Merge pull request 'Improve Apache2 setup for ingress proxy' (!46) from improve-proxy-setup into master

Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/46
This commit is contained in:
Stefan Haun 2022-07-05 17:06:28 +00:00
commit 9ed6210c40
2 changed files with 18 additions and 1 deletions

View file

@ -12,3 +12,6 @@
with_items:
- rewrite
- ssl
- headers
- proxy_http
- proxy_wstunnel

View file

@ -14,7 +14,9 @@
</ifmodule>
</VirtualHost>
<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}>
<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem>
<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem>
<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem>
<VirtualHost {{ ansible_default_ipv4.address }}:443 [{{ ansible_default_ipv6.address }}]:443>
ServerAdmin {{ server_admin }}
ServerName {{ site_name }}
@ -30,5 +32,17 @@
SSLCertificateChainFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem
ProxyPass / http://{{ backend_host | default("localhost") }}:{{proxy_port}}/
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
<ifmodule mod_rewrite.c>
# see documentation of wstunnel: This allwos generic websocket passthrough
RewriteEngine On
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://{{ backend_host | default("localhost") }}:{{ proxy_port }}/$1" [P,L]
</ifmodule>
</VirtualHost>
</IfFile>
</IfFile>
</IfFile>