This commit is contained in:
Kris Lamoureux 2022-05-16 23:11:16 -04:00
parent ddb3764046
commit 71bbc36c4b
8 changed files with 77 additions and 3 deletions

View File

@ -5,6 +5,7 @@
- host_vars/bitwarden.yml - host_vars/bitwarden.yml
roles: roles:
- base - base
- nginx
- docker - docker
- traefik - traefik
- bitwarden - bitwarden

View File

@ -2,6 +2,9 @@
allow_reboot: false allow_reboot: false
manage_network: false manage_network: false
# nginx proxy
proxy: helloworld
# docker # docker
docker_users: docker_users:
- vagrant - vagrant
@ -13,6 +16,9 @@ traefik_domain: traefik.vm.krislamo.org
traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin traefik_auth: admin:$apr1$T1l.BCFz$Jyg8msXYEAUi3LLH39I9d1 # admin:admin
#traefik_acme_email: realemail@example.com # Let's Encrypt settings #traefik_acme_email: realemail@example.com # Let's Encrypt settings
#traefik_production: true #traefik_production: true
traefik_ports:
- "8000:80"
- "4430:443"
# bitwarden # bitwarden
# Get Installation ID & Key at https://bitwarden.com/host/ # Get Installation ID & Key at https://bitwarden.com/host/

View File

@ -11,7 +11,7 @@
- name: Download Bitwarden script - name: Download Bitwarden script
get_url: get_url:
url: "https://raw.githubusercontent.com/\ url: "https://raw.githubusercontent.com/\
bitwarden/server/master/scripts/bitwarden.sh" bitwarden/self-host/master/bitwarden.sh"
dest: "{{ bitwarden_root }}" dest: "{{ bitwarden_root }}"
mode: u+x mode: u+x

View File

@ -0,0 +1,17 @@
- name: Install nginx
apt:
name: nginx
state: present
- name: Install nginx configuration
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
mode: '0644'
register: nginx_conf
- name: Reload nginx
service:
name: nginx
state: reloaded
enabled: true

View File

@ -22,7 +22,9 @@
image: nginx:{{ nginx_version }} image: nginx:{{ nginx_version }}
state: started state: started
restart_policy: always restart_policy: always
container_default_behavior: no_defaults
networks_cli_compatible: true networks_cli_compatible: true
network_mode: traefik
networks: networks:
- name: traefik - name: traefik
volumes: volumes:

View File

@ -0,0 +1,45 @@
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
## tcp LB and SSL passthrough for backend ##
stream {
upstream traefik {
server 127.0.0.1:4430 max_fails=3 fail_timeout=10s;
}
log_format basic '$remote_addr [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time "$upstream_addr" '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
access_log /var/log/nginx/traefik_access.log basic;
error_log /var/log/nginx/traefik_error.log;
server {
listen 443;
proxy_pass traefik;
proxy_next_upstream on;
}
}

View File

@ -9,5 +9,6 @@
name: "{{ traefik_name }}" name: "{{ traefik_name }}"
image: traefik:{{ traefik_version }} image: traefik:{{ traefik_version }}
state: started state: started
restart: yes container_default_behavior: no_defaults
restart: true
listen: restart_traefik listen: restart_traefik

View File

@ -36,7 +36,9 @@
state: started state: started
restart_policy: always restart_policy: always
ports: "{{ traefik_ports }}" ports: "{{ traefik_ports }}"
networks_cli_compatible: "false" container_default_behavior: no_defaults
networks_cli_compatible: true
network_mode: traefik
networks: networks:
- name: traefik - name: traefik
labels: labels: