Skip to content

Instantly share code, notes, and snippets.

@kraeml

kraeml/Vagrantfile_DBA_INA_playbooks.yml

Created June 14, 2018 07:32
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kraeml/1841e1b7204ff3fa9565f92d1bc5ab6e to your computer and use it in GitHub Desktop.
Save kraeml/1841e1b7204ff3fa9565f92d1bc5ab6e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Vagrantfile_DBA_INA_playbooks.yml
---
- hosts: all
vars:
php_version: '7.2'
db_user:
name: "example_user"
password: "passw0rd"
package_version:
phpmyadmin: "4.7.7"
roles:
- role: geerlingguy.mysql
become: yes
mysql_user_name: root
mysql_user_password: root
mysql_databases:
- name: example_db
encoding: latin1
collation: latin1_general_ci
mysql_users:
- name: "{{db_user.name}}"
host: "%"
password: "{{db_user.password}}"
priv: "example_db.*:ALL"
tags:
- db_mysql
- role: geerlingguy.nginx
become: yes
nginx_remove_default_vhost: true
nginx_vhosts:
- listen: "80 default_server"
server_name: "_"
root: "/var/www/html"
index: "index.php index.html index.htm index.nginx-debian.html"
error_log: ""
state: "present"
template: "{{ nginx_vhost_template }}"
filename: "default.conf"
extra_parameters: |
location / {
try_files $uri $uri/ /index.html /index.php;
}
location ~ ^/~(?<userdir_user>[\w-]+)(?<userdir_uri>/.*)?$ {
alias /home/$userdir_user/www$userdir_uri;
# autoindex on;
location ~ [^/]\.php(/|$) {
include fastcgi_params;
fastcgi_index index.php;
# check if requested PHP file really exists
if (!-f $request_filename) {
return 404;
}
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass 127.0.0.1:9000;
}
}
location ~ [^/]\.php$ {
include fastcgi_params;
fastcgi_index index.php;
# check if requested PHP file really exists
if (!-f $request_filename) {
return 404;
}
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
location /_OPT {
try_files $uri @uwsgi;
}
location @uwsgi {
rewrite ^/_OPT/(.*) /$1 break;
include uwsgi_params;
#uwsgi_pass /run/uwsgi/app/OnlinePythonTutor/socket;
uwsgi_pass localhost:8003;
}
## Begin - Security
# deny all direct access for these folders
location ~* /(.git|cache|bin|logs|backups|tests)/.*$ { return 403; }
# deny running scripts inside core system folders
location ~* /(system|vendor)/.*\.(txt|xml|md|html|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny running scripts inside user folder
location ~* /user/.*\.(txt|md|yaml|php|pl|py|cgi|twig|sh|bat)$ { return 403; }
# deny access to specific files in the root folder
location ~ /(LICENSE.txt|composer.lock|composer.json|nginx.conf|web.config|htaccess.txt|\.htaccess) { return 403; }
tags:
- db_mysql
- role: geerlingguy.php-versions
become: yes
- role: geerlingguy.php
become: yes
php_webserver_daemon: "nginx"
php_enable_php_fpm: true
tags:
- db_mysql
- role: geerlingguy.php-mysql
become: yes
tags:
- db_mysql
tasks:
- name: Sag Hallo
debug:
msg: Hello world!
- block:
- name: Install phpmyadmin
become: yes
vars:
version: "{{package_version.phpmyadmin}}"
unarchive:
src: https://files.phpmyadmin.net/phpMyAdmin/{{version}}/phpMyAdmin-{{version}}-all-languages.tar.gz
dest: /var/www/html/
owner: www-data
group: www-data
remote_src: yes
- name: Link to phpmyadmin
become: yes
vars:
version: "{{package_version.phpmyadmin}}"
file:
state: link
src: /var/www/html/phpMyAdmin-{{version}}-all-languages
dest: /var/www/html/phpmyadmin
- name: Copy phpmyadmin config
become: yes
ignore_errors: true
get_url:
url: https://cloud.franken.de/owncloud/index.php/s/zPpINpJHLXwSb0u/download
dest: /var/www/html/phpmyadmin/config.inc.php
owner: www-data
group: www-data
mode: 0664
tags:
- db_mysql
- phpmyadmin
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment