josephtate/handlers.yml

## handlers.yml
#Web role handlers
- name: start nginx
  service: state=started name=nginx

- name: restart nginx
  service: state=restarted name=nginx

- name: check webapp
  wait_for_cmd: shell='curl -s -o /dev/null -k -w "%{http_code}" {{local_webapp_url}} | grep 401' delay=15 timeout=60 repeat_delay=3

## main.yml
#Web role tasks

- name: Install Web packages and utilities
  apt: state=present pkg=libyaml-dev,mongodb-clients
  tags: deploy

- name: Install ssl-cert package
  apt: state=present pkg=ssl-cert
  tags: deploy
  when: self_signed_ssl

- name: Uninstall mongo server if not using localhost
  apt: state=absent pkg=mongodb-server
  tags: [deploy]
  when: mongo_hostname != 'localhost'

### Error pages
- name: error page dir
  file: state=directory path={{crunch_dir}}/errorpages owner=root group=root mode=0755
  tags: [update, deploy, epages]

- name: error pages
  template: dest={{crunch_dir}}/errorpages/{{item.filename}} src=error.html mode=0644 owner=root group=root
  tags: [update, deploy, epages]
  with_items:
    - filename: 404.html
      title: File Not Found
      headline: The page you have requested cannot be located
      estimate: Go back, or <a href="/">click here</a> to return to the main page.
      show_blog: Off
    - filename: 502.html
      title: Server Error
      headline: Crunch.io is currently down for maintenance. We're working to have it back up as soon as possible.
      estimate: Please return to the previous page and try again after waiting a few minutes.
      show_blog: On
    - filename: 503.html
      title: Server Error
      headline: Crunch.io is experiencing server issues
      estimate: We are working to resolve these issues as soon as possible
      show_blog: On
    - filename: 504.html
      title: Server Error
      headline: Crunch.io server timeout.
      estimate: This operation took too long to complete. Please try again in a few minutes.
      show_blog: On
    - filename: 500.html
      title: Unexpected Server Error
      headline: An unexpected error occured
      estimate: Please return to the previous page and try again.
      show_blog: Off
    - filename: planned_maint.html
      title: Planned Server Maintenance
      headline: The Crunch.io team is currently performing planned maintenance on our servers.
      estimate: We expect this to only last a few minutes, please check back later.
      show_blog: On
    - filename: unexpected_maint.html
      title: Unexpected Server Maintenance
      headline: The Crunch.io team is working on unexpected server issues
      estimate: We are working to resolve these issues as soon as possible
      show_blog: On


### Nginx configuration
- include: nginx.yml
  when: use_nginx

## nginx.conf
proxy_headers_hash_bucket_size 128;
set_real_ip_from 10.0.0.0/8;
log_format access '$http_x_forwarded_for - $remote_addr - $remote_user [$time_local] '
    '"$request" $status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$gzip_ratio"';
access_log /var/log/nginx/access.log access buffer=32k;

upstream crunch_host {
{% for x in range(0, ((numprocs|int) if multiproc_crserver else 1)) %}
    server 127.0.0.1:{{8080 + (2*x)}};
{% endfor %}
}

server {
    listen [::]:80;
    return 301 https://{{public_hostname}}$request_uri;
}

server {
    listen [::]:{{listen_port}};
    root {{crunch_dir}}/whaam;
    server_name {{ public_hostname }};

    client_max_body_size 100m;

    gzip             on;
    gzip_min_length  1000;
    gzip_proxied     expired no-cache no-store private auth;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    {% if self_signed_ssl %}
    ssl on;
    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

    ssl_session_timeout 5m;

    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;
    {% endif %}

    location / {
        # Maintenance modes
        # Nested under / to prevent infinite redirects
        if (-f {{crunch_dir}}/planned) {
            return 307 {{public_url}}e/planned_maint.html;
        }
        if (-f {{crunch_dir}}/unexpected) {
            return 307 {{public_url}}e/unexpected_maint.html;
        }

        # CORS headers. We can't set this globally because /api sets its own.
        add_header 'Access-Control-Allow-Origin' 'http://local.crunch.io:8000';
        add_header 'Access-Control-Allow-Methods' 'OPTIONS, AUTH, POST, GET, HEAD, PUT, DELETE';
        add_header 'Access-Control-Max-Age' 1000;
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Headers' 'Content-Type, Origin, Accept, Cookie, Cache-Control';
        add_header 'Access-Control-Expose-Headers' 'Expires, Allow, Location';

        #We nest these locations so we don't have to repeat the CORS headers
        location = /index.html {
            expires -1;
        }

        location ~* \.(css|js|gif|jpe?g|png)$ {
            expires max;
            add_header Cache-Control "public";
        }

        # First attempt to serve request as file, then
        # as directory, then fall back to index.html
        try_files $uri $uri/ /index.html;
    }


    location /e {
        alias {{crunch_dir}}/errorpages;
    }

    error_page 404 /e/404.html;
    error_page 500 /e/500.html;
    error_page 502 /e/502.html;
    error_page 503 /e/503.html;
    error_page 504 /e/504.html;

    location /t {
        location  /t/404 { return 404; }
        location  /t/500 { return 500; }
        location  /t/502 { return 502; }
        location  /t/503 { return 503; }
        location  /t/504 { return 504; }
    }

    location /api {
        # Maintenance modes
        # Nested under /api to prevent infinite redirects
        if (-f {{crunch_dir}}/planned) {
            return 307 {{public_url}}e/planned_maint.html;
        }
        if (-f {{crunch_dir}}/unexpected) {
            return 307 {{public_url}}e/unexpected_maint.html;
        }

{% if listen_port != 443 %}
        proxy_set_header Host $host:$server_port;
{% else %}
        proxy_set_header Host $host;
        proxy_redirect http://{{public_hostname}}:443/ {{public_url}};
{% endif %}
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Port $server_port;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 180s;
        proxy_pass http://crunch_host;
    }

    location /nginx_status {
        stub_status on;
        access_log off;
    }
}

## nginx.yml
- name: Install Nginx
  apt: state=present pkg=nginx
  tags: [deploy,update,nginx]

- name: Nginx Config
  template: src=nginx.j2 dest=/etc/nginx/sites-available/crunch-app mode=664 owner=root group=root force=yes
  notify: restart nginx
  tags: [deploy,update,nginx,rename]

- name: Nginx worker processes
  lineinfile:
    state: present
    dest: /etc/nginx/nginx.conf
    regexp: 'worker_processes \d+;'
    line: "worker_processes {{ 30 * (numprocs|int) }};"
  notify: restart nginx
  tags: [deploy,update,nginx]

- name: Disable default site
  file: state=absent path=/etc/nginx/sites-enabled/default
  notify: restart nginx
  tags: [deploy,update,nginx]

- name: Link nginx config in sites-enabled
  file: state=link path=/etc/nginx/sites-enabled/crunch-app src=/etc/nginx/sites-available/crunch-app
  notify: restart nginx
  tags: [deploy,update,nginx]

- name: Make sure nginx is started
  service: name=nginx state=started enabled=True
  tags: [deploy,update,nginx]
	#Web role handlers
	- name: start nginx
	service: state=started name=nginx

	- name: restart nginx
	service: state=restarted name=nginx

	- name: check webapp
	wait_for_cmd: shell='curl -s -o /dev/null -k -w "%{http_code}" {{local_webapp_url}} \| grep 401' delay=15 timeout=60 repeat_delay=3
	#Web role tasks

	- name: Install Web packages and utilities
	apt: state=present pkg=libyaml-dev,mongodb-clients
	tags: deploy

	- name: Install ssl-cert package
	apt: state=present pkg=ssl-cert
	tags: deploy
	when: self_signed_ssl

	- name: Uninstall mongo server if not using localhost
	apt: state=absent pkg=mongodb-server
	tags: [deploy]
	when: mongo_hostname != 'localhost'

	### Error pages
	- name: error page dir
	file: state=directory path={{crunch_dir}}/errorpages owner=root group=root mode=0755
	tags: [update, deploy, epages]

	- name: error pages
	template: dest={{crunch_dir}}/errorpages/{{item.filename}} src=error.html mode=0644 owner=root group=root
	tags: [update, deploy, epages]
	with_items:
	- filename: 404.html
	title: File Not Found
	headline: The page you have requested cannot be located
	estimate: Go back, or <a href="/">click here</a> to return to the main page.
	show_blog: Off
	- filename: 502.html
	title: Server Error
	headline: Crunch.io is currently down for maintenance. We're working to have it back up as soon as possible.
	estimate: Please return to the previous page and try again after waiting a few minutes.
	show_blog: On
	- filename: 503.html
	title: Server Error
	headline: Crunch.io is experiencing server issues
	estimate: We are working to resolve these issues as soon as possible
	show_blog: On
	- filename: 504.html
	title: Server Error
	headline: Crunch.io server timeout.
	estimate: This operation took too long to complete. Please try again in a few minutes.
	show_blog: On
	- filename: 500.html
	title: Unexpected Server Error
	headline: An unexpected error occured
	estimate: Please return to the previous page and try again.
	show_blog: Off
	- filename: planned_maint.html
	title: Planned Server Maintenance
	headline: The Crunch.io team is currently performing planned maintenance on our servers.
	estimate: We expect this to only last a few minutes, please check back later.
	show_blog: On
	- filename: unexpected_maint.html
	title: Unexpected Server Maintenance
	headline: The Crunch.io team is working on unexpected server issues
	estimate: We are working to resolve these issues as soon as possible
	show_blog: On


	### Nginx configuration
	- include: nginx.yml
	when: use_nginx
	proxy_headers_hash_bucket_size 128;
	set_real_ip_from 10.0.0.0/8;
	log_format access '$http_x_forwarded_for - $remote_addr - $remote_user [$time_local] '
	'"$request" $status $body_bytes_sent "$http_referer" '
	'"$http_user_agent" "$gzip_ratio"';
	access_log /var/log/nginx/access.log access buffer=32k;

	upstream crunch_host {
	{% for x in range(0, ((numprocs\|int) if multiproc_crserver else 1)) %}
	server 127.0.0.1:{{8080 + (2*x)}};
	{% endfor %}
	}

	server {
	listen [::]:80;
	return 301 https://{{public_hostname}}$request_uri;
	}

	server {
	listen [::]:{{listen_port}};
	root {{crunch_dir}}/whaam;
	server_name {{ public_hostname }};

	client_max_body_size 100m;

	gzip on;
	gzip_min_length 1000;
	gzip_proxied expired no-cache no-store private auth;
	gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

	{% if self_signed_ssl %}
	ssl on;
	ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
	ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

	ssl_session_timeout 5m;

	ssl_protocols SSLv3 TLSv1;
	ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
	ssl_prefer_server_ciphers on;
	{% endif %}

	location / {
	# Maintenance modes
	# Nested under / to prevent infinite redirects
	if (-f {{crunch_dir}}/planned) {
	return 307 {{public_url}}e/planned_maint.html;
	}
	if (-f {{crunch_dir}}/unexpected) {
	return 307 {{public_url}}e/unexpected_maint.html;
	}

	# CORS headers. We can't set this globally because /api sets its own.
	add_header 'Access-Control-Allow-Origin' 'http://local.crunch.io:8000';
	add_header 'Access-Control-Allow-Methods' 'OPTIONS, AUTH, POST, GET, HEAD, PUT, DELETE';
	add_header 'Access-Control-Max-Age' 1000;
	add_header 'Access-Control-Allow-Credentials' 'true';
	add_header 'Access-Control-Allow-Headers' 'Content-Type, Origin, Accept, Cookie, Cache-Control';
	add_header 'Access-Control-Expose-Headers' 'Expires, Allow, Location';

	#We nest these locations so we don't have to repeat the CORS headers
	location = /index.html {
	expires -1;
	}

	location ~* \.(css\|js\|gif\|jpe?g\|png)$ {
	expires max;
	add_header Cache-Control "public";
	}

	# First attempt to serve request as file, then
	# as directory, then fall back to index.html
	try_files $uri $uri/ /index.html;
	}


	location /e {
	alias {{crunch_dir}}/errorpages;
	}

	error_page 404 /e/404.html;
	error_page 500 /e/500.html;
	error_page 502 /e/502.html;
	error_page 503 /e/503.html;
	error_page 504 /e/504.html;

	location /t {
	location /t/404 { return 404; }
	location /t/500 { return 500; }
	location /t/502 { return 502; }
	location /t/503 { return 503; }
	location /t/504 { return 504; }
	}

	location /api {
	# Maintenance modes
	# Nested under /api to prevent infinite redirects
	if (-f {{crunch_dir}}/planned) {
	return 307 {{public_url}}e/planned_maint.html;
	}
	if (-f {{crunch_dir}}/unexpected) {
	return 307 {{public_url}}e/unexpected_maint.html;
	}

	{% if listen_port != 443 %}
	proxy_set_header Host $host:$server_port;
	{% else %}
	proxy_set_header Host $host;
	proxy_redirect http://{{public_hostname}}:443/ {{public_url}};
	{% endif %}
	proxy_set_header X-Forwarded-Proto https;
	proxy_set_header X-Forwarded-Port $server_port;
	proxy_set_header X-Forwarded-Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_read_timeout 180s;
	proxy_pass http://crunch_host;
	}

	location /nginx_status {
	stub_status on;
	access_log off;
	}
	}
	- name: Install Nginx
	apt: state=present pkg=nginx
	tags: [deploy,update,nginx]

	- name: Nginx Config
	template: src=nginx.j2 dest=/etc/nginx/sites-available/crunch-app mode=664 owner=root group=root force=yes
	notify: restart nginx
	tags: [deploy,update,nginx,rename]

	- name: Nginx worker processes
	lineinfile:
	state: present
	dest: /etc/nginx/nginx.conf
	regexp: 'worker_processes \d+;'
	line: "worker_processes {{ 30 * (numprocs\|int) }};"
	notify: restart nginx
	tags: [deploy,update,nginx]

	- name: Disable default site
	file: state=absent path=/etc/nginx/sites-enabled/default
	notify: restart nginx
	tags: [deploy,update,nginx]

	- name: Link nginx config in sites-enabled
	file: state=link path=/etc/nginx/sites-enabled/crunch-app src=/etc/nginx/sites-available/crunch-app
	notify: restart nginx
	tags: [deploy,update,nginx]

	- name: Make sure nginx is started
	service: name=nginx state=started enabled=True
	tags: [deploy,update,nginx]