From b1e71e3875a2270b94c9f4f64def94eb555dfa22 Mon Sep 17 00:00:00 2001 From: Kevin Veen-Birkenbach Date: Tue, 12 Dec 2023 12:32:35 +0100 Subject: [PATCH] Removed bugs and implemented new server config structure --- group_vars/all | 5 +++++ playbook-common.yml | 2 +- roles/docker-attendize/tasks/main.yml | 4 ++-- .../docker-bigbluebutton/files/websocket_upgrade.conf | 11 +++++++++++ roles/docker-bigbluebutton/tasks/main.yml | 10 +++++++++- .../templates/nginx-proxy.conf.j2 | 9 --------- roles/docker-mastodon/tasks/create-domains.yml | 4 +++- roles/docker-mastodon/templates/mastodon.conf.j2 | 2 +- roles/docker-mybb/vars/main.yml | 2 +- roles/docker-nextcloud/tasks/main.yml | 2 +- roles/docker-nextcloud/templates/nextcloud.conf.j2 | 2 +- roles/docker-peertube/tasks/create-domains.yml | 4 +++- roles/docker-peertube/templates/peertube.conf.j2 | 2 +- roles/health-nginx/files/health-nginx.py | 2 +- roles/letsencrypt/tasks/main.yml | 2 +- .../templates/domain.conf.j2 | 2 +- roles/nginx-domain-redirect/tasks/main.yml | 2 +- roles/nginx-homepage/tasks/main.yml | 4 +++- roles/nginx-homepage/templates/homepage.nginx.conf.j2 | 2 +- roles/nginx-www-redirect/README.md | 8 ++++---- roles/nginx-www-redirect/tasks/main.yml | 6 +++--- roles/nginx/tasks/main.yml | 10 +++++++--- roles/nginx/templates/nginx.conf.j2 | 4 +++- tasks/create-domain-conf.yml | 2 +- tasks/implement-matomo-tracking.yml | 2 +- 25 files changed, 66 insertions(+), 39 deletions(-) create mode 100644 roles/docker-bigbluebutton/files/websocket_upgrade.conf diff --git a/group_vars/all b/group_vars/all index 4fc0855e..02ddd645 100644 --- a/group_vars/all +++ b/group_vars/all @@ -73,3 +73,8 @@ redirect_domain_mappings: - { source: "peertube.{{top_domain}}", target: "videos.{{top_domain}}" } - { source: "funkwhale.{{top_domain}}", target: "music.{{top_domain}}" } - { source: "pixelfed.{{top_domain}}", target: "pictures.{{top_domain}}" } + +nginx_configuration_directory: "/etc/nginx/conf.d/" +nginx_servers_directory: "{{nginx_configuration_directory}}servers/" +nginx_maps_directory: "{{nginx_configuration_directory}}maps/" +nginx_upstreams_directory: "{{nginx_configuration_directory}}upstreams/" \ No newline at end of file diff --git a/playbook-common.yml b/playbook-common.yml index 9be76fa3..45eb6c0d 100644 --- a/playbook-common.yml +++ b/playbook-common.yml @@ -6,7 +6,7 @@ tasks: roles: - role: update - when: execute_updates | default(false) | bool + when: execute_updates | bool - name: setup standard wireguard hosts: wireguard_server diff --git a/roles/docker-attendize/tasks/main.yml b/roles/docker-attendize/tasks/main.yml index 83316140..96d8c432 100644 --- a/roles/docker-attendize/tasks/main.yml +++ b/roles/docker-attendize/tasks/main.yml @@ -8,13 +8,13 @@ - name: configure {{domain}}.conf template: src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 - dest: /etc/nginx/conf.d/{{domain}}.conf + dest: "{{nginx_servers_directory}}{{domain}}.conf" notify: restart nginx #- name: configure {{ mail_interface_domain }}.conf # template: # src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 -# dest: /etc/nginx/conf.d/{{ mail_interface_domain }}.conf +# dest: {{nginx_servers_directory}}{{ mail_interface_domain }}.conf # vars: # http_port: "{{ mail_interface_http_port }}" # domain: "{{ mail_interface_domain }}" diff --git a/roles/docker-bigbluebutton/files/websocket_upgrade.conf b/roles/docker-bigbluebutton/files/websocket_upgrade.conf new file mode 100644 index 00000000..143acd7a --- /dev/null +++ b/roles/docker-bigbluebutton/files/websocket_upgrade.conf @@ -0,0 +1,11 @@ +# Context: https://chat.openai.com/share/9b3c0e79-15bc-4780-aa88-f0dd149bdaac + +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +map $remote_addr $endpoint_addr { + "~:" [::1]; + default 127.0.0.1; +} \ No newline at end of file diff --git a/roles/docker-bigbluebutton/tasks/main.yml b/roles/docker-bigbluebutton/tasks/main.yml index fa76aaaa..be8bfff7 100644 --- a/roles/docker-bigbluebutton/tasks/main.yml +++ b/roles/docker-bigbluebutton/tasks/main.yml @@ -3,7 +3,15 @@ include_tasks: certbot-matomo.yml - name: configure {{domain}}.conf - template: src=templates/nginx-proxy.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: + src: "nginx-proxy.conf.j2" + dest: "{{nginx_servers_directory}}{{domain}}.conf" + notify: restart nginx + +- name: configure websocket_upgrade.conf + copy: + src: "websocket_upgrade.conf" + dest: "{{nginx_maps_directory}}websocket_upgrade.conf" notify: restart nginx - name: pull docker repository diff --git a/roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2 b/roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2 index 19bf393c..b9cce9c8 100644 --- a/roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2 +++ b/roles/docker-bigbluebutton/templates/nginx-proxy.conf.j2 @@ -1,12 +1,3 @@ -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} -map $remote_addr $endpoint_addr { - "~:" [::1]; - default 127.0.0.1; -} - server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; diff --git a/roles/docker-mastodon/tasks/create-domains.yml b/roles/docker-mastodon/tasks/create-domains.yml index 6e5aa07d..a7cf979c 100644 --- a/roles/docker-mastodon/tasks/create-domains.yml +++ b/roles/docker-mastodon/tasks/create-domains.yml @@ -2,5 +2,7 @@ include_tasks: certbot-matomo.yml - name: configure {{domain}}.conf - template: src=templates/mastodon.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: + src: "mastodon.conf.j2" + dest: "{{nginx_servers_directory}}{{domain}}.conf" notify: restart nginx \ No newline at end of file diff --git a/roles/docker-mastodon/templates/mastodon.conf.j2 b/roles/docker-mastodon/templates/mastodon.conf.j2 index 9cd2943a..e983d022 100644 --- a/roles/docker-mastodon/templates/mastodon.conf.j2 +++ b/roles/docker-mastodon/templates/mastodon.conf.j2 @@ -8,7 +8,7 @@ server { {% include 'roles/letsencrypt/templates/ssl_header.j2' %} - {% if nginx_matomo_tracking | default(False) %} + {% if nginx_matomo_tracking | bool %} {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} {% endif %} diff --git a/roles/docker-mybb/vars/main.yml b/roles/docker-mybb/vars/main.yml index b1b4554b..c464ebd3 100644 --- a/roles/docker-mybb/vars/main.yml +++ b/roles/docker-mybb/vars/main.yml @@ -2,5 +2,5 @@ docker_compose_instance_directory: "{{path_docker_compose_instances}}mybb/" docker_compose_instance_confd_directory: "{{docker_compose_instance_directory}}conf.d/" docker_compose_instance_confd_defaultconf_file: "{{docker_compose_instance_confd_directory}}default.conf" -target_mount_conf_d_directory: "/etc/nginx/conf.d/" +target_mount_conf_d_directory: "{{nginx_servers_directory}}" source_domain: "mybb.{{top_domain}}" diff --git a/roles/docker-nextcloud/tasks/main.yml b/roles/docker-nextcloud/tasks/main.yml index 0399eb29..421657e0 100644 --- a/roles/docker-nextcloud/tasks/main.yml +++ b/roles/docker-nextcloud/tasks/main.yml @@ -5,7 +5,7 @@ - name: configure {{domain}}.conf template: src: "templates/nextcloud.conf.j2" - dest: "/etc/nginx/conf.d/{{domain}}.conf" + dest: "{{nginx_servers_directory}}{{domain}}.conf" notify: restart nginx - name: "create {{path_docker_volumes}}nextcloud/" diff --git a/roles/docker-nextcloud/templates/nextcloud.conf.j2 b/roles/docker-nextcloud/templates/nextcloud.conf.j2 index f9f85e49..007fcfe7 100644 --- a/roles/docker-nextcloud/templates/nextcloud.conf.j2 +++ b/roles/docker-nextcloud/templates/nextcloud.conf.j2 @@ -4,7 +4,7 @@ server {% include 'roles/letsencrypt/templates/ssl_header.j2' %} - {% if nginx_matomo_tracking | default(False) %} + {% if nginx_matomo_tracking | bool %} {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} {% endif %} diff --git a/roles/docker-peertube/tasks/create-domains.yml b/roles/docker-peertube/tasks/create-domains.yml index 2facfd97..7f9ad971 100644 --- a/roles/docker-peertube/tasks/create-domains.yml +++ b/roles/docker-peertube/tasks/create-domains.yml @@ -2,5 +2,7 @@ include_tasks: certbot-matomo.yml - name: configure {{domain}}.conf - template: src=templates/peertube.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: + src: "templates/peertube.conf.j2" + dest: "{{nginx_servers_directory}}{{domain}}.conf" notify: restart nginx \ No newline at end of file diff --git a/roles/docker-peertube/templates/peertube.conf.j2 b/roles/docker-peertube/templates/peertube.conf.j2 index aa957761..ece8161e 100644 --- a/roles/docker-peertube/templates/peertube.conf.j2 +++ b/roles/docker-peertube/templates/peertube.conf.j2 @@ -3,7 +3,7 @@ server { {% include 'roles/letsencrypt/templates/ssl_header.j2' %} - {% if nginx_matomo_tracking | default(False) %} + {% if nginx_matomo_tracking | bool %} {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} {% endif %} diff --git a/roles/health-nginx/files/health-nginx.py b/roles/health-nginx/files/health-nginx.py index a3df1ce8..373f28e8 100644 --- a/roles/health-nginx/files/health-nginx.py +++ b/roles/health-nginx/files/health-nginx.py @@ -4,7 +4,7 @@ import sys import re # Define the path to the nginx configuration directory -config_path = '/etc/nginx/conf.d/' +config_path = '{{nginx_servers_directory}}' # Initialize the error counter error_counter = 0 diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml index e9f690ee..ce44be87 100644 --- a/roles/letsencrypt/tasks/main.yml +++ b/roles/letsencrypt/tasks/main.yml @@ -1,5 +1,5 @@ - name: create nginx letsencrypt config file - template: src=letsencrypt.conf.j2 dest=/etc/nginx/conf.d/letsencrypt.conf + template: src=letsencrypt.conf.j2 dest={{nginx_servers_directory}}letsencrypt.conf notify: restart nginx - name: flush nginx service diff --git a/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 b/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 index 8f0f33f3..e5dde64e 100644 --- a/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 +++ b/roles/nginx-docker-reverse-proxy/templates/domain.conf.j2 @@ -3,7 +3,7 @@ server server_name {{domain}}; # Include Matomo Tracking Code - {% if nginx_matomo_tracking | default(False) %} + {% if nginx_matomo_tracking | bool %} {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} {% endif %} diff --git a/roles/nginx-domain-redirect/tasks/main.yml b/roles/nginx-domain-redirect/tasks/main.yml index cc128065..506c3acd 100644 --- a/roles/nginx-domain-redirect/tasks/main.yml +++ b/roles/nginx-domain-redirect/tasks/main.yml @@ -7,6 +7,6 @@ vars: domain: "{{item.source}}" target_domain: "{{item.target}}" - template: src=redirect.domain.nginx.conf.j2 dest=/etc/nginx/conf.d/{{ domain }}.conf + template: src=redirect.domain.nginx.conf.j2 dest={{nginx_servers_directory}}{{ domain }}.conf loop: "{{domain_mappings}}" notify: restart nginx diff --git a/roles/nginx-homepage/tasks/main.yml b/roles/nginx-homepage/tasks/main.yml index 44f3d871..aac3c45a 100644 --- a/roles/nginx-homepage/tasks/main.yml +++ b/roles/nginx-homepage/tasks/main.yml @@ -3,7 +3,9 @@ include_tasks: certbot-matomo.yml - name: configure {{domain}}.conf - template: src=homepage.nginx.conf.j2 dest=/etc/nginx/conf.d/{{domain}}.conf + template: + src: "homepage.nginx.conf.j2" + dest: "{{nginx_servers_directory}}{{domain}}.conf" notify: restart nginx - name: nginx-homepage repo git diff --git a/roles/nginx-homepage/templates/homepage.nginx.conf.j2 b/roles/nginx-homepage/templates/homepage.nginx.conf.j2 index 06e2785e..19406858 100644 --- a/roles/nginx-homepage/templates/homepage.nginx.conf.j2 +++ b/roles/nginx-homepage/templates/homepage.nginx.conf.j2 @@ -5,7 +5,7 @@ server {% include 'roles/letsencrypt/templates/ssl_header.j2' %} - {% if nginx_matomo_tracking | default(False) %} + {% if nginx_matomo_tracking | bool %} {% include 'roles/nginx-matomo-tracking/templates/matomo-tracking.conf.j2' %} {% endif %} diff --git a/roles/nginx-www-redirect/README.md b/roles/nginx-www-redirect/README.md index 68df07fc..3d7f2b91 100644 --- a/roles/nginx-www-redirect/README.md +++ b/roles/nginx-www-redirect/README.md @@ -1,13 +1,13 @@ # README.md for nginx-www-redirect Role ## Overview -The `nginx-www-redirect` role is designed to automate the process of setting up redirects from `www.domain.tld` to `domain.tld` for all domains and subdomains configured within the `/etc/nginx/conf.d/` directory. This role dynamically identifies configuration files following the pattern `*domain.tld.conf` and creates corresponding redirection rules. +The `nginx-www-redirect` role is designed to automate the process of setting up redirects from `www.domain.tld` to `domain.tld` for all domains and subdomains configured within the `{{nginx_servers_directory}}` directory. This role dynamically identifies configuration files following the pattern `*domain.tld.conf` and creates corresponding redirection rules. ## Role Description This role performs several key tasks: -1. **Find Configuration Files**: Locates all `.conf` files in the `/etc/nginx/conf.d/` directory that match the `*.*.conf` pattern, ensuring that only domain and subdomain configurations are selected. +1. **Find Configuration Files**: Locates all `.conf` files in the `{{nginx_servers_directory}}` directory that match the `*.*.conf` pattern, ensuring that only domain and subdomain configurations are selected. -2. **Filter Domain Names**: Processes each configuration file, extracting the domain names and removing both the `.conf` extension and the `/etc/nginx/conf.d/` path. +2. **Filter Domain Names**: Processes each configuration file, extracting the domain names and removing both the `.conf` extension and the `{{nginx_servers_directory}}` path. 3. **Prepare Redirect Domain Mappings**: Transforms the filtered domain names into a source-target mapping format, where `source` is `www.domain.tld` and `target` is `domain.tld`. @@ -25,7 +25,7 @@ Example playbook: ## Requirements - Ansible environment set up and configured to run roles. -- Access to the `/etc/nginx/conf.d/` directory on the target hosts. +- Access to the `{{nginx_servers_directory}}` directory on the target hosts. - The `nginx-domain-redirect` role must be present and properly configured to handle the redirection mappings. ## Notes diff --git a/roles/nginx-www-redirect/tasks/main.yml b/roles/nginx-www-redirect/tasks/main.yml index 025834a0..75870003 100644 --- a/roles/nginx-www-redirect/tasks/main.yml +++ b/roles/nginx-www-redirect/tasks/main.yml @@ -1,15 +1,15 @@ --- - name: Find all .conf ansible.builtin.find: - paths: "/etc/nginx/conf.d/" + paths: "{{nginx_servers_directory}}" patterns: '*.*.conf' register: conf_files - name: Filter domain names and remove .conf extension and path set_fact: - filtered_domains: "{{ conf_files.files | map(attribute='path') | map('regex_search', domain_regex) | select('string') | map('regex_replace', '^/etc/nginx/conf.d/', '') | map('regex_replace', '.conf$', '') | list }}" + filtered_domains: "{{ conf_files.files | map(attribute='path') | map('regex_search', domain_regex) | select('string') | map('regex_replace', '^{{nginx_servers_directory}}', '') | map('regex_replace', '.conf$', '') | list }}" vars: - domain_regex: '^/etc/nginx/conf.d/(?!www\.)[^/]+\.conf$' + domain_regex: '^{{nginx_servers_directory}}(?!www\.)[^/]+\.conf$' - name: The domains for which a www. redirect will be implemented debug: diff --git a/roles/nginx/tasks/main.yml b/roles/nginx/tasks/main.yml index 476d79ad..889924b5 100644 --- a/roles/nginx/tasks/main.yml +++ b/roles/nginx/tasks/main.yml @@ -3,11 +3,15 @@ pacman: name=nginx state=present notify: restart nginx -- name: set /etc/nginx/conf.d +- name: Ensure nginx configuration directories are present file: - path: /etc/nginx/conf.d + path: "{{ item }}" state: directory - mode: 0755 + mode: '0755' + loop: + - "{{nginx_servers_directory}}" + - "{{nginx_maps_directory}}" + - "{{nginx_upstreams_directory}}" - name: create nginx config file template: src=nginx.conf.j2 dest=/etc/nginx/nginx.conf diff --git a/roles/nginx/templates/nginx.conf.j2 b/roles/nginx/templates/nginx.conf.j2 index 2146f637..02f989cc 100644 --- a/roles/nginx/templates/nginx.conf.j2 +++ b/roles/nginx/templates/nginx.conf.j2 @@ -31,5 +31,7 @@ http gzip_types application/atom+xml application/javascript application/xml+rss application/x-javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy text/javascript text/xml; types_hash_max_size 4096; - include conf.d/*.conf; + include {{nginx_upstreams_directory}}*.conf; + include {{nginx_maps_directory}}*.conf; + include {{nginx_servers_directory}}*.conf; } diff --git a/tasks/create-domain-conf.yml b/tasks/create-domain-conf.yml index 0c85714e..9dfe4658 100644 --- a/tasks/create-domain-conf.yml +++ b/tasks/create-domain-conf.yml @@ -1,5 +1,5 @@ - name: configure {{domain}}.conf template: src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2" - dest: "/etc/nginx/conf.d/{{domain}}.conf" + dest: "{{nginx_servers_directory}}{{domain}}.conf" notify: restart nginx \ No newline at end of file diff --git a/tasks/implement-matomo-tracking.yml b/tasks/implement-matomo-tracking.yml index fe4636ac..bbebfd24 100644 --- a/tasks/implement-matomo-tracking.yml +++ b/tasks/implement-matomo-tracking.yml @@ -1,4 +1,4 @@ - name: Activate NGINX matomo tracking include_role: name: nginx-matomo-tracking - when: nginx_matomo_tracking and domain is defined \ No newline at end of file + when: nginx_matomo_tracking | bool and domain is defined \ No newline at end of file