serveral changes

defaults/main.yml

@@ -1,4 +1,5 @@
 ---
+openproject_subdirectory: /
 
 openproject_user: openproject
 openproject_group: openproject
@@ -9,14 +10,10 @@ openproject_locale: en
 
 plugins: {}
 
-unicorn:
-  socket: unix
-  path: '{{openproject_path}}/unicorn.sock'
-  host: 0.0.0.0
-  port: 8042
-
 secret_key_base: e7fc3c2c8bec7b789b1ddbac5425c680055aadd3a3015e93f58fd5914dfebbaef30249414ea5813db5df619ebab246e96cf5b4f38d58b42452de85f5af6cf242
 
 memcached:
   host: localhost
   port: 11211
+
+openproject_state: installed

handlers/main.yml

@@ -3,11 +3,6 @@
 - name: reload systemd unit files
   command: systemctl daemon-reload
 
-- name: reload nginx
-  service:
-    name: nginx
-    state: reloaded
-
 - name: restart openproject
   service:
     name: openproject

tasks/certificate.yml

@@ -0,0 +1,13 @@
+---
+
+- include_role:
+    name: certificate
+  vars:
+    certificate_name: openproject
+    certificate_directory: /etc/ssl
+    certificate_key_usage:
+      - digitalSignature
+      - keyEncipherment
+    certificate_extended_key_usage:
+      - serverAuth
+    certificate_alt_names: "{{ openproject_server_names | map('regex_replace', '(.*)','DNS:\\1') | list }}"

tasks/configure.yml

@@ -1,12 +1,12 @@
 ---
 
-- name: create openproject environment configuration
+- name: configuration
   template:
     src: '{{item}}.yml.j2'
     dest: '{{openproject_path}}/openproject/config/{{item}}.yml'
   with_items:
     - database
-    #- configuration
+    - configuration
   notify: restart openproject
   become: yes
   become_user: '{{openproject_user}}'

tasks/database.yml

@@ -8,12 +8,6 @@
     priv: "{{ openproject_database_name }}.*:ALL"
   delegate_to: "{{ openproject_database_host }}"
 
-# - name: mysql database absent
-#   mysql_db:
-#     name: "{{ openproject_database_name }}"
-#     state: absent
-#   delegate_to: "{{ openproject_database_host }}"
-
 - name: mysql database
   mysql_db:
     name: "{{ openproject_database_name }}"

tasks/main.yml

@@ -2,6 +2,9 @@
 
 # shamelessly copied from https://github.com/fabianfreyer/ansible-openproject
 
+- include: reset.yml
+  when: openproject_state == "reinstalled"
+
 - include: user.yml
 
 - include: rbenv.yml
@@ -20,8 +23,8 @@
     nodenv_group: '{{openproject_group}}'
   tags: node
 
-- debug:
-    msg: RAILS_ENV=production PATH={{openproject_env_path}}:$PATH
+# - debug:
+#     msg: RAILS_ENV=production PATH={{openproject_env_path}}:$PATH
 
 - include: install.yml
 
@@ -36,10 +39,12 @@
 
 - include: unicorn.yml
 
+- include: certificate.yml
+
 - include: nginx.yml
   tags: nginx
 
-#- include: cron.yml
+# - include: cron.yml
 #  tags: cron
 
 - name: flush handlers

tasks/nginx.yml

@@ -1,12 +1,6 @@
 ---
 
-- name: install nginx
-  apt:
-    pkg: nginx-light
-
-- name: nginx vhost configuration
-  template:
-    src: nginx.conf.j2
-    dest: /etc/nginx/nginx.conf
-  notify:
-    - reload nginx
+- include_role:
+    name: nginx
+  vars:
+    nginx_vhosts: "{{ _openproject_nginx_vhosts }}"

tasks/nodenv.yml

@@ -16,6 +16,7 @@
     line: '{{item}}'
   with_items:
   - 'export PATH="{{nodenv_directory}}/bin:$PATH"'
+  - 'export PATH="{{nodenv_directory}}/shims:$PATH"'
   - 'eval "$(nodenv init -)"'
   become: yes
   become_user: '{{nodenv_user}}'

tasks/rbenv.yml

@@ -36,6 +36,7 @@
     line: '{{item}}'
   with_items:
   - 'export PATH="{{rbenv_directory}}/bin:$PATH"'
+  - 'export PATH="{{rbenv_directory}}/shims:$PATH"'
   - 'eval "$(rbenv init -)"'
   become: yes
   become_user: '{{rbenv_user}}'

tasks/reset.yml

@@ -0,0 +1,12 @@
+---
+
+- name: delete openproject
+  file:
+    path: "{{openproject_path}}/openproject"
+    state: absent
+
+- name: mysql database absent
+  mysql_db:
+    name: "{{ openproject_database_name }}"
+    state: absent
+  delegate_to: "{{ openproject_database_host }}"

templates/configuration.yml.j2

@@ -1,8 +1,12 @@
 ---
+default:
 
-{#
+{% if openproject_subdirectory != "/" %}
+  rails_relative_url_root: "{{ openproject_subdirectory }}"
+{% endif %}
 
-default:
+  email_delivery_method: :sendmail
+{#
 {% if mail_method == "sendmail" %}
   email_delivery_method: :sendmail
 {% elif mail_method == "smtp" %}
@@ -17,5 +21,4 @@ default:
   rails_force_ssl: false
   rails_cache_store: :memcache
 {%endif%}
-
 #}

templates/nginx.conf.j2

@@ -1,111 +0,0 @@
-user www-data;
-worker_processes auto;
-pid /run/nginx.pid;
-include /etc/nginx/modules-enabled/*.conf;
-
-events {
-	worker_connections 768;
-	# multi_accept on;
-}
-
-http {
-
-	##
-	# Basic Settings
-	##
-
-	sendfile on;
-	tcp_nopush on;
-	tcp_nodelay on;
-	keepalive_timeout 65;
-	types_hash_max_size 2048;
-	# server_tokens off;
-
-	server_names_hash_bucket_size 64;
-	# server_name_in_redirect off;
-
-	include /etc/nginx/mime.types;
-	default_type application/octet-stream;
-
-	##
-	# SSL Settings
-	##
-
-	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
-	ssl_prefer_server_ciphers on;
-
-	##
-	# Logging Settings
-	##
-
-	access_log /var/log/nginx/access.log;
-	error_log /var/log/nginx/error.log;
-
-	##
-	# Gzip Settings
-	##
-
-	gzip on;
-	gzip_disable "msie6";
-
-	# gzip_vary on;
-	# gzip_proxied any;
-	# gzip_comp_level 6;
-	# gzip_buffers 16 8k;
-	# gzip_http_version 1.1;
-	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
-
-	##
-	# Virtual Host Configs
-	##
-
-	include /etc/nginx/conf.d/*.conf;
-
-  upstream openproject {
-  {% if unicorn.socket == "unix" %}
-    server unix:{{unicorn.path}} fail_timeout=0;
-  {% elif unicorn.socket == "tcp" %}
-    server {{unicorn.host}}:{{unicorn.port}} fail_timeout=0;
-  {% endif %}
-  }
-
-  {% if false %}
-  server {
-    server_name {{inventory_hostname}};
-    return 301 https://$server_name$request_uri;
-  }
-  {% endif %}
-
-  server {
-    server_name {{inventory_hostname}};
-
-    {% if false %}
-    listen 443 ssl default_server;
-	  listen [::]:443 ssl default_server;
-    ssl_certificate     /etc/letsencrypt/live/{{hostname}}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/{{hostname}}/privkey.pem;
-    {% else %}
-  	listen 80 default_server;
-    listen [::]:80 default_server;
-    {% endif %}
-
-    root {{openproject_path}}/openproject/public;
-
-    try_files $uri/index.html $uri @openproject;
-
-    location @openproject {
-      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-      proxy_set_header Host $http_host;
-      proxy_redirect off;
-      proxy_pass http://openproject;
-    }
-
-    error_page 500 502 503 504 /500.html;
-    error_page 422 /422.html;
-    error_page 404 /404.html;
-
-    #client_max_body_size 4G;
-    #keepalive_timeout 10;
-  }
-
-}

vars/main.yml

@@ -1 +1,27 @@
 openproject_env_path: "{{openproject_path}}/.rbenv/bin:{{openproject_path}}/.rbenv/shims:{{openproject_path}}/.nodenv/bin:{{openproject_path}}/.nodenv/shims"
+unicorn:
+  socket: unix
+  path: '{{openproject_path}}/unicorn.sock'
+
+_openproject_nginx_vhosts: '{% if openproject_subdirectory == "/" %}{{_openproject_nginx_vhosts_root}}{% else %}{{_openproject_nginx_vhosts_subdir}}{% endif %}'
+
+_openproject_nginx_vhosts_root:
+  - name: openproject
+    server_names: "{{ openproject_server_names }}"
+    root: "{{openproject_path}}/openproject/public"
+    try_files: $uri/index.html $uri @openproject
+    locations:
+      - location: "@openproject"
+        proxy_pass: http://unix:{{unicorn.path}}
+
+_openproject_nginx_vhosts_subdir:
+  - name: openproject
+    server_names: "{{ openproject_server_names }}"
+    locations:
+      - location: /
+        redirect: /{{ openproject_subdirectory }}
+      - location: "{{ openproject_subdirectory }}"
+        alias: "{{openproject_path}}/openproject/public"
+        try_files: $uri/index.html $uri @openproject
+      - location: "@openproject"
+        proxy_pass: http://unix:{{unicorn.path}}