ansible_roles/zen_rev_proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

0.1.17-DEV-20200321-000226

Browse Source 
--------------------------
    * MODIFY:
      - update certs for lets encrypt renewal

    * ADD:
      - add bitwarden site
      - add unifi site
      - added support for web sockets globally
This commit is contained in:
Chris Hammer 2020-03-21 00:03:54 -04:00
parent 3b5a8e2c54
commit 3f43c1575f
4 changed files with 29 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
defaults/main/proxy_site_defs.yml
View File

@ -3,7 +3,7 @@
proxy_site_conf_dir : /etc/nginx/conf.d proxy_site_conf_dir : /etc/nginx/conf.d
proxy_site_file : "{{ proxy_site_conf_dir }}/zen_proxy.conf" proxy_site_file : "{{ proxy_site_conf_dir }}/zen_proxy.conf"
proxy_site_version : 1.8 proxy_site_version : 1.8
proxy_site_revision : 20191113-214118 proxy_site_revision : 20200113-141420
proxy_site_log_path : /proxy_logs proxy_site_log_path : /proxy_logs
@ -11,8 +11,8 @@
proxy_site_ssl_directory : /etc/nginx/ssl proxy_site_ssl_directory : /etc/nginx/ssl
proxy_site_ssl_certificate : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain5.pem" proxy_site_ssl_certificate : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain6.pem"
proxy_site_ssl_certificate_key : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey5.pem" proxy_site_ssl_certificate_key : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey6.pem"
proxy_site_ssl_protocols : TLSv1.2 proxy_site_ssl_protocols : TLSv1.2
proxy_site_ssl_ciphers : ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256 proxy_site_ssl_ciphers : ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256

31
defaults/main/proxy_sites.yml
View File

@ -16,7 +16,7 @@ proxy_sites:
gitea.thezengarden.net: gitea.thezengarden.net:
proto : http proto : http
dest : docker.thezengarden.net dest : pi.thezengarden.net
port : 3000 port : 3000
max_upload : "{{ proxy_default_max_upload }}" max_upload : "{{ proxy_default_max_upload }}"
@ -119,6 +119,12 @@ proxy_sites:
port : 443 port : 443
pw.thezengarden.net:
proto : http
dest : docker.thezengarden.net
port : 8001
images.thezengarden.net: images.thezengarden.net:
proto : http proto : http
dest : "{{ proxy_default_host }}" dest : "{{ proxy_default_host }}"
@ -133,13 +139,20 @@ proxy_sites:
max_upload : "{{ proxy_default_max_upload }}" max_upload : "{{ proxy_default_max_upload }}"
wifi.thezengarden.net:
proto : https
dest : unifi.thezengarden.net
port : 8443
max_upload : "{{ proxy_default_max_upload }}"
lakeshorebulldogs.com: lakeshorebulldogs.com:
aliases : www.lakeshorebulldogs.com aliases : www.lakeshorebulldogs.com
proto : http proto : http
dest : "{{ proxy_default_host }}" dest : "{{ proxy_default_host }}"
port : 80 port : 80
ssl_cert : "{{ proxy_site_ssl_directory }}/lakeshorebulldogs.com/fullchain1.pem" ssl_cert : "{{ proxy_site_ssl_directory }}/lakeshorebulldogs.com/fullchain2.pem"
ssl_key : "{{ proxy_site_ssl_directory }}/lakeshorebulldogs.com/privkey1.pem" ssl_key : "{{ proxy_site_ssl_directory }}/lakeshorebulldogs.com/privkey2.pem"
max_upload : "{{ proxy_default_max_upload }}" max_upload : "{{ proxy_default_max_upload }}"
@ -167,8 +180,8 @@ proxy_sites:
proto : http proto : http
dest : "{{ proxy_default_host }}" dest : "{{ proxy_default_host }}"
port : 80 port : 80
ssl_cert : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain4.pem" ssl_cert : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain5.pem"
ssl_key : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey4.pem" ssl_key : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey5.pem"
christian-hammer.com: christian-hammer.com:
@ -176,13 +189,13 @@ proxy_sites:
proto : http proto : http
dest : "{{ proxy_default_host }}" dest : "{{ proxy_default_host }}"
port : 80 port : 80
ssl_cert : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain4.pem" ssl_cert : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain5.pem"
ssl_key : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey4.pem" ssl_key : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey5.pem"
chris-hammer.com: chris-hammer.com:
proto : http proto : http
dest : "{{ proxy_default_host }}" dest : "{{ proxy_default_host }}"
port : 80 port : 80
ssl_cert : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain4.pem" ssl_cert : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain5.pem"
ssl_key : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey4.pem" ssl_key : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey5.pem"

2
tasks/main.yml
View File

@ -45,6 +45,8 @@
tags: always tags: always
## TODO: fix the perms on ssl certs!!@*&!@^&*
- name: clone ssl certs - name: clone ssl certs
git: git:
repo: "{{ ssl_repo }}" repo: "{{ ssl_repo }}"

4
templates/proxy_site.j2
View File

@ -35,10 +35,8 @@ client_max_body_size {{ proxy_sites[item.key]['max_upload'] }};
proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host; proxy_set_header Host $host;
{% if item.key == "tower.thezengarden.net" or item.key == "tower2.thezengarden.net" %} proxy_set_header Upgrade $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
{% endif %}
proxy_pass {{ proxy_sites[item.key]['proto'] }}://{{ proxy_sites[item.key]['dest'] }}:{{ proxy_sites[item.key]['port'] }}; proxy_pass {{ proxy_sites[item.key]['proto'] }}://{{ proxy_sites[item.key]['dest'] }}:{{ proxy_sites[item.key]['port'] }};