testing

2022-05-16 23:11:16 -04:00
parent ddb3764046
commit 71bbc36c4b
8 changed files with 77 additions and 3 deletions
--- a/roles/bitwarden/tasks/main.yml
+++ b/roles/bitwarden/tasks/main.yml
@@ -11,7 +11,7 @@
 - name: Download Bitwarden script
  get_url:
    url: "https://raw.githubusercontent.com/\
-          bitwarden/server/master/scripts/bitwarden.sh"
+          bitwarden/self-host/master/bitwarden.sh"
    dest: "{{ bitwarden_root }}"
    mode: u+x

--- a/roles/nginx/tasks/proxy.yml
+++ b/roles/nginx/tasks/proxy.yml
@@ -0,0 +1,17 @@
+- name: Install nginx
+  apt:
+    name: nginx
+    state: present
+
+- name: Install nginx configuration
+  template:
+    src: nginx.conf.j2
+    dest: /etc/nginx/nginx.conf
+    mode: '0644'
+  register: nginx_conf
+
+- name: Reload nginx
+  service:
+    name: nginx
+    state: reloaded
+    enabled: true
--- a/roles/nginx/tasks/webserver.yml
+++ b/roles/nginx/tasks/webserver.yml
@@ -22,7 +22,9 @@
    image: nginx:{{ nginx_version }}
    state: started
    restart_policy: always
+    container_default_behavior: no_defaults
    networks_cli_compatible: true
+    network_mode: traefik
    networks:
      - name: traefik
    volumes:
--- a/roles/nginx/templates/nginx.conf.j2
+++ b/roles/nginx/templates/nginx.conf.j2
@@ -0,0 +1,45 @@
+user www-data;
+worker_processes auto;
+pid /run/nginx.pid;
+include /etc/nginx/modules-enabled/*.conf;
+
+events {
+  worker_connections 1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+    log_format    main  '$remote_addr - $remote_user [$time_local] "$request" '
+                        '$status $body_bytes_sent "$http_referer" '
+                        '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+    sendfile        on;
+    #tcp_nopush     on;
+    keepalive_timeout  65;
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+}
+
+## tcp LB  and SSL passthrough for backend ##
+stream {
+    upstream traefik {
+        server 127.0.0.1:4430 max_fails=3 fail_timeout=10s;
+    }
+
+log_format basic '$remote_addr [$time_local] '
+                 '$protocol $status $bytes_sent $bytes_received '
+                 '$session_time "$upstream_addr" '
+                 '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
+
+    access_log /var/log/nginx/traefik_access.log basic;
+    error_log  /var/log/nginx/traefik_error.log;
+
+    server {
+        listen 443;
+        proxy_pass traefik;
+        proxy_next_upstream on;
+    }
+}
--- a/roles/traefik/handlers/main.yml
+++ b/roles/traefik/handlers/main.yml
@@ -9,5 +9,6 @@
    name: "{{ traefik_name }}"
    image: traefik:{{ traefik_version }}
    state: started
-    restart: yes
+    container_default_behavior: no_defaults
+    restart: true
  listen: restart_traefik
--- a/roles/traefik/tasks/main.yml
+++ b/roles/traefik/tasks/main.yml
@@ -36,7 +36,9 @@
    state: started
    restart_policy: always
    ports: "{{ traefik_ports }}"
-    networks_cli_compatible: "false"
+    container_default_behavior: no_defaults
+    networks_cli_compatible: true
+    network_mode: traefik
    networks:
      - name: traefik
    labels: