Merge pull request 'Temporarily move spaceapi handling to pottwal' (!151) from pottwal-spaceapi into master

Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/151
Reviewed-by: dkdent <dkdent@netz39.de>

host-holmium.yml

@@ -9,9 +9,6 @@
     - role: nginx_https_ingress
       vars:
         ingress:
-          - server: kant
-            hosts:
-              - name: spaceapi.n39.eu
           - server: krypton
             hosts:
               - name: entities.svc.n39.eu
@@ -31,6 +28,7 @@
               - name: uptime.n39.eu
               - name: grafana.n39.eu
               - name: inventory.n39.eu
+              - name: spaceapi.n39.eu
           - server: radon
             hosts:
               - name: nodered.n39.eu

host-pottwal.yml

@@ -24,6 +24,7 @@
           - name: uptime.n39.eu
           - name: "{{ grafana_domain_name }}"
           - name: "{{ homebox_domain_name }}"
+          - name: spaceapi.n39.eu
     - role: penguineer.dehydrated_cron
     - role: dd24_dyndns_cron
       # variables are set in the inventory
@@ -513,9 +514,27 @@
         proxy_port: "{{ homebox_host_port }}"
         proxy_preserve_host: "On"
 
+    - name: Setup proxy site spaceapi.n39.eu
+      template:
+        src: templates/pottwal/spaceapi-apache-site.j2
+        dest: /etc/apache2/sites-available/spaceapi.n39.eu.conf
+        mode: "0644"
+      vars:
+        site_name: "spaceapi.n39.eu"
+        proxy_preserve_host: "On"
+      notify: Restart apache2
+      tags:
+        - dev
+
   handlers:
     - name: Restart prosody
       community.docker.docker_container:
         name: prosody
         state: started
         restart: yes
+
+    - name: Restart apache2
+      service:
+        name: apache2
+        state: restarted
+

templates/pottwal/spaceapi-apache-site.j2

@@ -0,0 +1,53 @@
+{% if 'address' in ansible_default_ipv6 %}
+<VirtualHost {{ ansible_default_ipv4.address }}:80 [{{ ansible_default_ipv6.address }}]:80>
+{% else %}
+<VirtualHost {{ ansible_default_ipv4.address }}:80>
+{% endif %}
+    ServerAdmin {{ server_admin }}
+    ServerName {{ site_name }}
+    ServerAlias {{ site_name }}
+    ErrorLog /var/log/apache2/{{ site_name }}-error.log
+    CustomLog /var/log/apache2/{{ site_name }}-access.log common
+
+    Alias /.well-known/acme-challenge {{ dehydrated_wellknown_dir }}
+
+    <ifmodule mod_rewrite.c>
+        RewriteEngine On
+        RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
+        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+    </ifmodule>
+</VirtualHost>
+
+<IfFile {{dehydrated_certs_dir}}/{{ site_name }}/cert.pem>
+<IfFile {{dehydrated_certs_dir}}/{{ site_name }}/privkey.pem>
+<IfFile {{dehydrated_certs_dir}}/{{ site_name }}/chain.pem>
+{% if 'address' in ansible_default_ipv6 %}
+<VirtualHost {{ ansible_default_ipv4.address }}:443 [{{ ansible_default_ipv6.address }}]:443>
+{% else %}
+<VirtualHost {{ ansible_default_ipv4.address }}:443>
+{% endif %}
+    ServerAdmin {{ server_admin }}
+    ServerName {{ site_name }}
+    ServerAlias {{ site_name }}
+
+    ErrorLog /var/log/apache2/{{ site_name }}-error.log
+    CustomLog /var/log/apache2/{{ site_name }}-access.log common
+
+    SSLEngine on
+    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+    SSLCertificateFile    {{dehydrated_certs_dir}}/{{ site_name }}/cert.pem
+    SSLCertificateKeyFile {{dehydrated_certs_dir}}/{{ site_name }}/privkey.pem
+    SSLCertificateChainFile {{dehydrated_certs_dir}}/{{ site_name }}/chain.pem
+
+    AllowEncodedSlashes NoDecode
+    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}
+    RequestHeader set "X-Forwarded-SSL" expr=%{HTTPS}
+    ProxyPreserveHost {{ proxy_preserve_host | default("Off") }}
+
+    ProxyPass /json http://172.23.48.7/spaceapi
+    ProxyPass /text http://172.23.48.7/state.txt
+    ProxyPass /state.png  http://172.23.48.7/state.png
+</VirtualHost>
+</IfFile>
+</IfFile>
+</IfFile>