[add] role:hedgedoc-and-lighttpd
This commit is contained in:
Christian Fraß
parent
9eeabf85e9
commit
68a3dc45ed
4 changed files with 79 additions and 0 deletions
4
ansible/roles/hedgedoc-and-lighttpd/defaults/main.json
Normal file
4
ansible/roles/hedgedoc-and-lighttpd/defaults/main.json
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
{
|
||||||
|
"var_hedgedoc_and_lighttpd_domain": "hedgedoc.example.org",
|
||||||
|
"var_hedgedoc_and_lighttpd_tls_enable": true
|
||||||
|
}
|
||||||
8
ansible/roles/hedgedoc-and-lighttpd/info.md
Normal file
8
ansible/roles/hedgedoc-and-lighttpd/info.md
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
## Beschreibung
|
||||||
|
|
||||||
|
- zur Einrichtung von [Lighttpd](../lighttpd) als Reverse-Proxy für [Hedgedoc](../hedgedoc)
|
||||||
|
|
||||||
|
|
||||||
|
## Verweise
|
||||||
|
|
||||||
|
- [Hedgedoc-Dokumentation | Using a Reverse Proxy](https://docs.hedgedoc.org/guides/reverse-proxy/)
|
||||||
34
ansible/roles/hedgedoc-and-lighttpd/tasks/main.json
Normal file
34
ansible/roles/hedgedoc-and-lighttpd/tasks/main.json
Normal file
|
|
@ -0,0 +1,34 @@
|
||||||
|
[
|
||||||
|
{
|
||||||
|
"name": "activate proxy module",
|
||||||
|
"become": true,
|
||||||
|
"ansible.builtin.shell": {
|
||||||
|
"cmd": "lighttpd-enable-mod proxy || exit 0"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "emplace configuration | data",
|
||||||
|
"become": true,
|
||||||
|
"ansible.builtin.template": {
|
||||||
|
"src": "conf.j2",
|
||||||
|
"dest": "/etc/lighttpd/conf-available/{{var_hedgedoc_and_lighttpd_domain}}.conf"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "emplace configuration | link",
|
||||||
|
"become": true,
|
||||||
|
"ansible.builtin.file": {
|
||||||
|
"state": "link",
|
||||||
|
"src": "/etc/lighttpd/conf-available/{{var_hedgedoc_and_lighttpd_domain}}.conf",
|
||||||
|
"dest": "/etc/lighttpd/conf-enabled/{{var_hedgedoc_and_lighttpd_domain}}.conf"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "restart lighttpd",
|
||||||
|
"become": true,
|
||||||
|
"ansible.builtin.systemd_service": {
|
||||||
|
"state": "restarted",
|
||||||
|
"name": "lighttpd"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
]
|
||||||
33
ansible/roles/hedgedoc-and-lighttpd/templates/conf.j2
Normal file
33
ansible/roles/hedgedoc-and-lighttpd/templates/conf.j2
Normal file
|
|
@ -0,0 +1,33 @@
|
||||||
|
$HTTP["host"] == "{{var_hedgedoc_and_lighttpd_domain}}" {
|
||||||
|
server.name = "{{var_hedgedoc_and_lighttpd_domain}}"
|
||||||
|
proxy.server = (
|
||||||
|
"" => (
|
||||||
|
"" => (
|
||||||
|
"host" => "127.0.0.1",
|
||||||
|
"port" => 2400
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
proxy.header = (
|
||||||
|
"upgrade" => "enable"
|
||||||
|
)
|
||||||
|
|
||||||
|
{% if var_hedgedoc_and_lighttpd_tls_enable %}
|
||||||
|
## alle Anfragen auf Port 80
|
||||||
|
$SERVER["socket"] == ":80" {
|
||||||
|
## auf HTTPS umleiten
|
||||||
|
url.redirect = ("^/(.*)$" => "https://{{var_hedgedoc_and_lighttpd_domain}}/$1")
|
||||||
|
}
|
||||||
|
|
||||||
|
## alle Anfragen auf Port 443
|
||||||
|
$SERVER["socket"] == ":443" {
|
||||||
|
## mit dem SSL-Kram beglücken
|
||||||
|
ssl.engine = "enable"
|
||||||
|
ssl.pemfile = "/etc/ssl/certs/{{var_hedgedoc_and_lighttpd_domain}}.pem"
|
||||||
|
ssl.privkey = "/etc/ssl/keys/{{var_hedgedoc_and_lighttpd_domain}}.pem"
|
||||||
|
ssl.ca-file = "/etc/ssl/fullchains/{{var_hedgedoc_and_lighttpd_domain}}.pem"
|
||||||
|
ssl.use-sslv2 = "disable"
|
||||||
|
ssl.use-sslv3 = "disable"
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
|
}
|
||||||
Loading…
Add table
Reference in a new issue