1 FTP操作
1.1 修改配置文件
[root@localhost nginx]# cat /data/ftp/pub/ng-conf/readme.txt
#创建一个域名文件
#文件内容如下
#需要反代的完整的域名
domain:ceshi.smvic.com
#需要反代的主机的IP
IP:1.1.1.1
#需要反代的主机的端口
port:8080
#nginx的端口默认为80或443
nginx-port:80
#内网反代 1 公网反代 2
nginx:2
[root@localhost nginx]#
1.2 FTP上传文件
FTPserver:172.X.X.X
User:pythonX
Passwd:123asdX
将域名的配置文件上传到/pub/ng-conf/目录下、如果要使用HTTPS,还需要将证书文件解压后上传到/pub/ng-conf/cert/目录下。
2.yml脚本
[root@localhost ansible]# cat httpnginx.yml
---
- hosts: zhuji
remote_user: root
gather_facts: false
tasks:
- name: "上传文件"
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: 644
with_items:
- {src: "/etc/ansible/resource/nginx/linshi.conf", dest: "/etc/nginx/conf.d/"}
- name: "重启服务"
service:
name: nginx.service
state: restarted
[root@localhost ansible]# cat httpsnginx.yml
---
- hosts: zhuji
remote_user: root
gather_facts: false
tasks:
- name: "上传文件"
copy:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: 644
with_items:
- {src: "/etc/ansible/resource/nginx/linshi.conf", dest: "/etc/nginx/conf.d/"}
- {src: "/data/ftp/pub/ng-conf/cert/sslpem.pem", dest: "/etc/nginx/conf.d/cert/"}
- {src: "/data/ftp/pub/ng-conf/cert/sslkey.key", dest: "/etc/nginx/conf.d/cert/"}
- name: "重启服务"
service:
name: nginx.service
state: restarted
[root@localhost ansible]#
3. shell脚本
#!/bin/bash
echo "提取参数中"
i=1
for line in `cat /data/ftp/pub/ng-conf/*.smvic.com.cn | grep ^[^#]`
do
arr[$i]="${line#*:}"
echo ${arr[$i]}
let i++
done
j=1
for line in `ls /data/ftp/pub/ng-conf/cert/`
do
ary[$j]="${line%\.*}"
echo ${ary[$j]}
let j++
done
echo "*******配置*********"
if [ ${arr[5]} -eq 2 ]&&[ ${arr[4]} -eq 443 ] ; then
echo "修改DMZnginx"
echo "修改HTTPS443"
cp https.conf ${arr[1]%%\.*}.conf
sed -i "s/app/${arr[1]%%\.*}/g" ${arr[1]%%\.*}.conf
sed -i "s/ip/${arr[2]}/g" ${arr[1]%%\.*}.conf
sed -i "s/port/${arr[3]}/g" ${arr[1]%%\.*}.conf
sed -i "s/domain/${arr[1]}/g" ${arr[1]%%\.*}.conf
sed -i "s/sslkey/${ary[1]}/g" ${arr[1]%%\.*}.conf
sed -i "s/sslpem/${ary[1]}/g" ${arr[1]%%\.*}.conf
echo "修改yml文件"
echo "执行yml443"
cp /etc/ansible/httpsnginx.yml /etc/ansible/${arr[1]%%\.*}-nginx.yml
sed -i "s/zhuji/DMZNGINX/g" /etc/ansible/${arr[1]%%\.*}-nginx.yml
sed -i "s/linshi.conf/${arr[1]%%\.*}.conf/g" /etc/ansible/${arr[1]%%\.*}-nginx.yml
sed -i "s/sslkey/${ary[1]}/g" /etc/ansible/${arr[1]%%\.*}-nginx.yml
sed -i "s/sslpem/${ary[1]}/g" /etc/ansible/${arr[1]%%\.*}-nginx.yml
elif [ ${arr[5]} -eq 2 ]&&[ ${arr[4]} -eq 80 ] ; then
echo "修改DMZnginx"
echo "修改HTTP80"
cp http.conf ${arr[1]%%\.*}.conf
sed -i "s/app/${arr[1]%%\.*}/g" ${arr[1]%%\.*}.conf
sed -i "s/ip/${arr[2]}/g" ${arr[1]%%\.*}.conf
sed -i "s/port/${arr[3]}/g" ${arr[1]%%\.*}.conf
sed -i "s/domain/${arr[1]}/g" ${arr[1]%%\.*}.conf
echo "修改yml文件"
echo "执行yml80"
cp /etc/ansible/httpnginx.yml /etc/ansible/${arr[1]%%\.*}-nginx.yml
sed -i "s/zhuji/DMZNGINX/g" /etc/ansible/${arr[1]%%\.*}-nginx.yml
sed -i "s/linshi.conf/${arr[1]%%\.*}.conf/g" /etc/ansible/${arr[1]%%\.*}-nginx.yml
elif [ ${arr[5]} -eq 1 ]&&[ ${arr[4]} -eq 443 ] ; then
echo "修改nginx"
echo "修改HTTPS443"
cp https.conf ${arr[1]%%\.*}.conf
sed -i "s/app/${arr[1]%%\.*}/g" ${arr[1]%%\.*}.conf
sed -i "s/ip/${arr[2]}/g" ${arr[1]%%\.*}.conf
sed -i "s/port/${arr[3]}/g" ${arr[1]%%\.*}.conf
sed -i "s/domain/${arr[1]}/g" ${arr[1]%%\.*}.conf
sed -i "s/sslkey/${ary[1]}/g" ${arr[1]%%\.*}.conf
sed -i "s/sslpem/${ary[1]}/g" ${arr[1]%%\.*}.conf
echo "修改yml文件"
echo "执行yml443"
cp /etc/ansible/httpsnginx.yml /etc/ansible/${arr[1]%%\.*}-nginx.yml
sed -i "s/zhuji/DMZNGINX/g" /etc/ansible/${arr[1]%%\.*}-nginx.yml
sed -i "s/linshi.conf/${arr[1]%%\.*}.conf/g" /etc/ansible/${arr[1]%%\.*}-nginx.yml
sed -i "s/sslkey/${ary[1]}/g" /etc/ansible/${arr[1]%%\.*}-nginx.yml
sed -i "s/sslpem/${ary[1]}/g" /etc/ansible/${arr[1]%%\.*}-nginx.ymlelse
else
echo "修改nginx"
echo "修改HTTP80"
cp http.conf ${arr[1]%%\.*}.conf
sed -i "s/app/${arr[1]%%\.*}/g" ${arr[1]%%\.*}.conf
sed -i "s/ip/${arr[2]}/g" ${arr[1]%%\.*}.conf
sed -i "s/port/${arr[3]}/g" ${arr[1]%%\.*}.conf
sed -i "s/domain/${arr[1]}/g" ${arr[1]%%\.*}.conf
echo "修改yml文件"
echo "执行yml80"
cp /etc/ansible/httpnginx.yml /etc/ansible/${arr[1]%%\.*}-nginx.yml
sed -i "s/zhuji/NGINX/g" /etc/ansible/${arr[1]%%\.*}-nginx.yml
sed -i "s/linshi.conf/${arr[1]%%\.*}.conf/g" /etc/ansible/${arr[1]%%\.*}-nginx.yml
fi
echo "*******配置*********"
ansible-playbook /etc/ansible/${arr[1]%%\.*}-nginx.yml
echo "删除文件"
rm -rf /etc/ansible/${arr[1]%%\.*}-nginx.yml
rm -rf ${arr[1]%%\.*}.conf
rm -rf /data/ftp/pub/ng-conf/*.smvic.com.cn
rm -rf /data/ftp/pub/ng-conf/cert/*
4. 定时任务
crontab -e
0 22 1 8 * root /etc/ansible/resource/nginx/config.sh
#8月1号22点执行脚本 时间自己修改就行