Add initial nginx configuration

This commit is contained in:
Sam A. 2023-11-08 22:30:41 +01:00
parent 0b539463e9
commit 646bfa4e85
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
12 changed files with 69 additions and 4 deletions

View file

@ -5,6 +5,7 @@ fqdn: sapt-labp-app01.prod.servers.sapti.me
private_ip: 10.2.16.10 private_ip: 10.2.16.10
apps_include: apps_include:
- nginx
- postfix - postfix
- nextcloud - nextcloud
- restic - restic

View file

@ -5,6 +5,7 @@ fqdn: sapt-labp-app02.prod.servers.sapti.me
private_ip: 10.2.16.11 private_ip: 10.2.16.11
apps_include: apps_include:
- nginx
- ipfs - ipfs
- monerod - monerod
- snowflake - snowflake

View file

@ -5,6 +5,7 @@ fqdn: sapt-labs-app01.stage.servers.sapti.me
private_ip: 10.2.19.10 private_ip: 10.2.19.10
apps_include: apps_include:
- nginx
- postfix - postfix
- nextcloud - nextcloud
- restic - restic

View file

@ -5,6 +5,7 @@ fqdn: sapt-labs-app02.stage.servers.sapti.me
private_ip: 10.2.19.11 private_ip: 10.2.19.11
apps_include: apps_include:
- nginx
- ipfs - ipfs
- monerod - monerod
- snowflake - snowflake

View file

@ -8,6 +8,11 @@ apps_shared_docker_network: apps_network
apps_postfix_docker_network: postfix_network apps_postfix_docker_network: postfix_network
apps_vars: apps_vars:
nginx:
backup: false
extra_tasks: true
version: 1.25.3-alpine-slim
postfix: postfix:
domain: smtp.{{ apps_base_domain }} domain: smtp.{{ apps_base_domain }}
backup: true backup: true
@ -52,6 +57,7 @@ apps_vars:
apps_include: "{{ apps_vars | dict2items | map(attribute='key') | list }}" apps_include: "{{ apps_vars | dict2items | map(attribute='key') | list }}"
apps_backup: "{{ apps_vars | dict2items | selectattr('value.backup', 'true') | map(attribute='key') | list }}" apps_backup: "{{ apps_vars | dict2items | selectattr('value.backup', 'true') | map(attribute='key') | list }}"
apps_proxied: "{{ apps_vars | dict2items | selectattr('value.domain', 'defined') | map(attribute='key') | list | intersect(apps_include) }}"
apps_sender_domains: apps_sender_domains:
- "{{ apps_vars.nextcloud.domain }}" - "{{ apps_vars.nextcloud.domain }}"

View file

@ -0,0 +1,19 @@
# vim: ft=yaml.ansible
# code: language=ansible
---
- name: Create subfolder for nginx config files
ansible.builtin.file:
name: "{{ apps_data_root }}/nginx/data/conf.d"
owner: root
mode: u=rwx,g=rx,o=rx
state: directory
- name: Copy nginx config for {{ app }}
ansible.builtin.template:
src: nginx/conf.d/{{ app }}.conf.j2
dest: "{{ apps_data_root }}/nginx/data/conf.d/{{ app }}.conf"
owner: root
mode: u=rw,g=r,o=r
loop: "{{ apps_proxied }}"
loop_control:
loop_var: app

View file

@ -0,0 +1,17 @@
# code: language=ansible-jinja
version: "3.8"
services:
web:
image: nginx:{{ apps_vars.nginx.version }}
restart: always
networks:
- {{ apps_shared_docker_network }}
ports:
- 8080:8080/tcp
volumes:
- "./data/conf.d:/etc/nginx/conf.d:ro"
networks:
{{ apps_shared_docker_network }}:
external: true

View file

@ -0,0 +1,19 @@
# code: language=ansible-jinja
server {
listen 8080;
server_name {{ apps_vars.nextcloud.domain }}
location / {
proxy_pass http://nextcloud:80;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
}

View file

@ -27,7 +27,7 @@
force: true force: true
state: link state: link
- name: Comment out DNSStubListener - name: Set DNSStubListener=no
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/systemd/resolved.conf path: /etc/systemd/resolved.conf
regexp: '^#?DNSStubListener=' regexp: '^#?DNSStubListener='