-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathsetup_apiauth.yml
149 lines (118 loc) · 4.04 KB
/
setup_apiauth.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
---
- hosts: all
become: yes
vars_files:
- vars.yml
tasks:
- include_tasks: 'user_details.yml'
- include_tasks: 'project_clone.yml'
- name: Getting NGINX user
ignore_errors: yes
shell: |
cat /etc/nginx/nginx.conf | grep -E '\buser\b' | sed 's/user//g;s/\;//g' | tr -d ' '
register: nginx_output
- name: Setting NGINX user
set_fact:
nginx_user: "{{ nginx_output.stdout }}"
- name: Nginx user
debug:
msg: "Nginx user is {{ nginx_user }}"
- name: Adding local user
user:
name: apiauth
groups: "{{ nginx_user }}"
append: yes
state: present
createhome: yes
shell: /bin/bash
#- name: Adding local user
# ignore_errors: yes
# shell: |
# adduser --disabled-password --ingroup {{ nginx_user }} --gecos "" apiauth
- name: Coping files
ignore_errors: yes
shell: |
mkdir -p /home/apiauth/api
rsync -av /tmp/web_api/apiauth/src/* /home/apiauth/api/
rsync -av /tmp/web_api/apiauth/requirements.txt /home/apiauth/
chown -R apiauth:{{ nginx_user }} /home/apiauth/
- name: Creating a Nginx API Auth config file
copy:
dest: "/etc/nginx/conf.d/apiauth.conf"
content: |
server {
#listen 80;
listen 443 ssl;
server_name auth.webapiexploitation.com.br;
ssl_certificate /etc/nginx/certs/webapiexploitation.com.br.cer;
ssl_certificate_key /etc/nginx/certs/webapiexploitation.com.br.key;
location / {
return 301 /v1/;
}
location /v1/ {
uwsgi_param Host $host;
uwsgi_param X-Real-IP $remote_addr;
uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto;
proxy_read_timeout 600;
proxy_connect_timeout 1d;
proxy_max_temp_file_size 5024m;
proxy_send_timeout 600;
uwsgi_read_timeout 600;
uwsgi_send_timeout 600;
include uwsgi_params;
uwsgi_pass unix:/tmp/apiauth.sock;
}
}
- name: Install Python environment
shell: |
cat << EOF > /tmp/instala.sh
cd ~
python3.8 -m venv api
source api/bin/activate
pip install -U pip
pip install django wheel uWSGI
pip install -r requirements.txt
EOF
chmod 777 /tmp/instala.sh
sudo -u apiauth bash -c "/tmp/instala.sh"
- name: Creating a Nginx API Auth config file
copy:
dest: "/home/apiauth/api/authapi/config.ini"
content: |
[GENERAL]
debug=True
- name: Creating a Nginx api2 config file
copy:
dest: "/etc/systemd/system/apiauth.service"
owner: root
group: root
mode: 0644
force: yes
content: |
[Unit]
Description=Sec4US Auth API Service
After=network.target
[Service]
User = apiauth
Group = {{ nginx_user }}
WorkingDirectory=/home/apiauth/api/
Environment="PATH=/home/apiauth/api/bin"
ExecStart=/home/apiauth/api/bin/uwsgi --socket /tmp/apiauth.sock --chmod-socket=666 -w wsgi:app --processes=2 --threads=10 --reload-mercy=1 --worker-reload-mercy=1 --req-logger file:/dev/nul --touch-reload /home/apiauth/api/authapi/config.py
[Install]
WantedBy=multi-user.target
- name: Reload systemd
ansible.builtin.systemd:
daemon_reload: yes
- name: Enable service apiauth and ensure it is not masked
ansible.builtin.systemd:
name: apiauth
enabled: yes
masked: no
- name: Restart Service
service:
name: apiauth
state: restarted
- name: Reload nginx config
shell: |
nginx -s reload