0.1.17-DEV-20200321-000226

-------------------------- * MODIFY: - update certs for lets encrypt renewal * ADD: - add bitwarden site - add unifi site - added support for web sockets globally
2020-03-21 00:03:54 -04:00 · 2020-03-21 00:03:54 -04:00 · 3f43c1575f
commit 3f43c1575f
parent 3b5a8e2c54
4 changed files with 29 additions and 16 deletions
--- a/defaults/main/proxy_site_defs.yml
+++ b/defaults/main/proxy_site_defs.yml
@ -3,7 +3,7 @@
  proxy_site_conf_dir : /etc/nginx/conf.d
  proxy_site_file     : "{{ proxy_site_conf_dir }}/zen_proxy.conf"
  proxy_site_version  : 1.8
-  proxy_site_revision : 20191113-214118
+  proxy_site_revision : 20200113-141420


  proxy_site_log_path   : /proxy_logs
@ -11,8 +11,8 @@


  proxy_site_ssl_directory       : /etc/nginx/ssl
-  proxy_site_ssl_certificate     : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain5.pem"
-  proxy_site_ssl_certificate_key : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey5.pem"
+  proxy_site_ssl_certificate     : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain6.pem"
+  proxy_site_ssl_certificate_key : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey6.pem"
  proxy_site_ssl_protocols       : TLSv1.2
  proxy_site_ssl_ciphers         : ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256

--- a/defaults/main/proxy_sites.yml
+++ b/defaults/main/proxy_sites.yml
@ -16,7 +16,7 @@ proxy_sites:

  gitea.thezengarden.net:
    proto      : http
-    dest       : docker.thezengarden.net
+    dest       : pi.thezengarden.net
    port       : 3000
    max_upload : "{{ proxy_default_max_upload }}"

@ -119,6 +119,12 @@ proxy_sites:
    port  : 443


+  pw.thezengarden.net:
+    proto : http
+    dest  : docker.thezengarden.net
+    port  : 8001
+
+
  images.thezengarden.net:
    proto      : http
    dest       : "{{ proxy_default_host }}"
@ -133,13 +139,20 @@ proxy_sites:
    max_upload : "{{ proxy_default_max_upload }}"


+  wifi.thezengarden.net:
+    proto      : https
+    dest       : unifi.thezengarden.net
+    port       : 8443
+    max_upload : "{{ proxy_default_max_upload }}"
+
+
  lakeshorebulldogs.com:
    aliases    : www.lakeshorebulldogs.com
    proto      : http
    dest       : "{{ proxy_default_host }}"
    port       : 80
-    ssl_cert   : "{{ proxy_site_ssl_directory }}/lakeshorebulldogs.com/fullchain1.pem"
-    ssl_key    : "{{ proxy_site_ssl_directory }}/lakeshorebulldogs.com/privkey1.pem"
+    ssl_cert   : "{{ proxy_site_ssl_directory }}/lakeshorebulldogs.com/fullchain2.pem"
+    ssl_key    : "{{ proxy_site_ssl_directory }}/lakeshorebulldogs.com/privkey2.pem"
    max_upload : "{{ proxy_default_max_upload }}"


@ -167,8 +180,8 @@ proxy_sites:
    proto    : http
    dest     : "{{ proxy_default_host }}"
    port     : 80
-    ssl_cert : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain4.pem"
-    ssl_key  : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey4.pem"
+    ssl_cert : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain5.pem"
+    ssl_key  : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey5.pem"


  christian-hammer.com:
@ -176,13 +189,13 @@ proxy_sites:
    proto    : http
    dest     : "{{ proxy_default_host }}"
    port     : 80
-    ssl_cert : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain4.pem"
-    ssl_key  : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey4.pem"
+    ssl_cert : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain5.pem"
+    ssl_key  : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey5.pem"


  chris-hammer.com:
    proto    : http
    dest     : "{{ proxy_default_host }}"
    port     : 80
-    ssl_cert : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain4.pem"
-    ssl_key  : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey4.pem"
+    ssl_cert : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain5.pem"
+    ssl_key  : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey5.pem"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -45,6 +45,8 @@
  tags: always


+  ## TODO: fix the perms on ssl certs!!@*&!@^&*
+
 - name: clone ssl certs
  git:
    repo: "{{ ssl_repo }}"
--- a/templates/proxy_site.j2
+++ b/templates/proxy_site.j2
@ -35,10 +35,8 @@ client_max_body_size {{ proxy_sites[item.key]['max_upload'] }};
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $host;

-    {% if item.key == "tower.thezengarden.net" or item.key == "tower2.thezengarden.net" %}
-proxy_set_header   Upgrade            $http_upgrade;
+    proxy_set_header   Upgrade            $http_upgrade;
    proxy_set_header   Connection         "upgrade";
-    {% endif %}

    proxy_pass {{ proxy_sites[item.key]['proto'] }}://{{ proxy_sites[item.key]['dest'] }}:{{ proxy_sites[item.key]['port'] }};