From 85c09ea2ae7f338dd81e64ef8c621a47ddfabe7c Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Fri, 4 Dec 2020 18:52:18 +0100
Subject: [PATCH 1/3] Add role for apache forward site

---
 .../setup-http-site-forward/handlers/main.yml |  5 +++
 roles/setup-http-site-forward/tasks/main.yml  | 12 ++++++
 .../templates/apache-docker-forward-site.j2   | 38 +++++++++++++++++++
 3 files changed, 55 insertions(+)
 create mode 100644 roles/setup-http-site-forward/handlers/main.yml
 create mode 100644 roles/setup-http-site-forward/tasks/main.yml
 create mode 100644 roles/setup-http-site-forward/templates/apache-docker-forward-site.j2

diff --git a/roles/setup-http-site-forward/handlers/main.yml b/roles/setup-http-site-forward/handlers/main.yml
new file mode 100644
index 0000000..670471f
--- /dev/null
+++ b/roles/setup-http-site-forward/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart apache2
+  service:
+    name: apache2
+    state: restarted
diff --git a/roles/setup-http-site-forward/tasks/main.yml b/roles/setup-http-site-forward/tasks/main.yml
new file mode 100644
index 0000000..8d0228d
--- /dev/null
+++ b/roles/setup-http-site-forward/tasks/main.yml
@@ -0,0 +1,12 @@
+---
+- name: Add or update Apache2 site
+  template:
+    src: templates/apache-docker-forward-site.j2
+    dest: /etc/apache2/sites-available/{{site_name}}.conf
+  notify: restart apache2
+
+- name: Activate Apache2 site
+  command: a2ensite {{ site_name}}
+  args:
+    creates: /etc/apache2/sites-enabled/{{ site_name }}.conf
+  notify: restart apache2
diff --git a/roles/setup-http-site-forward/templates/apache-docker-forward-site.j2 b/roles/setup-http-site-forward/templates/apache-docker-forward-site.j2
new file mode 100644
index 0000000..f03e844
--- /dev/null
+++ b/roles/setup-http-site-forward/templates/apache-docker-forward-site.j2
@@ -0,0 +1,38 @@
+<VirtualHost {{ ansible_default_ipv4.address }}:80>
+    ServerAdmin {{ server_admin }}
+    ServerName {{ site_name }}
+    ServerAlias {{ site_name }}
+    ErrorLog /var/log/apache2/{{ site_name }}-error.log
+    CustomLog /var/log/apache2/{{ site_name }}-access.log common
+
+    Alias /.well-known/acme-challenge /usr/local/etc/dehydrated/challenge
+
+    <ifmodule mod_rewrite.c>
+        RewriteEngine On
+        RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
+        RewriteRule (.*) {{forward_to}} [R=301,L]
+    </ifmodule>
+</VirtualHost>
+
+<VirtualHost {{ ansible_default_ipv4.address }}:443>
+    ServerAdmin {{ server_admin }}
+    ServerName {{ site_name }}
+    ServerAlias {{ site_name }}
+
+    ErrorLog /var/log/apache2/{{ site_name }}-error.log
+    CustomLog /var/log/apache2/{{ site_name }}-access.log common
+
+    SSLEngine on
+    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+    SSLCertificateFile    /usr/local/etc/dehydrated/certs/{{ site_name }}/cert.pem
+    SSLCertificateKeyFile /usr/local/etc/dehydrated/certs/{{ site_name }}/privkey.pem
+    SSLCertificateChainFile /usr/local/etc/dehydrated/certs/{{ site_name }}/chain.pem
+
+    Alias /.well-known/acme-challenge /usr/local/etc/dehydrated/challenge
+
+    <ifmodule mod_rewrite.c>
+        RewriteEngine On
+        RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
+        RewriteRule (.*) {{forward_to}} [R=301,L]
+    </ifmodule>
+</VirtualHost>

From 482275d2742a394b41ce809a0fa041520970fc97 Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Fri, 4 Dec 2020 18:54:21 +0100
Subject: [PATCH 2/3] Add missing alias to proxy site

---
 .../setup-http-site-proxy/templates/apache-docker-proxy-site.j2 | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2 b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
index 8e5bf88..417d40e 100644
--- a/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
+++ b/roles/setup-http-site-proxy/templates/apache-docker-proxy-site.j2
@@ -5,6 +5,8 @@
     ErrorLog /var/log/apache2/{{ site_name }}-error.log
     CustomLog /var/log/apache2/{{ site_name }}-access.log common
 
+    Alias /.well-known/acme-challenge /usr/local/etc/dehydrated/challenge
+
     <ifmodule mod_rewrite.c>
         RewriteEngine On
         RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/

From 745406fa26aea4bfc631b56976857d6818d387e1 Mon Sep 17 00:00:00 2001
From: Stefan Haun <tux@netz39.de>
Date: Fri, 4 Dec 2020 18:54:35 +0100
Subject: [PATCH 3/3] Add reservierung.netz39.de as forward site

---
 tasks/httpd.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tasks/httpd.yml b/tasks/httpd.yml
index 8e9aa27..5dc8983 100644
--- a/tasks/httpd.yml
+++ b/tasks/httpd.yml
@@ -11,6 +11,13 @@
     state: present
 
 
+- name: Setup forward site reservierung.netz39.de
+  include_role:
+    name: setup-http-site-forward
+  vars:
+    site_name: reservierung.netz39.de
+    forward_to: https://codimd.pingtech.de/aYsBj5wSTviFTozd8b0P_Q
+
 
 - name: Setup proxy site testredmine.netz39.de
   include_role: