From 75c27f9a421f57c5e793f21c92c9d5f560bf1fa7 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Mon, 11 Dec 2023 16:54:07 +0100 Subject: [PATCH] Added role for automatic redirect from www.*domain.tld to *domain.tld --- group_vars/all | 7 ++-- playbook-common.yml | 2 +- playbook-servers.yml | 42 +++++++++++-------- .../templates/mastodon.conf.j2 | 2 +- .../templates/nextcloud.conf.j2 | 2 +- .../templates/peertube.conf.j2 | 2 +- .../templates/domain.conf.j2 | 2 +- .../templates/homepage.nginx.conf.j2 | 2 +- roles/nginx-www-redirect/README.md | 37 ++++++++++++++++ roles/nginx-www-redirect/tasks/main.yml | 31 ++++++++++++++ tasks/implement-matomo-tracking.yml | 2 +- 11 files changed, 104 insertions(+), 27 deletions(-) create mode 100644 roles/nginx-www-redirect/README.md create mode 100644 roles/nginx-www-redirect/tasks/main.yml diff --git a/group_vars/all b/group_vars/all index 44605668..793cf561 100644 --- a/group_vars/all +++ b/group_vars/all @@ -32,6 +32,7 @@ path_docker_volumes: "{{path_administrator_home}}volume path_docker_compose_instances: "{{path_administrator_home}}docker-compose/" # Runtime Variables -activate_all_timers (bool): false # Activates all timers, independend if the handlers had been triggered -nginx_matomo_tracking_active: false # Activates matomo tracking on all html pages -execute_updates: true # Executes updates \ No newline at end of file +activate_all_timers: false # Activates all timers, independend if the handlers had been triggered +nginx_matomo_tracking: false # Activates matomo tracking on all html pages +nginx_www_redirect: true # Implements an redirect from all www. domains to the main domain +execute_updates: true # Executes updates \ No newline at end of file diff --git a/playbook-common.yml b/playbook-common.yml index 97818c51..9be76fa3 100644 --- a/playbook-common.yml +++ b/playbook-common.yml @@ -6,7 +6,7 @@ tasks: roles: - role: update - when: execute_updates is true + when: execute_updates | default(false) | bool - name: setup standard wireguard hosts: wireguard_server diff --git a/playbook-servers.yml b/playbook-servers.yml index 786926ec..68a04cf7 100644 --- a/playbook-servers.yml +++ b/playbook-servers.yml @@ -12,22 +12,6 @@ - cleanup-disc-space - health-btrfs -# Native Webserver Roles -- name: setup nginx-homepages - hosts: homepage - become: true - roles: - - role: nginx-homepage - vars: - domain: "{{top_domain}}" -- name: setup redirect hosts - hosts: redirect - become: true - roles: - - role: nginx-domain-redirect - vars: - domain_mappings: "{{redirect_domain_mappings}}" - # Docker Roles - name: setup nextcloud hosts hosts: nextcloud_server @@ -219,4 +203,28 @@ - role: docker-akaunting vars: domain: akaunting.{{top_domain}} - http_port: 8080 \ No newline at end of file + http_port: 8080 + +# Native Webserver Roles +- name: setup nginx-homepages + hosts: homepage + become: true + roles: + - role: nginx-homepage + vars: + domain: "{{top_domain}}" + +- name: setup redirect hosts + hosts: redirect + become: true + roles: + - role: nginx-domain-redirect + vars: + domain_mappings: "{{redirect_domain_mappings}}" + +- name: setup www redirect + hosts: all + become: true + roles: + - role: nginx-www-redirect + when: nginx_www_redirect | bool diff --git a/roles/docker-mastodon/templates/mastodon.conf.j2 b/roles/docker-mastodon/templates/mastodon.conf.j2 index ae5aa6ad..9cd2943a 100644 --- a/roles/docker-mastodon/templates/mastodon.conf.j2 +++ b/roles/docker-mastodon/templates/mastodon.conf.j2 @@ -8,7 +8,7 @@ server { {% include 'roles/letsencrypt/templates/ssl_header.j2' %} - {% if nginx_matomo_tracking_active | default(False) %} + {% if nginx_matomo_tracking | default(False) %} {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} {% endif %} diff --git a/roles/docker-nextcloud/templates/nextcloud.conf.j2 b/roles/docker-nextcloud/templates/nextcloud.conf.j2 index 29703391..f9f85e49 100644 --- a/roles/docker-nextcloud/templates/nextcloud.conf.j2 +++ b/roles/docker-nextcloud/templates/nextcloud.conf.j2 @@ -4,7 +4,7 @@ server {% include 'roles/letsencrypt/templates/ssl_header.j2' %} - {% if nginx_matomo_tracking_active | default(False) %} + {% if nginx_matomo_tracking | default(False) %} {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} {% endif %} diff --git a/roles/docker-peertube/templates/peertube.conf.j2 b/roles/docker-peertube/templates/peertube.conf.j2 index 1fb1156b..0e4dd402 100644 --- a/roles/docker-peertube/templates/peertube.conf.j2 +++ b/roles/docker-peertube/templates/peertube.conf.j2 @@ -8,7 +8,7 @@ server { {% include 'roles/letsencrypt/templates/ssl_header.j2' %} - {% if nginx_matomo_tracking_active | default(False) %} + {% if nginx_matomo_tracking | default(False) %} {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} {% endif %} diff --git a/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 b/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 index a160264b..8f0f33f3 100644 --- a/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 +++ b/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 @@ -3,7 +3,7 @@ server server_name {{domain}}; # Include Matomo Tracking Code - {% if nginx_matomo_tracking_active | default(False) %} + {% if nginx_matomo_tracking | default(False) %} {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} {% endif %} diff --git a/roles/nginx-homepage/templates/homepage.nginx.conf.j2 b/roles/nginx-homepage/templates/homepage.nginx.conf.j2 index 9529908b..06e2785e 100644 --- a/roles/nginx-homepage/templates/homepage.nginx.conf.j2 +++ b/roles/nginx-homepage/templates/homepage.nginx.conf.j2 @@ -5,7 +5,7 @@ server {% include 'roles/letsencrypt/templates/ssl_header.j2' %} - {% if nginx_matomo_tracking_active | default(False) %} + {% if nginx_matomo_tracking | default(False) %} {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} {% endif %} diff --git a/roles/nginx-www-redirect/README.md b/roles/nginx-www-redirect/README.md new file mode 100644 index 00000000..68df07fc --- /dev/null +++ b/roles/nginx-www-redirect/README.md @@ -0,0 +1,37 @@ +# README.md for nginx-www-redirect Role + +## Overview +The `nginx-www-redirect` role is designed to automate the process of setting up redirects from `www.domain.tld` to `domain.tld` for all domains and subdomains configured within the `/etc/nginx/conf.d/` directory. This role dynamically identifies configuration files following the pattern `*domain.tld.conf` and creates corresponding redirection rules. + +## Role Description +This role performs several key tasks: +1. **Find Configuration Files**: Locates all `.conf` files in the `/etc/nginx/conf.d/` directory that match the `*.*.conf` pattern, ensuring that only domain and subdomain configurations are selected. + +2. **Filter Domain Names**: Processes each configuration file, extracting the domain names and removing both the `.conf` extension and the `/etc/nginx/conf.d/` path. + +3. **Prepare Redirect Domain Mappings**: Transforms the filtered domain names into a source-target mapping format, where `source` is `www.domain.tld` and `target` is `domain.tld`. + +4. **Include nginx-domain-redirect Role**: Applies the redirection configuration using the `nginx-domain-redirect` role with the dynamically generated domain mappings. + +## Usage +To use this role, include it in your playbook and ensure that the `nginx-domain-redirect` role is available in your Ansible environment. No additional configuration is required as the role is designed to dynamically identify and process the domain configurations. + +Example playbook: +```yaml +- hosts: web-servers + roles: + - nginx-www-redirect +``` + +## Requirements +- Ansible environment set up and configured to run roles. +- Access to the `/etc/nginx/conf.d/` directory on the target hosts. +- The `nginx-domain-redirect` role must be present and properly configured to handle the redirection mappings. + +## Notes +- This role is designed to work in environments where domain and subdomain configurations follow the naming pattern `*domain.tld.conf`. +- It automatically excludes any configurations that begin with `www.`, preventing duplicate redirects. + +--- + +This `nginx-www-redirect` role was crafted with insights and guidance provided by ChatGPT, an advanced AI language model from OpenAI. The development process, including the discussions with ChatGPT that shaped this role, can be [here](https://chat.openai.com/share/a68e3574-f543-467d-aea7-0895f0e00bbb) explored in detail. \ No newline at end of file diff --git a/roles/nginx-www-redirect/tasks/main.yml b/roles/nginx-www-redirect/tasks/main.yml new file mode 100644 index 00000000..9f2acee2 --- /dev/null +++ b/roles/nginx-www-redirect/tasks/main.yml @@ -0,0 +1,31 @@ +--- +- name: Find all .conf + ansible.builtin.find: + paths: "/etc/nginx/conf.d/" + patterns: '*.*.conf' + register: conf_files + +- name: Print conf_files domains + debug: + var: conf_files + +- name: Filter domain names and remove .conf extension and path + set_fact: + filtered_domains: "{{ conf_files.files | map(attribute='path') | map('regex_search', domain_regex) | select('string') | map('regex_replace', '^/etc/nginx/conf.d/', '') | map('regex_replace', '.conf$', '') | list }}" + vars: + domain_regex: '^/etc/nginx/conf.d/(?!www\.)[^/]+\.conf$' + + +- name: Print filtered domains + debug: + var: filtered_domains + +- name: Prepare redirect domain mappings + set_fact: + redirect_domain_mappings: "{{ filtered_domains | map('regex_replace', '^(.*)$', '{ source: \"www.\\1\", target: \"\\1\" }') | map('from_yaml') | list }}" + +- name: Include nginx-domain-redirect role with dynamic domain mappings + include_role: + name: nginx-domain-redirect + vars: + domain_mappings: "{{ redirect_domain_mappings }}" diff --git a/tasks/implement-matomo-tracking.yml b/tasks/implement-matomo-tracking.yml index 4d4d9017..fe4636ac 100644 --- a/tasks/implement-matomo-tracking.yml +++ b/tasks/implement-matomo-tracking.yml @@ -1,4 +1,4 @@ - name: Activate NGINX matomo tracking include_role: name: nginx-matomo-tracking - when: nginx_matomo_tracking_active and domain is defined \ No newline at end of file + when: nginx_matomo_tracking and domain is defined \ No newline at end of file