From 544111a7dde4ca7f48ffeea34dd40d66ddd8640e Mon Sep 17 00:00:00 2001 From: Kris Lamoureux Date: Sat, 21 May 2022 01:27:40 -0400 Subject: [PATCH] testing --- dev/bitwarden.yml | 1 + dev/host_vars/bitwarden.yml | 3 +++ roles/.gitignore | 1 + roles/proxy/handlers/main.yml | 5 ++++ roles/proxy/tasks/main.yml | 27 ++++++++++++++++++++ roles/proxy/templates/nginx.conf.j2 | 39 +++++++++++++++++++++++++++++ 6 files changed, 76 insertions(+) create mode 100644 roles/proxy/handlers/main.yml create mode 100644 roles/proxy/tasks/main.yml create mode 100644 roles/proxy/templates/nginx.conf.j2 diff --git a/dev/bitwarden.yml b/dev/bitwarden.yml index 7925204..c7cafe0 100644 --- a/dev/bitwarden.yml +++ b/dev/bitwarden.yml @@ -5,6 +5,7 @@ - host_vars/bitwarden.yml roles: - base + - proxy - docker - traefik - bitwarden diff --git a/dev/host_vars/bitwarden.yml b/dev/host_vars/bitwarden.yml index c14f96b..761981b 100644 --- a/dev/host_vars/bitwarden.yml +++ b/dev/host_vars/bitwarden.yml @@ -13,6 +13,9 @@ traefik_domain: traefik.vm.krislamo.org traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin #traefik_acme_email: realemail@example.com # Let's Encrypt settings #traefik_production: true +traefik_ports: + - "8000:80" + - "4430:443" # bitwarden # Get Installation ID & Key at https://bitwarden.com/host/ diff --git a/roles/.gitignore b/roles/.gitignore index 792c0f3..a050612 100644 --- a/roles/.gitignore +++ b/roles/.gitignore @@ -11,6 +11,7 @@ !nextcloud*/ !nginx*/ !prometheus*/ +!proxy*/ !rsnapshot*/ !traefik*/ !unifi*/ diff --git a/roles/proxy/handlers/main.yml b/roles/proxy/handlers/main.yml new file mode 100644 index 0000000..00e75ca --- /dev/null +++ b/roles/proxy/handlers/main.yml @@ -0,0 +1,5 @@ +- name: Reload nginx + service: + name: nginx + state: reloaded + listen: reload_nginx diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml new file mode 100644 index 0000000..1c37971 --- /dev/null +++ b/roles/proxy/tasks/main.yml @@ -0,0 +1,27 @@ +- name: Install nginx + apt: + name: nginx + state: present + update_cache: true + +- name: Install nginx configuration + template: + src: nginx.conf.j2 + dest: /etc/nginx/nginx.conf + mode: '0644' + notify: reload_nginx + +- name: Generate self-signed certificate + shell: 'openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes \ + -subj "/C=US/ST=Local/L=Local/O=Org/OU=IT/CN=example.com" \ + -keyout /etc/ssl/private/nginx-selfsigned.key \ + -out /etc/ssl/certs/nginx-selfsigned.crt' + args: + creates: /etc/ssl/certs/nginx-selfsigned.crt + notify: reload_nginx + +- name: Start nginx and enable on boot + service: + name: nginx + state: started + enabled: true diff --git a/roles/proxy/templates/nginx.conf.j2 b/roles/proxy/templates/nginx.conf.j2 new file mode 100644 index 0000000..6bb2788 --- /dev/null +++ b/roles/proxy/templates/nginx.conf.j2 @@ -0,0 +1,39 @@ +user www-data; +worker_processes auto; +error_log /var/log/nginx/error.log; +pid /run/nginx.pid; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + include /etc/nginx/conf.d/*.conf; + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] $status ' + '"$request" $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + server_tokens off; + sendfile on; + tcp_nopush on; + keepalive_timeout 65; + server_names_hash_bucket_size 128; + + server { + listen 443 ssl; + server_name traefik.vm.krislamo.org vault.vm.krislamo.org; + access_log /var/log/nginx/vault.vm.krislamo.org.log main; + ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; + ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_pass http://127.0.0.1:8080; + } + } + +}