Centos7 Ansilbe-安裝Nginx

前言

Ansible 入門詳解參考等源於此

Ansible 學習筆記（閒不住的人）

適用於自己的Ansible playbook

獲取阿里雲Ansible的源,安裝Ansible

Centos7

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

Centos6

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo

安裝Ansible

yum -y install ansible

下載Nginx

mkdir -p /data/ansible-script/ && cd /data/ansible-script/ 
vim nginx.yml

• 手動下載一個對應版本的nginx.tar.gz，並放在相應目錄
  Nginx官網

編寫劇本

 # 指明在webservers組內所有主機上執行任務
 # tempip是指目標服務器IP地址:SSH端口（或修改主機清單ansible/host使用別名也可）
 # 例如 192.168.2.25:22
 # 指明在webservers組內所有主機上執行任務
- hosts: tempip
#遠程執行任務的用戶爲
  remote_user: root
#自定義變量
  vars:
    - nginx: "/data/source/nginx/nginx-1.14.0.tar.gz"
    - nginx_dfile: "/data/nginx-1.14.0"
    - nginx_conf: "/data/source/nginx/nginx.conf"
    - example_conf: "/data/source/nginx/example.conf"
    - nginx_service: "/data//source/nginx/nginx.service"
    - path: "/data"
#任務列表
  tasks:
      #聲明
    - name: yum dpkg
      shell: yum -y install gcc gcc-c++ autoconf automake make unzip net-tools sysstat vim pcre-devel openssl openssl-devel
    - name:  mkdir {{ path }} && installation
      file: path={{ path }}/installation state=directory
    - name: unarchive nginx
      unarchive: src={{ nginx }} dest={{ path }} copy=yes backup=yes owner=root group=root
    - name: make && make install
      shell: cd {{ nginx_dfile }} && ./configure --prefix=/data/nginx --user=root --group=root --with-threads --with-http_realip_module --with-http_ssl_module --with-stream --with-stream_ssl_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_slice_module
    - name: make install
      shell: cd {{ nginx_dfile }} && make -j `nproc ` && make install
    - name: mv nginx package
      shell: /usr/bin/mv -b  {{ nginx_dfile }} {{ path }}/installation/
    - name: copy nginx.conf
      copy: src={{ nginx_conf }} dest={{ path }}/nginx/conf/ backup=yes
    - name: mkdir conf.d
      file: path={{ path }}/nginx/conf/conf.d state=directory
    - name: copy example.conf
      copy: src={{ example_conf }} dest={{ path }}/nginx/conf/conf.d backup=yes
    - name: ln  nginx >> /usr/bin/nginx
      file: src={{ path }}/nginx/sbin/nginx path=/usr/bin/nginx  state=link
    - name: copy nginx.service
      copy: src={{ nginx_service }} dest=/usr/lib/systemd/system/nginx.service backup=yes owner=root group=root mode=644
    - name: systemctl reload
      shell: systemctl daemon-reload
    - name: service enable
      service: name=nginx  enabled=yes state=restarted

nginx.conf

# Nginx Main Configure File.
# NGINX啓動用戶
 user  root;
# CPU核數
 worker_processes  8;



 events {
     worker_connections  51200;
     }

http {
    include       mime.types;
    server_tokens off;
    keepalive_timeout 60s;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    sendfile on;
    server {
        listen 80 default;
        server_name _;
        return 403;
    }
#虛擬主機路徑
include conf.d/*.conf;

}

example.conf

###
server {
        listen       80;
        listen       443 ssl;
        listen  [::]:443 ssl;
        server_name www.baidu.com;
#        ssl on;
#        ssl_certificate      certs/stib.crt;
#        ssl_certificate_key  certs/stib.key;
#        ssl_session_cache    shared:SSL:1m;
#        ssl_session_timeout  5m;

        access_log logs/dev_access.log;
        error_log logs/dev_error.log;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers  on;
        client_max_body_size    20m;

#        if ($scheme = http) {
#        return 301  https://$server_name$request_uri;
#                }
        location / {
        proxy_pass http://127.0.0.1:13000;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        }
        location /swagger {
        alias /home/developer/swagger/dist;
        index index.html;
#       error_page 404=200 /index.html;
        }
        location /news {
        alias /home/developer/news;
        index index.html;
#       error_page 404=200 /index.html;
        }
        location ~ .*\.(gif|jpg|jpeg|png|bmp|tiff){
                root /home/developer/images;

        }
        location /interface {
        proxy_pass http://127.0.0.1:13000;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        }
        location /notify {
        proxy_pass http://127.0.0.1:13006/notify;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        }
        location /nacos {
        proxy_pass http://127.0.0.1:8848/nacos;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        }
        location /xxl-job-admin {
        proxy_pass http://127.0.0.1:8099/xxl-job-admin;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        }
        error_page 404 =200     /swagger/index.html;


}

nginx.sevice

[Unit]
Description=nginx project
After=nginx.service

[Service]
Type=forking
User=root
Group=root
PIDFile=/data/nginx/logs/nginx.pid
ExecStart=/data/nginx/sbin/nginx
ExecReload=/data/nginx/sbin/nginx -s reload
#也可以通過環境變量啓動
ExecStop=/data/nginx/sbin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target

執行劇本

ansible-playbook nginx.yml 

報錯相關

若需要密碼(嫌麻煩)，或失敗。請先打通單向登錄免密即可
單向登錄命令與腳本