add files

chunhua.zhang
Commit b329f5668611e533a53063ef1e4c5317196348b2 1 parent afa40d2c
Showing 3 changed files with 127 additions and 1 deletions
playbooks/sec.config.sync → playbooks/sec.config.json.sync.yml
playbooks/templates/sec/nginx.conf
playbooks/templates/sec/sec.lua
--- a/playbooks/sec.config.sync → playbooks/sec.config.json.sync.yml
View file @b329f56
+++ b/playbooks/sec.config.sync → playbooks/sec.config.json.sync.yml
View file @b329f56
+ # copy sec.config.json to remote openresty server and reload nginx
 - hosts: sec
   tasks:
-     - name: copy file to remote host
+     - name: copy lua and config files
+       template:
+         src: {{ item }}
+         dest:  /usr/local/openresty/nginx/conf/
+       with_items:
+         - 'sec/nginx.conf'
+         - 'sec/sec.lua'
+ 
+     - name: copy sec.config.json to remote host
       copy:
         src: /root/.cert/sec.config.json
         dest: /usr/local/openresty/nginx/conf/sec.config.json
--- a/playbooks/templates/sec/nginx.conf 0 → 100644
View file @b329f56
+++ b/playbooks/templates/sec/nginx.conf 0 → 100644
View file @b329f56
+ #user  nobody;
+ worker_processes  1;
+ 
+ error_log  /var/log/nginx/error.log;
+  
+ 
+ events {
+     worker_connections  1024;
+ }
+ 
+ 
+ http {
+     include       mime.types;
+     default_type  application/octet-stream;
+ 
+     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                       '$status $body_bytes_sent "$http_referer" '
+                       '"$http_user_agent" "$http_x_forwarded_for"';
+ 
+     access_log  /var/log/nginx/access.log  main;
+ 
+     sendfile        on;
+     #tcp_nopush     on;
+ 
+     #keepalive_timeout  0;
+     keepalive_timeout  65;
+ 
+ 
+     #lua
+    lua_package_path "/usr/local/openresty/nginx/conf/?.lua;;";
+      init_worker_by_lua_block {
+           sec = require("sec")
+           sec:init()
+      }
+ 
+     #gzip  on;
+ 
+     server {
+         listen       80;
+         server_name  security.config.yohoops.org;
+      
+         allow 10.66.70.0/24;
+         allow 172.31.70.0/24;
+         allow 10.66.0.118/32;
+         deny  all;
+         #charset koi8-r;
+ 
+         #access_log  logs/host.access.log  main;
+ 
+         location /status {
+             default_type text/html;
+             return 200  'server is ok!';  
+         }
+ 
+         location /config {
+            content_by_lua_block {
+                sec = require("sec")
+                sec:get_config()
+            }
+         }
+ 
+         #error_page  404              /404.html;
+ 
+         # redirect server error pages to the static page /50x.html
+         #
+         error_page   500 502 503 504  /50x.html;
+         location = /50x.html {
+             root   html;
+         }
+  
+     }
+ 
+ 
+      
+ }
--- a/playbooks/templates/sec/sec.lua 0 → 100644
View file @b329f56
+++ b/playbooks/templates/sec/sec.lua 0 → 100644
View file @b329f56
+ local modname= ...
+ local M={}
+ _G[modname]=M
+ package.loaded[modname]=M
+ 
+ local cjson=require "cjson"
+ 
+ local config = {}
+ 
+ -- load config files from local 
+ local function load_config()
+   local myTable = {}
+   local file = io.open( "/usr/local/openresty/nginx/conf/sec.config.json", "r" )
+   if file then
+       --print("trying to read ", filename)
+       -- read all contents of file into a string
+       local contents = file:read( "*a" )
+       myTable = cjson.decode(contents);
+       io.close( file )
+       --print("Loaded file")
+       return myTable
+   else 
+       ngx.log(ngx.ERR, "file is not found. ")
+       return nil
+   end
+ end
+ 
+ --- called by  init_worker_by_lua_file
+ function M:init()
+   config = load_config()
+ end
+ 
+ 
+  
+ -- get all config --------
+ function M:get_config()
+    ngx.header["Content-type"]="application/json;charset=utf-8"
+ 
+    local body = cjson.encode(config)
+    ngx.say(body)
+    ngx.exit(ngx.HTTP_OK)
+ end