From 03290eafe161ec699529a5e4be2e3a9ad627b23a Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Wed, 13 Aug 2025 06:01:50 +0200 Subject: [PATCH] feat(proxy,bigbluebutton): use parameterized HTML location template & add build retry - proxy(html.conf.j2): * Make proxy_pass more robust (strip '=', '^~' prefixes; ignore @/~ match locations) * Switch WS header to $connection_upgrade * Unify timeouts (proxy_connect_timeout 5s) * Lua optional: include only when proxy_lua_enabled=true; unset Accept-Encoding only then * Buffering via flag: proxy_buffering/proxy_request_buffering 'on' with Lua, otherwise 'off' - proxy(media.conf.j2): minor formatting/spacing fix - inj-css(head_sub.j2): consistent spacing for global_css_version - bigbluebutton(tasks/main.yml): * Render HTML location block once before include_role (location='^~ /html5client', OAuth2/Lua disabled) * Pass rendered snippet via proxy_extra_configuration to the vHost * Cleanup afterwards: proxy_extra_configuration = undef() - docker-compose(handlers): * Build with retry: if 'docker compose build' fails -> retry with '--no-cache --pull' * Enable BuildKit (DOCKER_BUILDKIT=1, COMPOSE_DOCKER_CLI_BUILD=1) - vars: trailing newline / minor formatting Motivation: - BBB HTML5 client (^~ /html5client) needs a separate location without Lua/buffering. - More resilient CI/CD builds via automatic no-cache retry. - Cleaner headers/proxy defaults and fewer side effects. Files: - roles/docker-compose/handlers/main.yml - roles/srv-proxy-7-4-core/templates/location/html.conf.j2 - roles/srv-proxy-7-4-core/templates/location/media.conf.j2 - roles/srv-web-7-7-inj-css/templates/head_sub.j2 - roles/web-app-bigbluebutton/tasks/main.yml - roles/web-app-bigbluebutton/vars/main.yml --- roles/docker-compose/handlers/main.yml | 17 +++++++++--- .../templates/location/html.conf.j2 | 27 ++++++++++--------- .../templates/location/media.conf.j2 | 2 +- .../srv-web-7-7-inj-css/templates/head_sub.j2 | 2 +- roles/web-app-bigbluebutton/tasks/main.yml | 14 ++++++++++ roles/web-app-bigbluebutton/vars/main.yml | 2 +- 6 files changed, 45 insertions(+), 19 deletions(-) diff --git a/roles/docker-compose/handlers/main.yml b/roles/docker-compose/handlers/main.yml index 3bc80690..5165c502 100644 --- a/roles/docker-compose/handlers/main.yml +++ b/roles/docker-compose/handlers/main.yml @@ -11,14 +11,23 @@ - docker compose restart - docker compose just up -- name: Build docker - command: - cmd: docker compose build +- name: Build docker compose + shell: | + set -euo pipefail + docker compose build || { + echo "Retrying without cache and pulling bases..."; + docker compose build --no-cache --pull; + } + args: chdir: "{{ docker_compose.directories.instance }}" + executable: /bin/bash environment: COMPOSE_HTTP_TIMEOUT: 600 DOCKER_CLIENT_TIMEOUT: 600 - listen: + # Faster build + DOCKER_BUILDKIT: "1" + COMPOSE_DOCKER_CLI_BUILD: "1" + listen: - docker compose build - name: docker compose up diff --git a/roles/srv-proxy-7-4-core/templates/location/html.conf.j2 b/roles/srv-proxy-7-4-core/templates/location/html.conf.j2 index 745adb69..93f10801 100644 --- a/roles/srv-proxy-7-4-core/templates/location/html.conf.j2 +++ b/roles/srv-proxy-7-4-core/templates/location/html.conf.j2 @@ -6,7 +6,8 @@ location {{location}} {% include 'roles/web-app-oauth2-proxy/templates/following_directives.conf.j2'%} {% endif %} - proxy_pass http://127.0.0.1:{{ http_port }}{{ location if not location.startswith('@') else '' }}; + {% set _loc = location|trim %} + proxy_pass http://127.0.0.1:{{ http_port }}{{ (_loc|regex_replace('^(?:=|\\^~)\\s*','')) if not (_loc is match('^(@|~)')) else '' }}; # headers proxy_set_header Host $host; @@ -14,25 +15,27 @@ location {{location}} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port {{ WEB_PORT }}; - proxy_set_header Accept-Encoding ""; {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %} # WebSocket specific header proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Activate buffering - # Needs to be enabled, so that lua can do str replaces - proxy_buffering on; - proxy_request_buffering on; + proxy_set_header Connection $connection_upgrade; # timeouts - proxy_connect_timeout 1s; - proxy_send_timeout 900s; - proxy_read_timeout 900s; - send_timeout 900s; + proxy_connect_timeout 5s; + proxy_send_timeout 900s; + proxy_read_timeout 900s; + send_timeout 900s; + + {% set proxy_lua_enabled = proxy_lua_enabled | default(true) | bool %} + # Buffering needs to be activ, so that lua can do str replaces + proxy_buffering {{ 'on' if proxy_lua_enabled else 'off' }}; + proxy_request_buffering {{ 'on' if proxy_lua_enabled else 'off' }}; + {% if proxy_lua_enabled %} + proxy_set_header Accept-Encoding ""; {% include 'roles/srv-web-7-7-inj-compose/templates/location.lua.j2'%} + {% endif %} } \ No newline at end of file diff --git a/roles/srv-proxy-7-4-core/templates/location/media.conf.j2 b/roles/srv-proxy-7-4-core/templates/location/media.conf.j2 index 67d73936..4518e991 100644 --- a/roles/srv-proxy-7-4-core/templates/location/media.conf.j2 +++ b/roles/srv-proxy-7-4-core/templates/location/media.conf.j2 @@ -4,7 +4,7 @@ location ~* \.(jpg|jpeg|png|gif|webp|ico|svg)$ { add_header Cache-Control "public, max-age=2592000, immutable"; # Cache on reverse proxy side - proxy_pass http://127.0.0.1:{{http_port}}; + proxy_pass http://127.0.0.1:{{ http_port }}; proxy_cache imgcache; proxy_cache_valid 200 302 60m; proxy_cache_valid 404 1m; diff --git a/roles/srv-web-7-7-inj-css/templates/head_sub.j2 b/roles/srv-web-7-7-inj-css/templates/head_sub.j2 index dc1b15c7..fa1120bd 100644 --- a/roles/srv-web-7-7-inj-css/templates/head_sub.j2 +++ b/roles/srv-web-7-7-inj-css/templates/head_sub.j2 @@ -1 +1 @@ - \ No newline at end of file + \ No newline at end of file diff --git a/roles/web-app-bigbluebutton/tasks/main.yml b/roles/web-app-bigbluebutton/tasks/main.yml index 940de3c2..4e0895e1 100644 --- a/roles/web-app-bigbluebutton/tasks/main.yml +++ b/roles/web-app-bigbluebutton/tasks/main.yml @@ -1,4 +1,14 @@ --- +- name: Render HTML-Location-Block in Variable + set_fact: + proxy_extra_configuration: >- + {{ lookup('ansible.builtin.template', + playbook_dir ~ '/roles/srv-proxy-7-4-core/templates/location/html.conf.j2') | trim }} + vars: + location: '^~ /html5client' + oauth2_proxy_enabled: false + proxy_lua_enabled: false + - name: "load docker, proxy for '{{application_id}}'" include_role: name: cmp-docker-proxy @@ -7,6 +17,10 @@ - name: "include 04_seed-database-to-backup.yml" include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml" +- name: "Unset 'proxy_extra_configuration'" + set_fact: + proxy_extra_configuration: "{{ undef() }}" + - name: configure websocket_upgrade.conf copy: src: "websocket_upgrade.conf" diff --git a/roles/web-app-bigbluebutton/vars/main.yml b/roles/web-app-bigbluebutton/vars/main.yml index a2d43452..8d1ac94a 100644 --- a/roles/web-app-bigbluebutton/vars/main.yml +++ b/roles/web-app-bigbluebutton/vars/main.yml @@ -16,4 +16,4 @@ http_port: "{{ ports.localhost.http[application_id] }}" docker_compose_skipp_file_creation: true # Handled in this role docker_repository_address: "{{ applications | get_app_conf(application_id, 'docker.services.bigbluebutton.repository') }}" docker_repository_branch: "{{ applications | get_app_conf(application_id, 'docker.services.bigbluebutton.version') }}" -docker_pull_git_repository: true \ No newline at end of file +docker_pull_git_repository: true