zeitbild/infrastructure
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[fix] role:zeitbild_backend-and-nginx

Browse source
This commit is contained in:
Fenris Wolf 2024-10-25 00:36:42 +02:00
parent 7708011fc4
commit 4c577dcbe2
3 changed files with 48 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
roles/zeitbild_backend-and-nginx/defaults/main.json
View file

@ -1,5 +1,5 @@
{ {
"var_zeitbild_backend_and_nginx_domain": "zeitbild.example.org", "var_zeitbild_backend_and_nginx_domain": "zeitbild.example.org",
"var_zeitbild_backend_and_nginx_port": 7845, "var_zeitbild_backend_and_nginx_port": 7845,
"var_zeitbild_backend_and_nginx_tls": true "var_zeitbild_backend_and_nginx_tls_mode": "force"
} }

47
roles/zeitbild_backend-and-nginx/templates/conf.j2
View file

@ -1,22 +1,4 @@
map $http_upgrade $connection_upgrade { {% macro zeitbild_backend_common() %}
default upgrade;
'' close;
}
server {
server_name {{var_zeitbild_backend_and_nginx_domain}};
listen 80;
listen [::]:80;
{% if var_zeitbild_backend_and_nginx_tls %}
listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_certificate /etc/ssl/certs/{{var_zeitbild_backend_and_nginx_domain}}.pem;
ssl_certificate_key /etc/ssl/private/{{var_zeitbild_backend_and_nginx_domain}}.pem;
include /etc/nginx/ssl-hardening.conf;
{% endif %}
location / { location / {
proxy_pass http://localhost:{{var_zeitbild_backend_and_nginx_port | string}}; proxy_pass http://localhost:{{var_zeitbild_backend_and_nginx_port | string}};
proxy_set_header Host $host; proxy_set_header Host $host;
@ -24,4 +6,31 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
} }
{% endmacro %}
server {
listen 80;
listen [::]:80;
server_name {{var_zeitbild_backend_and_nginx_domain}};
{% if var_zeitbild_backend_and_nginx_tls_mode == 'force' %}
return 301 https://$http_host$request_uri;
{% else %}
{{ zeitbild_backend_common() }}
{% endif %}
}
{% if var_zeitbild_backend_and_nginx_tls_mode != 'disable' %}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{var_zeitbild_backend_and_nginx_domain}};
ssl_certificate_key /etc/ssl/private/{{var_zeitbild_backend_and_nginx_domain}}.pem;
ssl_certificate /etc/ssl/fullchains/{{var_zeitbild_backend_and_nginx_domain}}.pem;
include /etc/nginx/ssl-hardening.conf;
{{ zeitbild_backend_common() }}
} }

19
roles/zeitbild_backend-and-nginx/vardef.json Normal file
View file

@ -0,0 +1,19 @@
{
"domain": {
"mandatory": false,
"type": "string"
},
"port": {
"mandatory": false,
"type": "integer"
},
"tls_mode": {
"mandatory": false,
"type": "string",
"options": [
"disable",
"enable",
"force"
]
}
}