |
backups_enabled: no | |
register: server | |
- name: Adding domain name {{ domain }} | |
digital_ocean_domain: | |
api_token: "{{ api_token }}" | |
state: present | |
name: "{{ domain }}" | |
ip: "{{ server.droplet.ip_address }}" | |
- name: Adding www A record | |
uri: | |
url: https://api.digitalocean.com/v2/domains/{{ domain }}/records | |
method: POST | |
status_code: 201 | |
headers: | |
Content-Type: application/json | |
Authorization: Bearer {{ api_token }} | |
body: | |
type: A | |
name: www | |
data: "{{ server.droplet.ip_address }}" | |
priority: null | |
port: null | |
ttl: 1800 | |
weight: null | |
body_format: json | |
- name: Adding droplet to hosts | |
add_host: hostname={{ server.droplet.ip_address }} group=node-servers | |
- name: Wait for SSH to come up | |
local_action: wait_for host={{ server.droplet.ip_address }} port=22 delay=60 timeout=320 state=started | |
- hosts: node-servers | |
remote_user: root | |
gather_facts: false | |
roles: | |
- node-servers | |
handlers: | |
- name: Restarting haproxy | |
service: | |
name: haproxy | |
state: restarted |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment