From 6b7bd105a3cbf012e66ed87bacf7106c3b57dedf Mon Sep 17 00:00:00 2001 From: Sam Al-Sapti Date: Sun, 31 Dec 2023 18:37:20 +0100 Subject: [PATCH] Move stuff around --- roles/proxy/defaults/main.yml | 4 ++ roles/proxy/templates/caddy/Caddyfile.j2 | 54 ++++++++++++------------ 2 files changed, 31 insertions(+), 27 deletions(-) diff --git a/roles/proxy/defaults/main.yml b/roles/proxy/defaults/main.yml index 696f533..010cf2e 100644 --- a/roles/proxy/defaults/main.yml +++ b/roles/proxy/defaults/main.yml @@ -4,6 +4,10 @@ proxy_data_root: "{{ data_fs }}/proxy" proxy_caddy_version: '2.7.6' +proxy_environments: + - production + - staging + proxy_trusted_subnets: - 192.168.1.0/24 - 192.168.8.0/24 diff --git a/roles/proxy/templates/caddy/Caddyfile.j2 b/roles/proxy/templates/caddy/Caddyfile.j2 index ec1c209..7032dbd 100644 --- a/roles/proxy/templates/caddy/Caddyfile.j2 +++ b/roles/proxy/templates/caddy/Caddyfile.j2 @@ -1,10 +1,10 @@ {# code: language=ansible-jinja #} # THIS FILE IS MANAGED BY ANSIBLE -{% for env in ['production', 'staging'] %} +{% for env in proxy_environments %} # BEGIN Environment: {{ env }} -ipfs.local.{{ proxy_vars[env].app01.apps_base_domain }} { +cloud.{{ proxy_vars[env].app01.apps_base_domain }} { tls {{ tls_email }} { dns njalla {{ njalla_api_token }} } @@ -14,6 +14,9 @@ ipfs.local.{{ proxy_vars[env].app01.apps_base_domain }} { -Server } +{% if env == 'production' %} + reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080 +{% else %} @local { remote_ip {{ proxy_trusted_subnets | join(' ') }} } @@ -23,6 +26,7 @@ ipfs.local.{{ proxy_vars[env].app01.apps_base_domain }} { } respond 403 +{% endif %} } ipfs-gateway.{{ proxy_vars[env].app01.apps_base_domain }}, @@ -52,6 +56,27 @@ ipfs-gateway.{{ proxy_vars[env].app01.apps_base_domain }}, {% endif %} } +ipfs.local.{{ proxy_vars[env].app01.apps_base_domain }} { + tls {{ tls_email }} { + dns njalla {{ njalla_api_token }} + } + + header { + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + -Server + } + + @local { + remote_ip {{ proxy_trusted_subnets | join(' ') }} + } + + handle @local { + reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080 + } + + respond 403 +} + xmr.local.{{ proxy_vars[env].app01.apps_base_domain }} { tls {{ tls_email }} { dns njalla {{ njalla_api_token }} @@ -73,30 +98,5 @@ xmr.local.{{ proxy_vars[env].app01.apps_base_domain }} { respond 403 } -cloud.{{ proxy_vars[env].app01.apps_base_domain }} { - tls {{ tls_email }} { - dns njalla {{ njalla_api_token }} - } - - header { - Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" - -Server - } - -{% if env == 'production' %} - reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080 -{% else %} - @local { - remote_ip {{ proxy_trusted_subnets | join(' ') }} - } - - handle @local { - reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080 - } - - respond 403 -{% endif %} -} - # END Environment: {{ env }} {% endfor %}