diff options
Diffstat (limited to 'roles/collabora/code')
-rw-r--r-- | roles/collabora/code/tasks/main.yml | 6 | ||||
-rw-r--r-- | roles/collabora/code/templates/nginx-vhost.conf.j2 | 108 |
2 files changed, 109 insertions, 5 deletions
diff --git a/roles/collabora/code/tasks/main.yml b/roles/collabora/code/tasks/main.yml index 77bd79a7..ce88fe0d 100644 --- a/roles/collabora/code/tasks/main.yml +++ b/roles/collabora/code/tasks/main.yml @@ -23,10 +23,6 @@ vars: nginx_vhost: name: "collabora-code-{{ item.key }}" - template: generic-proxy-no-buffering-with-acme + content: "{{ lookup('template', 'nginx-vhost.conf.j2') }}" acme: true hostnames: "{{ item.value.hostnames }}" - proxy_pass: "http://127.0.0.1:{{ item.value.port }}" - proxy_redirect: - redirect: "http://$host:9980/" - replacement: "https://$host/" diff --git a/roles/collabora/code/templates/nginx-vhost.conf.j2 b/roles/collabora/code/templates/nginx-vhost.conf.j2 new file mode 100644 index 00000000..c0186df2 --- /dev/null +++ b/roles/collabora/code/templates/nginx-vhost.conf.j2 @@ -0,0 +1,108 @@ +server { + listen 80; + listen [::]:80; + server_name {{ item.value.hostnames | join(' ') }}; + + include snippets/acmetool.conf; + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ item.value.hostnames | join(' ') }}; + + include snippets/acmetool.conf; + include snippets/ssl.conf; + ssl_certificate /var/lib/acme/live/{{ item.value.hostnames[0] }}/fullchain; + ssl_certificate_key /var/lib/acme/live/{{ item.value.hostnames[0] }}/privkey; + include snippets/hsts.conf; + + + client_max_body_size 128M; + + # static files + location ^~ /loleaflet { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } + + # WOPI discovery URL + location ^~ /hosting/discovery { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } + + # Capabilities + location ^~ /hosting/capabilities { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } + + # main websocket + location ~ ^/lool/(.*)/ws$ { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_read_timeout 36000s; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } + + # download, presentation and image upload + location ~ ^/lool { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } + + # Admin Console websocket + location ^~ /lool/adminws { + include snippets/proxy-nobuff.conf; + include snippets/proxy-forward-headers.conf; + + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_read_timeout 36000s; + + proxy_set_header Host $http_host; + proxy_pass http://127.0.0.1:{{ item.value.port }}; + + proxy_redirect http://$host/ https://$host/; + proxy_redirect http://$host:9980/ https://$host/; + } +} |