diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/apps/jitsi/meet/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/apps/keycloak/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/apps/nextcloud/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/apps/onlyoffice/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/apps/pigallery2/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/elevate/liquidtruth/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/elevate/media/tasks/nextcloud-app.yml | 2 | ||||
-rw-r--r-- | roles/nginx/vhost/defaults/main.yml | 16 | ||||
-rw-r--r-- | roles/nginx/vhost/templates/generic.conf.j2 | 74 |
9 files changed, 90 insertions, 14 deletions
diff --git a/roles/apps/jitsi/meet/tasks/main.yml b/roles/apps/jitsi/meet/tasks/main.yml index b16fad07..eff8232b 100644 --- a/roles/apps/jitsi/meet/tasks/main.yml +++ b/roles/apps/jitsi/meet/tasks/main.yml @@ -150,7 +150,7 @@ vars: nginx_vhost: name: "jitsi-meet-{{ jitsi_meet_inst_name }}" - template: generic-proxy-no-buffering-with-acme + template: generic acme: true hostnames: - "{{ jitsi_meet_hostname }}" diff --git a/roles/apps/keycloak/tasks/main.yml b/roles/apps/keycloak/tasks/main.yml index a54f0397..68806458 100644 --- a/roles/apps/keycloak/tasks/main.yml +++ b/roles/apps/keycloak/tasks/main.yml @@ -95,7 +95,7 @@ vars: nginx_vhost: name: "keycloak-{{ item.key }}" - template: generic-proxy-no-buffering-with-acme + template: generic acme: true hostnames: - "{{ item.value.hostname }}" diff --git a/roles/apps/nextcloud/tasks/main.yml b/roles/apps/nextcloud/tasks/main.yml index e7a2fe78..8d91b398 100644 --- a/roles/apps/nextcloud/tasks/main.yml +++ b/roles/apps/nextcloud/tasks/main.yml @@ -159,7 +159,7 @@ vars: nginx_vhost: name: "nextcloud-{{ item.key }}" - template: generic-proxy-no-buffering-with-acme + template: generic acme: true hostnames: "{{ item.value.hostnames }}" locations: diff --git a/roles/apps/onlyoffice/tasks/main.yml b/roles/apps/onlyoffice/tasks/main.yml index a41dd96d..957d8afe 100644 --- a/roles/apps/onlyoffice/tasks/main.yml +++ b/roles/apps/onlyoffice/tasks/main.yml @@ -139,7 +139,7 @@ vars: nginx_vhost: name: "onlyoffice-{{ item.key }}" - template: generic-proxy-no-buffering-with-acme + template: generic acme: true hostnames: - "{{ item.value.hostname }}" diff --git a/roles/apps/pigallery2/tasks/main.yml b/roles/apps/pigallery2/tasks/main.yml index f3a3acbc..b8b0166d 100644 --- a/roles/apps/pigallery2/tasks/main.yml +++ b/roles/apps/pigallery2/tasks/main.yml @@ -66,7 +66,7 @@ vars: nginx_vhost: name: "pigallery2-{{ item.key }}" - template: generic-proxy-no-buffering-with-acme + template: generic acme: true hostnames: - "{{ item.value.hostname }}" diff --git a/roles/elevate/liquidtruth/tasks/main.yml b/roles/elevate/liquidtruth/tasks/main.yml index 2c61f372..837d2fd0 100644 --- a/roles/elevate/liquidtruth/tasks/main.yml +++ b/roles/elevate/liquidtruth/tasks/main.yml @@ -17,7 +17,7 @@ vars: nginx_vhost: name: liquidtruth - template: generic-proxy-no-buffering-with-acme + template: generic acme: true hostnames: "{{ liquidtruth_hostnames }}" locations: diff --git a/roles/elevate/media/tasks/nextcloud-app.yml b/roles/elevate/media/tasks/nextcloud-app.yml index 22e3f693..45a777a1 100644 --- a/roles/elevate/media/tasks/nextcloud-app.yml +++ b/roles/elevate/media/tasks/nextcloud-app.yml @@ -101,7 +101,7 @@ vars: nginx_vhost: name: "nextcloud-{{ elevate_media_nextcloud_instance_name }}" - template: generic-proxy-no-buffering-with-acme + template: generic acme: true hostnames: "{{ elevate_media_nextcloud_instance.hostnames }}" locations: diff --git a/roles/nginx/vhost/defaults/main.yml b/roles/nginx/vhost/defaults/main.yml index 233015be..b80a5442 100644 --- a/roles/nginx/vhost/defaults/main.yml +++ b/roles/nginx/vhost/defaults/main.yml @@ -2,7 +2,7 @@ # nginx_vhost: # default: yes # name: example -# template: generic-proxy-no-buffering-with-acme +# template: generic # acme: yes # hostnames: # - example.com @@ -24,12 +24,8 @@ # trusted_certificate: /path/to/ca.pem # nginx_vhost: -# name: other-example -# content: "<<< content of vhost >>>" - -# nginx_vhost: -# name: static -# template: static-files-with-acme +# name: mixed-static-and-proxy +# template: generic # acme: yes # hostnames: # - static.example.com @@ -45,3 +41,9 @@ # add_header X-Example-Header "foo"; # '/subdir/': # alias: /srv/www/foo +# '/foo/': +# proxy_pass: http://127.0.0.1:1234 + +# nginx_vhost: +# name: other-example +# content: "<<< content of vhost >>>" diff --git a/roles/nginx/vhost/templates/generic.conf.j2 b/roles/nginx/vhost/templates/generic.conf.j2 new file mode 100644 index 00000000..08bf7a60 --- /dev/null +++ b/roles/nginx/vhost/templates/generic.conf.j2 @@ -0,0 +1,74 @@ +server { + listen 80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; + listen [::]:80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; + server_name {{ nginx_vhost.hostnames | join(' ') }}; + +{% if 'acme' in nginx_vhost and nginx_vhost.acme %} + include snippets/acmetool.conf; + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; + listen [::]:443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; + server_name {{ nginx_vhost.hostnames | join(' ') }}; + + include snippets/acmetool.conf; + include snippets/tls{% if 'tls_variant' in nginx_vhost %}-{{ nginx_vhost.tls_variant }}{% endif %}.conf; + ssl_certificate /var/lib/acme/live/{{ nginx_vhost.hostnames[0] }}/fullchain; + ssl_certificate_key /var/lib/acme/live/{{ nginx_vhost.hostnames[0] }}/privkey; + include snippets/hsts.conf; + +{% endif %} +{% if 'extra_directives' in nginx_vhost %} + {{ nginx_vhost.extra_directives | indent(4) }} + +{% endif %} +{% for path, location in nginx_vhost.locations.items() %} + location {{ path }} { +{% if 'proxy_pass' in location %} + include snippets/proxy-nobuff.conf; + proxy_set_header Host $host; + include snippets/proxy-forward-headers.conf; + + # for websockets + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_pass {{ location.proxy_pass }}; +{% if 'proxy_redirect' in location %} +{% for entry in location.proxy_redirect %} + proxy_redirect {{ entry.redirect }} {{ entry.replacement }}; +{% endfor %} +{% endif %} +{% if 'proxy_ssl' in location %} +{% for prop in (location.proxy_ssl | list | sort) %} + proxy_ssl_{{ prop }} {{ location.proxy_ssl[prop] }}; +{% endfor %} +{% endif %} +{% else %} +{% if 'root' in location %} + root {{ location.root }}; +{% elif 'alias' in location %} + alias {{ location.alias }}; +{% endif %} +{% if 'index' in location %} + index {{ location.index }}; +{% endif %} +{% if 'autoindex' in location %} + autoindex on; +{% if 'format' in location.autoindex %} + autoindex_format {{ nginx_vhost.autoindex.format }}; +{% endif %} +{% endif %} +{% endif %} +{% if 'extra_directives' in location %} + + {{ location.extra_directives | indent(8) }} +{% endif %} + } +{% endfor %} +} |