From 76c5cdb3e13bd8c4064605a290b7daa5389a24f0 Mon Sep 17 00:00:00 2001 From: Stefan Haun Date: Tue, 6 Sep 2022 15:10:42 +0200 Subject: [PATCH 1/2] :sparkles: Add roles for ingress and cert management --- pottwal.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pottwal.yml b/pottwal.yml index e5367f9..ca6258c 100644 --- a/pottwal.yml +++ b/pottwal.yml @@ -21,6 +21,17 @@ vars: docker_data_root: "/srv/docker" - role: apache + - role: apache-letsencrypt # Uses configuration from dehydrated setup + - role: ansible-role-dehydrated + vars: + dehydrated_contact_email: "{{ server_admin }}" + dehydrated_domains: + - name: gitea.n39.eu + - name: uritools.n39.eu + - name: entities-validation.svc.n39.eu + - name: sl.n39.eu + - name: pad.n39.eu + - role: penguineer.dehydrated_cron - role: dd24-dyndns-cron # variables are set in the inventory From cc435575111658497f55e4764665767a4af3bde1 Mon Sep 17 00:00:00 2001 From: Stefan Haun Date: Tue, 6 Sep 2022 15:12:01 +0200 Subject: [PATCH 2/2] :wrench: Block external access to docker containers This needs to go through ingress now! --- pottwal.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/pottwal.yml b/pottwal.yml index ca6258c..4275be9 100644 --- a/pottwal.yml +++ b/pottwal.yml @@ -57,8 +57,7 @@ restart_policy: unless-stopped detach: yes ports: -# - 127.0.0.1:{{ gitea_host_port }}:3000 - - "{{ gitea_host_port }}:3000" + - 127.0.0.1:{{ gitea_host_port }}:3000 - 2222:2222 env: APP_NAME="Netz39 Gitea" @@ -100,7 +99,7 @@ state: started detach: yes ports: - - "{{ uritools_host_port }}:8080" + - "127.0.0.1:{{ uritools_host_port }}:8080" restart_policy: unless-stopped - name: Setup proxy site uritools.n39.eu @@ -118,7 +117,7 @@ state: started detach: yes ports: - - "{{ entities_validation_svc_host_port }}:8080" + - "127.0.0.1:{{ entities_validation_svc_host_port }}:8080" restart_policy: unless-stopped - name: Setup proxy site entities-validation.svc.n39.eu @@ -136,7 +135,7 @@ state: started detach: yes ports: - - "{{ shlink_host_port }}:8080" + - "127.0.0.1:{{ shlink_host_port }}:8080" restart_policy: unless-stopped env: SHORT_DOMAIN_HOST: "{{ shlink_domain_name }}" @@ -198,7 +197,7 @@ state: started detach: yes ports: - - "{{ hedgedoc_host_port }}:3000" + - "127.0.0.1:{{ hedgedoc_host_port }}:3000" restart_policy: unless-stopped env: NODE_ENV: "production"