From 986f9596962b1ac64e2a59ca978cbd914b1410d2 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Thu, 4 Dec 2025 18:31:09 +0100 Subject: [PATCH] Refactor webserver proxy variables and fix BigBlueButton deployment behavior Refactor proxy/webserver configuration variables to a consistent webserver_* naming scheme across roles. Replace legacy variables like proxy_extra_configuration, client_max_body_size, vhost_flavour, location_ws and ws_port with webserver_extra_configuration, webserver_client_max_body_size, webserver_vhost_flavour, webserver_websocket_location and webserver_websocket_port. Update NGINX vhost and location templates (html, upload, ws, basic, ws_generic) as well as callers (sys-front-inj-all, sys-stk-front-proxy, various web-app-* and web-svc-* roles) to use the new naming. Tighten docker-compose Git repository handling by making docker_git_repository_pull depend on docker_git_repository_address being defined, a string and non-empty. This avoids accidental Git operations when the repository address is unset or of the wrong type. Refactor the BigBlueButton role structure and fix deployment bugs: introduce 01_core.yml to orchestrate docker/proxy setup, database seeding, websocket map deployment, docker-compose overrides and admin/bootstrap logic in a single once-executed entrypoint. Rename supporting task files (02_docker-compose.yml, 03_administrator.yml, 04_dependencies.yml) and update tasks/main.yml to delegate via include_tasks with run_once_web_app_bigbluebutton. Improve Greenlight admin creation behavior by treating the 'Email has already been taken' error as a non-fatal, unchanged outcome and running user:set_admin_role as a fallback, both for the primary password and the OIDC starred-password path. Also standardize vhost flavour selection for services like Mailu, Discourse, CDN, Collabora, Coturn, OnlyOffice, Simpleicons and web-svc-logout by explicitly passing webserver_vhost_flavour where needed and aligning client_max_body_size and websocket configuration with the new webserver_* variables. Reference: ChatGPT conversation https://chatgpt.com/share/6931c530-bba8-800f-9997-dd61dc1d497b --- roles/docker-compose/defaults/main.yml | 2 +- roles/sys-front-inj-all/tasks/main.yml | 2 +- roles/sys-stk-front-proxy/defaults/main.yml | 2 +- roles/sys-stk-front-proxy/tasks/main.yml | 4 +- .../templates/location/html.conf.j2 | 2 +- .../templates/location/upload.conf.j2 | 2 +- .../templates/location/ws.conf.j2 | 4 +- .../templates/vhost/basic.conf.j2 | 4 +- .../templates/vhost/ws_generic.conf.j2 | 4 +- roles/web-app-bigbluebutton/tasks/01_core.yml | 68 +++++++++++++++ .../tasks/02_administrator.yml | 48 ----------- ...cker-compose.yml => 02_docker-compose.yml} | 0 .../tasks/03_administrator.yml | 63 ++++++++++++++ ...3_dependencies.yml => 04_dependencies.yml} | 0 roles/web-app-bigbluebutton/tasks/main.yml | 84 +------------------ roles/web-app-bluesky/tasks/main.yml | 2 +- roles/web-app-desktop/vars/main.yml | 2 +- roles/web-app-discourse/tasks/03_docker.yml | 3 +- roles/web-app-espocrm/vars/main.yml | 15 ++-- roles/web-app-funkwhale/vars/main.yml | 2 +- roles/web-app-joomla/vars/main.yml | 2 +- roles/web-app-listmonk/tasks/main.yml | 2 +- roles/web-app-mailu/tasks/01_core.yml | 5 +- roles/web-app-mailu/vars/main.yml | 2 +- roles/web-app-mastodon/tasks/main.yml | 10 +-- .../templates/synapse/homeserver.yaml.j2 | 2 +- roles/web-app-matrix/vars/main.yml | 2 +- .../web-app-nextcloud/templates/proxy.conf.j2 | 8 +- roles/web-app-openproject/tasks/main.yml | 2 +- roles/web-app-peertube/tasks/main.yml | 2 +- .../templates/peertube.conf.j2 | 6 +- roles/web-app-pixelfed/vars/main.yml | 2 +- roles/web-app-suitecrm/vars/main.yml | 2 +- roles/web-app-syncope/templates/proxy.conf | 4 +- roles/web-app-wordpress/tasks/main.yml | 2 +- roles/web-app-yourls/vars/main.yml | 2 +- roles/web-svc-cdn/tasks/main.yml | 3 +- roles/web-svc-collabora/tasks/01_core.yml | 4 +- .../web-svc-collabora/templates/proxy.conf.j2 | 4 +- roles/web-svc-coturn/tasks/01_core.yml | 1 + roles/web-svc-logout/tasks/01_core.yml | 14 ++-- roles/web-svc-onlyoffice/tasks/01_core.yml | 1 + roles/web-svc-simpleicons/tasks/01_core.yml | 7 +- 43 files changed, 210 insertions(+), 192 deletions(-) create mode 100644 roles/web-app-bigbluebutton/tasks/01_core.yml delete mode 100644 roles/web-app-bigbluebutton/tasks/02_administrator.yml rename roles/web-app-bigbluebutton/tasks/{01_docker-compose.yml => 02_docker-compose.yml} (100%) create mode 100644 roles/web-app-bigbluebutton/tasks/03_administrator.yml rename roles/web-app-bigbluebutton/tasks/{03_dependencies.yml => 04_dependencies.yml} (100%) diff --git a/roles/docker-compose/defaults/main.yml b/roles/docker-compose/defaults/main.yml index 0d70c383..f45dc251 100644 --- a/roles/docker-compose/defaults/main.yml +++ b/roles/docker-compose/defaults/main.yml @@ -1,3 +1,3 @@ docker_compose_file_creation_enabled: true # If set to true the file creation will be skipped docker_compose_flush_handlers: false # Set to true in the vars/main.yml of the including role to autoflush after docker compose routine -docker_git_repository_pull: "{{ docker_git_repository_address is defined }}" \ No newline at end of file +docker_git_repository_pull: "{{ docker_git_repository_address is defined and docker_git_repository_address is string and docker_git_repository_address | length > 0 }}" diff --git a/roles/sys-front-inj-all/tasks/main.yml b/roles/sys-front-inj-all/tasks/main.yml index fafb2c01..dbddcc62 100644 --- a/roles/sys-front-inj-all/tasks/main.yml +++ b/roles/sys-front-inj-all/tasks/main.yml @@ -15,7 +15,7 @@ - name: "Included dependent services" include_tasks: 01_dependencies.yml vars: - proxy_extra_configuration: "" + webserver_extra_configuration: "" docker_compose_flush_handlers: true - name: Reinitialize 'inj_enabled' for '{{ domain }}', after loading the required webservices diff --git a/roles/sys-stk-front-proxy/defaults/main.yml b/roles/sys-stk-front-proxy/defaults/main.yml index 9bde7658..77cb57c2 100644 --- a/roles/sys-stk-front-proxy/defaults/main.yml +++ b/roles/sys-stk-front-proxy/defaults/main.yml @@ -1,2 +1,2 @@ # default vhost flavour -vhost_flavour: "basic" # valid: basic, ws_generic +webserver_vhost_flavour: "basic" # valid: basic, ws_generic diff --git a/roles/sys-stk-front-proxy/tasks/main.yml b/roles/sys-stk-front-proxy/tasks/main.yml index cab56a10..be0055c5 100644 --- a/roles/sys-stk-front-proxy/tasks/main.yml +++ b/roles/sys-stk-front-proxy/tasks/main.yml @@ -8,7 +8,7 @@ include_role: name: sys-util-csp-cert -- name: "Copy NGINX ('{{ domain }}') config to '{{ front_proxy_domain_conf_dst }}'" +- name: "Deploy NGINX config: '{{ domain }}' -> '{{ front_proxy_domain_conf_dst }}'" template: src: "{{ item }}" dest: "{{ front_proxy_domain_conf_dst }}" @@ -17,7 +17,7 @@ vars: nginx_template_candidates: - "{{ application_id | abs_role_path_by_application_id }}/templates/proxy.conf.j2" - - "roles/sys-svc-proxy/templates/vhost/{{ vhost_flavour }}.conf.j2" + - "roles/sys-svc-proxy/templates/vhost/{{ webserver_vhost_flavour }}.conf.j2" with_first_found: "{{ nginx_template_candidates }}" - block: diff --git a/roles/sys-svc-proxy/templates/location/html.conf.j2 b/roles/sys-svc-proxy/templates/location/html.conf.j2 index 6ecf8482..991dd325 100644 --- a/roles/sys-svc-proxy/templates/location/html.conf.j2 +++ b/roles/sys-svc-proxy/templates/location/html.conf.j2 @@ -10,7 +10,7 @@ location {{location}} {% include 'roles/sys-svc-proxy/templates/headers/access_control_allow.conf.j2' %} # Client Limits for HTML - client_max_body_size {{ client_max_body_size | default('100m') }}; + client_max_body_size {{ webserver_client_max_body_size | default('100m') }}; {% set _loc = location|trim %} proxy_pass http://127.0.0.1:{{ http_port }}{{ (_loc|regex_replace('^(?:=|\\^~)\\s*','')) if not (_loc is match('^(@|~)')) else '' }}; diff --git a/roles/sys-svc-proxy/templates/location/upload.conf.j2 b/roles/sys-svc-proxy/templates/location/upload.conf.j2 index 8deeb182..1891adfd 100644 --- a/roles/sys-svc-proxy/templates/location/upload.conf.j2 +++ b/roles/sys-svc-proxy/templates/location/upload.conf.j2 @@ -13,5 +13,5 @@ location {{ location_upload }} { proxy_send_timeout 120s; # Client Limits for Upload - client_max_body_size {{ client_max_body_size }}; + client_max_body_size {{ webserver_client_max_body_size }}; } \ No newline at end of file diff --git a/roles/sys-svc-proxy/templates/location/ws.conf.j2 b/roles/sys-svc-proxy/templates/location/ws.conf.j2 index b7939f59..abfd1411 100644 --- a/roles/sys-svc-proxy/templates/location/ws.conf.j2 +++ b/roles/sys-svc-proxy/templates/location/ws.conf.j2 @@ -1,9 +1,9 @@ -location {{ location_ws }} { +location {{ webserver_websocket_location }} { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://127.0.0.1:{{ ws_port }}; + proxy_pass http://127.0.0.1:{{ webserver_websocket_port }}; # Proxy buffering needs to be disabled for websockets. proxy_buffering off; diff --git a/roles/sys-svc-proxy/templates/vhost/basic.conf.j2 b/roles/sys-svc-proxy/templates/vhost/basic.conf.j2 index b1f1ed34..389fa9cf 100644 --- a/roles/sys-svc-proxy/templates/vhost/basic.conf.j2 +++ b/roles/sys-svc-proxy/templates/vhost/basic.conf.j2 @@ -9,9 +9,9 @@ server {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%} - {% if proxy_extra_configuration is defined %} + {% if webserver_extra_configuration is defined %} {# Additional Domain Specific Configuration #} - {{ proxy_extra_configuration }} + {{ webserver_extra_configuration }} {% endif %} {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %} diff --git a/roles/sys-svc-proxy/templates/vhost/ws_generic.conf.j2 b/roles/sys-svc-proxy/templates/vhost/ws_generic.conf.j2 index 34e9ae84..03d970ad 100644 --- a/roles/sys-svc-proxy/templates/vhost/ws_generic.conf.j2 +++ b/roles/sys-svc-proxy/templates/vhost/ws_generic.conf.j2 @@ -5,7 +5,7 @@ server { {% include 'roles/sys-front-inj-all/templates/server.conf.j2' %} - client_max_body_size {{ client_max_body_size | default('100m') }}; + client_max_body_size {{ webserver_client_max_body_size | default('100m') }}; keepalive_timeout 70; sendfile on; @@ -22,7 +22,7 @@ server { {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %} - {% if location_ws | default(false) %} + {% if webserver_websocket_location | default(false) %} {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %} {% endif %} diff --git a/roles/web-app-bigbluebutton/tasks/01_core.yml b/roles/web-app-bigbluebutton/tasks/01_core.yml new file mode 100644 index 00000000..368df923 --- /dev/null +++ b/roles/web-app-bigbluebutton/tasks/01_core.yml @@ -0,0 +1,68 @@ +--- +- name: "load docker, proxy for '{{ application_id }}'" + include_role: + name: sys-stk-full-stateless + vars: + docker_compose_flush_handlers: false + docker_compose_file_creation_enabled: false + docker_git_repository_pull: true + docker_git_repository_address: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.repository') }}" + docker_git_repository_branch: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.version') }}" + webserver_extra_configuration: >- + {{ lookup( + 'ansible.builtin.template', + playbook_dir ~ '/roles/sys-svc-proxy/templates/location/html.conf.j2', + template_vars={ + 'location': '^~ /html5client', + 'oauth2_proxy_enabled': false, + 'proxy_lua_enabled': false + } + ) | trim }} + +- name: "Include Seed routines for '{{ application_id }}' database backup" + include_tasks: "{{ [ playbook_dir, 'roles/sys-ctl-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml' ] | path_join }}" + vars: + database_type: "postgres" + database_instance: "{{ entity_name }}" + database_password: "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret') }}" + database_username: "postgres" + database_name: "" # Multiple databases + +- name: configure websocket_upgrade.conf + copy: + src: "websocket_upgrade.conf" + dest: "{{ [ NGINX.DIRECTORIES.HTTP.MAPS, 'websocket_upgrade.conf' ] | path_join }}" + notify: restart openresty + +- name: "Set BBB Facts" + set_fact: + BBB_ENV_FILE_LINK: "{{ [ docker_repository_path, '.env' ] | path_join }}" + BBB_ENV_FILE_ORIGINE: "{{ docker_compose.files.env }}" + BBB_DOCKER_COMPOSE_FILE_ORIGINE: "{{ [ docker_repository_path, 'docker-compose.yml' ] | path_join }}" + BBB_DOCKER_COMPOSE_FILE_FINAL: "{{ [ docker_compose.directories.instance, 'docker-compose.yml' ] | path_join }}" + +- name: Write docker-compose.override.yml for BigBlueButton + template: + src: docker-compose.override.yml.j2 + dest: "{{ [ docker_compose.directories.instance, 'docker-compose.override.yml' ] | path_join }}" + notify: docker compose up + +- name: Create symbolic link from .env file to target location + file: + src: "{{ BBB_ENV_FILE_ORIGINE }}" + dest: "{{ BBB_ENV_FILE_LINK }}" + state: link + +- name: "Setup docker-compose.yml file" + include_tasks: "02_docker-compose.yml" + +- name: flush docker service + meta: flush_handlers + +- name: "Setup administrator" + include_tasks: "03_administrator.yml" + +- name: "Load '{{ application_id }}' dependencies" + include_tasks: "04_dependencies.yml" + +- include_tasks: utils/once/flag.yml \ No newline at end of file diff --git a/roles/web-app-bigbluebutton/tasks/02_administrator.yml b/roles/web-app-bigbluebutton/tasks/02_administrator.yml deleted file mode 100644 index 44f6553f..00000000 --- a/roles/web-app-bigbluebutton/tasks/02_administrator.yml +++ /dev/null @@ -1,48 +0,0 @@ ---- -- name: "Wait until Greenlight is reachable via Nginx" - uri: - url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" - validate_certs: true - status_code: 200 - return_content: true - register: greenlight_http - until: - - greenlight_http.status == 200 - - "'Greenlight' in greenlight_http.content or 'Sign in' in greenlight_http.content" - retries: 30 - delay: 5 - changed_when: false - -- block: - - name: "Create admin with primary password" - command: - cmd: > - {{ docker_compose_command_exec }} - greenlight - bundle exec rake - admin:create['{{ users.administrator.username | upper }}','{{ users.administrator.email }}','{{ users.administrator.password }}'] - chdir: "{{ docker_compose.directories.instance }}" - register: admin_create_primary - when: not BBB_OIDC_ENABLED | bool - - - name: "Retry with starred password when invalid and OIDC enabled" - when: BBB_OIDC_ENABLED | bool - command: - cmd: > - {{ docker_compose_command_exec }} - greenlight - bundle exec rake - admin:create['{{ users.administrator.username | upper }}','{{ users.administrator.email }}','{{ users.administrator.password ~ '*' }}'] - chdir: "{{ docker_compose.directories.instance }}" - register: admin_create_retry - failed_when: admin_create_retry.rc not in [0, 2] - - rescue: - - name: "Make existing user administrator (fallback)" - command: - cmd: > - {{ docker_compose_command_exec }} - greenlight - bundle exec rake - user:set_admin_role['{{ users.administrator.email }}'] - chdir: "{{ docker_compose.directories.instance }}" diff --git a/roles/web-app-bigbluebutton/tasks/01_docker-compose.yml b/roles/web-app-bigbluebutton/tasks/02_docker-compose.yml similarity index 100% rename from roles/web-app-bigbluebutton/tasks/01_docker-compose.yml rename to roles/web-app-bigbluebutton/tasks/02_docker-compose.yml diff --git a/roles/web-app-bigbluebutton/tasks/03_administrator.yml b/roles/web-app-bigbluebutton/tasks/03_administrator.yml new file mode 100644 index 00000000..eba76b03 --- /dev/null +++ b/roles/web-app-bigbluebutton/tasks/03_administrator.yml @@ -0,0 +1,63 @@ +--- +- name: "Wait until Greenlight is reachable via Nginx" + uri: + url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}" + validate_certs: true + status_code: 200 + return_content: true + register: greenlight_http + until: + - greenlight_http.status == 200 + - "'Greenlight' in greenlight_http.content or 'Sign in' in greenlight_http.content" + retries: 30 + delay: 5 + changed_when: false + +# Case 1: OIDC disabled → use primary password +- name: "Create admin with primary password" + when: not (BBB_OIDC_ENABLED | bool) + command: + cmd: > + {{ docker_compose_command_exec }} + greenlight + bundle exec rake + admin:create['{{ users.administrator.username | upper }}', + '{{ users.administrator.email }}', + '{{ users.administrator.password }}'] + chdir: "{{ docker_compose.directories.instance }}" + register: admin_create + failed_when: + # Only fail if rc != 0 AND it's NOT the "already taken" case + - admin_create.rc != 0 + - "'Email has already been taken' not in (admin_create.stderr | default(''))" + changed_when: admin_create.rc == 0 + +# Case 2: OIDC enabled → retry with starred password +- name: "Retry with starred password when OIDC enabled" + when: BBB_OIDC_ENABLED | bool + command: + cmd: > + {{ docker_compose_command_exec }} + greenlight + bundle exec rake + admin:create['{{ users.administrator.username | upper }}', + '{{ users.administrator.email }}', + '{{ users.administrator.password ~ '*' }}'] + chdir: "{{ docker_compose.directories.instance }}" + register: admin_create + failed_when: + - admin_create.rc != 0 + - "'Email has already been taken' not in (admin_create.stderr | default(''))" + changed_when: admin_create.rc == 0 + +- name: "Make existing user administrator (fallback)" + command: + cmd: > + {{ docker_compose_command_exec }} + greenlight + bundle exec rake + user:set_admin_role['{{ users.administrator.email }}'] + chdir: "{{ docker_compose.directories.instance }}" + when: + - admin_create is defined + - "'Email has already been taken' in (admin_create.stderr | default(''))" diff --git a/roles/web-app-bigbluebutton/tasks/03_dependencies.yml b/roles/web-app-bigbluebutton/tasks/04_dependencies.yml similarity index 100% rename from roles/web-app-bigbluebutton/tasks/03_dependencies.yml rename to roles/web-app-bigbluebutton/tasks/04_dependencies.yml diff --git a/roles/web-app-bigbluebutton/tasks/main.yml b/roles/web-app-bigbluebutton/tasks/main.yml index dcc59dc9..26da3a66 100644 --- a/roles/web-app-bigbluebutton/tasks/main.yml +++ b/roles/web-app-bigbluebutton/tasks/main.yml @@ -1,82 +1,6 @@ --- -- name: Render HTML-Location-Block in Variable - set_fact: - proxy_extra_configuration: >- - {{ lookup('ansible.builtin.template', - playbook_dir ~ '/roles/sys-svc-proxy/templates/location/html.conf.j2') | trim }} +- name: "Execute Role (once)" + include_tasks: 01_core.yml + when: run_once_web_app_bigbluebutton is not defined vars: - location: '^~ /html5client' - oauth2_proxy_enabled: false - proxy_lua_enabled: false - -- name: "load docker, proxy for '{{ application_id }}'" - include_role: - name: sys-stk-full-stateless - vars: - docker_compose_flush_handlers: false - docker_compose_file_creation_enabled: false - docker_git_repository_pull: true - docker_git_repository_address: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.repository') }}" - docker_git_repository_branch: "{{ applications | get_app_conf(application_id, 'docker.services.' ~ entity_name ~ '.version') }}" - -- name: "Unset 'proxy_extra_configuration'" - set_fact: - proxy_extra_configuration: null - -- name: "Include Seed routines for '{{ application_id }}' database backup" - include_tasks: "{{ [ playbook_dir, 'roles/sys-ctl-bkp-docker-2-loc/tasks/04_seed-database-to-backup.yml' ] | path_join }}" - vars: - database_type: "postgres" - database_instance: "{{ entity_name }}" - database_password: "{{ applications | get_app_conf(application_id, 'credentials.postgresql_secret') }}" - database_username: "postgres" - database_name: "" # Multiple databases - -- name: configure websocket_upgrade.conf - copy: - src: "websocket_upgrade.conf" - dest: "{{ [ NGINX.DIRECTORIES.HTTP.MAPS, 'websocket_upgrade.conf' ] | path_join }}" - notify: restart openresty - -- name: "Set BBB Facts" - set_fact: - BBB_ENV_FILE_LINK: "{{ [ docker_repository_path, '.env' ] | path_join }}" - BBB_ENV_FILE_ORIGINE: "{{ docker_compose.files.env }}" - BBB_DOCKER_COMPOSE_FILE_ORIGINE: "{{ [ docker_repository_path, 'docker-compose.yml' ] | path_join }}" - BBB_DOCKER_COMPOSE_FILE_FINAL: "{{ [ docker_compose.directories.instance, 'docker-compose.yml' ] | path_join }}" - -- name: Write docker-compose.override.yml for BigBlueButton - template: - src: docker-compose.override.yml.j2 - dest: "{{ [ docker_compose.directories.instance, 'docker-compose.override.yml' ] | path_join }}" - notify: - - docker compose up - -- name: deploy .env - # This seems redundant @todo Checkout if this is true and if so, delete it - template: - src: env.j2 - dest: "{{ BBB_ENV_FILE_ORIGINE }}" - notify: - - docker compose up - -- name: Create symbolic link from .env file to target location - file: - src: "{{ BBB_ENV_FILE_ORIGINE }}" - dest: "{{ BBB_ENV_FILE_LINK }}" - state: link - -- name: "Setup docker-compose.yml file" - include_tasks: "01_docker-compose.yml" - -- name: Ensure all containers in instance are running - include_tasks: "{{ [ playbook_dir , 'roles/docker-compose/tasks/utils/up.yml' ] | path_join }}" - -- name: flush docker service - meta: flush_handlers - -- name: "Setup administrator" - include_tasks: "02_administrator.yml" - -- name: "Load '{{ application_id }}' dependencies" - include_tasks: "03_dependencies.yml" + application_id: 'web-app-bigbluebutton' diff --git a/roles/web-app-bluesky/tasks/main.yml b/roles/web-app-bluesky/tasks/main.yml index e110749a..870200b4 100644 --- a/roles/web-app-bluesky/tasks/main.yml +++ b/roles/web-app-bluesky/tasks/main.yml @@ -17,7 +17,7 @@ vars: domain: "{{ BLUESKY_WEB_DOMAIN }}" http_port: "{{ BLUESKY_WEB_PORT }}" - proxy_extra_configuration: "{{ BLUESKY_FRONT_PROXY_CONTENT }}" + webserver_extra_configuration: "{{ BLUESKY_FRONT_PROXY_CONTENT }}" when: BLUESKY_WEB_ENABLED | bool - name: "Include front proxy for {{ BLUESKY_VIEW_DOMAIN_FINAL }}:{{ BLUESKY_VIEW_PORT }}" diff --git a/roles/web-app-desktop/vars/main.yml b/roles/web-app-desktop/vars/main.yml index cb8a6bd9..b0e99940 100644 --- a/roles/web-app-desktop/vars/main.yml +++ b/roles/web-app-desktop/vars/main.yml @@ -3,7 +3,7 @@ application_id: "web-app-desktop" http_port: "{{ ports.localhost.http[application_id] }}" ## Webserver -proxy_extra_configuration: "{{ lookup('template', 'nginx/sso.html.conf.j2') }}" +webserver_extra_configuration: "{{ lookup('template', 'nginx/sso.html.conf.j2') }}" # Desktop diff --git a/roles/web-app-discourse/tasks/03_docker.yml b/roles/web-app-discourse/tasks/03_docker.yml index 68d2cf2d..869e3050 100644 --- a/roles/web-app-discourse/tasks/03_docker.yml +++ b/roles/web-app-discourse/tasks/03_docker.yml @@ -8,7 +8,8 @@ include_role: name: sys-stk-full-stateful vars: - docker_compose_flush_handlers: true + docker_compose_flush_handlers: true + webserver_vhost_flavour: "basic" - name: pull docker repository git: diff --git a/roles/web-app-espocrm/vars/main.yml b/roles/web-app-espocrm/vars/main.yml index 335a1ea5..930cfd0a 100644 --- a/roles/web-app-espocrm/vars/main.yml +++ b/roles/web-app-espocrm/vars/main.yml @@ -1,16 +1,15 @@ # General -application_id: "web-app-espocrm" -entity_name: "{{ application_id | get_entity_name }}" - +application_id: "web-app-espocrm" +entity_name: "{{ application_id | get_entity_name }}" # Database -database_type: "mariadb" +database_type: "mariadb" # Webserver -location_ws: "/ws" -ws_port: "{{ ports.localhost.websocket[application_id] }}" -client_max_body_size: "100m" -vhost_flavour: "ws_generic" +webserver_websocket_location: "/ws" +webserver_websocket_port: "{{ ports.localhost.websocket[application_id] }}" +webserver_client_max_body_size: "100m" +webserver_vhost_flavour: "ws_generic" # Espocrm diff --git a/roles/web-app-funkwhale/vars/main.yml b/roles/web-app-funkwhale/vars/main.yml index 6dbc563f..0d23279a 100644 --- a/roles/web-app-funkwhale/vars/main.yml +++ b/roles/web-app-funkwhale/vars/main.yml @@ -1,5 +1,5 @@ application_id: "web-app-funkwhale" -proxy_extra_configuration: "client_max_body_size 512M;" +webserver_extra_configuration: "client_max_body_size 512M;" database_type: "postgres" funkwhale_media_root: "/srv/funkwhale/data/" funkwhale_static_root: "{{funkwhale_media_root}}static" diff --git a/roles/web-app-joomla/vars/main.yml b/roles/web-app-joomla/vars/main.yml index b50d3e6a..f58f0628 100644 --- a/roles/web-app-joomla/vars/main.yml +++ b/roles/web-app-joomla/vars/main.yml @@ -2,7 +2,7 @@ application_id: "web-app-joomla" database_type: "mariadb" container_port: 80 -client_max_body_size: "{{ JOOMLA_POST_MAX_SIZE }}" +webserver_client_max_body_size: "{{ JOOMLA_POST_MAX_SIZE }}" # Joomla JOOMLA_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.joomla.version') }}" diff --git a/roles/web-app-listmonk/tasks/main.yml b/roles/web-app-listmonk/tasks/main.yml index f0c5c1b2..5c3a8a3c 100644 --- a/roles/web-app-listmonk/tasks/main.yml +++ b/roles/web-app-listmonk/tasks/main.yml @@ -4,7 +4,7 @@ name: sys-stk-full-stateful vars: docker_compose_flush_handlers: false - proxy_extra_configuration: >- + webserver_extra_configuration: >- {% if not LISTMONK_PUBLIC_API_ENABLED | bool %} {{ lookup('file', '{{ playbook_dir }}/roles/web-app-listmonk/files/deactivate-public-api.conf') }} {% else %} diff --git a/roles/web-app-mailu/tasks/01_core.yml b/roles/web-app-mailu/tasks/01_core.yml index 6cfde355..9c87e275 100644 --- a/roles/web-app-mailu/tasks/01_core.yml +++ b/roles/web-app-mailu/tasks/01_core.yml @@ -29,8 +29,9 @@ include_role: name: sys-stk-full-stateful vars: - docker_compose_flush_handlers: true - domain: "{{ MAILU_HOSTNAME }}" + docker_compose_flush_handlers: true + webserver_vhost_flavour: "basic" + domain: "{{ MAILU_HOSTNAME }}" - name: "Include Cert deploy service for '{{ role_name }}'" include_role: diff --git a/roles/web-app-mailu/vars/main.yml b/roles/web-app-mailu/vars/main.yml index f9dd7cc5..3c7601b3 100644 --- a/roles/web-app-mailu/vars/main.yml +++ b/roles/web-app-mailu/vars/main.yml @@ -1,7 +1,7 @@ # General application_id: "web-app-mailu" http_port: "{{ ports.localhost.http[application_id] }}" -proxy_extra_configuration: "client_max_body_size 31M;" +webserver_extra_configuration: "client_max_body_size 31M;" # Database Configuration database_password: "{{ applications | get_app_conf(application_id, 'credentials.database_password') }}" diff --git a/roles/web-app-mastodon/tasks/main.yml b/roles/web-app-mastodon/tasks/main.yml index 59021e27..6f80b0f1 100644 --- a/roles/web-app-mastodon/tasks/main.yml +++ b/roles/web-app-mastodon/tasks/main.yml @@ -6,11 +6,11 @@ loop_control: loop_var: domain vars: - http_port: "{{ ports.localhost.http[application_id] }}" - location_ws: "/api/v1/streaming" - ws_port: "{{ ports.localhost.websocket[application_id] }}" - client_max_body_size: "80m" - vhost_flavour: "ws_generic" + http_port: "{{ ports.localhost.http[application_id] }}" + webserver_websocket_location: "/api/v1/streaming" + webserver_websocket_port: "{{ ports.localhost.websocket[application_id] }}" + webserver_client_max_body_size: "80m" + webserver_vhost_flavour: "ws_generic" - name: "load docker and db for {{ application_id }}" include_role: diff --git a/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2 b/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2 index c47c7f0a..21087136 100644 --- a/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2 +++ b/roles/web-app-matrix/templates/synapse/homeserver.yaml.j2 @@ -1,6 +1,6 @@ server_name: "{{ MATRIX_SERVER_NAME }}" pid_file: /data/homeserver.pid -max_upload_size: {{ client_max_body_size }} +max_upload_size: {{ webserver_client_max_body_size }} listeners: - port: 8008 tls: false diff --git a/roles/web-app-matrix/vars/main.yml b/roles/web-app-matrix/vars/main.yml index 5cbe7b33..fc6e9ce2 100644 --- a/roles/web-app-matrix/vars/main.yml +++ b/roles/web-app-matrix/vars/main.yml @@ -5,7 +5,7 @@ database_type: "postgres" # Webserver location_upload: "~ ^/_matrix/media/v3/" -client_max_body_size: "{{ applications | get_app_conf(application_id, 'server.client_max_body_size') }}" +webserver_client_max_body_size: "{{ applications | get_app_conf(application_id, 'server.client_max_body_size') }}" # Matrix diff --git a/roles/web-app-nextcloud/templates/proxy.conf.j2 b/roles/web-app-nextcloud/templates/proxy.conf.j2 index e93c601b..714eface 100644 --- a/roles/web-app-nextcloud/templates/proxy.conf.j2 +++ b/roles/web-app-nextcloud/templates/proxy.conf.j2 @@ -18,14 +18,14 @@ server fastcgi_buffers 64 4K; {% if NEXTCLOUD_HPB_SIGNALING_ENABLED | bool %} - {% set location_ws = '^~ ' ~ NEXTCLOUD_HPB_SIGNALING_LOCATION %} - {% set ws_port = NEXTCLOUD_PORT %} + {% set webserver_websocket_location = '^~ ' ~ NEXTCLOUD_HPB_SIGNALING_LOCATION %} + {% set webserver_websocket_port = NEXTCLOUD_PORT %} {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %} {% endif %} {% if NEXTCLOUD_WHITEBOARD_ENABLED | bool %} - {% set location_ws = '^~ ' ~ NEXTCLOUD_WHITEBOARD_LOCATION %} - {% set ws_port = NEXTCLOUD_PORT %} + {% set webserver_websocket_location = '^~ ' ~ NEXTCLOUD_WHITEBOARD_LOCATION %} + {% set webserver_websocket_port = NEXTCLOUD_PORT %} {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %} {% endif %} diff --git a/roles/web-app-openproject/tasks/main.yml b/roles/web-app-openproject/tasks/main.yml index 25d73c73..14509521 100644 --- a/roles/web-app-openproject/tasks/main.yml +++ b/roles/web-app-openproject/tasks/main.yml @@ -3,7 +3,7 @@ include_role: name: sys-stk-full-stateful vars: - client_max_body_size: "30m" + webserver_client_max_body_size: "30m" docker_git_repository_branch: "stable/{{ OPENPROJECT_VERSION }}" docker_git_repository_address: "https://github.com/opf/openproject-deploy" docker_git_repository_pull: true diff --git a/roles/web-app-peertube/tasks/main.yml b/roles/web-app-peertube/tasks/main.yml index 7555a5e5..0d29b8ce 100644 --- a/roles/web-app-peertube/tasks/main.yml +++ b/roles/web-app-peertube/tasks/main.yml @@ -7,7 +7,7 @@ vars: # Websockt and http listen to the same port http_port: "{{ ports.localhost.http[application_id] }}" - ws_port: "{{ ports.localhost.http[application_id] }}" + webserver_websocket_port: "{{ ports.localhost.http[application_id] }}" - name: "load docker and db for {{ application_id }}" include_role: diff --git a/roles/web-app-peertube/templates/peertube.conf.j2 b/roles/web-app-peertube/templates/peertube.conf.j2 index c86694ac..195900ae 100644 --- a/roles/web-app-peertube/templates/peertube.conf.j2 +++ b/roles/web-app-peertube/templates/peertube.conf.j2 @@ -46,11 +46,11 @@ server { # Websocket ## - {% set location_ws = "@websocket" %} + {% set webserver_websocket_location = "@websocket" %} {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %} location /socket.io { - try_files /dev/null {{ location_ws }}; + try_files /dev/null {{ webserver_websocket_location }}; } location /tracker/socket { @@ -58,6 +58,6 @@ server { # Don't close the websocket before then proxy_read_timeout 15m; # default is 60s - try_files /dev/null {{ location_ws }}; + try_files /dev/null {{ webserver_websocket_location }}; } } \ No newline at end of file diff --git a/roles/web-app-pixelfed/vars/main.yml b/roles/web-app-pixelfed/vars/main.yml index 623af7a5..977fe8a1 100644 --- a/roles/web-app-pixelfed/vars/main.yml +++ b/roles/web-app-pixelfed/vars/main.yml @@ -1,6 +1,6 @@ # General application_id: "web-app-pixelfed" -proxy_extra_configuration: "client_max_body_size 512M;" +webserver_extra_configuration: "client_max_body_size 512M;" database_type: "mariadb" # Pixelfed diff --git a/roles/web-app-suitecrm/vars/main.yml b/roles/web-app-suitecrm/vars/main.yml index cfbdb863..8ef2fb8b 100644 --- a/roles/web-app-suitecrm/vars/main.yml +++ b/roles/web-app-suitecrm/vars/main.yml @@ -7,7 +7,7 @@ domain: "{{ domains | get_domain(application_id) } database_type: "mariadb" # Webserver -client_max_body_size: "100m" +webserver_client_max_body_size: "100m" # General SUITECRM_WELL_SOFTWARE_NAME: "{{ SOFTWARE_NAME | lower | replace('.', '-') }}" diff --git a/roles/web-app-syncope/templates/proxy.conf b/roles/web-app-syncope/templates/proxy.conf index 372e1c95..ed423f94 100644 --- a/roles/web-app-syncope/templates/proxy.conf +++ b/roles/web-app-syncope/templates/proxy.conf @@ -10,9 +10,9 @@ server {% include 'roles/sys-front-inj-all/templates/server.conf.j2'%} - {% if proxy_extra_configuration is defined %} + {% if webserver_extra_configuration is defined %} {# Additional Domain Specific Configuration #} - {{ proxy_extra_configuration }} + {{ webserver_extra_configuration }} {% endif %} {% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %} diff --git a/roles/web-app-wordpress/tasks/main.yml b/roles/web-app-wordpress/tasks/main.yml index 59ce31e2..0ed8c03b 100644 --- a/roles/web-app-wordpress/tasks/main.yml +++ b/roles/web-app-wordpress/tasks/main.yml @@ -6,7 +6,7 @@ loop_control: loop_var: domain vars: - proxy_extra_configuration: "client_max_body_size {{ WORDPRESS_MAX_UPLOAD_SIZE }};" + webserver_extra_configuration: "client_max_body_size {{ WORDPRESS_MAX_UPLOAD_SIZE }};" http_port: "{{ ports.localhost.http[application_id] }}" - name: "load docker and db for {{ application_id }}" diff --git a/roles/web-app-yourls/vars/main.yml b/roles/web-app-yourls/vars/main.yml index d4305572..9cb0e040 100644 --- a/roles/web-app-yourls/vars/main.yml +++ b/roles/web-app-yourls/vars/main.yml @@ -3,7 +3,7 @@ application_id: "web-app-yourls" database_type: "mariadb" # Webserver -proxy_extra_configuration: "{{ lookup('template', 'redirect.conf.j2') }}" +webserver_extra_configuration: "{{ lookup('template', 'redirect.conf.j2') }}" # Yourls YOURLS_USER: "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}" diff --git a/roles/web-svc-cdn/tasks/main.yml b/roles/web-svc-cdn/tasks/main.yml index 2cab95ce..52c89e7d 100644 --- a/roles/web-svc-cdn/tasks/main.yml +++ b/roles/web-svc-cdn/tasks/main.yml @@ -1,7 +1,8 @@ - include_tasks: 01_core.yml when: run_once_web_svc_cdn is not defined vars: - application_id: 'web-svc-cdn' + application_id: 'web-svc-cdn' + webserver_vhost_flavour: "basic" - name: "Reset docker compose Handler for CDN" include_tasks: utils/load_handlers.yml diff --git a/roles/web-svc-collabora/tasks/01_core.yml b/roles/web-svc-collabora/tasks/01_core.yml index ba846ce5..b8a2f722 100644 --- a/roles/web-svc-collabora/tasks/01_core.yml +++ b/roles/web-svc-collabora/tasks/01_core.yml @@ -1,11 +1,13 @@ - name: "load docker, proxy for '{{ application_id }}'" include_role: - name: sys-stk-full-stateless + name: sys-stk-full-stateless public: true vars: docker_compose_flush_handlers: true docker_compose_file_creation_enabled: true docker_git_repository_pull: false + webserver_vhost_flavour: "basic" + application_id: 'web-svc-collabora' - name: Update Collabora systemplate to include new fonts command: "{{ COLLABORA_DOCKER_CONF_EXEC }} update-system-template" diff --git a/roles/web-svc-collabora/templates/proxy.conf.j2 b/roles/web-svc-collabora/templates/proxy.conf.j2 index 2f07de3c..bdb73eba 100644 --- a/roles/web-svc-collabora/templates/proxy.conf.j2 +++ b/roles/web-svc-collabora/templates/proxy.conf.j2 @@ -19,7 +19,7 @@ server { {% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %} {# WebSocket handling for Collabora #} - {% set location_ws = '^~ /cool/' %} - {% set ws_port = http_port %} + {% set webserver_websocket_location = '^~ /cool/' %} + {% set webserver_websocket_port = http_port %} {% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %} } diff --git a/roles/web-svc-coturn/tasks/01_core.yml b/roles/web-svc-coturn/tasks/01_core.yml index babd7f0d..3a45962a 100644 --- a/roles/web-svc-coturn/tasks/01_core.yml +++ b/roles/web-svc-coturn/tasks/01_core.yml @@ -5,5 +5,6 @@ docker_compose_file_creation_enabled: true docker_git_repository_pull: false docker_compose_flush_handlers: true + webserver_vhost_flavour: "basic" - include_tasks: utils/once/flag.yml \ No newline at end of file diff --git a/roles/web-svc-logout/tasks/01_core.yml b/roles/web-svc-logout/tasks/01_core.yml index 8e028d5c..ef3d373a 100644 --- a/roles/web-svc-logout/tasks/01_core.yml +++ b/roles/web-svc-logout/tasks/01_core.yml @@ -24,11 +24,15 @@ include_role: name: sys-stk-full-stateless vars: - client_max_body_size: "10M" # Necessary to overwrite parent values - location_ws: "" - docker_git_repository_address: "https://github.com/kevinveenbirkenbach/universal-logout" - docker_git_repository_pull: true - docker_compose_flush_handlers: true + application_id: 'web-svc-logout' + webserver_client_max_body_size: "10M" # Necessary to overwrite parent values + webserver_websocket_location: "" + webserver_vhost_flavour: "basic" + webserver_extra_configuration: "" + docker_git_repository_address: "https://github.com/kevinveenbirkenbach/universal-logout" + docker_git_repository_pull: true + docker_git_repository_branch: "main" + docker_compose_flush_handlers: true - name: Create symbolic link from .env file to repository file: diff --git a/roles/web-svc-onlyoffice/tasks/01_core.yml b/roles/web-svc-onlyoffice/tasks/01_core.yml index 0bbf775f..8fe4ee42 100644 --- a/roles/web-svc-onlyoffice/tasks/01_core.yml +++ b/roles/web-svc-onlyoffice/tasks/01_core.yml @@ -5,5 +5,6 @@ docker_compose_flush_handlers: true docker_compose_file_creation_enabled: true docker_git_repository_pull: false + webserver_vhost_flavour: "basic" - include_tasks: utils/once/flag.yml \ No newline at end of file diff --git a/roles/web-svc-simpleicons/tasks/01_core.yml b/roles/web-svc-simpleicons/tasks/01_core.yml index f5b667c2..c2153311 100644 --- a/roles/web-svc-simpleicons/tasks/01_core.yml +++ b/roles/web-svc-simpleicons/tasks/01_core.yml @@ -2,9 +2,10 @@ include_role: name: sys-stk-full-stateless vars: - aca_origin: "* always" - aca_methods: "'GET, OPTIONS' always" - aca_headers: '"Origin, X-Requested-With, Content-Type, Accept, Authorization" always' + aca_origin: "* always" + aca_methods: "'GET, OPTIONS' always" + aca_headers: '"Origin, X-Requested-With, Content-Type, Accept, Authorization" always' + webserver_vhost_flavour: "basic" - name: "Copy '{{ application_id }}' files" template: