Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3786835
D3034.id7746.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
3 KB
Referenced Files
None
Subscribers
None
D3034.id7746.diff
View Options
diff --git a/roles/webserver-legacy/account/init.sls b/roles/webserver-alkane/account/init.sls
rename from roles/webserver-legacy/account/init.sls
rename to roles/webserver-alkane/account/init.sls
--- a/roles/webserver-legacy/account/init.sls
+++ b/roles/webserver-alkane/account/init.sls
@@ -1,17 +1,23 @@
# -------------------------------------------------------------
-# Salt — Sites to provision on the legacy web server
-#
-# Currently, this is deployed to ysul.nasqueron.org
+# Salt — Sites to provision
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
-webserver_legacy_group:
- group.present:
- - name: web
- - gid: 9003
- - system: True
+# -------------------------------------------------------------
+# User groups for domains served
+#
+# Those account are mostly intended for static content,
+# to allow users to access it through group.
+#
+# The user will often be "deploy" to allow continuous delivery.
+# This is provisioned by the core role.
+#
+# Back-ends runs under their own separate account.
+#
+# The 9003 group matches "web" group, see webserver-core/nginx
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% for domains_group in pillar['web_domains'] %}
{% for domain in pillar['web_domains'][domains_group] %}
diff --git a/roles/webserver-alkane/init.sls b/roles/webserver-alkane/init.sls
--- a/roles/webserver-alkane/init.sls
+++ b/roles/webserver-alkane/init.sls
@@ -6,4 +6,5 @@
# -------------------------------------------------------------
include:
+ - .account
- .alkane
diff --git a/roles/webserver-core/nginx/config.sls b/roles/webserver-core/nginx/config.sls
--- a/roles/webserver-core/nginx/config.sls
+++ b/roles/webserver-core/nginx/config.sls
@@ -8,6 +8,24 @@
{% from "map.jinja" import dirs with context %}
{% from "roles/webserver-core/map.jinja" import options, certbot_dir with context %}
+# -------------------------------------------------------------
+# Accounts - web group
+#
+# A group shared between nginx, back-end and content directories
+# to allow ACL giving access to the nginx process.
+#
+# This group will so be used by:
+# - nginx process (configured in nginx.conf)
+# - back-end UNIX sockets like php-fpm sockets can be 660
+# - more private folders can use 007 as umask
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+webserver_core_group:
+ group.present:
+ - name: web
+ - gid: 9003
+ - system: True
+
# -------------------------------------------------------------
# Base configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
diff --git a/roles/webserver-core/nginx/files/nginx.conf b/roles/webserver-core/nginx/files/nginx.conf
--- a/roles/webserver-core/nginx/files/nginx.conf
+++ b/roles/webserver-core/nginx/files/nginx.conf
@@ -12,7 +12,7 @@
# and will be lost if the state is redeployed.
# </auto-generated>
-user {{ nginx_options["www_user"] }};
+user {{ nginx_options["www_user"] }} web;
worker_processes auto;
error_log /var/log/nginx/error.log;
diff --git a/roles/webserver-legacy/init.sls b/roles/webserver-legacy/init.sls
--- a/roles/webserver-legacy/init.sls
+++ b/roles/webserver-legacy/init.sls
@@ -8,7 +8,7 @@
# -------------------------------------------------------------
include:
- - .account
+ - roles/webserver-alkane/account
- .directories
- .nginx
- .static-sites
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Wed, Nov 27, 17:20 (21 h, 33 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2267245
Default Alt Text
D3034.id7746.diff (3 KB)
Attached To
Mode
D3034: Create "web" and web domains groups
Attached
Detach File
Event Timeline
Log In to Comment