mod_pagespeed #5

config.cfg

@@ -5,17 +5,22 @@ easyrsa_ca_expire: 3650
 easyrsa_cert_expire: 3650
 easyrsa_p12_export_password: vpn
 
-# if True re-init all existing certificates.
+# If True re-init all existing certificates. (True or False)
-easyrsa_reinit_existent: True
+easyrsa_reinit_existent: False
 
+vpn_network: 10.19.48.0/24
+vpn_network_ipv6: 'fd9d:bc11:4021:69ce::/64'
+server_name: "{{ ansible_ssh_host }}"
+
+# Enable this variable if you want to use a local DNS resolver to block ads while surfing. (True or False)
+service_dns: True
+
+# If you don't want to use a local DNS resolver (option `service_dns`) you need to define DNS servers in this list. 
 dns_servers:
   - 8.8.8.8
   - 8.8.4.4
   - 2001:4860:4860::8888
   - 2001:4860:4860::8844
-vpn_network: 10.19.48.0/24
-vpn_network_ipv6: 'fd9d:bc11:4021:69ce::/64'
-server_name: "{{ ansible_ssh_host }}"
 
 users:
   - mr.smith

digitalocean.yml

@@ -46,11 +46,6 @@
     prompt: "Name the vpn server:\n"
     default: "algo.local"
     private: no
-    
-  - name: "service_dns"
-    prompt: "Do you want to use a local DNS resolver to block ads while surfing? (Y or N)"
-    default: "Y"
-    private: no    
 
   tasks:
   - name: "Getting your SSH key ID on Digital Ocean..."

features.yml

@@ -2,7 +2,6 @@
 
 - name: Other features
   hosts: vpn-host
-  gather_facts: false
   become: true
   vars_files:
     - config.cfg    
@@ -17,7 +16,7 @@
   - name: Loopback is running
     shell: ifdown lo:100 && ifup lo:100
     
-  # Privoxy 
+  #Privoxy 
   
   - name: Install privoxy
     apt: name=privoxy state=latest
@@ -38,6 +37,46 @@
   - name: Privoxy enabled and started
     service: name=privoxy state=started enabled=yes
     
+  # PageSpeed
+  
+  - name: Apache installed
+    apt: name=apache2 state=latest
+    
+  - name: PageSpeed installed for x86_64
+    apt: deb=https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb
+    when: ansible_architecture == "x86_64"
+    
+  - name: PageSpeed installed for i386
+    apt: deb=https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_i386.deb
+    when: ansible_architecture != "x86_64"    
+    
+  - name: PageSpeed configured
+    template: src=pagespeed.conf.j2 dest=/etc/apache2/mods-available/pagespeed.conf
+    notify:
+    - restart apache2 
+    
+  - name: Modules enabled
+    apache2_module: state=present name="{{ item }}"
+    with_items:
+      - proxy_http
+      - pagespeed
+      - cache
+      - proxy_connect
+      - proxy_html
+      - rewrite
+    notify:
+    - restart apache2
+    
+  - name: VirtualHost configured for the PageSpeed module
+    template: src=000-default.conf.j2 dest=/etc/apache2/sites-enabled/000-default.conf
+    notify:
+    - restart apache2      
+    
+  - name: Apache ports configured
+    template: src=ports.conf.j2 dest=/etc/apache2/ports.conf
+    notify:
+    - restart apache2  
+    
   # DNS 
   
   - name: Install dnsmasq
@@ -58,13 +97,16 @@
     
   - name: Adblock script created
     copy: src=templates/adblock.sh dest=/opt/adblock.sh owner=root group=root mode=755
+    when: service_dns is defined and service_dns == "True"
     
   - name: Adblock script added to cron
     cron: name="Adblock hosts update" minute="10" hour="2" job="/opt/adblock.sh"
+    when: service_dns is defined and service_dns == "True"
 
   - name: Update adblock hosts
     shell: >
       /opt/adblock.sh
+    when: service_dns is defined and service_dns == "True"
       
   - name: Forward all DNS requests to the local resolver
     iptables: 
@@ -77,7 +119,7 @@
       to_destination: 172.16.0.1:53
     notify:
     - save iptables
-    when: service_dns is defined and service_dns == "Y" # TODO: service_dns is not defined, because the variable in vars_prompt
+    when: service_dns is defined and service_dns == "True"
     
   - name: Forward all DNS requests to the local resolver
     iptables: 
@@ -91,15 +133,15 @@
       ip_version: ipv6
     notify:
     - save iptables
-    when: service_dns is defined and service_dns == "Y"    
+    when: service_dns is defined and service_dns == "True"    
     
   - name: Dnsmasq enabled and started
     service: name=dnsmasq state=started enabled=yes
-    when: service_dns is defined and service_dns == "Y"
+    when: service_dns is defined and service_dns == "True"
     
   - name: Dnsmasq disabled and stopped
     service: name=dnsmasq state=stopped enabled=no
-    when: service_dns is defined and service_dns == "N"      
+    when: service_dns is defined and service_dns == "False"      
     
   handlers:
     - name: restart privoxy
@@ -109,10 +151,10 @@
       service: name=dnsmasq state=restarted      
       
     - name: restart apparmor
-      service: name=apparmor state=restarted      
+      service: name=apparmor state=restarted
+      
+    - name: restart apache2
+      service: name=apache2 state=restarted       
       
     - name: save iptables
-      command: service netfilter-persistent save      
+      command: service netfilter-persistent save 
-      
-      
-    

inventory_users

@@ -1 +1,2 @@
 [user-management]
+37.139.0.99

templates/000-default.conf.j2

@@ -0,0 +1,11 @@
+<VirtualHost *:*>
+    <Proxy *>
+            Order deny,allow
+            Allow from all
+    </Proxy>
+    RewriteEngine On
+    RewriteRule ^(.*)$ http://%{HTTP_HOST}$1 [NC,P]
+    ProxyPass            /  http://$1
+    ProxyPassReverse     /  http://$1
+    ProxyPreserveHost On
+</VirtualHost>

templates/pagespeed.conf.j2

@@ -0,0 +1,369 @@
+<IfModule pagespeed_module>
+    # Turn on mod_pagespeed. To completely disable mod_pagespeed, you
+    # can set this to "off".
+    ModPagespeed on
+
+    # We want VHosts to inherit global configuration.
+    # If this is not included, they'll be independent (except for inherently
+    # global options), at least for backwards compatibility.
+    ModPagespeedInheritVHostConfig on
+
+    # Direct Apache to send all HTML output to the mod_pagespeed
+    # output handler.
+    AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html
+
+    # If you want mod_pagespeed process XHTML as well, please uncomment this
+    # line.
+    # AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER application/xhtml+xml
+
+    # The ModPagespeedFileCachePath directory must exist and be writable
+    # by the apache user (as specified by the User directive).
+    ModPagespeedFileCachePath            "/var/cache/mod_pagespeed/"
+
+    # LogDir is needed to store various logs, including the statistics log
+    # required for the console.
+    ModPagespeedLogDir "/var/log/pagespeed"
+
+    # The locations of SSL Certificates is distribution-dependent.
+    ModPagespeedSslCertDirectory "/etc/ssl/certs"
+    
+
+    # If you want, you can use one or more memcached servers as the store for
+    # the mod_pagespeed cache.
+    # ModPagespeedMemcachedServers localhost:11211
+
+    # A portion of the cache can be kept in memory only, to reduce load on disk
+    # (or memcached) from many small files.
+    # ModPagespeedCreateSharedMemoryMetadataCache "/var/cache/mod_pagespeed/" 51200
+
+    # Override the mod_pagespeed 'rewrite level'. The default level
+    # "CoreFilters" uses a set of rewrite filters that are generally
+    # safe for most web pages. Most sites should not need to change
+    # this value and can instead fine-tune the configuration using the
+    # ModPagespeedDisableFilters and ModPagespeedEnableFilters
+    # directives, below. Valid values for ModPagespeedRewriteLevel are
+    # PassThrough, CoreFilters and TestingCoreFilters.
+    #
+    ModPagespeedRewriteLevel  CoreFilters
+    
+    ModPagespeedEnableFilters combine_heads
+    ModPagespeedEnableFilters combine_javascript
+    ModPagespeedEnableFilters convert_jpeg_to_webp
+    ModPagespeedEnableFilters convert_png_to_jpeg
+    ModPagespeedEnableFilters inline_preview_images
+    ModPagespeedEnableFilters make_google_analytics_async
+    ModPagespeedEnableFilters move_css_above_scripts
+    ModPagespeedEnableFilters move_css_to_head
+    ModPagespeedEnableFilters resize_mobile_images
+    ModPagespeedEnableFilters sprite_images
+
+    ModPagespeedEnableFilters defer_iframe
+    ModPagespeedEnableFilters defer_javascript
+    ModPagespeedEnableFilters lazyload_images
+
+    # Explicitly disables specific filters. This is useful in
+    # conjuction with ModPagespeedRewriteLevel. For instance, if one
+    # of the filters in the CoreFilters needs to be disabled for a
+    # site, that filter can be added to
+    # ModPagespeedDisableFilters. This directive contains a
+    # comma-separated list of filter names, and can be repeated.
+    #
+    # ModPagespeedDisableFilters rewrite_images
+
+    # Explicitly enables specific filters. This is useful in
+    # conjuction with ModPagespeedRewriteLevel. For instance, filters
+    # not included in the CoreFilters may be enabled using this
+    # directive. This directive contains a comma-separated list of
+    # filter names, and can be repeated.
+    #
+    # ModPagespeedEnableFilters rewrite_javascript,rewrite_css
+    # ModPagespeedEnableFilters collapse_whitespace,elide_attributes
+
+    # Explicitly forbids the enabling of specific filters using either query
+    # parameters or request headers. This is useful, for example, when we do
+    # not want the filter to run for performance or security reasons. This
+    # directive contains a comma-separated list of filter names, and can be
+    # repeated.
+    #
+    # ModPagespeedForbidFilters rewrite_images
+
+    # How long mod_pagespeed will wait to return an optimized resource
+    # (per flush window) on first request before giving up and returning the
+    # original (unoptimized) resource. After this deadline is exceeded the
+    # original resource is returned and the optimization is pushed to the
+    # background to be completed for future requests. Increasing this value will
+    # increase page latency, but might reduce load time (for instance on a
+    # bandwidth-constrained link where it's worth waiting for image
+    # compression to complete). If the value is less than or equal to zero
+    # mod_pagespeed will wait indefinitely for the rewrite to complete before
+    # returning.
+    #
+    # ModPagespeedRewriteDeadlinePerFlushMs 10
+
+    # ModPagespeedDomain
+    # authorizes rewriting of JS, CSS, and Image files found in this
+    # domain. By default only resources with the same origin as the
+    # HTML file are rewritten. For example:
+    #
+    ModPagespeedDomain *
+    #
+    # This will allow resources found on http://cdn.myhost.com to be
+    # rewritten in addition to those in the same domain as the HTML.
+    #
+    # Other domain-related directives (like ModPagespeedMapRewriteDomain
+    # and ModPagespeedMapOriginDomain) can also authorize domains.
+    #
+    # Wildcards (* and ?) are allowed in the domain specification. Be
+    # careful when using them as if you rewrite domains that do not
+    # send you traffic, then the site receiving the traffic will not
+    # know how to serve the rewritten content.
+
+    # If you use downstream caches such as varnish or proxy_cache for caching
+    # HTML, you can configure pagespeed to work with these caches correctly
+    # using the following directives. Note that the values for
+    # ModPagespeedDownstreamCachePurgeLocationPrefix and
+    # ModPagespeedDownstreamCacheRebeaconingKey are deliberately left empty here
+    # in order to force the webmaster to choose appropriate value for these.
+    #
+    # ModPagespeedDownstreamCachePurgeLocationPrefix
+    # ModPagespeedDownstreamCachePurgeMethod PURGE
+    # ModPagespeedDownstreamCacheRewrittenPercentageThreshold 95
+    # ModPagespeedDownstreamCacheRebeaconingKey
+
+    # Other defaults (cache sizes and thresholds):
+    #
+    # ModPagespeedFileCacheSizeKb          102400
+    # ModPagespeedFileCacheCleanIntervalMs 3600000
+    # ModPagespeedLRUCacheKbPerProcess     1024
+    # ModPagespeedLRUCacheByteLimit        16384
+    # ModPagespeedCssFlattenMaxBytes       102400
+    # ModPagespeedCssInlineMaxBytes        2048
+    # ModPagespeedCssImageInlineMaxBytes   0
+    # ModPagespeedImageInlineMaxBytes      3072
+    # ModPagespeedJsInlineMaxBytes         2048
+    # ModPagespeedCssOutlineMinBytes       3000
+    # ModPagespeedJsOutlineMinBytes        3000
+    # ModPagespeedMaxCombinedCssBytes      -1
+    # ModPagespeedMaxCombinedJsBytes       92160
+
+    # Limit the number of inodes in the file cache. Set to 0 for no limit.
+    # The default value if this paramater is not specified is 0 (no limit).
+    ModPagespeedFileCacheInodeLimit        500000
+
+    # Bound the number of images that can be rewritten at any one time; this
+    # avoids overloading the CPU.  Set this to 0 to remove the bound.
+    #
+    # ModPagespeedImageMaxRewritesAtOnce      8
+
+    # You can also customize the number of threads per Apache process
+    # mod_pagespeed will use to do resource optimization. Plain
+    # "rewrite threads" are used to do short, latency-sensitive work,
+    # while "expensive rewrite threads" are used for actual optimization
+    # work that's more computationally expensive. If you live these unset,
+    # or use values <= 0 the defaults will be used, which is 1 for both
+    # values when using non-threaded MPMs (e.g. prefork) and 4 for both
+    # on threaded MPMs (e.g. worker and event). These settings can only
+    # be changed globally, and not per virtual host.
+    #
+    # ModPagespeedNumRewriteThreads 4
+    # ModPagespeedNumExpensiveRewriteThreads 4
+
+    # Randomly drop rewrites (*) to increase the chance of optimizing
+    # frequently fetched resources and decrease the chance of optimizing
+    # infrequently fetched resources. This can reduce CPU load. The default
+    # value of this parameter is 0 (no drops).  90 means that a resourced
+    # fetched once has a 10% probability of being optimized while a resource
+    # that is fetched 50 times has a 99.65% probability of being optimized.
+    #
+    # (*) Currently only CSS files and images are randomly dropped.  Images
+    # within CSS files are not randomly dropped.
+    #
+    # ModPagespeedRewriteRandomDropPercentage 90
+
+    # Many filters modify the URLs of resources in HTML files. This is typically
+    # harmless but pages whose Javascript expects to read or modify the original
+    # URLs may break. The following parameters prevent filters from modifying
+    # URLs of their respective types.
+    #
+    # ModPagespeedJsPreserveURLs on
+    # ModPagespeedImagePreserveURLs on
+    # ModPagespeedCssPreserveURLs on
+
+    # When PreserveURLs is on, it is still possible to enable browser-specific
+    # optimizations (for example, webp images can be served to browsers that
+    # will accept them).  They'll be served with Vary: Accept or Vary:
+    # User-Agent headers as appropriate.  Note that this may require configuring
+    # reverse proxy caches such as varnish to handle these headers properly.
+    #
+    # ModPagespeedFilters in_place_optimize_for_browser
+
+    # Internet Explorer has difficulty caching resources with Vary: headers.
+    # They will either be uncached (older IE) or require revalidation.  See:
+    # http://blogs.msdn.com/b/ieinternals/archive/2009/06/17/vary-header-prevents-caching-in-ie.aspx
+    # As a result we serve them as Cache-Control: private instead by default.
+    # If you are using a reverse proxy or CDN configured to cache content with
+    # the Vary: Accept header you should turn this setting off.
+    #
+    # ModPagespeedPrivateNotVaryForIE on
+
+    # Settings for image optimization:
+    #
+    # Lossy image recompression quality (0 to 100, -1 just strips metadata):
+    # ModPagespeedImageRecompressionQuality 85
+    #
+    # Jpeg recompression quality (0 to 100, -1 uses ImageRecompressionQuality):
+    # ModPagespeedJpegRecompressionQuality -1
+    # ModPagespeedJpegRecompressionQualityForSmallScreens 70
+    
+    ModPagespeedJpegRecompressionQuality 75
+    
+    #
+    # WebP recompression quality (0 to 100, -1 uses ImageRecompressionQuality):
+    # ModPagespeedWebpRecompressionQuality 80
+    # ModPagespeedWebpRecompressionQualityForSmallScreens 70
+    #
+    # Timeout for conversions to WebP format, in
+    # milliseconds. Negative values mean no timeout is applied. The
+    # default value is -1:
+    # ModPagespeedWebpTimeoutMs 5000
+    #
+    # Percent of original image size below which optimized images are retained:
+    # ModPagespeedImageLimitOptimizedPercent 100
+    #
+    # Percent of original image area below which image resizing will be
+    # attempted:
+    # ModPagespeedImageLimitResizeAreaPercent 100
+
+    # Settings for inline preview images
+    #
+    # Setting this to n restricts preview images to the first n images found on
+    # the page.  The default of -1 means preview images can appear anywhere on
+    # the page (if those images appear above the fold).
+    # ModPagespeedMaxInlinedPreviewImagesIndex -1
+
+    # Sets the minimum size in bytes of any image for which a low quality image
+    # is generated.
+    # ModPagespeedMinImageSizeLowResolutionBytes 3072
+
+    # The maximum URL size is generally limited to about 2k characters
+    # due to IE: See http://support.microsoft.com/kb/208427/EN-US.
+    # Apache servers by default impose a further limitation of about
+    # 250 characters per URL segment (text between slashes).
+    # mod_pagespeed circumvents this limitation, but if you employ
+    # proxy servers in your path you may need to re-impose it by
+    # overriding the setting here.  The default setting is 1024
+    # characters.
+    #
+    # ModPagespeedMaxSegmentLength 250
+
+    # Uncomment this if you want to prevent mod_pagespeed from combining files
+    # (e.g. CSS files) across paths
+    #
+    # ModPagespeedCombineAcrossPaths off
+
+    # Renaming JavaScript URLs can sometimes break them.  With this
+    # option enabled, mod_pagespeed uses a simple heuristic to decide
+    # not to rename JavaScript that it thinks is introspective.
+    #
+    # You can uncomment this to let mod_pagespeed rename all JS files.
+    #
+    # ModPagespeedAvoidRenamingIntrospectiveJavascript off
+
+    # Certain common JavaScript libraries are available from Google, which acts
+    # as a CDN and allows you to benefit from browser caching if a new visitor
+    # to your site previously visited another site that makes use of the same
+    # libraries as you do.  Enable the following filter to turn on this feature.
+    #
+    # ModPagespeedEnableFilters canonicalize_javascript_libraries
+
+    # The following line configures a library that is recognized by
+    # canonicalize_javascript_libraries.  This will have no effect unless you
+    # enable this filter (generally by uncommenting the last line in the
+    # previous stanza).  The format is:
+    #    ModPagespeedLibrary bytes md5 canonical_url
+    # Where bytes and md5 are with respect to the *minified* JS; use
+    # js_minify --print_size_and_hash to obtain this data.
+    # Note that we can register multiple hashes for the same canonical url;
+    # we do this if there are versions available that have already been minified
+    # with more sophisticated tools.
+    #
+    # Additional library configuration can be found in
+    # pagespeed_libraries.conf included in the distribution.  You should add
+    # new entries here, though, so that file can be automatically upgraded.
+    # ModPagespeedLibrary 43 1o978_K0_LNE5_ystNklf http://www.modpagespeed.com/rewrite_javascript.js
+
+    # Explicitly tell mod_pagespeed to load some resources from disk.
+    # This will speed up load time and update frequency.
+    #
+    # This should only be used for static resources which do not need
+    # specific headers set or other processing by Apache.
+    #
+    # Both URL and filesystem path should specify directories and
+    # filesystem path must be absolute (for now).
+    #
+    # ModPagespeedLoadFromFile "http://example.com/static/" "/var/www/static/"
+
+
+    # Enables server-side instrumentation and statistics.  If this rewriter is
+    # enabled, then each rewritten HTML page will have instrumentation javacript
+    # added that sends latency beacons to /mod_pagespeed_beacon.  These
+    # statistics can be accessed at /mod_pagespeed_statistics.  You must also
+    # enable the mod_pagespeed_statistics and mod_pagespeed_beacon handlers
+    # below.
+    #
+    # ModPagespeedEnableFilters add_instrumentation
+
+    # The add_instrumentation filter sends a beacon after the page onload
+    # handler is called. The user might navigate to a new URL before this. If
+    # you enable the following directive, the beacon is sent as part of an
+    # onbeforeunload handler, for pages where navigation happens before the
+    # onload event.
+    #
+    # ModPagespeedReportUnloadTime on
+
+    # Uncomment the following line so that ModPagespeed will not cache or
+    # rewrite resources with Vary: in the header, e.g. Vary: User-Agent.
+    # Note that ModPagespeed always respects Vary: headers on html content.
+    # ModPagespeedRespectVary on
+
+    # Uncomment the following line if you want to disable statistics entirely.
+    #
+    # ModPagespeedStatistics off
+
+    # These handlers are central entry-points into the admin pages.
+    # By default, pagespeed_admin and pagespeed_global_admin present
+    # the same data, and differ only when
+    # ModPagespeedUsePerVHostStatistics is enabled.  In that case,
+    # /pagespeed_global_admin sees aggregated data across all vhosts,
+    # and the /pagespeed_admin sees data only for a particular vhost.
+    #
+    # You may insert other "Allow from" lines to add hosts you want to
+    # allow to look at generated statistics.  Another possibility is
+    # to comment out the "Order" and "Allow" options from the config
+    # file, to allow any client that can reach your server to access
+    # and change server state, such as statistics, caches, and
+    # messages.  This might be appropriate in an experimental setup.
+    <Location /pagespeed_admin>
+        Order allow,deny
+        Allow from localhost
+        Allow from 127.0.0.1
+        SetHandler pagespeed_admin
+    </Location>
+    <Location /pagespeed_global_admin>
+        Order allow,deny
+        Allow from localhost
+        Allow from 127.0.0.1
+        SetHandler pagespeed_global_admin
+    </Location>
+
+    # Enable logging of mod_pagespeed statistics, needed for the console.
+    ModPagespeedStatisticsLogging on
+
+    # Page /mod_pagespeed_message lets you view the latest messages from
+    # mod_pagespeed, regardless of log-level in your httpd.conf
+    # ModPagespeedMessageBufferSize is the maximum number of bytes you would
+    # like to dump to your /mod_pagespeed_message page at one time,
+    # its default value is 100k bytes.
+    # Set it to 0 if you want to disable this feature.
+    ModPagespeedMessageBufferSize 100000
+</IfModule>

templates/ports.conf.j2

@@ -0,0 +1,13 @@
+# If you just change the port or add more ports here, you will likely also
+# have to change the VirtualHost statement in
+# /etc/apache2/sites-enabled/000-default.conf
+
+Listen 172.16.0.1:8080
+
+<IfModule ssl_module>
+	Listen 172.16.0.1:443
+</IfModule>
+
+<IfModule mod_gnutls.c>
+	Listen 172.16.0.1:443
+</IfModule>

templates/privoxy_config.j2

@@ -1256,6 +1256,8 @@ enable-proxy-authentication-forwarding 0
 #        forward  /                        parent-proxy.example.org:8000
 #        forward  ipv6-server.example.org  .
 #        forward  <[2-3][0-9a-f][0-9a-f][0-9a-f]:*>   .
+forward   /      172.16.0.1:8080
+forward   :443   .
 #
 #
 #  5.2. forward-socks4, forward-socks4a, forward-socks5 and forward-socks5t