Merge branch 'reverse_proxy_matrix' into 'master'
Reverse proxy matrix See merge request aurore/ansible!12
This commit is contained in:
commit
ebadfb772e
3 changed files with 92 additions and 10 deletions
|
@ -5,28 +5,25 @@
|
||||||
reversed_proxy_subdomains:
|
reversed_proxy_subdomains:
|
||||||
- name: re2o
|
- name: re2o
|
||||||
from: re2o.auro.re
|
from: re2o.auro.re
|
||||||
to: 10.128.0.10
|
to: re2o-server.adm.auro.re
|
||||||
- name: intranet
|
- name: intranet
|
||||||
from: intranet.auro.re
|
from: intranet.auro.re
|
||||||
to: 10.128.0.10
|
to: re2o-server.adm.auro.re
|
||||||
- name: pad
|
- name: pad
|
||||||
from: pad.auro.re
|
from: pad.auro.re
|
||||||
to: 10.128.0.54:9001
|
to: pad.adm.auro.re:9001
|
||||||
- name: phabricator
|
- name: phabricator
|
||||||
from: phabricator.auro.re
|
from: phabricator.auro.re
|
||||||
to: 10.128.0.50
|
to: phabricator.adm.auro.re
|
||||||
- name: wiki
|
- name: wiki
|
||||||
from: wiki.auro.re
|
from: wiki.auro.re
|
||||||
to: 10.128.0.51
|
to: wiki.adm.auro.re
|
||||||
- name: www
|
- name: www
|
||||||
from: www.auro.re
|
from: www.auro.re
|
||||||
to: 10.128.0.52
|
to: www.adm.auro.re
|
||||||
- name: main
|
|
||||||
from: auro.re
|
|
||||||
to: 10.128.0.52
|
|
||||||
- name: re2o-test
|
- name: re2o-test
|
||||||
from: re2o-test.auro.re
|
from: re2o-test.auro.re
|
||||||
to: 10.128.0.100
|
to: re2o-test.adm.auro.re
|
||||||
- name: riot
|
- name: riot
|
||||||
from: riot.auro.re
|
from: riot.auro.re
|
||||||
to: riot.adm.auro.re
|
to: riot.adm.auro.re
|
||||||
|
|
|
@ -29,3 +29,19 @@
|
||||||
state: link
|
state: link
|
||||||
loop: "{{ reversed_proxy_subdomains }}"
|
loop: "{{ reversed_proxy_subdomains }}"
|
||||||
notify: Reload NGINX service
|
notify: Reload NGINX service
|
||||||
|
|
||||||
|
# Install main site
|
||||||
|
- name: Configure NGINX main site
|
||||||
|
template:
|
||||||
|
src: nginx-sites-available-main.j2
|
||||||
|
dest: /etc/nginx/sites-available/main
|
||||||
|
mode: 0644
|
||||||
|
notify: Reload NGINX service
|
||||||
|
|
||||||
|
# Activate main site
|
||||||
|
- name: Activate main site
|
||||||
|
file:
|
||||||
|
src: /etc/nginx/sites-available/main
|
||||||
|
dest: /etc/nginx/sites-enabled/main
|
||||||
|
state: link
|
||||||
|
notify: Reload NGINX service
|
||||||
|
|
|
@ -0,0 +1,69 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
server {
|
||||||
|
server_name auro.re;
|
||||||
|
include "snippets/proxy-common.conf";
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 302 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
include "snippets/proxy-common-ssl.conf";
|
||||||
|
server_name auro.re;
|
||||||
|
|
||||||
|
# Separate log files
|
||||||
|
access_log /var/log/nginx/main.access.log;
|
||||||
|
error_log /var/log/nginx/main.error.log;
|
||||||
|
|
||||||
|
# Use LetsEncrypt SSL
|
||||||
|
ssl_certificate /etc/letsencrypt/live/auro.re/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/auro.re/privkey.pem;
|
||||||
|
ssl_trusted_certificate /etc/letsencrypt/live/auro.re/chain.pem;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_pass http://www.adm.auro.re;
|
||||||
|
proxy_set_header Host auro.re;
|
||||||
|
proxy_set_header P-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
|
||||||
|
# "A man is not dead while his name is still spoken." -- Going Postal
|
||||||
|
add_header X-Clacks-Overhead "GNU Terry Pratchett";
|
||||||
|
}
|
||||||
|
|
||||||
|
# For Matrix identity server
|
||||||
|
location /_matrix/identity {
|
||||||
|
proxy_pass http://synapse.adm.auro.re:8090/_matrix/identity;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
}
|
||||||
|
|
||||||
|
# For Matrix Synapse
|
||||||
|
location /_matrix {
|
||||||
|
proxy_pass http://synapse.adm.auro.re:8008;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 8448 ssl default_server;
|
||||||
|
listen [::]:8448 ssl default_server;
|
||||||
|
server_name auro.re;
|
||||||
|
|
||||||
|
# Separate log files
|
||||||
|
access_log /var/log/nginx/main.access.log;
|
||||||
|
error_log /var/log/nginx/main.error.log;
|
||||||
|
|
||||||
|
# Use LetsEncrypt SSL
|
||||||
|
ssl_certificate /etc/letsencrypt/live/auro.re/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/auro.re/privkey.pem;
|
||||||
|
ssl_trusted_certificate /etc/letsencrypt/live/auro.re/chain.pem;
|
||||||
|
|
||||||
|
# For Matrix Synapse federation
|
||||||
|
location / {
|
||||||
|
proxy_pass http://synapse.adm.auro.re:8008;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in a new issue