add files

chunhua.zhang
Commit b329f5668611e533a53063ef1e4c5317196348b2 1 parent afa40d2c
Showing 3 changed files with 127 additions and 1 deletions
playbooks/sec.config.sync → playbooks/sec.config.json.sync.yml
playbooks/templates/sec/nginx.conf
playbooks/templates/sec/sec.lua
--- a/playbooks/sec.config.sync → playbooks/sec.config.json.sync.yml
View file @b329f56
+++ b/playbooks/sec.config.sync → playbooks/sec.config.json.sync.yml
View file @b329f56
+# copy sec.config.json to remote openresty server and reload nginx
 - hosts: sec
   tasks:
-    - name: copy file to remote host
+    - name: copy lua and config files
+      template:
+        src: {{ item }}
+        dest:  /usr/local/openresty/nginx/conf/
+      with_items:
+        - 'sec/nginx.conf'
+        - 'sec/sec.lua'
+
+    - name: copy sec.config.json to remote host
       copy:
         src: /root/.cert/sec.config.json
         dest: /usr/local/openresty/nginx/conf/sec.config.json
--- a/playbooks/templates/sec/nginx.conf 0 → 100644
View file @b329f56
+++ b/playbooks/templates/sec/nginx.conf 0 → 100644
View file @b329f56
+#user  nobody;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log;
+ 
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    #keepalive_timeout  0;
+    keepalive_timeout  65;
+
+
+    #lua
+   lua_package_path "/usr/local/openresty/nginx/conf/?.lua;;";
+     init_worker_by_lua_block {
+          sec = require("sec")
+          sec:init()
+     }
+
+    #gzip  on;
+
+    server {
+        listen       80;
+        server_name  security.config.yohoops.org;
+     
+        allow 10.66.70.0/24;
+        allow 172.31.70.0/24;
+        allow 10.66.0.118/32;
+        deny  all;
+        #charset koi8-r;
+
+        #access_log  logs/host.access.log  main;
+
+        location /status {
+            default_type text/html;
+            return 200  'server is ok!';  
+        }
+
+        location /config {
+           content_by_lua_block {
+               sec = require("sec")
+               sec:get_config()
+           }
+        }
+
+        #error_page  404              /404.html;
+
+        # redirect server error pages to the static page /50x.html
+        #
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   html;
+        }
+ 
+    }
+
+
+     
+}
--- a/playbooks/templates/sec/sec.lua 0 → 100644
View file @b329f56
+++ b/playbooks/templates/sec/sec.lua 0 → 100644
View file @b329f56
+local modname= ...
+local M={}
+_G[modname]=M
+package.loaded[modname]=M
+
+local cjson=require "cjson"
+
+local config = {}
+
+-- load config files from local 
+local function load_config()
+  local myTable = {}
+  local file = io.open( "/usr/local/openresty/nginx/conf/sec.config.json", "r" )
+  if file then
+      --print("trying to read ", filename)
+      -- read all contents of file into a string
+      local contents = file:read( "*a" )
+      myTable = cjson.decode(contents);
+      io.close( file )
+      --print("Loaded file")
+      return myTable
+  else 
+      ngx.log(ngx.ERR, "file is not found. ")
+      return nil
+  end
+end
+
+--- called by  init_worker_by_lua_file
+function M:init()
+  config = load_config()
+end
+
+
+ 
+-- get all config --------
+function M:get_config()
+   ngx.header["Content-type"]="application/json;charset=utf-8"
+
+   local body = cjson.encode(config)
+   ngx.say(body)
+   ngx.exit(ngx.HTTP_OK)
+end