Add nginx proxy server
This commit is contained in:
parent
c3356c957a
commit
6ebb99e148
8 changed files with 160 additions and 2 deletions
4
hosts
4
hosts
|
@ -7,7 +7,7 @@ dns:
|
||||||
dns_2:
|
dns_2:
|
||||||
ansible_host: 192.168.1.4
|
ansible_host: 192.168.1.4
|
||||||
sync_target: 192.168.1.3
|
sync_target: 192.168.1.3
|
||||||
nginx:
|
proxy:
|
||||||
hosts:
|
hosts:
|
||||||
nginx_1:
|
proxy_1:
|
||||||
ansible_host: 192.168.1.12
|
ansible_host: 192.168.1.12
|
||||||
|
|
19
roles/docker/tasks/main.yml
Normal file
19
roles/docker/tasks/main.yml
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
- name: Add apt key for docker
|
||||||
|
apt_key:
|
||||||
|
url: https://download.docker.com/linux/ubuntu/gpg
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Add docker repository into sources list
|
||||||
|
apt_repository:
|
||||||
|
repo: deb https://download.docker.com/linux/ubuntu jammy stable
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Install docker packages
|
||||||
|
apt:
|
||||||
|
name:
|
||||||
|
- docker-ce
|
||||||
|
- docker-ce-cli
|
||||||
|
- containerd.io
|
||||||
|
- docker-compose-plugin
|
||||||
|
state: present
|
|
@ -41,6 +41,14 @@
|
||||||
jump: ACCEPT
|
jump: ACCEPT
|
||||||
notify: Persist iptables
|
notify: Persist iptables
|
||||||
|
|
||||||
|
- name: Allow admin web (nginx proxy)
|
||||||
|
iptables:
|
||||||
|
chain: INPUT
|
||||||
|
protocol: tcp
|
||||||
|
destination_port: 81
|
||||||
|
jump: ACCEPT
|
||||||
|
notify: Persist iptables
|
||||||
|
|
||||||
- name: Allow dns
|
- name: Allow dns
|
||||||
iptables:
|
iptables:
|
||||||
chain: INPUT
|
chain: INPUT
|
||||||
|
|
42
roles/nginx-proxy-manager/files/default.conf
Normal file
42
roles/nginx-proxy-manager/files/default.conf
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
# "You are not configured" page, which is the default if another default doesn't exist
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
|
||||||
|
set $forward_scheme "http";
|
||||||
|
set $server "127.0.0.1";
|
||||||
|
set $port "80";
|
||||||
|
|
||||||
|
server_name localhost-nginx-proxy-manager;
|
||||||
|
access_log /data/logs/fallback_access.log standard;
|
||||||
|
error_log /data/logs/fallback_error.log warn;
|
||||||
|
include conf.d/include/assets.conf;
|
||||||
|
include conf.d/include/block-exploits.conf;
|
||||||
|
include conf.d/include/letsencrypt-acme-challenge.conf;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 444;
|
||||||
|
index index.html;
|
||||||
|
root /var/www/html;
|
||||||
|
}
|
||||||
|
return 444;
|
||||||
|
}
|
||||||
|
|
||||||
|
# First 443 Host, which is the default if another default doesn't exist
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
|
||||||
|
set $forward_scheme "https";
|
||||||
|
set $server "127.0.0.1";
|
||||||
|
set $port "443";
|
||||||
|
|
||||||
|
server_name localhost;
|
||||||
|
access_log /data/logs/fallback_access.log standard;
|
||||||
|
error_log /dev/null crit;
|
||||||
|
ssl_certificate /data/nginx/dummycert.pem;
|
||||||
|
ssl_certificate_key /data/nginx/dummykey.pem;
|
||||||
|
include conf.d/include/ssl-ciphers.conf;
|
||||||
|
|
||||||
|
return 444;
|
||||||
|
}
|
13
roles/nginx-proxy-manager/files/docker-compose.yml
Normal file
13
roles/nginx-proxy-manager/files/docker-compose.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
version: "3"
|
||||||
|
services:
|
||||||
|
app:
|
||||||
|
image: 'jc21/nginx-proxy-manager:latest'
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- 80:80 # Public HTTP Port
|
||||||
|
- 443:443 # Public HTTPS Port
|
||||||
|
- 81:81 # Admin Web Port
|
||||||
|
volumes:
|
||||||
|
- ./data:/data
|
||||||
|
- ./letsencrypt:/etc/letsencrypt
|
||||||
|
- ./default.conf:/etc/nginx/conf.d/default.conf
|
33
roles/nginx-proxy-manager/files/production.conf
Normal file
33
roles/nginx-proxy-manager/files/production.conf
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
# Admin Interface
|
||||||
|
server {
|
||||||
|
listen 81;
|
||||||
|
listen [::]:81;
|
||||||
|
|
||||||
|
server_name nginxproxymanager;
|
||||||
|
root /app/frontend;
|
||||||
|
access_log /dev/null;
|
||||||
|
|
||||||
|
location /api {
|
||||||
|
return 302 /api/;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /api/ {
|
||||||
|
add_header X-Served-By $host;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Scheme $scheme;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_pass http://127.0.0.1:3000/;
|
||||||
|
|
||||||
|
proxy_read_timeout 15m;
|
||||||
|
proxy_send_timeout 15m;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
index index.html;
|
||||||
|
if ($request_uri ~ ^/(.*)\.html$) {
|
||||||
|
return 302 /$1;
|
||||||
|
}
|
||||||
|
try_files $uri $uri.html $uri/ /index.html;
|
||||||
|
}
|
||||||
|
}
|
37
roles/nginx-proxy-manager/tasks/main.yml
Normal file
37
roles/nginx-proxy-manager/tasks/main.yml
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
---
|
||||||
|
- name: Create npm user
|
||||||
|
user:
|
||||||
|
name: npm
|
||||||
|
groups: docker
|
||||||
|
shell: /bin/bash
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Create npm directory
|
||||||
|
become: yes
|
||||||
|
become_user: npm
|
||||||
|
file:
|
||||||
|
path: /home/npm/npm
|
||||||
|
state: directory
|
||||||
|
|
||||||
|
- name: Put npm docker-compose in place
|
||||||
|
copy:
|
||||||
|
src: files/docker-compose.yml
|
||||||
|
dest: /home/npm/npm/docker-compose.yml
|
||||||
|
mode: 0600
|
||||||
|
owner: npm
|
||||||
|
group: npm
|
||||||
|
|
||||||
|
- name: Put default npm config in place
|
||||||
|
copy:
|
||||||
|
src: files/default.conf
|
||||||
|
dest: /home/npm/npm/default.conf
|
||||||
|
mode: 0644
|
||||||
|
owner: npm
|
||||||
|
group: npm
|
||||||
|
|
||||||
|
- name: Start npm
|
||||||
|
become: yes
|
||||||
|
become_user: npm
|
||||||
|
command:
|
||||||
|
chdir: /home/npm/npm
|
||||||
|
cmd: docker compose up -d
|
6
site.yml
6
site.yml
|
@ -18,3 +18,9 @@
|
||||||
roles:
|
roles:
|
||||||
- role: pihole
|
- role: pihole
|
||||||
tags: pihole
|
tags: pihole
|
||||||
|
- hosts: proxy
|
||||||
|
become: yes
|
||||||
|
roles:
|
||||||
|
- role: docker
|
||||||
|
- role: nginx-proxy-manager
|
||||||
|
tags: npm
|
||||||
|
|
Loading…
Reference in a new issue