From e2bf5e95290b68eeb214c9c8cb664be1216418d1 Mon Sep 17 00:00:00 2001
From: Jean-Marie Mineau <mineau.jean.marie@gmail.com>
Date: Mon, 12 Oct 2020 23:02:15 +0200
Subject: [PATCH] add site-available template

---
 roles/reverse_proxy/tasks/main.yml            |  6 ++++
 .../nginx/sites-available/reverse_proxy       | 32 +++++++++++++++++++
 web_services.yml                              |  4 +++
 3 files changed, 42 insertions(+)
 create mode 100644 roles/reverse_proxy/templates/nginx/sites-available/reverse_proxy

diff --git a/roles/reverse_proxy/tasks/main.yml b/roles/reverse_proxy/tasks/main.yml
index bf07ef6..ca04a26 100644
--- a/roles/reverse_proxy/tasks/main.yml
+++ b/roles/reverse_proxy/tasks/main.yml
@@ -7,3 +7,9 @@
   register: apt_result
   retries: 3
   until: apt_result is succeeded
+
+- name: Copy reverse proxy sites
+  template:
+    src: "nginx/sites-available/reverse_proxy"
+    dest: "/etc/nginx/sites-available/{{ item.from }}"
+  loop: "{{ reverse_proxy_sites }}"
diff --git a/roles/reverse_proxy/templates/nginx/sites-available/reverse_proxy b/roles/reverse_proxy/templates/nginx/sites-available/reverse_proxy
new file mode 100644
index 0000000..a427707
--- /dev/null
+++ b/roles/reverse_proxy/templates/nginx/sites-available/reverse_proxy
@@ -0,0 +1,32 @@
+{{ ansible_managed | comment }}
+
+server {
+	listen 80;
+	listen [::]:80;
+
+	server_name {{ item.from }};
+	# Redirect to https
+	location / {
+		return 302 https://$host$request_uri;
+	}
+}
+
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+
+	server_name {{ item.from }};
+
+	# SSL common conf
+	include "/etc/nginx/snippets/options-ssl.conf";
+
+	# Logs
+	access_log /var/log/nginx/{{ item.from }}.log;
+	error_log /var/log/nginx/{{ item.from }}_error.log;
+
+	location / {
+		proxy_pass {{ item.to }};
+		include "/etc/nginx/snippets/options-proxypass.conf";
+	}
+}
+
diff --git a/web_services.yml b/web_services.yml
index ee1aa90..748d47f 100644
--- a/web_services.yml
+++ b/web_services.yml
@@ -5,3 +5,7 @@
 - hosts: hindley.adh.auro.re
   roles:
     - reverse_proxy
+  vars:
+    reverse_proxy_sites:
+      - {from: wiki.pains-perdus.fr,      to: "https://azerty.fil.sand.auro.re:2443"}
+      - {from: hindley.pains-perdus.fr,   to: "http://127.0.0.1:5000"}