Update captive portal nginx configuration

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>

host_vars/portail.adm.auro.re.yml

@@ -1,53 +1,116 @@
 ---
-certbot:
+loc_certbot:
   domains:
-    - portail.auro.re
+    - portail-fleming.auro.re
+    - portail-pacaterie.auro.re
+    - portail-rives.auro.re
+    - portail-edc.auro.re
+    - portail-gs.auro.re
   mail: tech.aurore@lists.crans.org
   certname: auro.re
 
-nginx:
+loc_nginx:
-  ssl:
+  service_name: captive_portal
-    cert: /etc/letsencrypt/live/auro.re/fullchain.pem
+  default_server: '$server_addr'
-    cert_key: /etc/letsencrypt/live/auro.re/privkey.pem
+  default_ssl_server: '$server_addr'
-    trusted_cert: /etc/letsencrypt/live/auro.re/chain.pem
 
-  redirect_dnames: {}
+  servers:
+    - ssl: false
+      server_name:
+        - "10.13.0.247"
+      locations:
+        - filter: "/"
+          params:
+            - "return 302 https://portail-fleming.auro.re/portail/"
 
-  redirect_tcp: {}
+    - ssl: true
+      server_name:
+        - portail-fleming.auro.re
+      locations:
+        - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)"
+          params:
+            - "proxy_pass http://10.128.0.80"
+            - "include /etc/nginx/snippets/options-proxypass.conf"
+        - filter: "/"
+          params:
+            - "return 302 https://portail-fleming.auro.re/portail/"
 
-  redirect_sites:
+    - ssl: false
-    - from: 10.13.0.247
+      server_name:
-      to: portail-fleming.auro.re
+        - 10.23.0.247
-      norequesturi: true
+      locations:
+        - filter: "/"
+          params:
+            - "return 302 https://portail-pacaterie.auro.re/portail/"
 
-    - from: 10.23.0.247
+    - ssl: true
-      to: portail-.auro.re
+      server_name:
-      norequesturi: true
+        - portail-pacaterie.auro.re
+      locations:
+        - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)"
+          params:
+            - "proxy_pass http://10.128.0.80"
+            - "include /etc/nginx/snippets/options-proxypass.conf"
+        - filter: "/"
+          params:
+            - "return 302 https://portail-pacaterie.auro.re/portail/"
 
-    - from: 10.33.0.247
+    - ssl: false
-      to: portail-rives.auro.re
+      server_name:
-      norequesturi: true
+        - "10.33.0.247"
+      locations:
+        - filter: "/"
+          params:
+            - "return 302 https://portail-rives.auro.re/portail/"
 
-    - from: 10.43.0.247
+    - ssl: true
-      to: portail-edc.auro.re
+      server_name:
-      norequesturi: true
+        - portail-rives.auro.re
+      locations:
+        - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)"
+          params:
+            - "proxy_pass http://10.128.0.80"
+            - "include /etc/nginx/snippets/options-proxypass.conf"
+        - filter: "/"
+          params:
+            - "return 302 https://portail-rives.auro.re/portail/"
 
-    - from: 10.53.0.247
+    - ssl: false
-      to: portail-gs.auro.re
+      server_name:
-      norequesturi: true
+        - "10.43.0.247"
+      locations:
+        - filter: "/"
+          params:
+            - "return 302 https://portail-edc.auro.re/portail/"
 
-  reverseproxy_sites:
+    - ssl: true
-    - from: portail-fleming.auro.re
+      server_name:
-      to: 10.128.0.20
+        - portail-edc.auro.re
+      locations:
+        - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)"
+          params:
+            - "proxy_pass http://10.128.0.80"
+            - "include /etc/nginx/snippets/options-proxypass.conf"
+        - filter: "/"
+          params:
+            - "return 302 https://portail-edc.auro.re/portail/"
 
-    - from: portail-pacaterie.auro.re
+    - ssl: false
-      to: 10.128.0.20
+      server_name:
+        - "10.53.0.247"
+      locations:
+        - filter: "/"
+          params:
+            - "return 302 https://portail-gs.auro.re/portail/"
 
-    - from: portail-rives.auro.re
+    - ssl: true
-      to: 10.128.0.20
+      server_name:
-
+        - portail-gs.auro.re
-    - from: portail-edc.auro.re
+      locations:
-      to: 10.128.0.20
+        - filter: "~ /(portail|static|javascript|media|about|contact|logout|.*-autocomplete)"
-
+          params:
-    - from: portail-gs.auro.re
+            - "proxy_pass http://10.128.0.80"
-      to: 10.128.0.20
+            - "include /etc/nginx/snippets/options-proxypass.conf"
+        - filter: "/"
+          params:
+            - "return 302 https://portail-gs.auro.re/portail/"

hosts

@@ -489,3 +489,8 @@ ldap-replica-ovh.adm.auro.re
 [ldap_replica_rives]
 ldap-replica-rives.adm.auro.re
 
+[certbot]
+portail.adm.auro.re
+
+[nginx]
+portail.adm.auro.re

services_web.yml

@@ -11,7 +11,15 @@
     - passbolt
 
 # Deploy reverse proxy
-- hosts: portail.adm.auro.re,proxy*.adm.auro.re
+- hosts: proxy*.adm.auro.re
   roles:
     - certbot
     - nginx_reverseproxy
+
+- hosts: portail.adm.auro.re
+  vars:
+    certbot: '{{ glob_certbot | default({}) | combine(loc_certbot | default({})) }}'
+    nginx: '{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}'
+  roles:
+    - certbot
+    - nginx