split the reverse_proxy role to implement a separate reverse proxy for stream

2021-01-23 01:14:26 +01:00 · 2021-01-23 01:14:26 +01:00 · 7208a8ccbd
commit 7208a8ccbd
parent 292d6cbafb
12 changed files with 76 additions and 10 deletions
--- a/dns.yml
+++ b/dns.yml
@ -0,0 +1,8 @@
+#!/usr/bin/env ansible-playbook
+---
+
+# Reverse proxy
+- hosts: proxy
+  roles:
+   - install_nginx
+   - reverse_proxy_stream
--- a/group_vars/all/reverse_proxy_stream.yml
+++ b/group_vars/all/reverse_proxy_stream.yml
@ -0,0 +1,5 @@
+---
+
+reverse_proxy_stream:
+  - {from_port: 53, type: "udp", to: "dns-histausse.fil.sand.auro.re:53"}
+  - {from_port: 53, type: "tcp", to: "dns-histausse.fil.sand.auro.re:53"}
--- a/roles/install_nginx/tasks/main.yml
+++ b/roles/install_nginx/tasks/main.yml
@ -0,0 +1,10 @@
+---
+- name: Install NGINX
+  apt:
+    update_cache: true
+    name: nginx
+    state: latest
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
--- a/roles/reverse_proxy_http/handlers/main.yml
+++ b/roles/reverse_proxy_http/handlers/main.yml
--- a/roles/reverse_proxy_http/tasks/main.yml
+++ b/roles/reverse_proxy_http/tasks/main.yml
@ -1,13 +1,4 @@
 ---
- name: Install NGINX
-  apt:
-    update_cache: true
-    name: nginx
-    state: latest
-  register: apt_result
-  retries: 3
-  until: apt_result is succeeded
-
 - name: Install certbot
  apt:
    update_cache: true
--- a/roles/reverse_proxy_http/templates/nginx/sites-available/reverse_proxy
+++ b/roles/reverse_proxy_http/templates/nginx/sites-available/reverse_proxy
--- a/roles/reverse_proxy_http/templates/nginx/snippets/connection_upgrade.conf
+++ b/roles/reverse_proxy_http/templates/nginx/snippets/connection_upgrade.conf
--- a/roles/reverse_proxy_http/templates/nginx/snippets/options-proxypass.conf
+++ b/roles/reverse_proxy_http/templates/nginx/snippets/options-proxypass.conf
--- a/roles/reverse_proxy_stream/handlers/main.yml
+++ b/roles/reverse_proxy_stream/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: Reload nginx
+  systemd:
+    name: nginx
+    state: reloaded
--- a/roles/reverse_proxy_stream/tasks/main.yml
+++ b/roles/reverse_proxy_stream/tasks/main.yml
@ -0,0 +1,34 @@
+---
+
+- name: Ensure the stream proxy conf available directory exists
+  file:
+    path: /etc/nginx/stream-available
+    state: directory
+
+- name: Ensure the stream proxy conf enabled directory exists
+  file:
+    path: /etc/nginx/stream-enabled
+    state: directory
+
+- name: Include the stream proxy configuration files
+  blockinfile:
+    path: /etc/nginx/nginx.conf
+    block: |
+      stream {
+          include /etc/nginx/stream-enabled/*;
+      }
+
+- name: Copy reverse proxy stream
+  template:
+    src: "nginx/stream-available/reverse_proxy"
+    dest: "/etc/nginx/stream-available/stream_{{ item.type }}_{{ item.from_port }}"
+  loop: "{{ reverse_proxy_stream }}"
+
+- name: Activate stream
+  file:
+    src: "/etc/nginx/stream-available/stream_{{ item.type }}_{{ item.from_port }}"
+    dest: "/etc/nginx/stream-enabled/stream_{{ item.type }}_{{ item.from_port }}"
+    state: link
+    force: yes
+  loop: "{{ reverse_proxy_stream }}"
+  notify: Reload nginx
--- a/roles/reverse_proxy_stream/templates/nginx/stream-available/reverse_proxy
+++ b/roles/reverse_proxy_stream/templates/nginx/stream-available/reverse_proxy
@ -0,0 +1,12 @@
+{{ ansible_managed | comment }}
+
+server {
+    {% if item.type == "udp" %}
+	listen {{ item.from_port }} udp;
+	{% else %}
+	listen {{ item.from_port }};
+	{% endif %}
+
+	proxy_pass {{ item.to }};
+}
+
--- a/web_services.yml
+++ b/web_services.yml
@ -4,4 +4,5 @@
 # Reverse proxy
 - hosts: proxy
  roles:
-    - reverse_proxy
+    - install_nginx
+    - reverse_proxy_http