diff --git a/nginx-reverse-proxy.yml b/nginx-reverse-proxy.yml index ecbbded..426e66b 100644 --- a/nginx-reverse-proxy.yml +++ b/nginx-reverse-proxy.yml @@ -5,28 +5,25 @@ reversed_proxy_subdomains: - name: re2o from: re2o.auro.re - to: 10.128.0.10 + to: re2o-server.adm.auro.re - name: intranet from: intranet.auro.re - to: 10.128.0.10 + to: re2o-server.adm.auro.re - name: pad from: pad.auro.re - to: 10.128.0.54:9001 + to: pad.adm.auro.re:9001 - name: phabricator from: phabricator.auro.re - to: 10.128.0.50 + to: phabricator.adm.auro.re - name: wiki from: wiki.auro.re - to: 10.128.0.51 + to: wiki.adm.auro.re - name: www from: www.auro.re - to: 10.128.0.52 - - name: main - from: auro.re - to: 10.128.0.52 + to: www.adm.auro.re - name: re2o-test from: re2o-test.auro.re - to: 10.128.0.100 + to: re2o-test.adm.auro.re - name: riot from: riot.auro.re to: riot.adm.auro.re diff --git a/roles/nginx-reverse-proxy/tasks/main.yml b/roles/nginx-reverse-proxy/tasks/main.yml index d7a93ee..339ce0b 100644 --- a/roles/nginx-reverse-proxy/tasks/main.yml +++ b/roles/nginx-reverse-proxy/tasks/main.yml @@ -29,3 +29,19 @@ state: link loop: "{{ reversed_proxy_subdomains }}" notify: Reload NGINX service + +# Install main site +- name: Configure NGINX main site + template: + src: nginx-sites-available-main.j2 + dest: /etc/nginx/sites-available/main + mode: 0644 + notify: Reload NGINX service + +# Activate main site +- name: Activate main site + file: + src: /etc/nginx/sites-available/main + dest: /etc/nginx/sites-enabled/main + state: link + notify: Reload NGINX service diff --git a/roles/nginx-reverse-proxy/templates/nginx-sites-available-main.j2 b/roles/nginx-reverse-proxy/templates/nginx-sites-available-main.j2 new file mode 100644 index 0000000..43f678f --- /dev/null +++ b/roles/nginx-reverse-proxy/templates/nginx-sites-available-main.j2 @@ -0,0 +1,69 @@ +# {{ ansible_managed }} + +server { + server_name auro.re; + include "snippets/proxy-common.conf"; + + location / { + return 302 https://$host$request_uri; + } +} + +server { + include "snippets/proxy-common-ssl.conf"; + server_name auro.re; + + # Separate log files + access_log /var/log/nginx/main.access.log; + error_log /var/log/nginx/main.error.log; + + # Use LetsEncrypt SSL + ssl_certificate /etc/letsencrypt/live/auro.re/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/auro.re/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/auro.re/chain.pem; + + location / { + proxy_redirect off; + proxy_pass http://www.adm.auro.re; + proxy_set_header Host auro.re; + proxy_set_header P-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + + # "A man is not dead while his name is still spoken." -- Going Postal + add_header X-Clacks-Overhead "GNU Terry Pratchett"; + } + + # For Matrix identity server + location /_matrix/identity { + proxy_pass http://synapse.adm.auro.re:8090/_matrix/identity; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $remote_addr; + } + + # For Matrix Synapse + location /_matrix { + proxy_pass http://synapse.adm.auro.re:8008; + proxy_set_header X-Forwarded-For $remote_addr; + } +} + +server { + listen 8448 ssl default_server; + listen [::]:8448 ssl default_server; + server_name auro.re; + + # Separate log files + access_log /var/log/nginx/main.access.log; + error_log /var/log/nginx/main.error.log; + + # Use LetsEncrypt SSL + ssl_certificate /etc/letsencrypt/live/auro.re/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/auro.re/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/auro.re/chain.pem; + + # For Matrix Synapse federation + location / { + proxy_pass http://synapse.adm.auro.re:8008; + proxy_set_header X-Forwarded-For $remote_addr; + } +}