summaryrefslogtreecommitdiff
path: root/roles/apps/collabora/code/instance/templates/nginx-vhost.conf.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/apps/collabora/code/instance/templates/nginx-vhost.conf.j2')
-rw-r--r--roles/apps/collabora/code/instance/templates/nginx-vhost.conf.j278
1 files changed, 54 insertions, 24 deletions
diff --git a/roles/apps/collabora/code/instance/templates/nginx-vhost.conf.j2 b/roles/apps/collabora/code/instance/templates/nginx-vhost.conf.j2
index d661427f..a7248194 100644
--- a/roles/apps/collabora/code/instance/templates/nginx-vhost.conf.j2
+++ b/roles/apps/collabora/code/instance/templates/nginx-vhost.conf.j2
@@ -6,10 +6,15 @@ location ^~ /browser {
include snippets/proxy-forward-headers.conf;
proxy_set_header Host $http_host;
- proxy_pass http://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
-
- proxy_redirect http://$host/ https://$host/;
- proxy_redirect http://$host:9980/ https://$host/;
+{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %}
+ proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
+{% else %}
+ proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }};
+{% endif %}
+ proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem;
+ proxy_ssl_verify on;
+ proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }};
+ proxy_ssl_protocols TLSv1.3;
}
# WOPI discovery URL
@@ -18,10 +23,15 @@ location ^~ /hosting/discovery {
include snippets/proxy-forward-headers.conf;
proxy_set_header Host $http_host;
- proxy_pass http://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
-
- proxy_redirect http://$host/ https://$host/;
- proxy_redirect http://$host:9980/ https://$host/;
+{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %}
+ proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
+{% else %}
+ proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }};
+{% endif %}
+ proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem;
+ proxy_ssl_verify on;
+ proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }};
+ proxy_ssl_protocols TLSv1.3;
}
# Capabilities
@@ -30,10 +40,15 @@ location ^~ /hosting/capabilities {
include snippets/proxy-forward-headers.conf;
proxy_set_header Host $http_host;
- proxy_pass http://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
-
- proxy_redirect http://$host/ https://$host/;
- proxy_redirect http://$host:9980/ https://$host/;
+{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %}
+ proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
+{% else %}
+ proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }};
+{% endif %}
+ proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem;
+ proxy_ssl_verify on;
+ proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }};
+ proxy_ssl_protocols TLSv1.3;
}
# main websocket
@@ -47,10 +62,15 @@ location ~ ^/cool/(.*)/ws$ {
proxy_read_timeout 36000s;
proxy_set_header Host $http_host;
- proxy_pass http://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
-
- proxy_redirect http://$host/ https://$host/;
- proxy_redirect http://$host:9980/ https://$host/;
+{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %}
+ proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
+{% else %}
+ proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }};
+{% endif %}
+ proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem;
+ proxy_ssl_verify on;
+ proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }};
+ proxy_ssl_protocols TLSv1.3;
}
# download, presentation and image upload
@@ -59,10 +79,15 @@ location ~ ^/(c|l)ool {
include snippets/proxy-forward-headers.conf;
proxy_set_header Host $http_host;
- proxy_pass http://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
-
- proxy_redirect http://$host/ https://$host/;
- proxy_redirect http://$host:9980/ https://$host/;
+{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %}
+ proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
+{% else %}
+ proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }};
+{% endif %}
+ proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem;
+ proxy_ssl_verify on;
+ proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }};
+ proxy_ssl_protocols TLSv1.3;
}
# Admin Console websocket
@@ -76,8 +101,13 @@ location ^~ /cool/adminws {
proxy_read_timeout 36000s;
proxy_set_header Host $http_host;
- proxy_pass http://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
-
- proxy_redirect http://$host/ https://$host/;
- proxy_redirect http://$host:9980/ https://$host/;
+{% if collabora_code_instances[collabora_code_instance].publish.zone.publisher == inventory_hostname %}
+ proxy_pass https://127.0.0.1:{{ collabora_code_instances[collabora_code_instance].port }};
+{% else %}
+ proxy_pass https://{{ ansible_default_ipv4.address }}:{{ collabora_code_instances[collabora_code_instance].port }};
+{% endif %}
+ proxy_ssl_trusted_certificate /etc/ssl/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}/apps-publish-{{ collabora_code_instances[collabora_code_instance].publish.zone.name }}-ca-crt.pem;
+ proxy_ssl_verify on;
+ proxy_ssl_name collabora-code-{{ collabora_code_instance }}.{{ inventory_hostname }};
+ proxy_ssl_protocols TLSv1.3;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-19 19:40:23 +0000