ch-http-proxy: prepare reverse proxy for passwd.chaos-at-home.org

2 files changed, 14 insertions, 1 deletions

diff --git a/roles/nginx/vhost/defaults/main.yml b/roles/nginx/vhost/defaults/main.yml
index eea545c8..18c9a0b9 100644
--- a/roles/nginx/vhost/defaults/main.yml
+++ b/roles/nginx/vhost/defaults/main.yml
@@ -1,5 +1,6 @@
 ---
 # nginx_vhost:
+#   default: yes
 #   name: example
 #   template: generic-proxy-no-buffering-with-acme
 #   acme: yes
@@ -7,7 +8,14 @@
 #   - example.com
 #   - www.example.com
 #   proxy_pass: http://127.0.0.1:8080
-#   default: yes
+#   proxy_redirect:
+#   - redirect: "http://$host/"
+#     replacement: "https://$host/"
+#   - redirect: "http://$host:8080/"
+#     replacement: "https://$host/"
+#   proxy_ssl:
+#     verify: on
+#     trusted_certificate: /path/to/ca.pem
 
 # nginx_vhost:
 #   name: other-example
diff --git a/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2 b/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2
index b943b2e4..f74f920b 100644
--- a/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2
+++ b/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2
@@ -40,5 +40,10 @@ server {
         proxy_redirect {{ entry.redirect }} {{ entry.replacement }};
 {%   endfor %}
 {% endif %}
+{% if 'proxy_ssl' in nginx_vhost %}
+{%   for prop in (nginx_vhost.proxy_ssl | list | sort)  %}
+        proxy_ssl_{{ prop }} {{ nginx_vhost.proxy_ssl[prop] }};
+{%   endfor %}
+{% endif %}
     }
 }