From 66531296522e3a48232f2901bd83b9fb1da2eb34 Mon Sep 17 00:00:00 2001 From: Stefan Haun Date: Tue, 6 Sep 2022 16:48:28 +0200 Subject: [PATCH 1/3] :hammer: Refactor host statements to objects --- roles/nginx-https-ingress/templates/dehydrated-host.conf.j2 | 2 +- roles/nginx-https-ingress/templates/passthrough.conf.j2 | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/nginx-https-ingress/templates/dehydrated-host.conf.j2 b/roles/nginx-https-ingress/templates/dehydrated-host.conf.j2 index 7647271..ac670b6 100644 --- a/roles/nginx-https-ingress/templates/dehydrated-host.conf.j2 +++ b/roles/nginx-https-ingress/templates/dehydrated-host.conf.j2 @@ -4,7 +4,7 @@ server { listen 80; listen [::]:80; - server_name {{ host }}; + server_name {{ host.name }}; location /.well-known/acme-challenge { proxy_pass http://{{ item.server }}.n39.eu:80; diff --git a/roles/nginx-https-ingress/templates/passthrough.conf.j2 b/roles/nginx-https-ingress/templates/passthrough.conf.j2 index b5deb41..b73691d 100644 --- a/roles/nginx-https-ingress/templates/passthrough.conf.j2 +++ b/roles/nginx-https-ingress/templates/passthrough.conf.j2 @@ -5,7 +5,7 @@ stream { {% for i in ingress %} {% if 'hosts' in i %} {% for host in i.hosts %} - {{ host }} {{ i.server }}; + {{ host.name }} {{ i.server }}; {% endfor %} {% endif %} {% endfor %} From 965538141d656a77215ab93eec745e468167846f Mon Sep 17 00:00:00 2001 From: Stefan Haun Date: Tue, 6 Sep 2022 16:49:29 +0200 Subject: [PATCH 2/3] :sparkles: Allow to define a host for local access If a host is defined as local, HTTPS traffic will not be forwared. The LetsEncrypt proxy is still available. --- roles/nginx-https-ingress/templates/passthrough.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/nginx-https-ingress/templates/passthrough.conf.j2 b/roles/nginx-https-ingress/templates/passthrough.conf.j2 index b73691d..46e05f4 100644 --- a/roles/nginx-https-ingress/templates/passthrough.conf.j2 +++ b/roles/nginx-https-ingress/templates/passthrough.conf.j2 @@ -5,7 +5,9 @@ stream { {% for i in ingress %} {% if 'hosts' in i %} {% for host in i.hosts %} +{% if host.local is not defined or host.local == False %} {{ host.name }} {{ i.server }}; +{% endif%} {% endfor %} {% endif %} {% endfor %} From 7ad2a5685a93f6e4cc6acd821db29c7afc5d710b Mon Sep 17 00:00:00 2001 From: Stefan Haun Date: Tue, 6 Sep 2022 16:50:10 +0200 Subject: [PATCH 3/3] :wrench: Define local HTTPS sites --- holmium.yml | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/holmium.yml b/holmium.yml index 753092b..1eafa29 100644 --- a/holmium.yml +++ b/holmium.yml @@ -11,22 +11,26 @@ ingress: - server: kant hosts: - - jabber.n39.eu - - conference.jabber.n39.eu - - spaceapi.n39.eu + - name: jabber.n39.eu + - name: conference.jabber.n39.eu + - name: spaceapi.n39.eu - server: krypton hosts: - - entities.svc.n39.eu + - name: entities.svc.n39.eu - server: pottwal hosts: - - gitea.n39.eu - - uritools.n39.eu - - entities-validation.svc.n39.eu - - sl.n39.eu - - pad.n39.eu - - brotherql-web.n39.eu + - name: gitea.n39.eu + - name: uritools.n39.eu + - name: entities-validation.svc.n39.eu + - name: sl.n39.eu + - name: pad.n39.eu + - name: brotherql-web.n39.eu + local: true - server: radon hosts: - - nodered.n39.eu - - rabbitmq.n39.eu - - pwr-meter-pulse-gw-19i.svc.n39.eu + - name: nodered.n39.eu + local: true + - name: rabbitmq.n39.eu + local: true + - name: pwr-meter-pulse-gw-19i.svc.n39.eu + local: true