kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-15 08:30:46 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(proxy,bigbluebutton): use parameterized HTML location template & add build retry

Browse Source 
- proxy(html.conf.j2):
  * Make proxy_pass more robust (strip '=', '^~' prefixes; ignore @/~ match locations)
  * Switch WS header to $connection_upgrade
  * Unify timeouts (proxy_connect_timeout 5s)
  * Lua optional: include only when proxy_lua_enabled=true; unset Accept-Encoding only then
  * Buffering via flag: proxy_buffering/proxy_request_buffering 'on' with Lua, otherwise 'off'
- proxy(media.conf.j2): minor formatting/spacing fix
- inj-css(head_sub.j2): consistent spacing for global_css_version
- bigbluebutton(tasks/main.yml):
  * Render HTML location block once before include_role (location='^~ /html5client', OAuth2/Lua disabled)
  * Pass rendered snippet via proxy_extra_configuration to the vHost
  * Cleanup afterwards: proxy_extra_configuration = undef()
- docker-compose(handlers):
  * Build with retry: if 'docker compose build' fails -> retry with '--no-cache --pull'
  * Enable BuildKit (DOCKER_BUILDKIT=1, COMPOSE_DOCKER_CLI_BUILD=1)
- vars: trailing newline / minor formatting

Motivation:
- BBB HTML5 client (^~ /html5client) needs a separate location without Lua/buffering.
- More resilient CI/CD builds via automatic no-cache retry.
- Cleaner headers/proxy defaults and fewer side effects.

Files:
- roles/docker-compose/handlers/main.yml
- roles/srv-proxy-7-4-core/templates/location/html.conf.j2
- roles/srv-proxy-7-4-core/templates/location/media.conf.j2
- roles/srv-web-7-7-inj-css/templates/head_sub.j2
- roles/web-app-bigbluebutton/tasks/main.yml
- roles/web-app-bigbluebutton/vars/main.yml
This commit is contained in:
Kevin Veen-Birkenbach 2025-08-13 06:01:50 +02:00
parent 58c64bd7c6
commit 03290eafe1
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
6 changed files with 45 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
roles/docker-compose/handlers/main.yml
View File

@ -11,14 +11,23 @@
- docker compose restart - docker compose restart
- docker compose just up - docker compose just up
- name: Build docker - name: Build docker compose
command: shell: |
cmd: docker compose build set -euo pipefail
docker compose build || {
echo "Retrying without cache and pulling bases...";
docker compose build --no-cache --pull;
}
args:
chdir: "{{ docker_compose.directories.instance }}" chdir: "{{ docker_compose.directories.instance }}"
executable: /bin/bash
environment: environment:
COMPOSE_HTTP_TIMEOUT: 600 COMPOSE_HTTP_TIMEOUT: 600
DOCKER_CLIENT_TIMEOUT: 600 DOCKER_CLIENT_TIMEOUT: 600
listen: # Faster build
DOCKER_BUILDKIT: "1"
COMPOSE_DOCKER_CLI_BUILD: "1"
listen:
- docker compose build - docker compose build
- name: docker compose up - name: docker compose up

27
roles/srv-proxy-7-4-core/templates/location/html.conf.j2
View File

@ -6,7 +6,8 @@ location {{location}}
{% include 'roles/web-app-oauth2-proxy/templates/following_directives.conf.j2'%} {% include 'roles/web-app-oauth2-proxy/templates/following_directives.conf.j2'%}
{% endif %} {% endif %}
proxy_pass http://127.0.0.1:{{ http_port }}{{ location if not location.startswith('@') else '' }}; {% set _loc = location|trim %}
proxy_pass http://127.0.0.1:{{ http_port }}{{ (_loc|regex_replace('^(?:=|\\^~)\\s*','')) if not (_loc is match('^(@|~)')) else '' }};
# headers # headers
proxy_set_header Host $host; proxy_set_header Host $host;
@ -14,25 +15,27 @@ location {{location}}
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port {{ WEB_PORT }}; proxy_set_header X-Forwarded-Port {{ WEB_PORT }};
proxy_set_header Accept-Encoding "";
{% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %} {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %}
# WebSocket specific header # WebSocket specific header
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection $connection_upgrade;
# Activate buffering
# Needs to be enabled, so that lua can do str replaces
proxy_buffering on;
proxy_request_buffering on;
# timeouts # timeouts
proxy_connect_timeout 1s; proxy_connect_timeout 5s;
proxy_send_timeout 900s; proxy_send_timeout 900s;
proxy_read_timeout 900s; proxy_read_timeout 900s;
send_timeout 900s; send_timeout 900s;
{% set proxy_lua_enabled = proxy_lua_enabled | default(true) | bool %}
# Buffering needs to be activ, so that lua can do str replaces
proxy_buffering {{ 'on' if proxy_lua_enabled else 'off' }};
proxy_request_buffering {{ 'on' if proxy_lua_enabled else 'off' }};
{% if proxy_lua_enabled %}
proxy_set_header Accept-Encoding "";
{% include 'roles/srv-web-7-7-inj-compose/templates/location.lua.j2'%} {% include 'roles/srv-web-7-7-inj-compose/templates/location.lua.j2'%}
{% endif %}
} }

2
roles/srv-proxy-7-4-core/templates/location/media.conf.j2
View File

@ -4,7 +4,7 @@ location ~* \.(jpg|jpeg|png|gif|webp|ico|svg)$ {
add_header Cache-Control "public, max-age=2592000, immutable"; add_header Cache-Control "public, max-age=2592000, immutable";
# Cache on reverse proxy side # Cache on reverse proxy side
proxy_pass http://127.0.0.1:{{http_port}}; proxy_pass http://127.0.0.1:{{ http_port }};
proxy_cache imgcache; proxy_cache imgcache;
proxy_cache_valid 200 302 60m; proxy_cache_valid 200 302 60m;
proxy_cache_valid 404 1m; proxy_cache_valid 404 1m;

2
roles/srv-web-7-7-inj-css/templates/head_sub.j2
View File

@ -1 +1 @@
<link rel="stylesheet" type="text/css" href="/global.css?version={{global_css_version}}"> <link rel="stylesheet" type="text/css" href="/global.css?version={{ global_css_version }}">

14
roles/web-app-bigbluebutton/tasks/main.yml
View File

@ -1,4 +1,14 @@
--- ---
- name: Render HTML-Location-Block in Variable
set_fact:
proxy_extra_configuration: >-
{{ lookup('ansible.builtin.template',
playbook_dir ~ '/roles/srv-proxy-7-4-core/templates/location/html.conf.j2') | trim }}
vars:
location: '^~ /html5client'
oauth2_proxy_enabled: false
proxy_lua_enabled: false
- name: "load docker, proxy for '{{application_id}}'" - name: "load docker, proxy for '{{application_id}}'"
include_role: include_role:
name: cmp-docker-proxy name: cmp-docker-proxy
@ -7,6 +17,10 @@
- name: "include 04_seed-database-to-backup.yml" - name: "include 04_seed-database-to-backup.yml"
include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml" include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml"
- name: "Unset 'proxy_extra_configuration'"
set_fact:
proxy_extra_configuration: "{{ undef() }}"
- name: configure websocket_upgrade.conf - name: configure websocket_upgrade.conf
copy: copy:
src: "websocket_upgrade.conf" src: "websocket_upgrade.conf"

2
roles/web-app-bigbluebutton/vars/main.yml
View File

@ -16,4 +16,4 @@ http_port: "{{ ports.localhost.http[application_id] }}"
docker_compose_skipp_file_creation: true # Handled in this role docker_compose_skipp_file_creation: true # Handled in this role
docker_repository_address: "{{ applications | get_app_conf(application_id, 'docker.services.bigbluebutton.repository') }}" docker_repository_address: "{{ applications | get_app_conf(application_id, 'docker.services.bigbluebutton.repository') }}"
docker_repository_branch: "{{ applications | get_app_conf(application_id, 'docker.services.bigbluebutton.version') }}" docker_repository_branch: "{{ applications | get_app_conf(application_id, 'docker.services.bigbluebutton.version') }}"
docker_pull_git_repository: true docker_pull_git_repository: true