Compare commits

..

3 Commits

59 changed files with 298 additions and 64 deletions

View File

@ -33,29 +33,11 @@ This software shipts the following tools which are natively setup on the server:
- [Backups Cleanup](./roles/cleanup-backups-timer/README.md) - Cleans up old backups - [Backups Cleanup](./roles/cleanup-backups-timer/README.md) - Cleans up old backups
- [Btrfs Health Check](./roles/health-btrfs/README.md) - Checks the health of Btrfs file systems - [Btrfs Health Check](./roles/health-btrfs/README.md) - Checks the health of Btrfs file systems
- [Docker Health Check](./roles/health-docker-container/) - Checks the health of docker containers - [Docker Health Check](./roles/health-docker-container/) - Checks the health of docker containers
- [Docker Reverse Proxy](./roles/docker-reverse-proxy/README.md) - Docker Reverse Proxy Solution - [Docker Reverse Proxy](./roles/nginx-docker-reverse-proxy/README.md) - Docker Reverse Proxy Solution
- [Docker Volume Backup](./roles/backup-docker-to-local/) - Backup Solution for Docker Volumes - [Docker Volume Backup](./roles/backup-docker-to-local/) - Backup Solution for Docker Volumes
- [Pull Primary Backups](./roles/backup-remote-to-local/README.md) - Pulls the backups from another server and stores them - [Pull Primary Backups](./roles/backup-remote-to-local/README.md) - Pulls the backups from another server and stores them
- [Wireguard](./roles/wireguard/README.md) - Integrates the server in an wireguard vpn - [Wireguard](./roles/wireguard/README.md) - Integrates the server in an wireguard vpn
### Server Administration
#### Cleanup docker
``bash
docker stop $(docker ps -aq); docker rm $(docker ps -aq); docker volume rm $(docker volume ls -q);
``
#### Restart
To mercifull restart the server and to prevent data lost type in:
``bash
docker stop $(docker ps -a -q) && systemctl stop docker && shutdown -r +2 "The system will shutdown in 2 minutes"
``
May it's neccessary to restart some of the the docker containers manual afterwards.
## Personal Computers ## Personal Computers
This playbooks offers the setup of Manjaro GNOME clients. This playbooks offers the setup of Manjaro GNOME clients.
@ -84,6 +66,13 @@ Run:
ansible-galaxy collection install -r requirements.yml ansible-galaxy collection install -r requirements.yml
``` ```
## Addidional Parameters
- activate_all_timers (bool): Activates matomo tracking on all html pages
- nginx_matomo_tracking_active (bool): Activates matomo tracking on all html pages
The role specific parameters are descriped in the readme.md of the roles
## Author ## Author
Kevin Veen-Birkenbach Kevin Veen-Birkenbach

View File

@ -30,3 +30,8 @@ path_administrator_home: "/home/administrator/"
path_administrator_scripts: "{{path_administrator_home}}scripts/" path_administrator_scripts: "{{path_administrator_home}}scripts/"
path_docker_volumes: "{{path_administrator_home}}volumes/docker/" path_docker_volumes: "{{path_administrator_home}}volumes/docker/"
path_docker_compose_files: "{{path_administrator_home}}docker-compose/" path_docker_compose_files: "{{path_administrator_home}}docker-compose/"
# Runtime Variables
activate_all_timers (bool): false # Activates all timers, independend if the handlers had been triggered
nginx_matomo_tracking_active: false # Activates matomo tracking on all html pages
execute_updates: true # Executes updates

View File

@ -2,8 +2,10 @@
- name: general setup - name: general setup
hosts: all hosts: all
become: true become: true
tasks:
roles: roles:
- update - role: update
when: execute_updates is true
- name: servers host setup - name: servers host setup
hosts: servers hosts: servers
@ -36,7 +38,7 @@
# Native Webserver Roles # Native Webserver Roles
- name: setup nginx-homepages - name: setup nginx-homepages
hosts: nginx-homepage hosts: homepage
become: true become: true
roles: roles:
- role: nginx-homepage - role: nginx-homepage

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: register directory - name: register directory

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -7,13 +7,13 @@
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: template:
src: roles/docker-reverse-proxy/templates/domain.conf.j2 src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2
dest: /etc/nginx/conf.d/{{domain}}.conf dest: /etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
#- name: configure {{ mail_interface_domain }}.conf #- name: configure {{ mail_interface_domain }}.conf
# template: # template:
# src: roles/docker-reverse-proxy/templates/domain.conf.j2 # src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2
# dest: /etc/nginx/conf.d/{{ mail_interface_domain }}.conf # dest: /etc/nginx/conf.d/{{ mail_interface_domain }}.conf
# vars: # vars:
# http_port: "{{ mail_interface_http_port }}" # http_port: "{{ mail_interface_http_port }}"

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: "create {{docker_compose_path}}" - name: "create {{docker_compose_path}}"

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -4,7 +4,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: create elasticsearch-sysctl.conf - name: create elasticsearch-sysctl.conf

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: "create {{docker_compose_path}}" - name: "create {{docker_compose_path}}"

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}} https - name: configure {{domain}} https
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: "create {{path_docker_compose_folder}}" - name: "create {{path_docker_compose_folder}}"

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -2,7 +2,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: "docker jenkins" - name: "docker jenkins"

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: "create {{path_docker_compose_folder}}" - name: "create {{path_docker_compose_folder}}"

View File

@ -0,0 +1,8 @@
---
- name: recreate listmonk
command:
cmd: docker-compose -p listmonk up -d --force-recreate
chdir: "{{path_docker_compose_files}}listmonk/"
environment:
COMPOSE_HTTP_TIMEOUT: 600
DOCKER_CLIENT_TIMEOUT: 600

View File

@ -0,0 +1,2 @@
dependencies:
- docker-reverse-proxy

View File

@ -0,0 +1,21 @@
---
- name: recieve {{domain}} certificate
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf
template:
src: "roles/docker-reverse-proxy/templates/domain.conf.j2"
dest: "/etc/nginx/conf.d/{{domain}}.conf"
notify: restart nginx
- name: "create {{path_docker_compose_files}}listmonk/"
file:
path: "{{path_docker_compose_files}}listmonk/"
state: directory
mode: 0755
- name: add docker-compose.yml
template:
src: "docker-compose.yml.j2"
dest: "{{path_docker_compose_files}}listmonk/docker-compose.yml"
notify: recreate listmonk

View File

@ -0,0 +1,31 @@
[app]
# Interface and port where the app will run its webserver. The default value
# of localhost will only listen to connections from the current machine. To
# listen on all interfaces use '0.0.0.0'. To listen on the default web address
# port, use port 80 (this will require running with elevated permissions).
address = "localhost:9000"
# BasicAuth authentication for the admin dashboard. This will eventually
# be replaced with a better multi-user, role-based authentication system.
# IMPORTANT: Leave both values empty to disable authentication on admin
# only where an external authentication is already setup.
admin_username = "listmonk"
admin_password = "listmonk"
# Database.
[db]
host = "localhost"
port = 5432
user = "listmonk"
password = "listmonk"
# Ensure that this database has been created in Postgres.
database = "listmonk"
ssl_mode = "disable"
max_open = 25
max_idle = 25
max_lifetime = "300s"
# Optional space separated Postgres DSN params. eg: "application_name=listmonk gssencmode=disable"
params = ""

View File

@ -0,0 +1,54 @@
# NOTE: This docker-compose.yml is meant to be just an example guideline
# on how you can achieve the same. It is not intented to run out of the box
# and you must edit the below configurations to suit your needs.
version: "3.7"
x-app-defaults: &app-defaults
restart: unless-stopped
image: listmonk/listmonk:latest
ports:
- "9000:9000"
networks:
- listmonk
environment:
- TZ=Etc/UTC
x-db-defaults: &db-defaults
image: postgres:13
ports:
- "9432:5432"
networks:
- listmonk
environment:
- POSTGRES_PASSWORD=listmonk
- POSTGRES_USER=listmonk
- POSTGRES_DB=listmonk
restart: unless-stopped
healthcheck:
test: ["CMD-SHELL", "pg_isready -U listmonk"]
interval: 10s
timeout: 5s
retries: 6
services:
db:
<<: *db-defaults
container_name: listmonk_db
volumes:
- type: volume
source: listmonk-data
target: /var/lib/postgresql/data
app:
<<: *app-defaults
container_name: listmonk_app
depends_on:
- db
volumes:
- ./config.toml:/listmonk/config.toml
networks:
listmonk:
volumes:
listmonk-data:

View File

@ -1,3 +1,3 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy
- systemd_notifier - systemd_notifier

View File

@ -6,7 +6,7 @@
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
vars: vars:
client_max_body_size: "31M" client_max_body_size: "31M"
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: "create {{path_docker_compose_files}}mailu" - name: "create {{path_docker_compose_files}}mailu"

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -8,6 +8,11 @@ server {
{% include 'roles/letsencrypt/templates/ssl_header.j2' %} {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
{% if nginx_matomo_tracking_active | default(False) %}
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
{% endif %}
keepalive_timeout 70; keepalive_timeout 70;
sendfile on; sendfile on;
client_max_body_size 80m; client_max_body_size 80m;
@ -23,7 +28,7 @@ server {
add_header Strict-Transport-Security "max-age=31536000"; add_header Strict-Transport-Security "max-age=31536000";
{% include 'roles/docker-reverse-proxy/templates/proxy_pass.conf.j2' %} {% include 'roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
location /api/v1/streaming { location /api/v1/streaming {
proxy_set_header Host $host; proxy_set_header Host $host;

View File

@ -18,7 +18,7 @@ This Ansible role deploys a Matomo analytics platform instance using Docker.
## Dependencies ## Dependencies
- `docker-reverse-proxy`: An Ansible role for configuring the reverse proxy. - `nginx-docker-reverse-proxy`: An Ansible role for configuring the reverse proxy.
## Example Playbook ## Example Playbook

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -4,7 +4,7 @@
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: template:
src: "roles/docker-reverse-proxy/templates/domain.conf.j2" src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
dest: "/etc/nginx/conf.d/{{domain}}.conf" dest: "/etc/nginx/conf.d/{{domain}}.conf"
notify: restart nginx notify: restart nginx

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -2,7 +2,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: "docker mediawiki" - name: "docker mediawiki"

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: create data folder - name: create data folder

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -4,6 +4,10 @@ server
{% include 'roles/letsencrypt/templates/ssl_header.j2' %} {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
{% if nginx_matomo_tracking_active | default(False) %}
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
{% endif %}
# Remove X-Powered-By, which is an information leak # Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By; fastcgi_hide_header X-Powered-By;
@ -15,7 +19,7 @@ server
client_body_buffer_size 400M; client_body_buffer_size 400M;
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
{% include 'roles/docker-reverse-proxy/templates/proxy_pass.conf.j2' %} {% include 'roles/nginx-docker-reverse-proxy/templates/proxy_pass.conf.j2' %}
location ^~ /.well-known { location ^~ /.well-known {
rewrite ^/\.well-known/host-meta\.json /public.php?service=host-meta-json last; rewrite ^/\.well-known/host-meta\.json /public.php?service=host-meta-json last;

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -8,6 +8,11 @@ server {
{% include 'roles/letsencrypt/templates/ssl_header.j2' %} {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
{% if nginx_matomo_tracking_active | default(False) %}
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
{% endif %}
## ##
# Application # Application
## ##

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: "create {{docker_compose_path}}" - name: "create {{docker_compose_path}}"

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -3,7 +3,7 @@
command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}} command: certbot certonly --agree-tos --email {{administrator_email}} --non-interactive --webroot -w /var/lib/letsencrypt/ -d {{domain}}
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf
notify: restart nginx notify: restart nginx
- name: "create {{docker_compose_path}}" - name: "create {{docker_compose_path}}"

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -7,7 +7,7 @@
vars: vars:
client_max_body_size: "{{wordpress_max_upload_size}}" client_max_body_size: "{{wordpress_max_upload_size}}"
domain: "{{item}}" domain: "{{item}}"
template: src=roles/docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{ item }}.conf template: src=roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 dest=/etc/nginx/conf.d/{{ item }}.conf
loop: "{{domains}}" loop: "{{domains}}"
notify: restart nginx notify: restart nginx

View File

@ -1,2 +1,2 @@
dependencies: dependencies:
- docker-reverse-proxy - nginx-docker-reverse-proxy

View File

@ -4,7 +4,7 @@
- name: configure {{domain}}.conf - name: configure {{domain}}.conf
template: template:
src: "roles/docker-reverse-proxy/templates/domain.conf.j2" src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
dest: "/etc/nginx/conf.d/{{domain}}.conf" dest: "/etc/nginx/conf.d/{{domain}}.conf"
notify: restart nginx notify: restart nginx

View File

@ -1,4 +1,4 @@
# role docker-reverse-proxy # role nginx-docker-reverse-proxy
Uses nginx as an [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) for local docker applications. Uses nginx as an [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) for local docker applications.

View File

@ -2,6 +2,11 @@ server
{ {
server_name {{domain}}; server_name {{domain}};
{% if nginx_matomo_tracking_active | default(False) %}
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
{% endif %}
{% if client_max_body_size is defined %} {% if client_max_body_size is defined %}
client_max_body_size {{ client_max_body_size }}; client_max_body_size {{ client_max_body_size }};
{% endif %} {% endif %}

View File

@ -5,6 +5,10 @@ server
{% include 'roles/letsencrypt/templates/ssl_header.j2' %} {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
{% if nginx_matomo_tracking_active | default(False) %}
{% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %}
{% endif %}
charset utf-8; charset utf-8;
location / location /

View File

@ -0,0 +1,35 @@
# Nginx Matomo Tracking Role
This Ansible role automates the integration of Matomo tracking code into Nginx-served websites. It simplifies the process of adding the Matomo analytics tracking script and image tracker to all your web pages served through Nginx.
## Features
- Automated insertion of Matomo tracking script into the `</head>` tag of HTML pages.
- Integration of a noscript image tracker before the `</body>` tag for tracking users with JavaScript disabled.
- Configuration to apply changes on every request, ensuring that dynamic content and single-page applications are also tracked.
## Requirements
- Nginx installed on the target server.
- Matomo analytics platform set up and accessible.
## Role Variables
- `matomo_domain`: The domain of your Matomo installation.
- `base_domain`: The base domain of the website you wish to track.
- `matomo_site_id`: The site ID configured in your Matomo dashboard.
## Dependencies
- None. This role is designed to be included in Nginx server block configurations.
## Example Usage
To enable Matomo tracking on your Nginx website, include the role in your playbook and set the required variables.
```yaml
- hosts: webserver
roles:
- { role: nginx-matomo-tracking, matomo_domain: 'matomo.example.com', base_domain: 'example.com', matomo_site_id: '1' }
```
## Customization
You can customize the tracking script and the noscript image tracker by editing the `matomo-tracking.js.j2` and `matomo-tracking.conf.j2` templates.
## Author Information
This role was created in 2023 by Kevin Veen Birkenbach, providing a seamless way to add Matomo analytics to any website served via Nginx.

View File

@ -0,0 +1,38 @@
- name: Check if site already exists in Matomo
uri:
url: "https://{{matomo_domain}}/index.php?module=API&method=SitesManager.getSitesIdFromSiteUrl&url=https://{{base_domain}}&format=json&token_auth={{matomo_auth_token}}"
method: GET
return_content: yes
status_code: 200
validate_certs: yes
register: site_check
- name: Set fact for site ID if site already exists
set_fact:
matomo_site_id: "{{ site_check.json[0].idsite }}"
when: "(site_check.json | length) > 0"
- name: Add site to Matomo and get ID if not exists
uri:
url: "https://{{ matomo_domain }}/index.php"
method: POST
body: "module=API&method=SitesManager.addSite&siteName={{ base_domain }}&urls=https://{{ base_domain }}&token_auth={{ matomo_auth_token }}&format=json"
body_format: form-urlencoded
status_code: 200
return_content: yes
validate_certs: yes
register: add_site
when: "matomo_site_id is not defined"
- name: Set fact for site ID if site was added
set_fact:
matomo_site_id: "{{ add_site.json.value }}"
when: "matomo_site_id is not defined"
- name: Set the Matomo tracking code from a template file
set_fact:
matomo_tracking_code: "{{ lookup('template', 'matomo-tracking.js.j2') }}"
- name: Set the tracking code as a one-liner
set_fact:
matomo_tracking_code_one_liner: "{{ matomo_tracking_code | regex_replace('\\n', '') | regex_replace('\\s+', ' ') }}"

View File

@ -0,0 +1,5 @@
# sub filters to integrate matomo tracking code in nginx websites
sub_filter '</head>' '<script>{{matomo_tracking_code_one_liner}}</script></head>';
sub_filter '</body>' '<noscript><p><img src="//matomo.veen.world/matomo.php?idsite={{matomo_site_id}}&rec=1" style="border:0;" alt="" /></p></noscript></body>';
sub_filter_once off;
# sub_filter_types text/html; This is standart

View File

@ -0,0 +1,14 @@
var _paq = window._paq = window._paq || [];
_paq.push(["setCookieDomain", "*.{{base_domain}}"]);
_paq.push(["setDomains", ["*.{{base_domain}}"]]);
_paq.push(["enableCrossDomainLinking"]);
_paq.push(["trackPageView"]);
_paq.push(["trackAllContentImpressions"]);
_paq.push(["enableLinkTracking"]);
(function() {
var u="//{{matomo_domain}}/";
_paq.push(["setTrackerUrl", u+"matomo.php"]);
_paq.push(["setSiteId", "{{matomo_site_id}}"]);
var d=document, g=d.createElement("script"), s=d.getElementsByTagName("script")[0];
g.async=true; g.src=u+"matomo.js"; s.parentNode.insertBefore(g,s);
})();

View File

@ -0,0 +1,2 @@
matomo_domain: "matomo.{{top_domain}}"
base_domain: "{{ domain | regex_replace('^(?:.*\\.)?(.+\\..+)$', '\\1') }}"

View File

@ -9,6 +9,11 @@
state: directory state: directory
mode: 0755 mode: 0755
- name: Activate NGINX matomo tracking
include_role:
name: nginx-matomo-tracking
when: nginx_matomo_tracking_active and domain is defined
- name: create nginx config file - name: create nginx config file
template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf
notify: restart nginx notify: restart nginx