v4l3n71n/deployment-web
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: v4l3n71n:blacklist_cluster
Branches Tags
v4l3n71n:master
v4l3n71n:blacklist_cluster
..
compare: v4l3n71n:master
Branches Tags
v4l3n71n:blacklist_cluster
v4l3n71n:master

No commits in common. "blacklist_cluster" and "master" have entirely different histories.
blacklist_ ... master

4 changed files with 9 additions and 76 deletions
Show Stats Expand all files Collapse all files

48
roles/deploy-web/files/backup_canalblog.sh
View File

@ -1,48 +0,0 @@
#!/bin/bash
TAR=/usr/bin/tar
PYTHON=/usr/bin/python3
GZIP=/usr/bin/gzip
SCRIPTDIR=/home/valentin/script
WEBSCRAP=${SCRIPTDIR}/web_scrap.py
URL=www.clarissariviere.com
DATE=$(date +%Y%m%d)
DIRECTORY=/home/valentin/backup
BACKUPDIR=/home/valentin/backup_clarissa
LIST=${BACKUPDIR}/backup.list
fileBackup="backup-clarissa-${DATE}"
LOGFILE=web_scrap.txt
SENDER="valczebackup@gmail.com"
if [ $(date +%u) -eq 1 ]; then
echo > ${LIST}
rm -rf "${BACKUPDIR}/*-incr.tar.gz"
fileBackup="${fileBackup}-full"
subject="Sauvegarde full"
else
fileBackup="${fileBackup}-incr"
subject="Sauvegarde incremental"
fi
subject="${subject} ${URL} ${DATE}"
echo > ${BACKUPDIR}/${LOGFILE}
${PYTHON} ${WEBSCRAP} --url ${URL} --dir ${DIRECTORY} --logfile ${BACKUPDIR}/${LOGFILE} --quiet
if [ ${?} -ne 0 ]; then
subject="FAIL : ${subject} : recuperation page"
echo ${subject} | mail -s "${subject}" -A ${BACKUPDIR}/${LOGFILE} ${SENDER}
exit 1
fi
${TAR} --create --file="${BACKUPDIR}/${fileBackup}.tar" --listed-incremental=${LIST} ${DIRECTORY}
if [ ${?} -ne 0 ]; then
subject="FAIL : ${subject} : archivage page "
echo ${subject} | mail -s "${subject}" -A ${BACKUPDIR}/${LOGFILE} ${SENDER}
exit 1
fi
${GZIP} -f -9 "${BACKUPDIR}/${fileBackup}.tar"
if [ ${?} -ne 0 ]; then
subject="FAIL : ${subject} : compression archive "
echo ${subject} | mail -s "${subject}" -A ${BACKUPDIR}/${LOGFILE} ${SENDER}
exit 1
fi
subject="OK : ${subject}"
echo ${subject}| mail -s "${subject}" -A ${BACKUPDIR}/${LOGFILE} ${SENDER}
find ${BACKUPDIR} -name "*.tar.gz" -type f -ctime +90 -exec rm {} \;
exit 0

9
roles/deploy-web/files/blacklist.sh
View File

@ -47,14 +47,9 @@ do
echo ${j} >> ${BLACKLIST}
/usr/sbin/iptables -A BLACKLIST -s ${j} -j DROP
done
for j in ${list_sender[@]}
for j in ${list_sender}
do
echo "Blacklist envoye a ${j}" >> ${MAIL}
echo "scp -i /home/valentin/.ssh-blacklist/id_rsa -P ${SSH} ${BLACKLIST} blacklist_user@${j}:/tmp/blacklist_${IP}" >> ${MAIL}
scp -i /home/valentin/.ssh-blacklist/id_rsa -P ${SSH} ${BLACKLIST} blacklist_user@${j}:/tmp/blacklist_${IP}i
if [ ${?} -ne 0 ]; then
echo "Error SCP for ${j}" >> ${MAIL}
fi
scp -i /home/valentin/.ssh-blacklist/id_rsa -P ${SSH} ${BLACKLIST} blacklist_user@${j}:/tmp/blacklist_${IP}
done
echo "IP dejà blacklisté : " >> ${MAIL}
cat ${BLACKLIST} >> ${MAIL}

23
roles/deploy-web/files/gouter
View File

@ -1,30 +1,21 @@
server {
if ($host = clarissariviere.fr) {
return 301 "https://www.clarissariviere.com$request_uri";
} # managed by Certbot
if ($host = www.clarissariviere.fr) {
return 301 "https://www.clarissariviere.com$request_uri";
return 301 https://"www.clarissariviere.fr"$request_uri;
} # managed by Certbot
if ($host = clarissariviere.com) {
return 301 "https://www.clarissariviere.com$request_uri";
return 301 https://"www.clarissariviere.com"$request_uri;
} # managed by Certbot
access_log /var/log/nginx/clarissa_access.log main;
error_log /var/log/nginx/clarissa_error.log;
#gzip_static off;
server_name clarissariviere.com clarissariviere.fr www.clarissariviere.fr www.clarissariviere.com;
add_header 'Content-Security-Policy' 'upgrade-insecure-requests';
#add_header Link "<https://www.clarissariviere.com$request_uri;> rel=\"canonical\", <https://www.clarissariviere.fr$request_uri;> rel=\"alternate\" hreflang=\"fr\"";
add_header Link "<https://www.clarissariviere.com;> rel=\"canonical\", <https://www.clarissariviere.fr;> rel=\"alternate\" hreflang=\"fr\"";
proxy_cache STATIC;
set $header "<https://$host$request_uri;> rel=\"canonical\"";
if ($request_uri ~ "/tag/") {
set $header "<https://$host;> rel=\"canonical\"";
set $link "";
}
add_header Link $header;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
@ -45,9 +36,9 @@ server {
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
sub_filter 'http://gouters.canalblog.com' "https://$host";
sub_filter 'gouters.canalblog.com' "$host";
sub_filter '<meta name="generator" content="CanalBlog - https://www.canalblog.com" />' '';
sub_filter '<meta name="Keywords" content="' '<meta name="Keywords" content="clarissa, riviere, ';
#sub_filter '</head>' '<script async src="https://www.googletagmanager.com/gtag/js?id=G-MV336S1G9W"></script><script>window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag("js", new Date()); gtag("config", "G-MV336S1G9W");</script></head>';
sub_filter_types text/html text/xml text/plain text/css;
sub_filter_once off;

5
roles/deploy-web/tasks/configure.yml
View File

@ -15,11 +15,6 @@
src: virtualhost.j2
dest: /etc/sentinel/virtualhost
mode: "0444"
with_items:
- virtualhost
- ip
- ssh_port
- exclude
vars:
ansible_become: yes
ansible_become_method: sudo