modif docker compose ajout proxy

roles/docker-nextcloud/files/docker-compose.yml

@@ -21,11 +21,11 @@ services:
     image: nextcloud
     restart: always
     ports:
-      - 8080:80
+      - 5678:80
     links:
       - db
     volumes:
-      - nextcloud:/var/www/html
+      - ./nextcloud:/var/www/html
     environment:
       - MYSQL_PASSWORD=root
       - MYSQL_DATABASE=nextcloud

roles/docker-nextcloud/files/proxy

@@ -0,0 +1,100 @@
+##
+# You should look at the following URL's in order to grasp a solid understanding
+# of Nginx configuration files in order to fully unleash the power of Nginx.
+# https://www.nginx.com/resources/wiki/start/
+# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
+# https://wiki.debian.org/Nginx/DirectoryStructure
+#
+# In most cases, administrators will remove this file from sites-enabled/ and
+# leave it as reference inside of sites-available where it will continue to be
+# updated by the nginx packaging team.
+#
+# This file will automatically load configuration files provided by other
+# applications, such as Drupal or Wordpress. These applications will be made
+# available underneath a path with that package name, such as /drupal8.
+#
+# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
+##
+
+# Default server configuration
+#
+server {
+	listen 8080 default_server;
+	listen [::]:8080 default_server;
+
+	location / {
+		proxy_set_header Host $host;
+                proxy_set_header X-Real-IP $remote_addr;
+		proxy_pass http://localhost:5678;
+		proxy_connect_timeout 900;
+		proxy_send_timeout 900;
+		proxy_read_timeout 900;
+	}
+
+	# SSL configuration
+	#
+	# listen 443 ssl default_server;
+	# listen [::]:443 ssl default_server;
+	#
+	# Note: You should disable gzip for SSL traffic.
+	# See: https://bugs.debian.org/773332
+	#
+	# Read up on ssl_ciphers to ensure a secure configuration.
+	# See: https://bugs.debian.org/765782
+	#
+	# Self signed certs generated by the ssl-cert package
+	# Don't use them in a production server!
+	#
+	# include snippets/snakeoil.conf;
+
+#	root /var/www/html;
+
+	# Add index.php to the list if you are using PHP
+#	index index.html index.htm index.nginx-debian.html;
+
+#	server_name _;
+
+#	location / {
+		# First attempt to serve request as file, then
+		# as directory, then fall back to displaying a 404.
+#		try_files $uri $uri/ =404;
+#	}
+
+	# pass PHP scripts to FastCGI server
+	#
+	#location ~ \.php$ {
+	#	include snippets/fastcgi-php.conf;
+	#
+	#	# With php-fpm (or other unix sockets):
+	#	fastcgi_pass unix:/run/php/php7.3-fpm.sock;
+	#	# With php-cgi (or other tcp sockets):
+	#	fastcgi_pass 127.0.0.1:9000;
+	#}
+
+	# deny access to .htaccess files, if Apache's document root
+	# concurs with nginx's one
+	#
+	#location ~ /\.ht {
+	#	deny all;
+	#}
+}
+
+
+# Virtual Host configuration for example.com
+#
+# You can move that to a different file under sites-available/ and symlink that
+# to sites-enabled/ to enable it.
+#
+#server {
+#	listen 80;
+#	listen [::]:80;
+#
+#	server_name example.com;
+#
+#	root /var/www/example.com;
+#	index index.html;
+#
+#	location / {
+#		try_files $uri $uri/ =404;
+#	}
+#}

roles/mariadb-ab/tasks/main.yml

@@ -2,27 +2,42 @@
 - name: Installation des paquets python-mysqldb mariadb-server
   apt: 
     name:
-    - python-mysqldb
+    - python3-mysqldb
-    - mariadb-server 
+    - mariadb-server
+    - python3-passlib
+    - python3-pymysql
     state: present
 
+- name: python3 par defaut
+  alternatives:
+    link: /usr/bin/python
+    name: python
+    path: /usr/bin/python3
+    priority: 10
+
 - name: Create mysql database
   mysql_db: 
     name: "{{ maria_dbname }}" 
     state: present
-    login_unix_socket: /var/run/mysqld_mysqld.sock
+    login_unix_socket: /var/run/mysqld/mysqld.sock
 
 - name: Creation de l'utilisateur mysql avec tous les privileges
   mysql_user:
     name: "{{ maria_dbuser }}"
     password: "{{ maria_dbpasswd }}"
-    priv: "*.*:ALL,GRANT"
+    priv: '*.*:ALL,GRANT'
     login_unix_socket: /var/run/mysqld/mysqld.sock
   with_items:
-    - 127.0.0.1
+    - "127.0.0.1"
+#    - ::1
+#    - localhost
 
 - name: Copie du fichier my.cnf pour autorises toutes les adresses sur le port 3306
-  copy : src=my.cnf dest=/etc/mysql/
+  copy:
+    src: my.cnf
+    dest: /etc/mysql/
  
 - name: Redemarrage du service mariadb
-  shell: service mariadb restart
+  service: 
+    name: mariadb
+    state: restarted

roles/post/files/interfaces.r-vp1

@@ -1,6 +1,5 @@
 # This file describes the network interfaces available on your system
 # and how to activate them. For more information, see interfaces(5).
-
 # The loopback network interface
 #auto lo
 #iface lo inet loopback
@@ -22,8 +21,11 @@ allow-hotplug enp0s9
 iface enp0s9 inet static
 	address 192.168.1.2
 	netmask 255.255.255.0
-	up route add -net 172.16.128.0/24 gw 192.168.1.2
+	post-up /usr/sbin/ip route add 172.16.128.0/24 via 192.168.1.2
+	post-up /usr/sbin/ip route add 172.16.0.0/24 via 192.168.1.1
+	post-up /usr/sbin/ip route add 192.168.200.0/24 via 192.168.1.1
+
 #	up route add -net 172.16.128.0/24 gw 192.168.0.52
 #	up route add default gw 192.168.1.1
 #	post-up /bin/bash /root/iptables-vpn
-	post-up /etc/init.d/ipsec restart
+	post-up /etc/init.d/ipsec restart

roles/post/files/interfaces.r-vp2

@@ -1,6 +1,5 @@
 # This file describes the network interfaces available on your system
 # and how to activate them. For more information, see interfaces(5).
-
 # The loopback network interface
 #auto lo
 #iface lo inet loopback
@@ -22,7 +21,9 @@ allow-hotplug enp0s9
 iface enp0s9 inet static
 	address 192.168.0.52
 	netmask 255.255.255.0
-#	up route add -net 192.168.1.0/24 gw 172.16.128.254
+	post-up /usr/sbin/ip route add 192.168.1.0/24 via 172.16.128.254/24
-	up route add -net 192.168.1.0/24 gw 192.168.0.52
+	post-up /usr/sbin/ip route add 172.16.0.0/24 via 172.16.128.254/24
+
+#	up route add -net 192.168.1.0/24 gw 192.168.0.52
 #	post-up /bin/bash /root/iptables-vpn
-	post-up /etc/init.d/ipsec restart
+	post-up /etc/init.d/ipsec restart

roles/post/files/interfaces.s-agence

@@ -9,3 +9,6 @@ iface lo inet loopback
 allow-hotplug enp0s3
 iface enp0s3 inet dhcp
 
+allow-hotplug enp0s8
+iface enp0s8 inet dhcp
+

roles/s-lb-ab/files/haproxy.cfg

@@ -44,7 +44,7 @@ backend fermeweb
 	#option httpchk HEAD / HTTP/1.0
 	server s-lb-web1 192.168.101.1:80 check
 	server s-lb-web2 192.168.101.2:80 check
-
+#	server s-lb-web3 192.168.101.2:80 check
 
 listen stats
 	bind	*:8080

roles/s-lb-bd-ab/files/installmysql.sh

@@ -4,7 +4,7 @@ apt-get update && apt-get upgrade -y
 # Install MySQL Server in a Non-Interactive mode. Default root password will be "root"
 echo "mysql-server mysql-server/root_password password root" | debconf-set-selections
 echo "mysql-server mysql-server/root_password_again password root" | debconf-set-selections
-apt-get -y install mariadb-server
+apt-get -y install mysql-server
 
 
 # Run the MySQL Secure Installation wizard

roles/s-lb-wordpress/tasks/main.yml

@@ -25,6 +25,14 @@
      - {'regexp': "define\\('DB_USER', '(.)+'\\);", 'line': "define('DB_USER', '{{wp_mysql_user}}');"}        
      - {'regexp': "define\\('DB_PASSWORD', '(.)+'\\);", 'line': "define('DB_PASSWORD', '{{wp_mysql_password}}');"}
 
+
+ - name: Attributions des permissions
+   file:
+     path: /home/wordpress
+     recurse: yes
+     owner: 33
+     group: 33
+
 # - name: Fix permissions
 #   shell: chown -R www-data /var/www/wordpress/*
 #

roles/vpn-stg-l/files/ipsec.conf

@@ -7,7 +7,7 @@ conn tunnel #
         left=192.168.0.52
         leftsubnet=172.16.128.0/24
         right=192.168.0.51
-        rightsubnet=192.168.0.0/16, 172.16.0.0/24
+        rightsubnet=192.168.1.0/24, 192.168.200.0/24, 172.16.0.0/24
         ike=aes256-sha2_256-modp1024!
         esp=aes256-sha2_256!
         keyingtries=0
@@ -20,3 +20,4 @@ conn tunnel #
         auto=start
         keyexchange=ikev2
         type=tunnel
+#

roles/vpn-stg-r/files/ipsec.conf

@@ -5,7 +5,7 @@ config setup
 conn %default
 conn tunnel #
         left=192.168.0.51
-        leftsubnet=192.168.0.0/16, 172.16.0.0/24
+        leftsubnet=192.168.1.0/24, 192.168.200.0/24, 172.16.0.0/24
         right=192.168.0.52
         rightsubnet=172.16.128.0/24
         ike=aes256-sha2_256-modp1024!
@@ -20,3 +20,4 @@ conn tunnel #
         auto=start
         keyexchange=ikev2
         type=tunnel
+#