feat(proxy,bigbluebutton): use parameterized HTML location template & add build retry

- proxy(html.conf.j2): * Make proxy_pass more robust (strip '=', '^~' prefixes; ignore @/~ match locations) * Switch WS header to $connection_upgrade * Unify timeouts (proxy_connect_timeout 5s) * Lua optional: include only when proxy_lua_enabled=true; unset Accept-Encoding only then * Buffering via flag: proxy_buffering/proxy_request_buffering 'on' with Lua, otherwise 'off' - proxy(media.conf.j2): minor formatting/spacing fix - inj-css(head_sub.j2): consistent spacing for global_css_version - bigbluebutton(tasks/main.yml): * Render HTML location block once before include_role (location='^~ /html5client', OAuth2/Lua disabled) * Pass rendered snippet via proxy_extra_configuration to the vHost * Cleanup afterwards: proxy_extra_configuration = undef() - docker-compose(handlers): * Build with retry: if 'docker compose build' fails -> retry with '--no-cache --pull' * Enable BuildKit (DOCKER_BUILDKIT=1, COMPOSE_DOCKER_CLI_BUILD=1) - vars: trailing newline / minor formatting Motivation: - BBB HTML5 client (^~ /html5client) needs a separate location without Lua/buffering. - More resilient CI/CD builds via automatic no-cache retry. - Cleaner headers/proxy defaults and fewer side effects. Files: - roles/docker-compose/handlers/main.yml - roles/srv-proxy-7-4-core/templates/location/html.conf.j2 - roles/srv-proxy-7-4-core/templates/location/media.conf.j2 - roles/srv-web-7-7-inj-css/templates/head_sub.j2 - roles/web-app-bigbluebutton/tasks/main.yml - roles/web-app-bigbluebutton/vars/main.yml
2025-08-15 08:30:46 +02:00 · 2025-08-13 06:01:50 +02:00 · 2025-08-13 06:01:50 +02:00 · 03290eafe1
commit 03290eafe1
parent 58c64bd7c6
6 changed files with 45 additions and 19 deletions
--- a/roles/docker-compose/handlers/main.yml
+++ b/roles/docker-compose/handlers/main.yml
@ -11,13 +11,22 @@
    - docker compose restart
    - docker compose just up

- name: Build docker 
-  command:
-    cmd:   docker compose build
+- name: Build docker compose 
+  shell: |
+    set -euo pipefail
+    docker compose build || { 
+      echo "Retrying without cache and pulling bases...";
+      docker compose build --no-cache --pull; 
+    }
+  args:
    chdir: "{{ docker_compose.directories.instance }}"
+    executable: /bin/bash
  environment:
    COMPOSE_HTTP_TIMEOUT: 600
    DOCKER_CLIENT_TIMEOUT: 600
+    # Faster build
+    DOCKER_BUILDKIT: "1"
+    COMPOSE_DOCKER_CLI_BUILD: "1"
  listen:
    - docker compose build

--- a/roles/srv-proxy-7-4-core/templates/location/html.conf.j2
+++ b/roles/srv-proxy-7-4-core/templates/location/html.conf.j2
@ -6,7 +6,8 @@ location {{location}}
    {% include 'roles/web-app-oauth2-proxy/templates/following_directives.conf.j2'%}
  {% endif %}

-  proxy_pass http://127.0.0.1:{{ http_port }}{{ location if not location.startswith('@') else '' }};
+  {% set _loc = location|trim %}
+  proxy_pass http://127.0.0.1:{{ http_port }}{{ (_loc|regex_replace('^(?:=|\\^~)\\s*','')) if not (_loc is match('^(@|~)')) else '' }};

  # headers
  proxy_set_header Host $host;
@ -14,25 +15,27 @@ location {{location}}
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Forwarded-Port {{ WEB_PORT }};
-  proxy_set_header Accept-Encoding "";

  {% include 'roles/srv-proxy-7-4-core/templates/headers/content_security_policy.conf.j2' %}

  # WebSocket specific header
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
-  proxy_set_header Connection "upgrade";
-
-  # Activate buffering
-  # Needs to be enabled, so that lua can do str replaces
-  proxy_buffering         on; 
-  proxy_request_buffering on;
+  proxy_set_header Connection $connection_upgrade;

  # timeouts
-  proxy_connect_timeout       1s;
+  proxy_connect_timeout     5s;
  proxy_send_timeout        900s;
  proxy_read_timeout        900s;
  send_timeout              900s;
  
+  {% set proxy_lua_enabled = proxy_lua_enabled | default(true) | bool %}
+  # Buffering needs to be activ, so that lua can do str replaces
+  proxy_buffering           {{ 'on' if proxy_lua_enabled else 'off' }}; 
+  proxy_request_buffering   {{ 'on' if proxy_lua_enabled else 'off' }};
+
+  {% if proxy_lua_enabled %}
+  proxy_set_header Accept-Encoding "";
  {% include 'roles/srv-web-7-7-inj-compose/templates/location.lua.j2'%}
+  {% endif %}
 }
--- a/roles/web-app-bigbluebutton/tasks/main.yml
+++ b/roles/web-app-bigbluebutton/tasks/main.yml
@ -1,4 +1,14 @@
 ---
+- name: Render HTML-Location-Block in Variable
+  set_fact:
+    proxy_extra_configuration: >-
+      {{ lookup('ansible.builtin.template',
+                playbook_dir ~ '/roles/srv-proxy-7-4-core/templates/location/html.conf.j2') | trim }}
+  vars:
+    location: '^~ /html5client'
+    oauth2_proxy_enabled: false
+    proxy_lua_enabled: false
+
 - name: "load docker, proxy for '{{application_id}}'"
  include_role:
    name: cmp-docker-proxy
@ -7,6 +17,10 @@
 - name: "include 04_seed-database-to-backup.yml"
  include_tasks: "{{ playbook_dir }}/roles/sys-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml"

+- name: "Unset 'proxy_extra_configuration'"
+  set_fact:
+    proxy_extra_configuration: "{{ undef() }}"
+
 - name: configure websocket_upgrade.conf
  copy: 
    src:  "websocket_upgrade.conf"