add nginx vhost deployment
This commit is contained in:
parent
fee9588be3
commit
5535af3cf5
|
@ -42,7 +42,16 @@ unifi_open_ports:
|
|||
-A INPUT -m state --state NEW -p tcp --dport 6789 -j ACCEPT
|
||||
state: present
|
||||
|
||||
unifi_tls_deploment_enabled: False
|
||||
unifi_tls_deployment_enabled: False
|
||||
unifi_tls_pkcs12_passphrase: temppass
|
||||
unifi_tls_cert_path: /etc/pki/tls/certs/mycert.pem
|
||||
unifi_tls_key_path: /etc/pki/tls/private/mykey.pem
|
||||
|
||||
unifi_nginx_vhost_enabled: False
|
||||
unifi_ip_server: localhost
|
||||
unifi_server_port: 8443
|
||||
unifi_nginx_server: myinventoryname
|
||||
unifi_nginx_server_name: unifi.example.com
|
||||
unifi_nginx_vhost_dir: /etc/nginx/sites-available
|
||||
unifi_nginx_vhost_symlink: /etc/nginx/sites-enabled
|
||||
unifi_nginx_iptables_enabled: False
|
||||
|
|
|
@ -6,3 +6,12 @@
|
|||
name: unifi
|
||||
listen: __unifi_restart
|
||||
become: True
|
||||
|
||||
- name: Reload nginx
|
||||
systemd:
|
||||
state: reloaded
|
||||
name: nginx
|
||||
listen:
|
||||
- __nginx_reload
|
||||
become: True
|
||||
become_user: root
|
||||
|
|
|
@ -3,5 +3,6 @@
|
|||
- include_tasks: storage.yml
|
||||
when: unifi_lvm_enabled
|
||||
- include_tasks: install.yml
|
||||
- include_tasks: certificates.yml
|
||||
when: unifi_tls_deploment_enabled
|
||||
- include_tasks: tls.yml
|
||||
when: unifi_tls_deployment_enabled
|
||||
- include_tasks: nginx.yml
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
---
|
||||
- block:
|
||||
- name: Add default page configuration file
|
||||
template:
|
||||
src: nginx/vhost.j2
|
||||
dest: "{{ unifi_nginx_vhost_dir }}/unifi"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0640
|
||||
notify: __nginx_reload
|
||||
|
||||
- name: Enable default page
|
||||
file:
|
||||
src: "{{ unifi_nginx_vhost_dir }}/unifi"
|
||||
dest: "{{ unifi_nginx_vhost_symlink }}/unifi"
|
||||
owner: root
|
||||
group: root
|
||||
state: link
|
||||
notify: __nginx_reload
|
||||
when: unifi_nginx_vhost_symlink is defined
|
||||
|
||||
- name: Open ports in iptables
|
||||
iptables_raw:
|
||||
name: allow_nginx_ports
|
||||
state: present
|
||||
rules: '-A OUTPUT -p tcp -d {{ unifi_server_ip }} -m --dports {{ unifi_server_port }} -j ACCEPT'
|
||||
when: unifi_nginx_iptables_enabled
|
||||
delegate_to: "{{ unifi_nginx_server }}"
|
||||
become: True
|
||||
become_user: root
|
|
@ -0,0 +1,46 @@
|
|||
#jinja2: lstrip_blocks: True
|
||||
# {{ ansible_managed }}
|
||||
upstream backend {
|
||||
server {{ unifi_server_ip }}:{{ unifi_server_port }};
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name {{ unifi_nginx_server_name }};
|
||||
|
||||
{% if unifi_nginx_tls_enabled %}
|
||||
return 301 https://$server_name$request_uri;
|
||||
{% else %}
|
||||
location / {
|
||||
proxy_pass https://backend;
|
||||
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Host $server_name;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
{% endif %}
|
||||
}
|
||||
|
||||
{% if unifi_nginx_tls_enabled %}
|
||||
server {
|
||||
listen 443 ssl;
|
||||
server_name {{ unifi_nginx_server_name }};
|
||||
|
||||
location / {
|
||||
proxy_pass https://backend;
|
||||
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-Host $server_name;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
|
||||
ssl_certificate {{ unifi_nginx_tls_cert_file }};
|
||||
ssl_certificate_key {{ unifi_nginx_tls_key_file }};
|
||||
}
|
||||
{% endif %}
|
Loading…
Reference in New Issue