diff --git a/roles/nginx-reverse-proxy/tasks/main.yml b/roles/nginx-reverse-proxy/tasks/main.yml index d7a93ee..339ce0b 100644 --- a/roles/nginx-reverse-proxy/tasks/main.yml +++ b/roles/nginx-reverse-proxy/tasks/main.yml @@ -29,3 +29,19 @@ state: link loop: "{{ reversed_proxy_subdomains }}" notify: Reload NGINX service + +# Install main site +- name: Configure NGINX main site + template: + src: nginx-sites-available-main.j2 + dest: /etc/nginx/sites-available/main + mode: 0644 + notify: Reload NGINX service + +# Activate main site +- name: Activate main site + file: + src: /etc/nginx/sites-available/main + dest: /etc/nginx/sites-enabled/main + state: link + notify: Reload NGINX service diff --git a/roles/nginx-reverse-proxy/templates/nginx-sites-available-main.j2 b/roles/nginx-reverse-proxy/templates/nginx-sites-available-main.j2 new file mode 100644 index 0000000..43f678f --- /dev/null +++ b/roles/nginx-reverse-proxy/templates/nginx-sites-available-main.j2 @@ -0,0 +1,69 @@ +# {{ ansible_managed }} + +server { + server_name auro.re; + include "snippets/proxy-common.conf"; + + location / { + return 302 https://$host$request_uri; + } +} + +server { + include "snippets/proxy-common-ssl.conf"; + server_name auro.re; + + # Separate log files + access_log /var/log/nginx/main.access.log; + error_log /var/log/nginx/main.error.log; + + # Use LetsEncrypt SSL + ssl_certificate /etc/letsencrypt/live/auro.re/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/auro.re/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/auro.re/chain.pem; + + location / { + proxy_redirect off; + proxy_pass http://www.adm.auro.re; + proxy_set_header Host auro.re; + proxy_set_header P-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + + # "A man is not dead while his name is still spoken." -- Going Postal + add_header X-Clacks-Overhead "GNU Terry Pratchett"; + } + + # For Matrix identity server + location /_matrix/identity { + proxy_pass http://synapse.adm.auro.re:8090/_matrix/identity; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } + + # For Matrix Synapse + location /_matrix { + proxy_pass http://synapse.adm.auro.re:8008; + proxy_set_header X-Forwarded-For $remote_addr; + } +} + +server { + listen 8448 ssl default_server; + listen [::]:8448 ssl default_server; + server_name auro.re; + + # Separate log files + access_log /var/log/nginx/main.access.log; + error_log /var/log/nginx/main.error.log; + + # Use LetsEncrypt SSL + ssl_certificate /etc/letsencrypt/live/auro.re/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/auro.re/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/auro.re/chain.pem; + + # For Matrix Synapse federation + location / { + proxy_pass http://synapse.adm.auro.re:8008; + proxy_set_header X-Forwarded-For $remote_addr; + } +}