samsapti/lab-ansible
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Move stuff around

Browse source
This commit is contained in:
Sam A. 2023-12-31 18:37:20 +01:00
parent c8a15443c3
commit 6b7bd105a3
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
2 changed files with 31 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
roles/proxy/defaults/main.yml
View file

@ -4,6 +4,10 @@
proxy_data_root: "{{ data_fs }}/proxy" proxy_data_root: "{{ data_fs }}/proxy"
proxy_caddy_version: '2.7.6' proxy_caddy_version: '2.7.6'
proxy_environments:
- production
- staging
proxy_trusted_subnets: proxy_trusted_subnets:
- 192.168.1.0/24 - 192.168.1.0/24
- 192.168.8.0/24 - 192.168.8.0/24

54
roles/proxy/templates/caddy/Caddyfile.j2
View file

@ -1,10 +1,10 @@
{# code: language=ansible-jinja #} {# code: language=ansible-jinja #}
# THIS FILE IS MANAGED BY ANSIBLE # THIS FILE IS MANAGED BY ANSIBLE
{% for env in ['production', 'staging'] %} {% for env in proxy_environments %}
# BEGIN Environment: {{ env }} # BEGIN Environment: {{ env }}
ipfs.local.{{ proxy_vars[env].app01.apps_base_domain }} { cloud.{{ proxy_vars[env].app01.apps_base_domain }} {
tls {{ tls_email }} { tls {{ tls_email }} {
dns njalla {{ njalla_api_token }} dns njalla {{ njalla_api_token }}
} }
@ -14,6 +14,9 @@ ipfs.local.{{ proxy_vars[env].app01.apps_base_domain }} {
-Server -Server
} }
{% if env == 'production' %}
reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
{% else %}
@local { @local {
remote_ip {{ proxy_trusted_subnets | join(' ') }} remote_ip {{ proxy_trusted_subnets | join(' ') }}
} }
@ -23,6 +26,7 @@ ipfs.local.{{ proxy_vars[env].app01.apps_base_domain }} {
} }
respond 403 respond 403
{% endif %}
} }
ipfs-gateway.{{ proxy_vars[env].app01.apps_base_domain }}, ipfs-gateway.{{ proxy_vars[env].app01.apps_base_domain }},
@ -52,6 +56,27 @@ ipfs-gateway.{{ proxy_vars[env].app01.apps_base_domain }},
{% endif %} {% endif %}
} }
ipfs.local.{{ proxy_vars[env].app01.apps_base_domain }} {
tls {{ tls_email }} {
dns njalla {{ njalla_api_token }}
}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-Server
}
@local {
remote_ip {{ proxy_trusted_subnets | join(' ') }}
}
handle @local {
reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
}
respond 403
}
xmr.local.{{ proxy_vars[env].app01.apps_base_domain }} { xmr.local.{{ proxy_vars[env].app01.apps_base_domain }} {
tls {{ tls_email }} { tls {{ tls_email }} {
dns njalla {{ njalla_api_token }} dns njalla {{ njalla_api_token }}
@ -73,30 +98,5 @@ xmr.local.{{ proxy_vars[env].app01.apps_base_domain }} {
respond 403 respond 403
} }
cloud.{{ proxy_vars[env].app01.apps_base_domain }} {
tls {{ tls_email }} {
dns njalla {{ njalla_api_token }}
}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-Server
}
{% if env == 'production' %}
reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
{% else %}
@local {
remote_ip {{ proxy_trusted_subnets | join(' ') }}
}
handle @local {
reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080
}
respond 403
{% endif %}
}
# END Environment: {{ env }} # END Environment: {{ env }}
{% endfor %} {% endfor %}