samsapti/lab-ansible
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Configure $connection_upgrade and set X-Real-IP

Browse source
This commit is contained in:
Sam A. 2023-12-31 15:25:13 +01:00
parent df2172d72b
commit 64f09eded2
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
5 changed files with 22 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
roles/apps/tasks/extra_tasks/nginx.yml
View file

@ -1,19 +1,19 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
# code: language=ansible # code: language=ansible
--- ---
- name: Create subdirectory for nginx config files - name: Create subdirectory for NGINX config files
ansible.builtin.file: ansible.builtin.file:
path: "{{ apps_data_root }}/nginx/data/conf.d" path: "{{ apps_data_root }}/nginx/data/conf.d"
owner: root owner: root
mode: u=rwx,g=rx,o=rx mode: u=rwx,g=rx,o=rx
state: directory state: directory
- name: Copy nginx configs - name: Copy NGINX configs
ansible.builtin.template: ansible.builtin.template:
src: nginx/conf.d/{{ app }}.conf.j2 src: nginx/conf.d/{{ config }}.conf.j2
dest: "{{ apps_data_root }}/nginx/data/conf.d/{{ app }}.conf" dest: "{{ apps_data_root }}/nginx/data/conf.d/{{ config }}.conf"
owner: root owner: root
mode: u=rw,g=r,o=r mode: u=rw,g=r,o=r
loop: "{{ apps_proxied }}" loop: "{{ ['http', apps_proxied] | flatten }}"
loop_control: loop_control:
loop_var: app loop_var: config

11
roles/apps/templates/nginx/conf.d/http.conf.j2 Normal file
View file

@ -0,0 +1,11 @@
{# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE
set_real_ip_from {{ proxy_host }};
real_ip_header X-Forwarded-For;
real_ip_recursive on;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}

3
roles/apps/templates/nginx/conf.d/ipfs.conf.j2
View file

@ -12,6 +12,7 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https"; proxy_set_header X-Forwarded-Proto "https";
proxy_set_header X-Real-IP $remote_addr;
} }
} }
@ -23,7 +24,9 @@ server {
resolver 127.0.0.11 valid=30s; resolver 127.0.0.11 valid=30s;
set $upstream http://ipfs:8080; set $upstream http://ipfs:8080;
proxy_pass $upstream; proxy_pass $upstream;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https"; proxy_set_header X-Forwarded-Proto "https";
proxy_set_header X-Real-IP $remote_addr;
} }
} }

1
roles/apps/templates/nginx/conf.d/monerod.conf.j2
View file

@ -12,5 +12,6 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https"; proxy_set_header X-Forwarded-Proto "https";
proxy_set_header X-Real-IP $remote_addr;
} }
} }

1
roles/apps/templates/nginx/conf.d/nextcloud.conf.j2
View file

@ -12,6 +12,7 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https"; proxy_set_header X-Forwarded-Proto "https";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;