From 7208a8ccbdaf8a5239af7647f790d2d40efde02b Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Sat, 23 Jan 2021 01:14:26 +0100 Subject: [PATCH] split the reverse_proxy role to implement a separate reverse proxy for stream --- dns.yml | 8 +++++ group_vars/all/reverse_proxy_stream.yml | 5 +++ roles/install_nginx/tasks/main.yml | 10 ++++++ .../handlers/main.yml | 0 .../tasks/main.yml | 9 ----- .../nginx/sites-available/reverse_proxy | 0 .../nginx/snippets/connection_upgrade.conf | 0 .../nginx/snippets/options-proxypass.conf | 0 roles/reverse_proxy_stream/handlers/main.yml | 5 +++ roles/reverse_proxy_stream/tasks/main.yml | 34 +++++++++++++++++++ .../nginx/stream-available/reverse_proxy | 12 +++++++ web_services.yml | 3 +- 12 files changed, 76 insertions(+), 10 deletions(-) create mode 100644 dns.yml create mode 100644 group_vars/all/reverse_proxy_stream.yml create mode 100644 roles/install_nginx/tasks/main.yml rename roles/{reverse_proxy => reverse_proxy_http}/handlers/main.yml (100%) rename roles/{reverse_proxy => reverse_proxy_http}/tasks/main.yml (91%) rename roles/{reverse_proxy => reverse_proxy_http}/templates/nginx/sites-available/reverse_proxy (100%) rename roles/{reverse_proxy => reverse_proxy_http}/templates/nginx/snippets/connection_upgrade.conf (100%) rename roles/{reverse_proxy => reverse_proxy_http}/templates/nginx/snippets/options-proxypass.conf (100%) create mode 100644 roles/reverse_proxy_stream/handlers/main.yml create mode 100644 roles/reverse_proxy_stream/tasks/main.yml create mode 100644 roles/reverse_proxy_stream/templates/nginx/stream-available/reverse_proxy diff --git a/dns.yml b/dns.yml new file mode 100644 index 0000000..450bf17 --- /dev/null +++ b/dns.yml @@ -0,0 +1,8 @@ +#!/usr/bin/env ansible-playbook +--- + +# Reverse proxy +- hosts: proxy + roles: + - install_nginx + - reverse_proxy_stream diff --git a/group_vars/all/reverse_proxy_stream.yml b/group_vars/all/reverse_proxy_stream.yml new file mode 100644 index 0000000..95e4c3f --- /dev/null +++ b/group_vars/all/reverse_proxy_stream.yml @@ -0,0 +1,5 @@ +--- + +reverse_proxy_stream: + - {from_port: 53, type: "udp", to: "dns-histausse.fil.sand.auro.re:53"} + - {from_port: 53, type: "tcp", to: "dns-histausse.fil.sand.auro.re:53"} diff --git a/roles/install_nginx/tasks/main.yml b/roles/install_nginx/tasks/main.yml new file mode 100644 index 0000000..7584dfa --- /dev/null +++ b/roles/install_nginx/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- name: Install NGINX + apt: + update_cache: true + name: nginx + state: latest + register: apt_result + retries: 3 + until: apt_result is succeeded + diff --git a/roles/reverse_proxy/handlers/main.yml b/roles/reverse_proxy_http/handlers/main.yml similarity index 100% rename from roles/reverse_proxy/handlers/main.yml rename to roles/reverse_proxy_http/handlers/main.yml diff --git a/roles/reverse_proxy/tasks/main.yml b/roles/reverse_proxy_http/tasks/main.yml similarity index 91% rename from roles/reverse_proxy/tasks/main.yml rename to roles/reverse_proxy_http/tasks/main.yml index f54676e..76d9f41 100644 --- a/roles/reverse_proxy/tasks/main.yml +++ b/roles/reverse_proxy_http/tasks/main.yml @@ -1,13 +1,4 @@ --- -- name: Install NGINX - apt: - update_cache: true - name: nginx - state: latest - register: apt_result - retries: 3 - until: apt_result is succeeded - - name: Install certbot apt: update_cache: true diff --git a/roles/reverse_proxy/templates/nginx/sites-available/reverse_proxy b/roles/reverse_proxy_http/templates/nginx/sites-available/reverse_proxy similarity index 100% rename from roles/reverse_proxy/templates/nginx/sites-available/reverse_proxy rename to roles/reverse_proxy_http/templates/nginx/sites-available/reverse_proxy diff --git a/roles/reverse_proxy/templates/nginx/snippets/connection_upgrade.conf b/roles/reverse_proxy_http/templates/nginx/snippets/connection_upgrade.conf similarity index 100% rename from roles/reverse_proxy/templates/nginx/snippets/connection_upgrade.conf rename to roles/reverse_proxy_http/templates/nginx/snippets/connection_upgrade.conf diff --git a/roles/reverse_proxy/templates/nginx/snippets/options-proxypass.conf b/roles/reverse_proxy_http/templates/nginx/snippets/options-proxypass.conf similarity index 100% rename from roles/reverse_proxy/templates/nginx/snippets/options-proxypass.conf rename to roles/reverse_proxy_http/templates/nginx/snippets/options-proxypass.conf diff --git a/roles/reverse_proxy_stream/handlers/main.yml b/roles/reverse_proxy_stream/handlers/main.yml new file mode 100644 index 0000000..6dfcdd7 --- /dev/null +++ b/roles/reverse_proxy_stream/handlers/main.yml @@ -0,0 +1,5 @@ +--- +- name: Reload nginx + systemd: + name: nginx + state: reloaded diff --git a/roles/reverse_proxy_stream/tasks/main.yml b/roles/reverse_proxy_stream/tasks/main.yml new file mode 100644 index 0000000..549aa0c --- /dev/null +++ b/roles/reverse_proxy_stream/tasks/main.yml @@ -0,0 +1,34 @@ +--- + +- name: Ensure the stream proxy conf available directory exists + file: + path: /etc/nginx/stream-available + state: directory + +- name: Ensure the stream proxy conf enabled directory exists + file: + path: /etc/nginx/stream-enabled + state: directory + +- name: Include the stream proxy configuration files + blockinfile: + path: /etc/nginx/nginx.conf + block: | + stream { + include /etc/nginx/stream-enabled/*; + } + +- name: Copy reverse proxy stream + template: + src: "nginx/stream-available/reverse_proxy" + dest: "/etc/nginx/stream-available/stream_{{ item.type }}_{{ item.from_port }}" + loop: "{{ reverse_proxy_stream }}" + +- name: Activate stream + file: + src: "/etc/nginx/stream-available/stream_{{ item.type }}_{{ item.from_port }}" + dest: "/etc/nginx/stream-enabled/stream_{{ item.type }}_{{ item.from_port }}" + state: link + force: yes + loop: "{{ reverse_proxy_stream }}" + notify: Reload nginx diff --git a/roles/reverse_proxy_stream/templates/nginx/stream-available/reverse_proxy b/roles/reverse_proxy_stream/templates/nginx/stream-available/reverse_proxy new file mode 100644 index 0000000..fd86921 --- /dev/null +++ b/roles/reverse_proxy_stream/templates/nginx/stream-available/reverse_proxy @@ -0,0 +1,12 @@ +{{ ansible_managed | comment }} + +server { + {% if item.type == "udp" %} + listen {{ item.from_port }} udp; + {% else %} + listen {{ item.from_port }}; + {% endif %} + + proxy_pass {{ item.to }}; +} + diff --git a/web_services.yml b/web_services.yml index e171088..2933a4d 100644 --- a/web_services.yml +++ b/web_services.yml @@ -4,4 +4,5 @@ # Reverse proxy - hosts: proxy roles: - - reverse_proxy + - install_nginx + - reverse_proxy_http