[add] role:hedgedoc-and-lighttpd

2023-12-17 23:55:42 +01:00 · 2023-12-17 23:55:42 +01:00 · 68a3dc45ed
commit 68a3dc45ed
parent 9eeabf85e9
4 changed files with 79 additions and 0 deletions
--- a/ansible/roles/hedgedoc-and-lighttpd/defaults/main.json
+++ b/ansible/roles/hedgedoc-and-lighttpd/defaults/main.json
@ -0,0 +1,4 @@
+{
+	"var_hedgedoc_and_lighttpd_domain": "hedgedoc.example.org",
+	"var_hedgedoc_and_lighttpd_tls_enable": true
+}
--- a/ansible/roles/hedgedoc-and-lighttpd/info.md
+++ b/ansible/roles/hedgedoc-and-lighttpd/info.md
@ -0,0 +1,8 @@
+## Beschreibung
+
+- zur Einrichtung von [Lighttpd](../lighttpd) als Reverse-Proxy für [Hedgedoc](../hedgedoc)
+
+
+## Verweise
+
+- [Hedgedoc-Dokumentation | Using a Reverse Proxy](https://docs.hedgedoc.org/guides/reverse-proxy/)
--- a/ansible/roles/hedgedoc-and-lighttpd/tasks/main.json
+++ b/ansible/roles/hedgedoc-and-lighttpd/tasks/main.json
@ -0,0 +1,34 @@
+[
+	{
+		"name": "activate proxy module",
+		"become": true,
+		"ansible.builtin.shell": {
+			"cmd": "lighttpd-enable-mod proxy || exit 0"
+		}
+	},
+	{
+		"name": "emplace configuration | data",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "conf.j2",
+			"dest": "/etc/lighttpd/conf-available/{{var_hedgedoc_and_lighttpd_domain}}.conf"
+		}
+	},
+	{
+		"name": "emplace configuration | link",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "link",
+			"src": "/etc/lighttpd/conf-available/{{var_hedgedoc_and_lighttpd_domain}}.conf",
+			"dest": "/etc/lighttpd/conf-enabled/{{var_hedgedoc_and_lighttpd_domain}}.conf"
+		}
+	},
+	{
+		"name": "restart lighttpd",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"name": "lighttpd"
+		}
+	}
+]
--- a/ansible/roles/hedgedoc-and-lighttpd/templates/conf.j2
+++ b/ansible/roles/hedgedoc-and-lighttpd/templates/conf.j2
@ -0,0 +1,33 @@
+$HTTP["host"] == "{{var_hedgedoc_and_lighttpd_domain}}" {
+	server.name = "{{var_hedgedoc_and_lighttpd_domain}}"
+	proxy.server = (
+		"" => (
+			"" => (
+				"host" => "127.0.0.1",
+				"port" => 2400
+			)
+		)
+	)
+	proxy.header = (
+		"upgrade" => "enable"
+	)
+	
+{% if var_hedgedoc_and_lighttpd_tls_enable %}
+	## alle Anfragen auf Port 80
+	$SERVER["socket"] == ":80" {
+		## auf HTTPS umleiten
+		url.redirect = ("^/(.*)$" => "https://{{var_hedgedoc_and_lighttpd_domain}}/$1")
+	}
+	
+	## alle Anfragen auf Port 443
+	$SERVER["socket"] == ":443" {
+		## mit dem SSL-Kram beglücken
+		ssl.engine  = "enable"
+		ssl.pemfile = "/etc/ssl/certs/{{var_hedgedoc_and_lighttpd_domain}}.pem"
+		ssl.privkey = "/etc/ssl/keys/{{var_hedgedoc_and_lighttpd_domain}}.pem"
+		ssl.ca-file = "/etc/ssl/fullchains/{{var_hedgedoc_and_lighttpd_domain}}.pem"
+		ssl.use-sslv2 = "disable"
+		ssl.use-sslv3 = "disable"
+	}
+{% endif %}
+}