Merge branch 'reverse_proxy_matrix' into 'master'

Reverse proxy matrix

See merge request aurore/ansible!12
This commit is contained in:
Alexandre IOOSS 2019-03-04 09:36:08 +01:00
commit ebadfb772e
3 changed files with 92 additions and 10 deletions

View file

@ -5,28 +5,25 @@
reversed_proxy_subdomains: reversed_proxy_subdomains:
- name: re2o - name: re2o
from: re2o.auro.re from: re2o.auro.re
to: 10.128.0.10 to: re2o-server.adm.auro.re
- name: intranet - name: intranet
from: intranet.auro.re from: intranet.auro.re
to: 10.128.0.10 to: re2o-server.adm.auro.re
- name: pad - name: pad
from: pad.auro.re from: pad.auro.re
to: 10.128.0.54:9001 to: pad.adm.auro.re:9001
- name: phabricator - name: phabricator
from: phabricator.auro.re from: phabricator.auro.re
to: 10.128.0.50 to: phabricator.adm.auro.re
- name: wiki - name: wiki
from: wiki.auro.re from: wiki.auro.re
to: 10.128.0.51 to: wiki.adm.auro.re
- name: www - name: www
from: www.auro.re from: www.auro.re
to: 10.128.0.52 to: www.adm.auro.re
- name: main
from: auro.re
to: 10.128.0.52
- name: re2o-test - name: re2o-test
from: re2o-test.auro.re from: re2o-test.auro.re
to: 10.128.0.100 to: re2o-test.adm.auro.re
- name: riot - name: riot
from: riot.auro.re from: riot.auro.re
to: riot.adm.auro.re to: riot.adm.auro.re

View file

@ -29,3 +29,19 @@
state: link state: link
loop: "{{ reversed_proxy_subdomains }}" loop: "{{ reversed_proxy_subdomains }}"
notify: Reload NGINX service notify: Reload NGINX service
# Install main site
- name: Configure NGINX main site
template:
src: nginx-sites-available-main.j2
dest: /etc/nginx/sites-available/main
mode: 0644
notify: Reload NGINX service
# Activate main site
- name: Activate main site
file:
src: /etc/nginx/sites-available/main
dest: /etc/nginx/sites-enabled/main
state: link
notify: Reload NGINX service

View file

@ -0,0 +1,69 @@
# {{ ansible_managed }}
server {
server_name auro.re;
include "snippets/proxy-common.conf";
location / {
return 302 https://$host$request_uri;
}
}
server {
include "snippets/proxy-common-ssl.conf";
server_name auro.re;
# Separate log files
access_log /var/log/nginx/main.access.log;
error_log /var/log/nginx/main.error.log;
# Use LetsEncrypt SSL
ssl_certificate /etc/letsencrypt/live/auro.re/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/auro.re/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/auro.re/chain.pem;
location / {
proxy_redirect off;
proxy_pass http://www.adm.auro.re;
proxy_set_header Host auro.re;
proxy_set_header P-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
# "A man is not dead while his name is still spoken." -- Going Postal
add_header X-Clacks-Overhead "GNU Terry Pratchett";
}
# For Matrix identity server
location /_matrix/identity {
proxy_pass http://synapse.adm.auro.re:8090/_matrix/identity;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
# For Matrix Synapse
location /_matrix {
proxy_pass http://synapse.adm.auro.re:8008;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
server {
listen 8448 ssl default_server;
listen [::]:8448 ssl default_server;
server_name auro.re;
# Separate log files
access_log /var/log/nginx/main.access.log;
error_log /var/log/nginx/main.error.log;
# Use LetsEncrypt SSL
ssl_certificate /etc/letsencrypt/live/auro.re/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/auro.re/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/auro.re/chain.pem;
# For Matrix Synapse federation
location / {
proxy_pass http://synapse.adm.auro.re:8008;
proxy_set_header X-Forwarded-For $remote_addr;
}
}