Add reverse proxy settings for Gitea and Bitwarden

2022-05-28 00:18:15 -04:00 · 2022-05-28 00:18:15 -04:00 · eccd6b7874
commit eccd6b7874
parent 3a92921932
7 changed files with 22 additions and 0 deletions
--- a/roles/bitwarden/defaults/main.yml
+++ b/roles/bitwarden/defaults/main.yml
@ -1,5 +1,6 @@
 bitwarden_name: bitwarden
 bitwarden_root: "/var/lib/{{ bitwarden_name }}"
 bitwarden_database: "{{ bitwarden_name }}"
+bitwarden_realips: "172.16.0.0/12"
 bitwarden_standalone: false
 bitwarden_production: false
--- a/roles/bitwarden/tasks/main.yml
+++ b/roles/bitwarden/tasks/main.yml
@ -65,6 +65,12 @@
  when: not bitwarden_standalone
  notify: rebuild_bitwarden

+- name: Define reverse proxy servers
+  lineinfile:
+    path: "{{ bitwarden_root }}/bwdata/config.yml"
+    line: "- {{ bitwarden_realips }}"
+    insertafter: "^real_ips"
+
 - name: Install Bitwarden systemd service
  template:
    src: bitwarden.service.j2
--- a/roles/gitea/defaults/main.yml
+++ b/roles/gitea/defaults/main.yml
@ -14,5 +14,9 @@ gitea_dbhost: host.docker.internal
 gitea_dbname: "{{ gitea_name }}"
 gitea_dbuser: "{{ gitea_name }}"

+# proxy settings
+gitea_proxy_limit: "1"
+gitea_trusted_proxies: "172.16.0.0/12"
+
 # host
 gitea_root: "{{ docker_compose_root }}/{{ gitea_name }}"
--- a/roles/gitea/handlers/main.yml
+++ b/roles/gitea/handlers/main.yml
@ -0,0 +1,5 @@
+- name: Restart Gitea
+  service:
+    name: "{{ docker_compose_service }}@{{ gitea_name }}"
+    state: restarted
+  listen: restart_gitea
--- a/roles/gitea/tasks/main.yml
+++ b/roles/gitea/tasks/main.yml
@ -73,11 +73,13 @@
  template:
    src: docker-compose.yml.j2
    dest: "{{ gitea_root }}/docker-compose.yml"
+  notify: restart_gitea

 - name: Install Gitea's docker-compose variables
  template:
    src: compose-env.j2
    dest: "{{ gitea_root }}/.env"
+  notify: restart_gitea

 - name: Start and enable Gitea service
  service:
--- a/roles/gitea/templates/compose-env.j2
+++ b/roles/gitea/templates/compose-env.j2
@ -10,6 +10,8 @@ gitea_dbhost={{ gitea_dbhost }}
 gitea_dbname={{ gitea_dbname }}
 gitea_dbuser={{ gitea_dbuser }}
 gitea_dbpass={{ gitea_dbpass }}
+gitea_proxy_limit={{ gitea_proxy_limit }}
+gitea_trusted_proxies={{ gitea_trusted_proxies }}
 {% if not gitea_signup %}
 gitea_disable_registration=true
 {% else %}
--- a/roles/gitea/templates/docker-compose.yml.j2
+++ b/roles/gitea/templates/docker-compose.yml.j2
@ -20,6 +20,8 @@ services:
      - GITEA__database__NAME=${gitea_dbname}
      - GITEA__database__USER=${gitea_dbuser}
      - GITEA__database__PASSWD=${gitea_dbpass}
+      - GITEA__security__REVERSE_PROXY_LIMIT=${gitea_proxy_limit}
+      - GITEA__security__REVERSE_PROXY_TRUSTED_PROXIES=${gitea_trusted_proxies}
      - GITEA__service__DISABLE_REGISTRATION=${gitea_disable_registration}
    volumes:
      - {{ gitea_volume }}:/data