Centos7 Ansilbe-安裝Nginx
前言
Ansible 入門詳解參考等源於此
適用於自己的Ansible playbook
獲取阿里雲Ansible的源,安裝Ansible
Centos7
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
Centos6
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo
安裝Ansible
yum -y install ansible
下載Nginx
mkdir -p /data/ansible-script/ && cd /data/ansible-script/
vim nginx.yml
- 手動下載一個對應版本的nginx.tar.gz,並放在相應目錄
Nginx官網
編寫劇本
# 指明在webservers組內所有主機上執行任務
# tempip是指目標服務器IP地址:SSH端口(或修改主機清單ansible/host使用別名也可)
# 例如 192.168.2.25:22
# 指明在webservers組內所有主機上執行任務
- hosts: tempip
#遠程執行任務的用戶爲
remote_user: root
#自定義變量
vars:
- nginx: "/data/source/nginx/nginx-1.14.0.tar.gz"
- nginx_dfile: "/data/nginx-1.14.0"
- nginx_conf: "/data/source/nginx/nginx.conf"
- example_conf: "/data/source/nginx/example.conf"
- nginx_service: "/data//source/nginx/nginx.service"
- path: "/data"
#任務列表
tasks:
#聲明
- name: yum dpkg
shell: yum -y install gcc gcc-c++ autoconf automake make unzip net-tools sysstat vim pcre-devel openssl openssl-devel
- name: mkdir {{ path }} && installation
file: path={{ path }}/installation state=directory
- name: unarchive nginx
unarchive: src={{ nginx }} dest={{ path }} copy=yes backup=yes owner=root group=root
- name: make && make install
shell: cd {{ nginx_dfile }} && ./configure --prefix=/data/nginx --user=root --group=root --with-threads --with-http_realip_module --with-http_ssl_module --with-stream --with-stream_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_slice_module
- name: make install
shell: cd {{ nginx_dfile }} && make -j `nproc ` && make install
- name: mv nginx package
shell: /usr/bin/mv -b {{ nginx_dfile }} {{ path }}/installation/
- name: copy nginx.conf
copy: src={{ nginx_conf }} dest={{ path }}/nginx/conf/ backup=yes
- name: mkdir conf.d
file: path={{ path }}/nginx/conf/conf.d state=directory
- name: copy example.conf
copy: src={{ example_conf }} dest={{ path }}/nginx/conf/conf.d backup=yes
- name: ln nginx >> /usr/bin/nginx
file: src={{ path }}/nginx/sbin/nginx path=/usr/bin/nginx state=link
- name: copy nginx.service
copy: src={{ nginx_service }} dest=/usr/lib/systemd/system/nginx.service backup=yes owner=root group=root mode=644
- name: systemctl reload
shell: systemctl daemon-reload
- name: service enable
service: name=nginx enabled=yes state=restarted
nginx.conf
# Nginx Main Configure File.
# NGINX啓動用戶
user root;
# CPU核數
worker_processes 8;
events {
worker_connections 51200;
}
http {
include mime.types;
server_tokens off;
keepalive_timeout 60s;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
server {
listen 80 default;
server_name _;
return 403;
}
#虛擬主機路徑
include conf.d/*.conf;
}
example.conf
###
server {
listen 80;
listen 443 ssl;
listen [::]:443 ssl;
server_name www.baidu.com;
# ssl on;
# ssl_certificate certs/stib.crt;
# ssl_certificate_key certs/stib.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
access_log logs/dev_access.log;
error_log logs/dev_error.log;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
client_max_body_size 20m;
# if ($scheme = http) {
# return 301 https://$server_name$request_uri;
# }
location / {
proxy_pass http://127.0.0.1:13000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /swagger {
alias /home/developer/swagger/dist;
index index.html;
# error_page 404=200 /index.html;
}
location /news {
alias /home/developer/news;
index index.html;
# error_page 404=200 /index.html;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|tiff){
root /home/developer/images;
}
location /interface {
proxy_pass http://127.0.0.1:13000;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /notify {
proxy_pass http://127.0.0.1:13006/notify;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /nacos {
proxy_pass http://127.0.0.1:8848/nacos;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /xxl-job-admin {
proxy_pass http://127.0.0.1:8099/xxl-job-admin;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
error_page 404 =200 /swagger/index.html;
}
nginx.sevice
[Unit]
Description=nginx project
After=nginx.service
[Service]
Type=forking
User=root
Group=root
PIDFile=/data/nginx/logs/nginx.pid
ExecStart=/data/nginx/sbin/nginx
ExecReload=/data/nginx/sbin/nginx -s reload
#也可以通過環境變量啓動
ExecStop=/data/nginx/sbin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
執行劇本
ansible-playbook nginx.yml
報錯相關
若需要密碼(嫌麻煩),或失敗。請先打通單向登錄免密即可
單向登錄命令與腳本