From d2bddf17abafb85fcd6bccc078ccca46d7a72478 Mon Sep 17 00:00:00 2001 From: Paweł Dybiec Date: Wed, 17 Apr 2019 19:32:05 +0200 Subject: Move generate nginx file per domain --- compose/nginx/conf.d/dybiec.info.conf | 168 ---------------------------------- compose/nginx/nginx.conf | 2 + docker.yml | 13 +++ domains.yml | 34 +++++++ templates/nginx.conf.j2 | 32 +++++++ 5 files changed, 81 insertions(+), 168 deletions(-) delete mode 100644 compose/nginx/conf.d/dybiec.info.conf create mode 100644 domains.yml create mode 100644 templates/nginx.conf.j2 diff --git a/compose/nginx/conf.d/dybiec.info.conf b/compose/nginx/conf.d/dybiec.info.conf deleted file mode 100644 index 90cd471..0000000 --- a/compose/nginx/conf.d/dybiec.info.conf +++ /dev/null @@ -1,168 +0,0 @@ -server { - listen 80; - listen 443 ssl; - server_name .dybiec.info; - - ssl_certificate /etc/letsencrypt/live/dybiec.info/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem; - - location / { - root /usr/share/nginx/html; - index index.html; - } - -} -server { - listen 80; - listen 443 ssl; - server_name cnt.dybiec.info; - - ssl_certificate /etc/letsencrypt/live/dybiec.info/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem; - - location / { - proxy_pass http://localhost:5004; - } -} -server { - listen 80; - listen 443 ssl; - server_name registry.dybiec.info; - - ssl_certificate /etc/letsencrypt/live/dybiec.info/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem; - - location / { - proxy_pass http://localhost:5000; - proxy_set_header Host $http_host; # required for docker client's sake - proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - client_max_body_size 0; - } -} -server { - listen 80; - server_name git.dybiec.info; - return 301 https://$server_name$request_uri; -} -server { - listen 443 ssl; - server_name git.dybiec.info; - - ssl_certificate /etc/letsencrypt/live/dybiec.info/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem; - - location / { - proxy_pass http://localhost:5001; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_redirect off; - proxy_http_version 1.1; - } - gzip_proxied any; - gzip_types - text/css - text/javascript - text/xml - text/plain - application/javascript - application/x-javascript - application/json; - -} -server { - listen 80; - server_name grafana.dybiec.info; - return 301 https://$server_name$request_uri; -} -server { - listen 443 ssl; - server_name grafana.dybiec.info; - - ssl_certificate /etc/letsencrypt/live/dybiec.info/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem; - - location / { - proxy_pass http://localhost:5002; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_redirect off; - proxy_http_version 1.1; - } - gzip_proxied any; - gzip_types - text/css - text/javascript - text/xml - text/plain - application/javascript - application/x-javascript - application/json; - -} -server { - listen 80; - server_name prometheus.dybiec.info; - return 301 https://$server_name$request_uri; -} -server { - listen 443 ssl; - server_name prometheus.dybiec.info; - - ssl_certificate /etc/letsencrypt/live/dybiec.info/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem; - - location / { - proxy_pass http://localhost:5003; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_redirect off; - proxy_http_version 1.1; - } - gzip_proxied any; - gzip_types - text/css - text/javascript - text/xml - text/plain - application/javascript - application/x-javascript - application/json; - -} -server { - listen 80; - server_name octoprint.dybiec.info; - return 301 https://$server_name$request_uri; -} -server { - listen 443 ssl; - server_name octoprint.dybiec.info; - - ssl_certificate /etc/letsencrypt/live/dybiec.info/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem; - - location / { - proxy_pass http://192.168.255.6/; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "Upgrade"; - - client_max_body_size 0; - } - gzip_proxied any; - gzip_types - text/css - text/javascript - text/xml - text/plain - application/javascript - application/x-javascript - application/json; - -} diff --git a/compose/nginx/nginx.conf b/compose/nginx/nginx.conf index aa6cbd7..fc640c2 100644 --- a/compose/nginx/nginx.conf +++ b/compose/nginx/nginx.conf @@ -19,6 +19,8 @@ http { '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; + ssl_certificate /etc/letsencrypt/live/dybiec.info/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/dybiec.info/privkey.pem; sendfile on; tcp_nopush on; diff --git a/docker.yml b/docker.yml index cd86979..806309a 100644 --- a/docker.yml +++ b/docker.yml @@ -4,11 +4,24 @@ remote_user: ansible_worker vars: docker_compose_dir: "~/compose" + vars_files: + - domains.yml tasks: + - name: Remove old config + file: + path: "{{docker_compose_dir}}" + state: absent - name: Synchronize docker-compose files synchronize: src: compose/ dest: "{{docker_compose_dir}}" + - name: Generate nginx conf + template: + src: templates/nginx.conf.j2 + dest: "{{docker_compose_dir}}/nginx/conf.d/{{item.value.name}}.conf" + vars: + server: "{{item.value}}" + with_items: "{{domains | dict2items}}" - name: Counter app docker_service: project_name: app diff --git a/domains.yml b/domains.yml new file mode 100644 index 0000000..79e8ef4 --- /dev/null +++ b/domains.yml @@ -0,0 +1,34 @@ +--- +domains: + main: + name: ".dybiec.info" + dir: "/usr/share/nginx/html" + registry: + name: "registry.dybiec.info" + proxy: + port: 5000 + git: + name: "git.dybiec.info" + http_redirect: true + proxy: + port: 5001 + grafana: + name: "grafana.dybiec.info" + http_redirect: true + proxy: + port: 5002 + prometheus: + name: "prometheus.dybiec.info" + http_redirect: true + proxy: + port: 5003 + cnt: + name: "cnt.dybiec.info" + proxy: + port: 5004 + octoprint: + name: "octoprint.dybiec.info" + http_redirect: true + proxy: + host: "192.168.255.6" + diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2 new file mode 100644 index 0000000..69b8d36 --- /dev/null +++ b/templates/nginx.conf.j2 @@ -0,0 +1,32 @@ +{% if server.http_redirect is defined and server.http_redirect %} +server { + listen 80; + server_name {{ server.name }}; + return 301 https://$server_name$request_uri; +} +{% endif %} + +server { + {% if server.http_redirect is not defined or not server.http_redirect %} + listen 80; + {% endif %} + listen 443 ssl; + server_name {{ server.name }}; + + location / { + {% if server.dir is defined %} + root {{ server.dir }}; + index index.html; + {% endif %} + {% if server.proxy is defined %} + proxy_pass http://{{server.proxy.host|default("localhost")}}:{{server.proxy.port|default("80")}}; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_redirect off; + proxy_http_version 1.1; + {% endif %} + } + +} -- cgit 1.4.1