Skip to content
This repository has been archived by the owner on Dec 8, 2022. It is now read-only.

Playbook for fully automated deployment of one or more web servers (Nginx + Apache) [A NEW MAINTAINER IS REQUIRED]

License

Notifications You must be signed in to change notification settings

vitkuz573/Ansible-WebServer

Repository files navigation

Ansible WebServer

Codacy Badge License Help Wanted Lines Of Code Version pre-commit Project Status: Inactive

Playbook for fully automated deployment of one or more web servers (Nginx + Apache)

Usage

  1. Install Ansible and other required packages:

    Debian:

    sudo apt install ansible sshpass
  2. Install the language files:

    sudo install languages/en.mo /usr/share/locale/en/LC_MESSAGES/init.mo
    sudo install languages/ru.mo /usr/share/locale/ru/LC_MESSAGES/init.mo
  3. Run init.sh and follow the instructions:

    LANGUAGE=en ./init.sh

WARNING: Do not run the playbook directly from the server on which you plan to deploy!

NOTE: In case of deploying a web server with HTTPS (option 1), the certificate and key files must be on the server at the time of deployment!

Deployment options

  • HTTP
  • HTTPS
    • With a pre-prepared certificate (option 1)
    • With a certificate obtained from Let's Encrypt (option 2)
    • With a self-signed certificate (option 3)

What will be installed and configured?

  • Nginx (Frontend)
  • Apache (Backend)
  • Apache Modules
    • mod_fastcgi
    • mod_remoteip
  • PHP-FPM
  • DBMS (optional)
    • MariaDB + phpMyAdmin (optional)
    • MySQL + phpMyAdmin (optional)
    • PostgreSQL + pgAdmin (optional) (in development)
  • Knockd (optional)
  • SFTP Server (optional)
  • Fail2ban (optional) (in development)
  • Firewall (optional)
    • UFW
    • Firewalld (in development)

What will be done to improve security?

  • Hiding Nginx and Apache versions
  • Blocking access to the Apache port
  • Blocking access to DBMS from outside
  • Blocking direct access via IP (redirect)
  • Protecting Nginx from slow requests
  • SSH protection with Port-Knocking (optional)
  • Blocking access to phpMyAdmin via .htpasswd and .htaccess (optional)

Roadmap

  • Adding HTTPS support
  • Adding the ability to select the DBMS
  • Adding support for pgAdmin
  • GUI development for easier deployment
  • Adding support for other OSes