From 73d2ecfe66ae5db1e0553ee588af48503da0dedc Mon Sep 17 00:00:00 2001 From: morepudding Date: Wed, 10 Dec 2025 21:26:29 +0100 Subject: [PATCH] Fix: utiliser nginx-app-legacy pour reverse proxy vers Bricoloc --- playbook.yml | 98 +++++++++++++++++++++++----- templates/bricoloc-legacy.service.j2 | 15 +++++ templates/nginx-app-legacy.conf.j2 | 33 ++++++++++ 3 files changed, 130 insertions(+), 16 deletions(-) create mode 100644 templates/bricoloc-legacy.service.j2 create mode 100644 templates/nginx-app-legacy.conf.j2 diff --git a/playbook.yml b/playbook.yml index ed9b785..14023f8 100644 --- a/playbook.yml +++ b/playbook.yml @@ -14,6 +14,17 @@ name: nginx state: present + - name: Installer Node.js et npm + apt: + name: + - nodejs + - npm + state: present + + - name: Installer pnpm globalement + command: npm install -g pnpm + changed_when: false + - name: Installer apache2-utils pour htpasswd apt: name: apache2-utils @@ -86,13 +97,28 @@ name: nginx state: started enabled: yes - - - name: Déployer la configuration Nginx avec authentification + # Config Nginx supprimée - on utilise uniquement nginx-app-legacy.conf.j2 + # qui fait le reverse proxy vers l'app Node.js + + - name: Déployer la configuration Nginx pour l'app legacy template: - src: templates/nginx-auth.conf.j2 + src: templates/nginx-app-legacy.conf.j2 dest: /etc/nginx/sites-available/defder notify: Recharger Nginx + - name: Déployer le service systemd pour l'app legacy + template: + src: templates/bricoloc-legacy.service.j2 + dest: /etc/systemd/system/bricoloc-legacy.service + notify: Redémarrer l'app legacy + + - name: Activer et démarrer le service legacy + systemd: + name: bricoloc-legacy + state: started + enabled: yes + daemon_reload: yes + - name: Activer le site file: src: /etc/nginx/sites-available/defder @@ -124,27 +150,62 @@ - name: Créer le dossier du site web file: - path: /var/www/html + path: /var/www/apps state: directory owner: www-data group: www-data mode: '0755' - - name: Déployer la page HTML - template: - src: files/index.html - dest: /var/www/html/index.html + - name: Créer le dossier .local pour pnpm + file: + path: /var/www/.local/share/pnpm + state: directory owner: www-data group: www-data - mode: '0644' - - - name: Déployer le fichier CSS - copy: - src: files/style.css - dest: /var/www/html/style.css + mode: '0755' + recurse: yes + + - name: Déployer l'app depuis le repo local + synchronize: + src: app/bricolociaac/ + dest: /var/www/apps/bricolociaac/ + delete: yes + rsync_opts: + - "--exclude=node_modules" + - "--exclude=.git" + + - name: Définir les permissions sur les fichiers déployés + file: + path: /var/www/apps/bricolociaac owner: www-data group: www-data - mode: '0644' + recurse: yes + + - name: Installer les dépendances du projet + shell: | + cd /var/www/apps/bricolociaac + pnpm install --frozen-lockfile || pnpm install + environment: + NODE_ENV: production + PNPM_HOME: /var/www/.local/share/pnpm + timeout: 600 + + - name: Installer les dépendances de l'app legacy spécifiquement + shell: | + cd /var/www/apps/bricolociaac + pnpm install --filter legacy --frozen-lockfile || pnpm install --filter legacy + environment: + NODE_ENV: production + PNPM_HOME: /var/www/.local/share/pnpm + timeout: 600 + + - name: Builder l'app legacy + command: pnpm build:legacy + args: + chdir: /var/www/apps/bricolociaac + environment: + NODE_ENV: production + PNPM_HOME: /var/www/.local/share/pnpm - name: Afficher l'URL d'accès debug: @@ -159,4 +220,9 @@ - name: Recharger Nginx systemd: name: nginx - state: reloaded \ No newline at end of file + state: reloaded + + - name: Redémarrer l'app legacy + systemd: + name: bricoloc-legacy + state: restarted \ No newline at end of file diff --git a/templates/bricoloc-legacy.service.j2 b/templates/bricoloc-legacy.service.j2 new file mode 100644 index 0000000..abcc879 --- /dev/null +++ b/templates/bricoloc-legacy.service.j2 @@ -0,0 +1,15 @@ +[Unit] +Description=Bricoloc Legacy App +After=network.target + +[Service] +Type=simple +User=www-data +WorkingDirectory=/var/www/apps/bricolociaac/apps/legacy-app +Environment="NODE_ENV=production" +ExecStart=/usr/bin/node src/server.js +Restart=on-failure +RestartSec=10 + +[Install] +WantedBy=multi-user.target diff --git a/templates/nginx-app-legacy.conf.j2 b/templates/nginx-app-legacy.conf.j2 new file mode 100644 index 0000000..5e0e9b2 --- /dev/null +++ b/templates/nginx-app-legacy.conf.j2 @@ -0,0 +1,33 @@ +server { + listen 80; + server_name defder.fr; + + # Redirection HTTP vers HTTPS + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl; + server_name defder.fr; + + # Certificats SSL (générés par Certbot) + ssl_certificate /etc/letsencrypt/live/defder.fr/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/defder.fr/privkey.pem; + + # AUTHENTIFICATION + auth_basic "Zone protégée - Connexion requise"; + auth_basic_user_file /etc/nginx/.htpasswd; + + # Reverse proxy vers l'app legacy (port 3000) + location / { + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_cache_bypass $http_upgrade; + } +}