Include initial http conf

2024-02-12 17:38:17 +01:00 · 2024-02-12 17:38:17 +01:00 · 53ace38e79
parent b5f1f01f56
commit 53ace38e79
4 changed files with 64 additions and 4 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,2 @@
+---
+version: latest
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -0,0 +1,5 @@
+---
+- name: reload nginx
+  docker_container_exec:
+    container: hubdmz
+    command: nginx -s reload
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -3,13 +3,41 @@
  ansible.builtin.file:
    path: "/var/lib/hubdmz/conf.d/"
    state: directory
- name: ensure http.d directory exists
-  ansible.builtin.file:
-    path: "/var/lib/hubdmz/http.d/"
-    state: directory

 - name: configure nginx with stream module
  template:
    src: nginx.conf.j2
    dest: "/var/lib/hubdmz/conf.d/stream.conf"
    mode: 0644
+  notify: reload nginx
+
+- name: ensure http.d directory exists
+  ansible.builtin.file:
+    path: "/var/lib/hubdmz/http.d/"
+    state: directory
+
+- name: configure nginx with a default host
+  template:
+    src: http.conf.j2
+    dest: "/var/lib/hubdmz/http.d/00-default.conf"
+    mode: 0644
+  notify: reload nginx
+
+- name: launch hubdmz container
+  docker_container:
+    name: "hubdmz"
+    image: "registry.nemunai.re/hubdmz:{{ version }}"
+    pull: true
+    volumes:
+      - "/var/lib/hubdmz/conf.d/:/etc/nginx/conf.d/"
+      - "/var/lib/hubdmz/http.d/:/etc/nginx/http.d/"
+    state: "started"
+    memory: 512M
+    published_ports:
+      - "80:80"
+      - "443:443"
+    log_driver: syslog
+    log_options:
+      syslog-address: unixgram:///dev/log
+      syslog-facility: daemon
+      tag: "hubdmz"
--- a/templates/http.conf.j2
+++ b/templates/http.conf.j2
@ -0,0 +1,25 @@
+proxy_cache_path  /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=24h  max_size=1g;
+
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    server_name ouaset.masr.nemunai.re _;
+
+    location / {
+        rewrite ^ https://$server_name$request_uri permanent;
+    }
+
+    location /server_status {
+        stub_status on;
+        allow   127.0.0.1;
+        allow   ::1;
+        allow   192.168.0.0/16;
+        allow   82.64.151.41;
+        allow   82.64.31.248;
+        allow   2a01:e0a:2b:2250::/64;
+        allow   2a01:e0a:518:830::/64;
+        allow   fe80::/64;
+        deny    all;
+    }
+}