Open niccolox opened 7 years ago
The explanation on their site is totally unreadable. Did you recreate the nginx
configuration they are suggesting already? Can you paste it here so we can see what's needed?
the obvious question is where do I put the nginx config into a debops-nginx role?
I am not even sure what variable I use?
a couple of examples of Ansible Phoenix alternatives https://github.com/HashNuke/ansible-elixir-stack https://github.com/lnikkila/ansible-phoenix
Since I assume that you are writing a role for phoenix
(because you are, right?) then the relvant dependent variables for debops.nginx
would be:
phoenix__fqdn: 'phoenix.{{ ansible_domain }}'
phoenix__nginx__dependent_upstreams:
- name: 'phoenix_upstream'
server: 'localhost:4000'
phoenix__nginx__dependent_servers:
- filename: 'phoenix'
name: '{{ phoenix__fqdn }}'
type: 'proxy'
proxy_pass: 'http://phoenix_upstream'
proxy_options: |
proxy_redirect off;
Stick these in the phoenix/defaults/main.yml
file, and in the playbook that runs the role, add:
- name: Configure Phoenix
hosts: phoenix-hosts
become: True
roles:
- role: debops.apt_preferences
tags: [ 'role::apt_preferences' ]
apt_preferences__dependent_list:
- '{{ nginx__apt_preferences__dependent_list }}'
- role: debops.ferm
tags: [ 'role::ferm' ]
ferm__dependent_rules:
- '{{ nginx__ferm__dependent_rules }}'
- role: debops.nginx
tags: [ 'role::nginx' ]
nginx__dependent_upstreams:
- '{{ phoenix__nginx__dependent_upstreams }}'
nginx__dependent_servers:
- '{{ phoenix__nginx__dependent_servers }}'
- role: phoenix
tags: [ 'role::phoenix' ]
That should do the trick. If you stick with using the TCP port for the application instead of the UNIX socket, I suggest using debops.etc_services
role to register this port in the /etc/services
file, it will look nicer in application output that use it.
thanks, I'll try to bang out a debops-lite phoenix role during the week
@niccolox Great. I've added the proxy_redirect off
parameter, since Phoenix guide has it included.
tx, doing first pass now
thanks for this, have an OK first version running
how do I add two ACME certs for two upstreams on the same server?
do I add config to the role stubbed above or add inventory settings?
I have example.com and example.org both on the same server and within the same phoenix umbrella app
happy to share access to private repo if thats helpful
I haven't generalized this yet ... thanks
ok, I think I am stuck in a catch 22 i.e. I need to run the elixir/phoenix cowboy server AND nginx running passthrough for ACME registration
and also the ACME challenge/response file needs to be in the cowboy server as this is where the files are being loaded from and not nginx which is acting as a passthrough
I am looking at the wordpress debops contrib role and see that has a task specific to acme and I may need to run something like this for elixir/phoenix/cowboy and nginx as proxy
this is the inventory host
phoenix__fqdn: 'www.example.com'
www_example_org__fqdn: 'example.org'
phx_starter: MIX_ENV=prod mix phx.server
pki_host_realms:
- name: 'example.com'
acme: True
acme_subject: [ 'o=example.com o', 'ou=IT department', 'cn=example.com cn' ]
acme_domains: [ 'example.com' ]
acme_ca: 'le-staging'
acme_alt_names:
- 'ip:{{ ansible_default_ipv4.address }}'
- 'uri:https://example.com/'
- 'email:info@example.com'
- 'dns:example.com'
- name: 'example.org'
acme_subject: [ 'o=example.org o', 'ou=IT department', 'cn=example.org cn' ]
acme_domains: [ 'example.org' ]
acme: True
acme_ca: 'le-staging'
acme_alt_names:
- 'ip:{{ ansible_default_ipv4.address }}'
- 'uri:https://example.org/'
- 'email:info@example.org'
- 'dns:example.org'
this is the role main
phoenix__nginx__dependent_upstreams:
- name: 'example_com_upstream'
server: 'localhost:4000'
- name: 'example_org_upstream'
server: 'localhost:4001'
phoenix__nginx__dependent_servers:
- filename: 'example_com_upstream'
name: 'example.com'
type: 'proxy'
proxy_pass: 'http://example_com_upstream'
# acme: True
# nginx_acme_server: True
# ssl: True
proxy_options: |
proxy_redirect off;
- filename: 'example_org_upstream'
name: 'example.org'
type: 'proxy'
proxy_pass: 'http://example_org_upstream'
# acme: True
# nginx_acme_server: True
# ssl: True
proxy_options: |
proxy_redirect off;
needless to say, this doesn't work, LE Acme fails because it cant fine the acme challenge
Parsing account key...
Parsing CSR...
Registering account...
Registered!
Verifying example.com...
Traceback (most recent call last):
File "/usr/local/lib/pki/acme-tiny", line 198, in <module>
main(sys.argv[1:])
File "/usr/local/lib/pki/acme-tiny", line 194, in main
signed_crt = get_crt(args.account_key, args.csr, args.acme_dir, log=LOGGER, CA=args.ca)
File "/usr/local/lib/pki/acme-tiny", line 123, in get_crt
wellknown_path, wellknown_url))
ValueError: Wrote file to /srv/www/sites/acme/public/.well-known/acme-challenge/djkfddfsjfdsjkldsfkdfskdfkskjfdjdfs-kJ-heE, but couldn't download http://example.com/.well-known/acme-challenge/djkfddfsjfdsjkldsfkdfskdfkskjfdjdfs-kJ-heE
also, the FQDN root domain is not for working example.com it redirects to www.example.com
I feel like it may be some config clash with the default domain
spent the weekend on this, will come back to it during the week
Is the DNS correctly configured? Remember that the zone propagation might take some time. Check from multiple locations if your websites can be correctly resolved.
I fixed the dns, thanks for the tip
I am stuck on the acme challenge / response step
Need to custom config phoenix static files and integrate with the acme tiny script
Is there an inventory host variable I can use that sends the acme challenge file to a phoenix static folder?
On Apr 17, 2017 3:18 AM, "Maciej Delmanowski" notifications@github.com wrote:
Is the DNS correctly configured? Remember that the zone propagation might take some time. Check from multiple locations if your websites can be correctly resolved.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/debops/ansible-nginx/issues/157#issuecomment-294445686, or mute the thread https://github.com/notifications/unsubscribe-auth/AAbsppT0drBV8JXdg9ruu3YZhj21Y-zYks5rwzxogaJpZM4M4XME .
trying to work out how to configure debops-nginx with an Elixir / Phoenix app as upstream?
http://www.phoenixframework.org/docs/serving-your-application-behind-a-proxy
Phoenix generally runs on port 4000 but I actually want to have a number of apps and domains running with the same nginx as proxy
apologies if I am missing something super obvious