Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/elan-ev/opencast_nginx

Ansible role to install and prepares Nginx for Opencast
https://github.com/elan-ev/opencast_nginx

ansible ansible-role opencast

Last synced: 4 months ago
JSON representation

Ansible role to install and prepares Nginx for Opencast

Awesome Lists containing this project

README 

          
Ansible: Opencast Nginx Role

============================



[![lint](https://github.com/elan-ev/opencast_nginx/actions/workflows/lint.yml/badge.svg?branch=main)](https://github.com/elan-ev/opencast_nginx/actions/workflows/lint.yml?branch=main)

[![molecule](https://github.com/elan-ev/opencast_nginx/actions/workflows/molecule.yml/badge.svg?branch=main)](https://github.com/elan-ev/opencast_nginx/actions/workflows/molecule.yml?branch=main)



This Ansible role installs and prepares Nginx as reverse proxy for Opencast.

If no certificate is present, this role deploys a dummy certificate which allows Nginx to start up.



Dependencies

------------



This role uses the [community.crypto.openssl_dhparam](https://docs.ansible.com/ansible/latest/collections/community/crypto/openssl_dhparam_module.html) module

to generate Diffie-Hellman parameters. You therefor need to have the [community.crypto collection](https://galaxy.ansible.com/community/crypto) installed.



Role Variables

--------------



- `opencast_nginx_storage_downloads_path`

    - Path to Opencast's downloads directory (default: `/srv/opencast/downloads/`)

- `opencast_nginx_cors_urls`

    - List of URLs to add CORS exceptions for (default: `[]`)



Additional Configuration

------------------------



While this deploys dummy TSL certificates which allow Nginx to start up,

make sure to deploy proper certificates for production.

To do that, copy your certificates to:



- `/etc/nginx/ssl/{{ inventory_hostname }}.key`

- `/etc/nginx/ssl/{{ inventory_hostname }}.crt`



If you want to use Let's Encrypt to generate certificates, you can also include the role

[`elan.opencast_certbot`](https://galaxy.ansible.com/elan/opencast_certbot)

which will automatically generate TLS certificates for you.



You can also add some custom configuration in the file `/etc/nginx/conf.d/extra.conf`.

The file is included after Opencast's main `location` block.

The role will not modify this file if it exists.



Additionally you can define other virtual hosts in `/etc/nginx/sites-enabled/` directory.

They will be loaded as well.



> ℹī¸ You may want to disable Nginx default vhost on Debian based systems by removing the

  `/etc/nginx/sites-enabled/default` symlink.



Example Playbook

----------------



Example of how to configure and use the role:



```yaml

- hosts: servers

  become: true

  roles:

    - role: elan.opencast_nginx

```



This will leave you with an invalid dummy certificate.

You will need to replace it with a valid one before booting up Opencast.

The role will _not_ replace an existing certificate so you can safely use a `file` task to deploy it afterwards:



```yaml

- hosts: servers

  become: true

  tasks:

    - include_role:

        name: elan.opencast_nginx



    - name: install tls certificate

      copy:

        src: tls-{{ item }}.pem

        dest: /etc/nginx/ssl/{{ inventory_hostname }}.{{ item }}

        owner: root

        group: root

        mode: '0400'

      notify: Reload nginx

      loop:

        - key

        - crt

```



Development Environment

----------------



For linting and role development you can use the tools defined in [development requirements](.dev_requirements.txt).

You can quickly install them in a python virtual environment like this:



```sh

# Create a virtual environment

python -m venv venv

# Activate the virtual environment

. venv/bin/activate

# Install the dependencies

pip install -r .dev_requirements.txt

```



E.g. you can then install the ansible requirements or run the linter (`yamllint -c .yamllint . && ansible-lint`).



For development and testing you can use [molecule](https://molecule.readthedocs.io/en/latest/).

With podman as driver you can install it like this – preferably in a virtual environment:



```bash

pip install -r .dev_requirements.txt

```



Then you can *create* the test instances, apply the ansible config (*converge*) and *destroy* the test instances with these commands:



```bash

molecule create

molecule converge

molecule destroy

```



If you want to inspect a running test instance use `molecule login --host `, where you replace `` with the desired value.