blacksaildivision / lamponsteroids Goto Github PK
View Code? Open in Web Editor NEWPack of Ansible roles for CentOS to set up a robust and secure web server
Pack of Ansible roles for CentOS to set up a robust and secure web server
We should be able to manage crontab from Ansible
When running Apache with PHP-FPM and requesting non-existing PHP file there is an error:
[Sun Feb 21 15:34:02.036018 2016] [proxy_fcgi:error] [pid 2610:tid 140051509872384] [client xx.xx.xx.xx:47246] AH01071: Got error 'Primary script unknown\n'
MySQL Tuner is nice feature and we should have it installed:)
Apache role with basic configuration
Make 3 enters between tasks, ie in users.yml
file.
Change tags in sudo.yml
tasks
Install and configure Redis
Weak ciphers should be removed from SSH config
Install nodejs, npm and global packages
Better option to disable OpCache is to disable entire zend_extension instead disabling enable=1 option
Currently it's not possible to pull repositories from Git by SSH protocol
When entering server IP there is default Apache page. It would be cool t o redirect it to something else
Create AWS role for AWS-CLI
MySQL 5.7 role with
iptables role or centos add-on would be a nice thing
Secure YUM
Remove unnecessary packages
Update everything else
Backup and push to s3 would be a nice feature
It would be nice to have the list of packages that were autoremoved from the server
chkconfig yum-cron
Let's encrypt for HTTPS would be nice to have
Create MySQL database backup system with pushing dumps to AWS S3
Blocker: #47
After proxying we only have 127.0.0.1
as IP. We need real address here.
Configure mod_deflate and gzip compression in httpd role
It would be nice to add logrotate configuration for httpd
role
Secure SSH is a must on webserver, we need to add some security layer, disable unsafe protocols, disable root login etc.
No information about SSH in README
When trying to request .well-known in nginx we got 403 forbidden because of a rule that is blocking access to .
files. We need to fix that problem.
Also there is invalid path - /var/www/letsencrypt/
should be /var/lib/letsencrypt
Install latest version of GIT
We need to add SetEnvIf module. There are some plugins that uses it + there is a need to pass Authorization token to nginx
PHP 7 role with
Install Mongo with latest version
Maybe add backup system
Currently output looks more or less like this:
Loaded plugins: fastestmirror\nLoading mirror speeds from cached hostfile\n * base: mirrors.cicku.me\n * epel: mirror.daniel-jost.net\n * extras: mirrors.cicku.me\n * updates: mirrors.cicku.me\nUpdated Packages\ndnsmasq.x86_64 2.66-14.el7_2.1 updates \ngit.x86_64 1.8.3.1-6.el7_2.1 updates \nkernel-devel.x86_64 3.10.0-327.36.1.el7 updates \nkernel-headers.x86_64 3.10.0-327.36.1.el7 updates \nmdadm.x86_6
It needs to be prettier!
Configuration for Opcache should be added to php
role
Create fake repository for GIT to solve issue with perl-git dependencies
Configure mod_ssl and http/2 module in apache
Check configuration with ssltest lab
libselinux-python
package is required for Ansible templating, but it gets autoremoved by yum.yml
task.
There should be option to exclude package from yum autoremove
We need to be able to install NTP service and configure time properly
Make it possible to configure redirects in httpd role (separate virutalhost)
Configure localhost redirect as well
Task is not detecting list of autoremoved packages and available packages to update on some systems that displays text in language different than English.
Nginx role would be nice to have as opposite to Apache
In order to fully support HTTP/2 in Apache we need to update OpenSSL to at least 1.0.2 version. Having latest version will improve security and performance.
Change path to /usr/local/openssl/lib
in git role when configure
Add missing library expat-devel
to httpd dependencies
If you won't use centos role, you probably don't have it installed. It's required for Ansible templating
Add possibility to manage transparent huge pages
We should be able to manage workers for Proxy in VirtualHosts: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html
Each vhost and log directory from httpd should be logrotated
Rotating logs in PHP like error log and slow log would be nice addition
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.