Refactored ws implementation to use it in mastodon and in new espocrm role

2025-08-29 15:06:26 +02:00 · 2025-04-25 14:44:33 +02:00
parent 4e04f882e5
commit 87262f7373
26 changed files with 173 additions and 91 deletions
--- a/roles/nginx-docker-reverse-proxy/templates/vhost/basic.conf.j2
+++ b/roles/nginx-docker-reverse-proxy/templates/vhost/basic.conf.j2
@@ -0,0 +1,35 @@
+server
+{
+  server_name {{domain}};
+
+  {% if applications | get_oauth2_enabled(application_id) %}
+    {% include 'roles/docker-oauth2-proxy/templates/endpoint.conf.j2'%}
+  {% endif %}
+
+  {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2'%}
+  
+  {% if nginx_docker_reverse_proxy_extra_configuration is defined %}
+    {# Additional Domain Specific Configuration #}
+    {{nginx_docker_reverse_proxy_extra_configuration}}
+  {% endif %}
+
+  {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
+
+  {% if applications | get_oauth2_enabled(application_id) %}
+    {% if applications[application_id].oauth2_proxy.location is defined %}
+      {# Exposed and Unprotected Location #}
+      {% include 'roles/nginx-docker-reverse-proxy/templates/location/proxy_basic.conf.j2' %}
+      {% set oauth2_proxy_enabled = true %}
+      {% set location = applications[application_id].oauth2_proxy.location %}
+      {# Gated Location by OAuth2 Proxy #}
+      {% include 'roles/nginx-docker-reverse-proxy/templates/location/proxy_basic.conf.j2' %}
+    {% else %}
+      {% set oauth2_proxy_enabled = true %}
+      {# Protected Domain by OAuth2 Proxy #}
+      {% include 'roles/nginx-docker-reverse-proxy/templates/location/proxy_basic.conf.j2'%}
+    {% endif %}
+  {% else %}
+    {# Exposed Domain - Not protected by OAuth2 Proxy #}
+    {% include 'roles/nginx-docker-reverse-proxy/templates/location/proxy_basic.conf.j2' %}
+  {% endif %}
+}
--- a/roles/nginx-docker-reverse-proxy/templates/vhost/ws_generic.conf.j2
+++ b/roles/nginx-docker-reverse-proxy/templates/vhost/ws_generic.conf.j2
@@ -0,0 +1,46 @@
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  ''      close;
+}
+
+server {
+  server_name {{ domain }};
+
+  {% include 'roles/letsencrypt/templates/ssl_header.j2' %}
+  {% include 'roles/nginx-modifier-all/templates/global.includes.conf.j2' %}
+
+  client_max_body_size {{ client_max_body_size | default('100m') }};
+  keepalive_timeout    70;
+  sendfile             on;
+
+  gzip on;
+  gzip_disable "msie6";
+  gzip_vary on;
+  gzip_proxied any;
+  gzip_comp_level 6;
+  gzip_buffers 16 8k;
+  gzip_http_version 1.1;
+  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+  add_header Strict-Transport-Security "max-age=31536000";
+
+  {% include 'roles/nginx-docker-reverse-proxy/templates/location/proxy_basic.conf.j2' %}
+
+  {% if ws_path is defined %}
+    location {{ ws_path }} {
+    proxy_set_header Host              $host;
+    proxy_set_header X-Real-IP         $remote_addr;
+    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto https;
+
+    proxy_pass           http://127.0.0.1:{{ ws_port }};
+    proxy_buffering      off;
+    proxy_http_version   1.1;
+    proxy_set_header     Upgrade        $http_upgrade;
+    proxy_set_header     Connection     $connection_upgrade;
+    tcp_nodelay          on;
+  }
+  {% endif %}
+
+  error_page 500 501 502 503 504 /500.html;
+}