Merge pull request 'Improve Apache2 setup for ingress proxy' (!46) from improve-proxy-setup into master

Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/46
2022-07-05 17:06:28 +00:00 · 2022-07-05 17:06:28 +00:00 · 9ed6210c40
commit 9ed6210c40
parent c36e34966d 9bd5d8e71e
2 changed files with 18 additions and 1 deletions
--- a/roles/apache/tasks/main.yml
+++ b/roles/apache/tasks/main.yml
@ -12,3 +12,6 @@
  with_items:
    - rewrite
    - ssl
+    - headers
+    - proxy_http
+    - proxy_wstunnel
--- a/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
+++ b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
@ -14,7 +14,9 @@
    </ifmodule>
 </VirtualHost>

-<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}>
+<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem>
+<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem>
+<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem>
 <VirtualHost {{ ansible_default_ipv4.address }}:443 [{{ ansible_default_ipv6.address }}]:443>
    ServerAdmin {{ server_admin }}
    ServerName {{ site_name }}
@ -30,5 +32,17 @@
    SSLCertificateChainFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem

    ProxyPass / http://{{ backend_host | default("localhost") }}:{{proxy_port}}/
+    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
+    RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
+
+    <ifmodule mod_rewrite.c>
+        # see documentation of wstunnel: This allwos generic websocket passthrough
+        RewriteEngine On
+        RewriteCond %{HTTP:Upgrade} websocket [NC]
+        RewriteCond %{HTTP:Connection} upgrade [NC]
+        RewriteRule ^/?(.*) "ws://{{ backend_host | default("localhost") }}:{{ proxy_port }}/$1" [P,L]
+    </ifmodule>
 </VirtualHost>
 </IfFile>
+</IfFile>
+</IfFile>