0、架构规划图
1、配置基础环境
2、配置rsync远程备份 "[rsync]"
(1)roles/rsync/tasks/main.yml
# rsync 服务端
# 修改配置文件
echo '
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
[data]
path = /data
' > /etc/rsyncd.conf
# 创建虚拟验证密码文件
echo '
rsync_backup:1
' > /etc/rsync.passwd
chmod 600 /etc/rsync.passwd
# 创建备份目录
mkdir /data
chown www.www /data
# 启动服务并加入开机自启
systemctl start rsyncd
systemctl enable rsyncd
- name: Modify rsync_server configure
template:
src: rsyncd.conf.j2
dest: /etc/rsyncd.conf
notify: Restart rsyncd
- name: Create virtual user_password_file
template:
src: rsync.passwd.j2
dest: /etc/rsync.passwd
mode: '600'
- name: Create backup_directory
file:
path: /data
state: directory
owner: www
group: www
- name: Start rsyncd server
systemd:
name: rsyncd
state: started
enabled: yes
(2)roles/rsync/handlers/main.yml
# 重启rsync服务端,使配置文件生效
systemctl restart rsyncd
- name: Restart rsyncd
systemd:
name: rsyncd
state: restarted
(3)roles/rsync/templates/rsyncd.conf.j2
# 此为rsync虚拟用户的密码验证文件
rsync_backup:1
(4)roles/rsync/templates/rsync.passwd.j2
uid = www
gid = www
port = 873
fake super = yes
use chroot = no
max connections = 200
timeout = 600
ignore errors
read only = false
list = false
auth users = rsync_backup
secrets file = /etc/rsync.passwd
[data]
path = /data
3.配置nfs服务端 "[nfs]"
(1)roles/nfs/tasks/main.yml
# 配置文件中指定共享目录
echo '
/data/zh 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/kod 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/zrlog 172.16.1.0/24(rw,sync,all_squash,anonuid=53,anongid=53)
' > /etc/exports
# 创建共享目录
mkdir /data/{zh,zrlog,kod} -p
chown www.www -R /data
chown tomcat.tomcat -R /data/kod
# 启动服务并加入开机自启
systemctl start nfs
systemctl enable nfs
(2)roles/nfs/handlers/main.yml
# 重启nfs服务端使配置文件生效
systemctl restart nfs
- name: Restart nfs
systemd:
name: nfs
state: restarted
(3)roles/nfs/templates/exports.j2
/data/zh 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/kod 172.16.1.0/24(rw,sync,all_squash,anonuid=666,anongid=666)
/data/zrlog 172.16.1.0/24(rw,sync,all_squash,anonuid=53,anongid=53)
4.布署lsync实时同步 "[nfs]"
(1) roles/lsync/tasks/main.yml
# 安装lsyncd
yum -y install lsyncd
# 配置/etc/lsyncd.conf
echo '
settings {
logfile = "/var/log/lsyncd/lsyncd.log",
statusFile = "/var/log/lsyncd/lsyncd.status",
inotifyMode = "CloseWrite",
maxProcesses = 8,
}
sync {
default.rsync,
source = "/data",
target = "[email protected]::data",
delete= true,
exclude = { ".*" },
delay = 1,
rsync = {
binary = "/usr/bin/rsync",
archive = true,
compress = true,
verbose = true,
password_file = "/etc/rsync.pwd",
_extra = {"--bwlimit=200"}
}
}
' > /etc/lsyncd.conf
# 创建密码验证文件
echo '1' > /etc/rsync.pwd
chmod 600 /etc/rsync.pwd
# 启动服务并加入开机自启
systemctl start lsyncd
systemctl enable lsyncd
- name: Install lsyncd
yum:
name: lsyncd
state: installed
- name: Modiry lsyncd configure
template:
src: lsyncd.conf.j2
dest: /etc/lsyncd.conf
notify: Restart lsyncd
- name: Create virtual_user_password_file
template:
src: rsync.pwd.j2
dest: /etc/rsync.pwd
mode: '600'
- name: Start lsyncd
systemd:
name: lsyncd
state: started
enabled: yes
(2)roles/lsync/handlers/main.yml
# 重启lsync服务,使配置文件生效
systemctl restart lsyncd
- name: Restart lsyncd
systemd:
name: lsyncd
state: restarted
(3)roles/lsymc/templates/lsyncd.conf.j2
# 此内容为lsyncd的配置文件
settings {
logfile = "/var/log/lsyncd/lsyncd.log",
statusFile = "/var/log/lsyncd/lsyncd.status",
inotifyMode = "CloseWrite",
maxProcesses = 8,
}
sync {
default.rsync,
source = "/data",
target = "[email protected]::data",
delete= true,
exclude = { ".*" },
delay = 1,
rsync = {
binary = "/usr/bin/rsync",
archive = true,
compress = true,
verbose = true,
password_file = "/etc/rsync.pwd",
_extra = {"--bwlimit=200"}
}
}
(4)roles/lsync/templates/rsync.pwd.j2
# 此内容为rsync虚拟用户的验证密码
1
5. 布署nginx web服务 "[web] and [nginx-proxy]"
(1) roles/nginx/tasks/main.yml
# 安装nginx
yum install nginx -y
# 修改配置文件
sed -i '/user nginx/c user www ;' /etc/nginx/nginx.conf
# 启动服务并加入开机自启
systemctl start nginx
systemctl enable nginx
- name: Install nginx
yum:
name: nginx
state: installed
- name: Modify start_user
replace:
path: /etc/nginx/nginx.conf
regexp: '^user nginx'
replace: 'user www'
notify: Restart nginx
- name: Start nginx
systemd:
name: nginx
state: started
enabled: yes
(2) roles/nginx/handlers/main.yml
# 重启nginx服务,使配置文件生效
systemctl restart nginx
- name: Restart nginx
systemd:
name: nginx
state: restarted
6. 布署php服务 "[web]"
(1) roles/php/tasks/main.yml
# 安装php及扩展
yum -y install php72w \
php72w-cli \
php72w-fpm \
php72w-common \
php72w-devel \
php72w-embedded \
php72w-gd \
php72w-mbstring \
php72w-mysqlnd \
php72w-opcache \
php72w-pdo \
php72w-xml \
php72w-mysqlnd \
php72w-pecl-memcached \
php72w-pecl-mongodb \
php72w-pecl-redis \
php72w-pecl-zip \
php72w-bcmath
# 修改配置文件
sed -i '/^user =/cuser = www' /etc/php-fpm.d/www.conf
sed -i '/^group =/cgroup = www' /etc/php-fpm.d/www.conf
# 启动服务并加入开机自启
systemctl start php-fpm
systemctl enable php-fpm
- name: Install php and depend
yum:
name: "{{ item }}"
state: installed
loop:
- php72w
- php72w-cli
- php72w-fpm
- php72w-common
- php72w-devel
- php72w-embedded
- php72w-gd
- php72w-mbstring
- php72w-mysqlnd
- php72w-opcache
- php72w-pdo
- php72w-xml
- php72w-mysqlnd
- php72w-pecl-memcached
- php72w-pecl-mongodb
- php72w-pecl-redis
- php72w-pecl-zip
- php72w-bcmath
- name: Modify www.conf
copy:
src: www.conf
dest: /etc/php-fpm.d/www.conf
notify: Restart php
- name: Modify php.ini
copy:
src: php.ini
dest: /etc/php.ini
notify: Restart php
- name: Start php
systemd:
name: php-fpm
state: started
enabled: yes
(2)roles/php/handlers/main.yml
# 重启php使配置文件生效
systemctl restart php-fpm
- name: Restart php
systemd:
name: php-fpm
state: restarted
(3)roles/php/files/php.ini
...
..
.
[Session]
; Handler used to store/retrieve data.
; http://php.net/session.save-handler
session.save_handler = redis
session.save_path = 'tcp://172.16.1.51:6379?weight=1&timeout=2.5'
.
..
...
(4)roles/php/files/www.conf
[www]
user = www
group = www
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
;php_value[session.save_handler] = files
;php_value[session.save_path] = /var/lib/php/session
php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
7.布署mariadb服务 "[mariadb]"
(1)roles/mariadb/tasks/main.yml
# mariadb安装后,默认不需要密码,在此也不设置
# 安装数据库
yum -y install mariadb mariadb-server
# 启动数据库并加入开机自启动
systemctl start mariadb
systemctl enable mariadb
# mariadb数据库内创建zrlog、zh库,并授权用户和主机
create database zrlog;
create database zh;
grant all on zrlog.* to zrlog@'%' identified by '123456';
grant all on zh.* to zh@'%' identified by '123456';
flush privileges;
# 上传zrlog、zh 数据库文件至/tmp目录(过程略)
# 导入zrlog、zh 数据库文件至mariadb数据库中
mysql < zrlog.sql
mysql < zh.sql
- name: Install maridb
yum:
name: "{{ item }}"
state: installed
loop:
- mariadb
- mariadb-server
- name: Start mariadb
systemd:
name: mariadb
state: started
enabled: yes
- name: Create new databases with names 'zrlog' and 'zh'
mysql_db:
name: "{{ item }}"
state: present
loop:
- zrlog
- zh
- name: Create remote user zh and zrlog
mysql_user:
name: "{{ item.name }}"
host: '%'
password: "123456"
priv: "{{ item.priv }}"
state: present
loop:
- { name: zh , priv: 'zh.*:ALL' }
- { name: zrlog , priv: 'zrlog.*:ALL' }
- name: Remote send database_data 'zh.sql and zrlog.sql'
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
loop:
- { src: zh.sql.j2 , dest: /tmp/zh.sql }
- { src: zrlog.sql.j2 , dest: /tmp/zrlog.sql }
- name: Restore database
mysql_db:
name: "{{ item.name }}"
state: import
target: "{{ item.target }}"
loop:
- { name: zh , target: /tmp/zh.sql }
- { name: zrlog , target: /tmp/zrlog.sql }
(2)roles/mariadb/files/
zh.sql.j2
zrlog.sql.j2
8.布署redis服务
(1)roles/redis/tasks/main.yml
`# 安装redis
yum -y install redis
`# 配置redis服务
sed -i '/bind 127.0.0.1/cbind 127.0.0.1 172.16.1.51' /etc/redis.conf
`# 启动服务并加入自启动
systemctl start redis
systemctl enable redis
- name: Install redis
yum:
name: redis
state: installed
- name: Configure redis
replace:
path: /etc/redis.conf
regexp: '^# bind 127.0.0.1$'
replace: 'bind 127.0.0.1 172.16.1.51'
notify: Restart redis
- name: Start redis
systemd:
name: redis
state: started
enabled: yes
(2)roles/redis/handlers/main.yml
# 重启redis服务,使配置文件生效
systemctl restart redis
- name: Restart redis
systemd:
name: redis
state: restarted
9.布署keepalivd高可用服务 "[keepalivd]"
(1)roles/keepalivd/tasks/main.yml
# nopreempt不抢占,只有在主备都是backup模式时才生效;
# 安装keepalived
yum -y install keepalived
# 编辑nginx监控脚本(Master and Backup)
mkdir /scripts
echo '
#!/bin/bash
if ! ss -lntup |grep nginx &> /dev/null;then
systemctl stop keepalived
fi
' > /scripts/montoring_nginx.sh
chmod o+x /scripts/montoring_nginx.sh
# 配置keepalived (Master端)
echo '
global_defs {
router_id 10.0.0.5
}
vrrp_script check_web {
script "/scripts/montoring_nginx.sh"
interval 5
weight 2
}
vrrp_instance VIP_1 {
state BACKUP
interface eth0
lvs_sync_daemon_inteface eth0
virtual_router_id 152
priority 100
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 lavel eth0:1
}
track_script {
check_web
}
}
' > /etc/keepalived/keepalived.conf
# 配置keepalived (backup端)
echo '
global_defs {
router_id 10.0.0.6
}
vrrp_script check_web {
script "/scripts/montoring_nginx.sh"
interval 5
weight 2
}
vrrp_instance VIP_1 {
state BACKUP
interface eth0
lvs_sync_daemon_inteface eth0
virtual_router_id 152
priority 90
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 lavel eth0:1
}
track_script {
check_web
}
}
' > /etc/keepalived/keepalived.conf
# 启动服务并加入自启动 (Master and Backup)
systemctl start keepalived
systemctl enable keepalived
- name: Install keepalived
yum:
name: keepalived
state: installed
- name: Create scripts directory
file:
path: /scripts
state: directory
- name: Remote pull script file
copy:
src: montoring_nginx.sh
dest: /scripts/montoring_nginx.sh
mode: 777
- name: Edit keepalived configure
template:
src: keepalived.conf.j2
dest: /etc/keepalived/keepalived.conf
notify: Restart keepalived
- name: Start keepalived
systemd:
name: keepalived
state: started
enabled: yes
(2)roles/keepalived/handlers/main.yml
# 重启服务,使配置生效
systemctl restart keepalived
- name: Restart keepalived
systemd:
name: keepalived
state: restarted
(3)roles/keepalived/files/montoring_nginx.sh
#!/bin/bash
if ! ss -lntup |grep nginx &> /dev/null;then
systemctl stop keepalived
fi
(4)roles/keepalived/templates/keepalived.conf.j2
global_defs {
router_id {{ ansible_hostname }}
}
vrrp_script check_web {
script "/scripts/montoring_nginx.sh"
interval 5
weight 2
}
vrrp_instance VIP_1 {
{% if ansible_hostname == "nginx_proxy1" %}
priority 100
{% elif ansible_hostname == "nginx_proxy2" %}
priority 90
{% endif %}
state BACKUP
interface eth0
lvs_sync_daemon_inteface eth0
virtual_router_id 152
nopreempt
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
10.0.0.3/24 dev eth0 lavel eth0:1
}
track_script {
check_web
}
}
10.布署tomcat服务 "[tomcat]"
(1) roles/tomcat/tasks/main.yml
# 安装tomcat (web1 web2 web3)
yum -y install tomcat
# 修改配置文件使站点目录支持软连接
sed -i '/^/c' /etc/tomcat/context.xml
# 启动服务并加入自启动
systemctl start tomcat
systemctl enable tomcat
- name: Install tomcat
yum:
name: tomcat
state: installed
- name: Modify tomcat configure on context.xml
replace
path: /etc/tomcat/context.xml
regexp: '/^'
replace: '/'
notify: Restart tomcat
- name: Start tomcat
systemd:
name: tomcat
state: started
enabled: yes
(2)roles/tomcat/tasks/main.yml
# 重启服务,使配置文件生效
systemctl restart tomcat
- name: Restart tomcat
systemd:
name: tomcat
state: restarted
11.配置chronyd时间同步服务
(1)服务端,手动配置
`# 编辑chrony时间同步服务端配置文件,指定可以进行时间同步的网段
sed -i '/^#allow 192/aallow 172.16.1.0/24' /etc/chrony.conf
`# 启动服务并加入自启动
systemctl start chronyd
systemctl enable chronyd
(2)客户端批量执行,roles/chrony/tasks/main.yml
`# 指定时间同步服务端
sed -i '/server [0-3]./s/^//g' /etc/chrony.conf
sed -i '/#server 3./aserver 172.16.1.41 iburst' /etc/chrony.conf
`# 启动服务并加入自启动
systemctl start chronyd
systemctl enable chronyd
- name: Edit chrony_server configure
copy:
src: chrony.conf
dest: /etc/chrony.conf
notify: Restart chronyd
- name: Start chrony
systemd:
name: chronyd
state: started
enabled: yes
(3)客户端批量执行,roles/chrony/hanlers/main.yml
# 重启chronyd使配置生效
systemctl restart chronyd
- name: Restart chronyd
systemd:
name: chronyd
state: restarted
(3)客户端批量执行,roles/chrony/files/
chrony.conf
12.布署kodcloud 服务 "[web]"
(1)roles/kodcloud/tasks/main.yml
`# 创建虚拟主机
echo '
server {
listen 80;
server_name kod.imscz.com;
root /code/kod;
location / {
index index.php index.html;
}
location ~ .*\.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
#fastcgi_param HTTPS on;
}
}
' > /etc/nginx/conf.d/kod.imscz.com.conf
`# 创建站点目录
mkdir /code/kod -p
`# 上传可道云源码至站点目录
cd /code/kod
sz...略
tar -xzvf kod.tar.gz
chown www.www -R /code/kod
`# 重启nginx服务
systemctl restart nginx
- name: Create kod virtual hosts
copy:
src: kod.imscz.com.conf
dest: /etc/nginx/conf.d/kod.imscz.com.conf
- name: Create site directory
file:
path: /code/kod
state: directory
recurse: yes
owner: www
group: www
- name: Upload kod source_code
unarchive:
src: kod.tar.gz
dest: /code/kod
owner: www
group: www
- name: Create nfs_mount_directory
file:
path: /mnt/kod
state: directory
owner: www
group: www
recurse: yes
- name: Mount nfs_share_directory to local_mount_directory
mount:
src: 172.16.1.31:/data/kod
path: /mnt/kod
fstype: nfs
state: mounted
- name: Restart nginx
systemd:
name: nginx
state: restarted
(2)roles/kodcloud/files/
# 虚拟主机配置文件
kod.imscz.com.conf
# 可道云源码布署压缩包,此包为提前部署好的源码进行压缩而成
kod.tar.gz
13.部署WeCenter服务 "[web]"
(1)roles/WeCenter/tasks/main.yml
echo '
server {
listen 80;
server_name zh.imscz.com;
root /code/zh;
client_max_body_size 20M;
location / {
index index.php index.html;
}
location ~ .*\.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
#fastcgi_param HTTPS on;
}
}
' > /etc/nginx/conf.d/zh.imscz.com.conf
# 创建站点目录
mkdir /code/zh -p
# 上传知乎源码至站点目录
cd /code/zh
sz...略
tar -xzvf zh.tar.gz
chown www.www -R /code/zh
# 创建zh的nfs共享挂载目录
mkdir /mnt/zh
# 挂载zh的nfs共享目录
mount -t nfs 172.16.1.31:/data/zh /mnt/zh
# 重启nginx服务
systemctl restart nginx
- name: Create WeCenter virtual host
copy:
src: zh.imscz.com.conf
dest: /etc/nginx/conf.d/zh.imscz.com.conf
- name: Create zh site_directory
file:
path: /code/zh
state: directory
owner: www
group: www
recurse: yes
- name: Uplod zh_source_code
unarchive:
src: zh.tar.gz
dest: /code/zh
owner: www
group: www
- name: Create zh_mount_directory
file:
path: /mnt/zh
state: directory
owner: www
group: www
recurse: yes
- name: Remote mount nfs_share_directory to zh_mount_directory
mount:
src: 172.16.1.31:/data/zh
path: /mnt/zh
fstype: nfs
state: mounted
- name: Restart nginx
systemd:
name: nginx
state: retarted
(2)roles/WeCenter/files/
zh.imscz.com.conf
zh.tar.gz
14.部署zrlog服务 "[web]"
(1)roles/zrlog/tasks/main.yml
# 上传源码包至tomcat站点目录,并解压
cd /usr/share/tomcat/webapps
sz...略
tar -xzvf zrlog.tar.gz
chown tomcat.tomcat . -R
# 重启服务
systemctl restart tomcat
- name: Upload zrlog_source to tomcat
unarchive:
src: zrlog.tar.gz
dest: /usr/share/tomcat/webapps
owner: tomcat
group: tomcat
- name: Create zrlog_mount_directory
file:
path: /mnt/zrlog
state: directory
owner: tomcat
group: tomcat
recurse: yes
- name: Mount nfs_share_directory to zrlog_mount_directory
mount:
src: 172.16.1.31:/data/zrlog
path: /mnt/zrlog
fstype: nfs
state: mounted
- name: Restart tomcat
systemd:
name: tomcat
state: restarted
15.配置nginx-proxy负载均衡 "[nginx-proxy]"
(1)roles/nginx-proxy/tasks/main.yml
`# 自定义传输请求头信息的参数文件
echo '
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_connect_timeout 30;
proxy_send_timeout 60;
proxy_read_timeout 60;
proxy_buffering on;
proxy_buffer_size 32k;
proxy_buffers 4 128k;
' > /etc/nginx/proxy_params
`# 创建测试https协议密钥文件
mkdir /etc/nginx/ssl_key
cd /etc/nginx/ssl_key/
openssl req -nodes -newkey rsa:2048 -keyout server.key -out server.csr -subj "/C=/ST=/L=/O=/OU=/CN=IMSCZ"
openssl x509 -req -sha256 -days 36500 -in server.csr -signkey server.key -out server.crt
`# 创建负载均衡后端代理文件 (kod)
echo '
upstream http_kod {
server 172.16.1.7:80;
}
server {
listen 443 ssl;
server_name kod.imscz.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
charset utf8;
location / {
proxy_pass http://http_kod;
include proxy_params;
}
}
server {
listen 80;
server_name kod.imscz.com;
return 302 https://$http_host$request_uri;
}
' > /etc/nginx/conf.d/kod.imscz.com
`# 创建负载均衡后端代理文件 (zh)
echo '
upstream http_zh {
server 172.16.1.7:80;
}
server {
listen 443 ssl;
server_name zh.imscz.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
charset utf8;
location / {
proxy_pass http://http_zh;
include proxy_params;
}
}
server {
listen 80;
server_name zh.imscz.com;
return 302 https://$http_host$request_uri;
}
' > /etc/nginx/conf.d/zh.imscz.com
`# 创建负载均衡后端代理文件 (zh)
echo '
upstream http_zrlog {
server 172.16.1.7:8080;
}
server {
listen 443 ssl;
server_name zrlog.imscz.com;
ssl_certificate ssl_key/server.crt;
ssl_certificate_key ssl_key/server.key;
charset utf8;
location / {
proxy_pass http://http_zrlog;
include proxy_params;
}
}
server {
listen 80;
server_name zrlog.imscz.com;
return 302 https://$http_host$request_uri;
}
' > /etc/nginx/conf.d/zrlog.imscz.com
- name: Create require_head proxy_params file
copy:
src: proxy_params
dest: /etc/nginx/proxy_params
- name: Create ssl_key directory
file:
path: /etc/nginx/ssl_key
state: directory
- name: Remote send server.crt of ssl_key
copy:
src: server.crt
dest: /etc/nginx/ssl_key/server.crt
- name: Remote send server.key of ssl_key
copy:
src: server.key
dest: /etc/nginx/ssl_key/server.key
- name: Create lb virtual_hosts of ( kod zh zrlog )
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
loop:
- { src: kod.oldxu.com.conf , dest: /etc/nginx/conf.d/kod.cldxu.com.conf }
- { src: zh.oldxu.com.conf , dest: /etc/nginx/conf.d/zh.cldxu.com.conf }
- { src: zrlog.oldxu.com.conf , dest: /etc/nginx/conf.d/zrlog.cldxu.com.conf }
- name: Restart nginx
systemd:
name: nginx
state: restarted
(2)roles/nginx-proxy/files/
proxy_params
server.crt
server.key
zh.oldxu.com.conf
kod.oldxu.com.conf
zrlog.oldxu.com.conf