JensWH/netz39-infra-ansible
1
0
Fork 0
forked from Netz39_Admin/netz39-infra-ansible
Code Pull requests Activity

Merge pull request '🎨 Improve configuration for setup-http-site-proxy and merge http-setup-dehydrated' (!80) from condense-roles into master

Browse source 
Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/80
Reviewed-by: dkdent <dkdent@netz39.de>
This commit is contained in:
Stefan Haun 2022-09-08 17:18:34 +00:00
commit b76ffa2e3e
6 changed files with 17 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
roles/setup-http-dehydrated/handlers/main.yml
View file

@ -1,5 +0,0 @@
---
- name: restart apache2
service:
name: apache2
state: restarted

3
roles/setup-http-dehydrated/meta/main.yml
View file

@ -1,3 +0,0 @@
---
dependencies:
- role: ansible-role-dehydrated

12
roles/setup-http-dehydrated/tasks/main.yml
View file

@ -1,12 +0,0 @@
---
- name: Add or update Apache2 site
template:
src: templates/apache-dehydrated.j2
dest: /etc/apache2/sites-available/{{ site_name }}.conf
notify: restart apache2
- name: Activate Apache2 site
command: a2ensite {{ site_name }}
args:
creates: /etc/apache2/sites-enabled/{{ site_name }}.conf
notify: restart apache2

38
roles/setup-http-dehydrated/templates/apache-dehydrated.j2
View file

@ -1,38 +0,0 @@
{% if 'address' in ansible_default_ipv6 %}
<VirtualHost {{ ansible_default_ipv4.address }}:80 [{{ ansible_default_ipv6.address }}]:80>
{% else %}
<VirtualHost {{ ansible_default_ipv4.address }}:80>
{% endif %}
ServerAdmin {{ server_admin }}
ServerName {{ site_name }}
ServerAlias {{ site_name }}
ErrorLog /var/log/apache2/{{ site_name }}-error.log
CustomLog /var/log/apache2/{{ site_name }}-access.log common
Alias /.well-known/acme-challenge {{ dehydrated_wellknown_dir }}
</VirtualHost>
<IfFile {{dehydrated_certs_dir}}/{{ site_name }}>
{% if 'address' in ansible_default_ipv6 %}
<VirtualHost {{ ansible_default_ipv4.address }}:443 [{{ ansible_default_ipv6.address }}]:443>
{% else %}
<VirtualHost {{ ansible_default_ipv4.address }}:443>
{% endif %}
ServerAdmin {{ server_admin }}
ServerName {{ site_name }}
ServerAlias {{ site_name }}
ErrorLog /var/log/apache2/{{ site_name }}-error.log
CustomLog /var/log/apache2/{{ site_name }}-access.log common
SSLEngine on
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SSLCertificateFile {{dehydrated_certs_dir}}/{{ site_name }}/cert.pem
SSLCertificateKeyFile {{dehydrated_certs_dir}}/{{ site_name }}/privkey.pem
SSLCertificateChainFile {{dehydrated_certs_dir}}/{{ site_name }}/chain.pem
Alias /.well-known/acme-challenge {{ dehydrated_wellknown_dir }}
Redirect 404 /
</VirtualHost>
</IfFile>

6
roles/setup-http-site-proxy/defaults/main.yml Normal file
View file

@ -0,0 +1,6 @@
# Defaults for setup-http-dehydrated
---
# These match https://github.com/24367dfa/ansible-role-dehydrated
dehydrated_config_dir: "/usr/local/etc/dehydrated"
dehydrated_certs_dir: "{{ dehydrated_config_dir }}/certs"
dehydrated_wellknown_dir: "{{ dehydrated_config_dir }}/challenge"

18
roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
View file

@ -9,7 +9,7 @@
ErrorLog /var/log/apache2/{{ site_name }}-error.log ErrorLog /var/log/apache2/{{ site_name }}-error.log
CustomLog /var/log/apache2/{{ site_name }}-access.log common CustomLog /var/log/apache2/{{ site_name }}-access.log common
Alias /.well-known/acme-challenge /usr/local/etc/dehydrated/challenge Alias /.well-known/acme-challenge {{ dehydrated_wellknown_dir }}
<ifmodule mod_rewrite.c> <ifmodule mod_rewrite.c>
RewriteEngine On RewriteEngine On
@ -18,9 +18,9 @@
</ifmodule> </ifmodule>
</VirtualHost> </VirtualHost>
<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem> <IfFile {{dehydrated_certs_dir}/{{ site_name }}/cert.pem>
<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem> <IfFile {{dehydrated_certs_dir}/{{ site_name }}/privkey.pem>
<IfFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem> <IfFile {{dehydrated_certs_dir}/{{ site_name }}/chain.pem>
{% if 'address' in ansible_default_ipv6 %} {% if 'address' in ansible_default_ipv6 %}
<VirtualHost {{ ansible_default_ipv4.address }}:443 [{{ ansible_default_ipv6.address }}]:443> <VirtualHost {{ ansible_default_ipv4.address }}:443 [{{ ansible_default_ipv6.address }}]:443>
{% else %} {% else %}
@ -35,10 +35,11 @@
SSLEngine on SSLEngine on
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
SSLCertificateFile /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem SSLCertificateFile {{dehydrated_certs_dir}/{{ site_name }}/cert.pem
SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem SSLCertificateKeyFile {{dehydrated_certs_dir}/{{ site_name }}/privkey.pem
SSLCertificateChainFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem SSLCertificateChainFile {{dehydrated_certs_dir}/{{ site_name }}/chain.pem
<% if proxy_port %>
AllowEncodedSlashes NoDecode AllowEncodedSlashes NoDecode
ProxyPass / http://{{ backend_host | default("localhost") }}:{{proxy_port}}/ nocanon ProxyPass / http://{{ backend_host | default("localhost") }}:{{proxy_port}}/ nocanon
RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME} RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
@ -51,6 +52,9 @@
RewriteCond %{HTTP:Connection} upgrade [NC] RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "ws://{{ backend_host | default("localhost") }}:{{ proxy_port }}/$1" [P,L] RewriteRule ^/?(.*) "ws://{{ backend_host | default("localhost") }}:{{ proxy_port }}/$1" [P,L]
</ifmodule> </ifmodule>
<% else %>
Redirect 404 /
< %endif %>
</VirtualHost> </VirtualHost>
</IfFile> </IfFile>
</IfFile> </IfFile>