refactor(web-app-shopware): externalize trusted proxy and host configuration with mounted framework.yaml

- added new file roles/web-app-shopware/files/framework.yaml defining trusted_proxies and trusted_headers for Symfony - mounted framework.yaml into /var/www/html/config/packages/ in docker-compose - exposed new role vars SHOPWARE_FRAMEWORK_HOST/DOCKER for mounting path - rendered framework.yaml via Ansible copy task with proper permissions - adjusted env.j2 to set TRUSTED_PROXIES and TRUSTED_HOSTS dynamically from domains and networks - added SHOPWARE_DOMAIN var to vars/main.yml - removed inline framework.yaml creation from Dockerfile (now managed via mount) - updated proxy template (html.conf.j2) to include X-Forwarded-Ssl header - improved init.sh permission handling for shared volumes See ChatGPT conversation for implementation details and rationale: https://chatgpt.com/share/690d4fe7-2830-800f-8b6d-b868e7fe0e97
2025-11-09 14:46:37 +00:00 · 2025-11-07 02:48:49 +01:00
parent 2fcbae8fc7
commit 493d5bbbda
8 changed files with 34 additions and 11 deletions
--- a/roles/web-app-shopware/tasks/main.yml
+++ b/roles/web-app-shopware/tasks/main.yml
@@ -14,6 +14,14 @@
    - docker compose up
    - docker compose build

+- name: "Render framework.yaml (trusted proxies/headers/hosts)"
+  copy:
+    src:  "framework.yaml"
+    dest: "{{ SHOPWARE_FRAMEWORK_HOST }}"
+    mode: "0644"
+  notify:
+    - docker compose up
+
 - name: "Flush docker compose handlers"
  meta: flush_handlers