diff --git a/pillar/webserver/sites.sls b/pillar/webserver/sites.sls
--- a/pillar/webserver/sites.sls
+++ b/pillar/webserver/sites.sls
@@ -26,18 +26,6 @@
wolfplex:
- wolfplex.be
-# -------------------------------------------------------------
-# Static sites
-# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-web_static_sites:
- nasqueron.org:
- - www
- - assets
- - docker
- - ftp
- - trustspace
-
# -------------------------------------------------------------
# PHP sites
#
@@ -50,15 +38,53 @@
command: /usr/local/sbin/php-fpm
web_php_sites:
+ #
+ # Directly managed by Nasqueron
+ #
+ api.nasqueron.org:
+ domain: nasqueron.org
+ subdomain: api
+ user: web-org-nasqueron-api
+ source: wwwroot/nasqueron.org/api
+ target: /var/wwwroot/nasqueron.org/api
+ php-fpm: prod
+ tls: False
+ #
+ # Nasqueron members
+ #
www.dereckson.be:
+ domain: dereckson.be
+ subdomain: www
user: web-be-dereckson-www
source: wwwroot/dereckson.be/www
target: /var/wwwroot/dereckson.be/www
- autochmod: True
php-fpm: prod
+ certdir: dereckson.be
+ server_name:
+ - dereckson.be
+ - www.dereckson.be
+ use_custom_nginx_config: True
+
+# -------------------------------------------------------------
+# Content deployment
+#
+# Sites with automatic deployment
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+web_static_sites:
+ nasqueron.org:
+ - www
+ - assets
+ - docker
+ - ftp
+ - trustspace
+
+web_content_from_staging:
+ nasqueron.org:
+ - api
# -------------------------------------------------------------
-# States
+# Content deployment
#
# Sites with states documenting how to build them
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
diff --git a/roles/webserver-content/README.md b/roles/webserver-content/README.md
--- a/roles/webserver-content/README.md
+++ b/roles/webserver-content/README.md
@@ -17,7 +17,8 @@
For example, the folder for the `*.acme.tld` sites will be `tld/acme`.
This structure goal is to play nice with the Salt include syntax, as dots
-are a directory spearator.
+are a directory separatorb
+.
The bipbip.acme.tld site will be described in `tld/acme/bipbip.sls` file.
diff --git a/roles/webserver-legacy/static-sites.sls b/roles/webserver-content/static-sites.sls
rename from roles/webserver-legacy/static-sites.sls
rename to roles/webserver-content/static-sites.sls
diff --git a/roles/webserver-legacy/php-sites/files/fastcgi-php.conf b/roles/webserver-legacy/php-sites/files/fastcgi-php.conf
new file mode 100644
--- /dev/null
+++ b/roles/webserver-legacy/php-sites/files/fastcgi-php.conf
@@ -0,0 +1,62 @@
+# -------------------------------------------------------------
+# Webserver
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/webserver-legacy/php-sites/files/fastcgi-php.conf
+# -------------------------------------------------------------
+#
+#
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+#
+
+# -------------------------------------------------------------
+# Path info
+#
+# try_files resets the $fastcgi_path_info variable.
+# Reference: http://trac.nginx.org/nginx/ticket/321
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+fastcgi_split_path_info ^(.+\.php)(/.+)$;
+try_files $fastcgi_script_name =404;
+
+set $path_info $fastcgi_path_info;
+fastcgi_param PATH_INFO $path_info;
+
+# -------------------------------------------------------------
+# Headers
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param REQUEST_SCHEME $scheme;
+fastcgi_param HTTPS $https if_not_empty;
+
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+
+# -------------------------------------------------------------
+# Misc
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+# Let's play nice with --enable-force-cgi-redirect PHP option
+fastcgi_param REDIRECT_STATUS 200;
+
+fastcgi_index index.php;
diff --git a/roles/webserver-legacy/php-sites/files/nginx-server.conf b/roles/webserver-legacy/php-sites/files/nginx-server.conf
new file mode 100644
--- /dev/null
+++ b/roles/webserver-legacy/php-sites/files/nginx-server.conf
@@ -0,0 +1,44 @@
+# -------------------------------------------------------------
+# Webserver
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Site: {{ fqdn }}
+# License: Trivial work, not eligible to copyright
+# Source file: roles/webserver-legacy/php-sites/files/nginx-server.conf
+# -------------------------------------------------------------
+#
+#
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+#
+
+server {
+ listen 80;
+ listen [::]:80;
+ server_name {{ ' '.join(server_name) }};
+
+ {% if tls -%}
+ include includes/ssl;
+ ssl_certificate /usr/local/etc/letsencrypt/live/{{ certdir }}/fullchain.pem;
+ ssl_certificate_key /usr/local/etc/letsencrypt/live/{{ certdir }}/privkey.pem;
+ {%- endif %}
+
+ error_log /var/log/www/{{ domain }}/{{ subdomain }}-error.log;
+ access_log /var/log/www/{{ domain }}/{{ subdomain }}-access.log;
+
+ root {{ root }};
+ index index.html index.php index.htm;
+
+ include includes/letsencrypt;
+
+ location / {
+ try_files $uri $uri/ =404;
+ }
+
+ location ~ \.php$ {
+ include includes/fastcgi-php.conf;
+ fastcgi_pass unix:/var/run/web/{{ fqdn }}/php-fpm-pool.sock;
+ }
+}
diff --git a/roles/webserver-legacy/php-sites/init.sls b/roles/webserver-legacy/php-sites/init.sls
--- a/roles/webserver-legacy/php-sites/init.sls
+++ b/roles/webserver-legacy/php-sites/init.sls
@@ -9,3 +9,4 @@
- .account
- .files
- .php-fpm
+ - .nginx
diff --git a/roles/webserver-legacy/php-sites/nginx.sls b/roles/webserver-legacy/php-sites/nginx.sls
new file mode 100644
--- /dev/null
+++ b/roles/webserver-legacy/php-sites/nginx.sls
@@ -0,0 +1,42 @@
+# -------------------------------------------------------------
+# Salt — Provision PHP websites — php-fpm pools
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs with context %}
+
+# -------------------------------------------------------------
+# FastCGI configuration for php-fpm
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{{ dirs.etc }}/nginx/includes/fastcgi-php.conf:
+ file.managed:
+ - source: salt://roles/webserver-legacy/php-sites/files/fastcgi-php.conf
+
+# -------------------------------------------------------------
+# Server block
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% for fqdn, site in pillar['web_php_sites'].iteritems() %}
+
+{{ dirs.etc }}/nginx/vhosts/{{ site['domain'] }}:
+ file.directory
+
+{% if 'use_custom_nginx_config' not in site or not site['use_custom_nginx_config'] %}
+{{ dirs.etc }}/nginx/vhosts/{{ site['domain'] }}/{{ site['subdomain'] }}.conf:
+ file.managed:
+ - source: salt://roles/webserver-legacy/php-sites/files/nginx-server.conf
+ - template: jinja
+ - context:
+ fqdn: {{ fqdn }}
+ domain: {{ site['domain'] }}
+ subdomain: {{ site['subdomain'] }}
+ root: {{ site['target'] }}
+ certdir: {{ site['certdir']|default(fqdn) }}
+ server_name: {{ site['server_name']|default([fqdn]) }}
+ tls: {{ site['tls']|default(True) }}
+{% endif %}
+
+{% endfor %}