split the reverse_proxy role to implement a separate reverse proxy for stream

This commit is contained in:
Jean-Marie Mineau 2021-01-23 01:14:26 +01:00
parent 292d6cbafb
commit 7208a8ccbd
12 changed files with 76 additions and 10 deletions

8
dns.yml Normal file
View file

@ -0,0 +1,8 @@
#!/usr/bin/env ansible-playbook
---
# Reverse proxy
- hosts: proxy
roles:
- install_nginx
- reverse_proxy_stream

View file

@ -0,0 +1,5 @@
---
reverse_proxy_stream:
- {from_port: 53, type: "udp", to: "dns-histausse.fil.sand.auro.re:53"}
- {from_port: 53, type: "tcp", to: "dns-histausse.fil.sand.auro.re:53"}

View file

@ -0,0 +1,10 @@
---
- name: Install NGINX
apt:
update_cache: true
name: nginx
state: latest
register: apt_result
retries: 3
until: apt_result is succeeded

View file

@ -1,13 +1,4 @@
--- ---
- name: Install NGINX
apt:
update_cache: true
name: nginx
state: latest
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Install certbot - name: Install certbot
apt: apt:
update_cache: true update_cache: true

View file

@ -0,0 +1,5 @@
---
- name: Reload nginx
systemd:
name: nginx
state: reloaded

View file

@ -0,0 +1,34 @@
---
- name: Ensure the stream proxy conf available directory exists
file:
path: /etc/nginx/stream-available
state: directory
- name: Ensure the stream proxy conf enabled directory exists
file:
path: /etc/nginx/stream-enabled
state: directory
- name: Include the stream proxy configuration files
blockinfile:
path: /etc/nginx/nginx.conf
block: |
stream {
include /etc/nginx/stream-enabled/*;
}
- name: Copy reverse proxy stream
template:
src: "nginx/stream-available/reverse_proxy"
dest: "/etc/nginx/stream-available/stream_{{ item.type }}_{{ item.from_port }}"
loop: "{{ reverse_proxy_stream }}"
- name: Activate stream
file:
src: "/etc/nginx/stream-available/stream_{{ item.type }}_{{ item.from_port }}"
dest: "/etc/nginx/stream-enabled/stream_{{ item.type }}_{{ item.from_port }}"
state: link
force: yes
loop: "{{ reverse_proxy_stream }}"
notify: Reload nginx

View file

@ -0,0 +1,12 @@
{{ ansible_managed | comment }}
server {
{% if item.type == "udp" %}
listen {{ item.from_port }} udp;
{% else %}
listen {{ item.from_port }};
{% endif %}
proxy_pass {{ item.to }};
}

View file

@ -4,4 +4,5 @@
# Reverse proxy # Reverse proxy
- hosts: proxy - hosts: proxy
roles: roles:
- reverse_proxy - install_nginx
- reverse_proxy_http