5 files changed, 81 insertions, 168 deletions

diff --git a/compose/nginx/conf.d/dybiec.info.conf b/compose/nginx/conf.d/dybiec.info.conf
deleted file mode 100644
index 90cd471..0000000
--- a/compose/nginx/conf.d/dybiec.info.conf
+++ /dev/null
@@ -1,168 +0,0 @@
-server {
-  listen 80;
-  listen 443 ssl;
-  server_name .dybiec.info;
-
-  ssl_certificate     /etc/letsencrypt/live/dybiec.info/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem;
-  
-  location / {
-    root /usr/share/nginx/html;
-    index index.html;
-  }
-
-}
-server {
-  listen 80;
-  listen 443 ssl;
-  server_name cnt.dybiec.info;
-
-  ssl_certificate     /etc/letsencrypt/live/dybiec.info/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem;
-  
-  location / {
-    proxy_pass http://localhost:5004;
-  }
-}
-server {
-  listen 80;
-  listen 443 ssl;
-  server_name registry.dybiec.info;
-
-  ssl_certificate     /etc/letsencrypt/live/dybiec.info/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem;
-  
-  location / {
-    proxy_pass http://localhost:5000;
-    proxy_set_header  Host              $http_host;   # required for docker client's sake
-    proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
-    proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
-    proxy_set_header  X-Forwarded-Proto $scheme;
-    client_max_body_size 0;
-  }
-}
-server {
-       listen         80;
-       server_name    git.dybiec.info;
-       return         301 https://$server_name$request_uri;
-}
-server {
-  listen 443 ssl;
-  server_name git.dybiec.info;
-
-  ssl_certificate     /etc/letsencrypt/live/dybiec.info/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem;
-  
-  location / {
-    proxy_pass http://localhost:5001;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $http_host;
-    proxy_redirect off;
-    proxy_http_version 1.1;
-  }
-  gzip_proxied any;
-  gzip_types
-    text/css
-    text/javascript
-    text/xml
-    text/plain
-    application/javascript
-    application/x-javascript
-    application/json;
-
-}
-server {
-       listen         80;
-       server_name    grafana.dybiec.info;
-       return         301 https://$server_name$request_uri;
-}
-server {
-  listen 443 ssl;
-  server_name grafana.dybiec.info;
-
-  ssl_certificate     /etc/letsencrypt/live/dybiec.info/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem;
-  
-  location / {
-    proxy_pass http://localhost:5002;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $http_host;
-    proxy_redirect off;
-    proxy_http_version 1.1;
-  }
-  gzip_proxied any;
-  gzip_types
-    text/css
-    text/javascript
-    text/xml
-    text/plain
-    application/javascript
-    application/x-javascript
-    application/json;
-
-}
-server {
-       listen         80;
-       server_name    prometheus.dybiec.info;
-       return         301 https://$server_name$request_uri;
-}
-server {
-  listen 443 ssl;
-  server_name prometheus.dybiec.info;
-
-  ssl_certificate     /etc/letsencrypt/live/dybiec.info/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem;
-  
-  location / {
-    proxy_pass http://localhost:5003;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $http_host;
-    proxy_redirect off;
-    proxy_http_version 1.1;
-  }
-  gzip_proxied any;
-  gzip_types
-    text/css
-    text/javascript
-    text/xml
-    text/plain
-    application/javascript
-    application/x-javascript
-    application/json;
-
-}
-server {
-       listen         80;
-       server_name    octoprint.dybiec.info;
-       return         301 https://$server_name$request_uri;
-}
-server {
-  listen 443 ssl;
-  server_name octoprint.dybiec.info;
-
-  ssl_certificate     /etc/letsencrypt/live/dybiec.info/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem;
-  
-  location / {
-    proxy_pass http://192.168.255.6/;
-    proxy_redirect off;
-    proxy_http_version 1.1;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header Host $http_host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection "Upgrade";
-
-    client_max_body_size 0;    
-  }
-  gzip_proxied any;
-  gzip_types
-    text/css
-    text/javascript
-    text/xml
-    text/plain
-    application/javascript
-    application/x-javascript
-    application/json;
-
-}
diff --git a/compose/nginx/nginx.conf b/compose/nginx/nginx.conf
index aa6cbd7..fc640c2 100644
--- a/compose/nginx/nginx.conf
+++ b/compose/nginx/nginx.conf
@@ -19,6 +19,8 @@ http {
                       '"$http_user_agent" "$http_x_forwarded_for"';
 
     access_log  /var/log/nginx/access.log  main;
+    ssl_certificate	/etc/letsencrypt/live/dybiec.info/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem;
 
     sendfile        on;
     tcp_nopush     on;
diff --git a/docker.yml b/docker.yml
index cd86979..806309a 100644
--- a/docker.yml
+++ b/docker.yml
@@ -4,11 +4,24 @@
   remote_user: ansible_worker
   vars:
     docker_compose_dir: "~/compose"
+  vars_files:
+  - domains.yml
   tasks:
+  - name: Remove old config
+    file:
+      path: "{{docker_compose_dir}}"
+      state: absent
   - name: Synchronize docker-compose files
     synchronize:
       src: compose/
       dest: "{{docker_compose_dir}}"
+  - name: Generate nginx conf
+    template:
+      src: templates/nginx.conf.j2
+      dest: "{{docker_compose_dir}}/nginx/conf.d/{{item.value.name}}.conf"
+    vars:
+      server: "{{item.value}}"
+    with_items: "{{domains | dict2items}}"
   - name: Counter app
     docker_service:
       project_name: app
diff --git a/domains.yml b/domains.yml
new file mode 100644
index 0000000..79e8ef4
--- /dev/null
+++ b/domains.yml
@@ -0,0 +1,34 @@
+---
+domains:
+  main:
+    name: ".dybiec.info"
+    dir: "/usr/share/nginx/html"
+  registry:
+    name: "registry.dybiec.info"
+    proxy:
+      port: 5000
+  git:
+    name: "git.dybiec.info"
+    http_redirect: true
+    proxy:
+      port: 5001
+  grafana:
+    name: "grafana.dybiec.info"
+    http_redirect: true
+    proxy:
+      port: 5002
+  prometheus:
+    name: "prometheus.dybiec.info"
+    http_redirect: true
+    proxy:
+      port: 5003
+  cnt:
+    name: "cnt.dybiec.info"
+    proxy:
+      port: 5004
+  octoprint:
+    name: "octoprint.dybiec.info"
+    http_redirect: true
+    proxy:
+      host: "192.168.255.6"
+
diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2
new file mode 100644
index 0000000..69b8d36
--- /dev/null
+++ b/templates/nginx.conf.j2
@@ -0,0 +1,32 @@
+{% if server.http_redirect is defined and server.http_redirect %}
+server {
+       listen         80;
+       server_name    {{ server.name }};
+       return         301 https://$server_name$request_uri;
+}
+{% endif %}
+
+server {
+  {% if server.http_redirect is not defined or not server.http_redirect %}
+  listen 80;
+  {% endif %}
+  listen 443 ssl;
+  server_name {{ server.name }};
+
+  location / {
+    {% if server.dir is defined %}
+    root {{ server.dir }};
+    index index.html;
+    {% endif %}
+    {% if server.proxy is defined %}
+    proxy_pass http://{{server.proxy.host|default("localhost")}}:{{server.proxy.port|default("80")}};
+    proxy_set_header  X-Real-IP         $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $http_host;
+    proxy_set_header  X-Forwarded-Proto $scheme;
+    proxy_redirect off;
+    proxy_http_version 1.1;
+    {% endif %}
+  }
+
+}