mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-02-22 04:29:38 +01:00
Solved more domain related bugs
This commit is contained in:
parent
82e69fc7a6
commit
c4b622ccdb
@ -254,6 +254,8 @@ defaults_applications:
|
||||
## Peertube
|
||||
peertube:
|
||||
version: "bookworm"
|
||||
database:
|
||||
central_storage: True
|
||||
|
||||
## PHPMyAdmin
|
||||
phpmyadmin:
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
# You should change this to match your reverse proxy DNS name and protocol
|
||||
APP_URL=https://{{domain}}
|
||||
APP_URL=https://{{domains[application_id]}}
|
||||
LOCALE={{locale}}
|
||||
|
||||
# Don't change this unless you rename your database container or use rootless podman, in case of using rootless podman you should set it to 127.0.0.1 (NOT localhost)
|
||||
|
||||
@ -12,10 +12,10 @@
|
||||
- "{{ domains.mailu }}"
|
||||
- "{{ domain }}"
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
- name: configure {{domains[application_id]}}.conf
|
||||
template:
|
||||
src: roles/nginx-docker-reverse-proxy/templates/domain.conf.j2
|
||||
dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
|
||||
dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
|
||||
notify: restart nginx
|
||||
|
||||
- name: "include tasks update-repository-with-files.yml"
|
||||
|
||||
@ -9,10 +9,10 @@
|
||||
#- name: "include task certbot-and-globals.yml"
|
||||
# include_tasks: certbot-and-globals.yml
|
||||
#
|
||||
#- name: configure {{domain}}.conf
|
||||
#- name: configure {{domains[application_id]}}.conf
|
||||
# template:
|
||||
# src: "nginx-proxy.conf.j2"
|
||||
# dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
|
||||
# dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
|
||||
# notify: restart nginx
|
||||
|
||||
- name: "include role nginx-domain-setup for {{application_id}}"
|
||||
|
||||
@ -40,7 +40,7 @@ FSESL_PASSWORD={{bigbluebutton_fsesl_password}}
|
||||
# CONNECTION
|
||||
# ====================================
|
||||
|
||||
DOMAIN={{domain}}
|
||||
DOMAIN={{domains[application_id]}}
|
||||
|
||||
EXTERNAL_IPv4={{networks.internet.ip4}}
|
||||
# The following line is not tested and could lead to bugs:
|
||||
@ -53,7 +53,7 @@ STUN_PORT={{ ports.public.stun[application_id] }}
|
||||
|
||||
# TURN SERVER
|
||||
# uncomment and adjust following two lines to add an external TURN server
|
||||
TURN_SERVER=turns:{{domain}}:{{ ports.public.turn[application_id] }}?transport=tcp
|
||||
TURN_SERVER=turns:{{domains[application_id]}}:{{ ports.public.turn[application_id] }}?transport=tcp
|
||||
TURN_SECRET={{bigbluebutton_turn_secret}}
|
||||
|
||||
# Allowed SIP IPs
|
||||
@ -204,7 +204,7 @@ ALLOW_GREENLIGHT_ACCOUNTS=true
|
||||
# Please refer to your SMTP provider to get the values for the variables below
|
||||
|
||||
SMTP_SERVER={{system_email.host}}
|
||||
SMTP_DOMAIN={{domain}}
|
||||
SMTP_DOMAIN={{system_email.domain}}
|
||||
SMTP_PORT={{system_email.port}}
|
||||
SMTP_USERNAME={{system_email.username}}
|
||||
SMTP_PASSWORD={{system_email.password}}
|
||||
@ -290,5 +290,5 @@ DEFAULT_REGISTRATION=invite
|
||||
OPENID_CONNECT_CLIENT_ID={{oidc.client.id}}
|
||||
OPENID_CONNECT_CLIENT_SECRET={{oidc.client.secret}}
|
||||
OPENID_CONNECT_ISSUER={{oidc.client.issuer_url}}
|
||||
OPENID_CONNECT_REDIRECT=https://{{domain}}
|
||||
OPENID_CONNECT_REDIRECT=https://{{domains[application_id]}}
|
||||
{% endif %}
|
||||
@ -3,4 +3,6 @@ database_host: "{{ 'central-' + database_type if applications[application_i
|
||||
database_name: "{{ application_id }}"
|
||||
database_username: "{{ application_id }}"
|
||||
database_port: "{{ 3306 if database_type == 'mariadb' else 5432 }}"
|
||||
database_env: "{{docker_compose.directories.env}}{{database_type}}.env"
|
||||
database_env: "{{docker_compose.directories.env}}{{database_type}}.env"
|
||||
|
||||
# Don't set application_id . It would conflict with central database logic
|
||||
@ -41,7 +41,7 @@ env:
|
||||
UNICORN_WORKERS: 8
|
||||
|
||||
## Required. Discourse will not work with a bare IP number.
|
||||
DISCOURSE_HOSTNAME: {{domain}}
|
||||
DISCOURSE_HOSTNAME: {{domains[application_id]}}
|
||||
|
||||
## Uncomment if you want the container to be started with the same
|
||||
## hostname (-h option) as specified above (default "$hostname-$config")
|
||||
@ -122,7 +122,7 @@ run:
|
||||
- exec: rails r "SiteSetting.openid_connect_discovery_document = '{{oidc.client.discovery_document}}'"
|
||||
- exec: rails r "SiteSetting.openid_connect_client_id = '{{oidc.client.id}}'"
|
||||
- exec: rails r "SiteSetting.openid_connect_client_secret = '{{oidc.client.secret}}'"
|
||||
- exec: rails r "SiteSetting.openid_connect_rp_initiated_logout_redirect = 'https://{{domain}}'"
|
||||
- exec: rails r "SiteSetting.openid_connect_rp_initiated_logout_redirect = 'https://{{domains[application_id]}}'"
|
||||
- exec: rails r "SiteSetting.openid_connect_allow_association_change = false"
|
||||
- exec: rails r "SiteSetting.openid_connect_rp_initiated_logout = true"
|
||||
{% endif %}
|
||||
|
||||
@ -20,7 +20,7 @@ services:
|
||||
test:
|
||||
[
|
||||
"CMD-SHELL",
|
||||
"(if [ ! -f /tmp/email_sent ]; then echo 'Subject: testmessage from {{domain}}\n\nSUCCESSFULL' | msmtp -t {{test_email}} && touch /tmp/email_sent; fi && curl -f http://127.0.0.1:80) || exit 1"
|
||||
"(if [ ! -f /tmp/email_sent ]; then echo 'Subject: testmessage from {{domains[application_id]}}\n\nSUCCESSFULL' | msmtp -t {{test_email}} && touch /tmp/email_sent; fi && curl -f http://127.0.0.1:80) || exit 1"
|
||||
]
|
||||
interval: 1m
|
||||
timeout: 10s
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
# The configuration options can be found here:
|
||||
# @see https://hub.docker.com/_/friendica
|
||||
|
||||
FRIENDICA_URL= https://{{domain}}
|
||||
HOSTNAME= {{domain}}
|
||||
FRIENDICA_URL= https://{{domains[application_id]}}
|
||||
HOSTNAME= {{domains[application_id]}}
|
||||
FRIENDICA_NO_VALIDATION={{no_validation | lower}}
|
||||
|
||||
# Debugging
|
||||
|
||||
@ -40,7 +40,7 @@ FUNKWHALE_WEB_WORKERS=4
|
||||
# Replace this by the definitive, public domain you will use for
|
||||
# your instance. It cannot be changed after initial deployment
|
||||
# without breaking your instance.
|
||||
FUNKWHALE_HOSTNAME={{domain}}
|
||||
FUNKWHALE_HOSTNAME={{domains[application_id]}}
|
||||
FUNKWHALE_PROTOCOL=https
|
||||
|
||||
# Log level (debug, info, warning, error, critical)
|
||||
|
||||
@ -7,7 +7,7 @@ DB_USER={{database_username}}
|
||||
DB_PASSWD={{database_password}}
|
||||
SSH_PORT={{ports.public.ssh[application_id]}}
|
||||
SSH_LISTEN_PORT=22
|
||||
DOMAIN={{domain}}
|
||||
SSH_DOMAIN={{domain}}
|
||||
DOMAIN={{domains[application_id]}}
|
||||
SSH_DOMAIN={{domains[application_id]}}
|
||||
RUN_MODE="{{run_mode}}"
|
||||
ROOT_URL="https://{{domain}}/"
|
||||
ROOT_URL="https://{{domains[application_id]}}/"
|
||||
@ -6,7 +6,7 @@ services:
|
||||
|
||||
web:
|
||||
image: "gitlab/gitlab-ee:{{applications.gitlab.version}}"
|
||||
hostname: '{{domain}}'
|
||||
hostname: '{{domains[application_id]}}'
|
||||
{% include 'roles/docker-compose/templates/services/base.yml.j2' %}
|
||||
ports:
|
||||
- "127.0.0.1:{{ports.localhost.http[application_id]}}:80"
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
# Documentation can be found here:
|
||||
# @see https://www.keycloak.org/server/containers
|
||||
|
||||
KC_HOSTNAME= https://{{domain}}
|
||||
KC_HOSTNAME= https://{{domains[application_id]}}
|
||||
KC_HTTP_ENABLED= true
|
||||
|
||||
# Health Checks
|
||||
|
||||
@ -10,16 +10,16 @@
|
||||
domain: "{{ domains[application_id] }}"
|
||||
http_port: "{{ ports.localhost.http[application_id] }}"
|
||||
|
||||
- name: Create {{domain}}.conf if LDAP is exposed to internet
|
||||
- name: Create {{domains[application_id]}}.conf if LDAP is exposed to internet
|
||||
template:
|
||||
src: "nginx.stream.conf.j2"
|
||||
dest: "{{nginx.directories.streams}}{{domain}}.conf"
|
||||
dest: "{{nginx.directories.streams}}{{domains[application_id]}}.conf"
|
||||
notify: restart nginx
|
||||
when: applications.ldap.openldap.network.public | bool
|
||||
|
||||
- name: Remove {{domain}}.conf if LDAP is not exposed to internet
|
||||
- name: Remove {{domains[application_id]}}.conf if LDAP is not exposed to internet
|
||||
file:
|
||||
path: "{{ nginx.directories.streams }}{{ domain }}.conf"
|
||||
path: "{{ nginx.directories.streams }}{{ domains[application_id] }}.conf"
|
||||
state: absent
|
||||
when: not applications.ldap.openldap.network.public | bool
|
||||
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
# @See https://github.com/leenooks/phpLDAPadmin/wiki/Docker-Container
|
||||
APP_URL= https://{{domain}}
|
||||
APP_URL= https://{{domains[application_id]}}
|
||||
LDAP_HOST= openldap
|
||||
@ -20,7 +20,7 @@ SUBNET={{networks.local.mailu.subnet}}
|
||||
DOMAIN={{applications.mailu.domain}}
|
||||
|
||||
# Hostnames for this server, separated with comas
|
||||
HOSTNAMES={{domain}}
|
||||
HOSTNAMES={{domains[application_id]}}
|
||||
|
||||
# Postmaster local part (will append the main mail domain)
|
||||
POSTMASTER=admin
|
||||
@ -105,7 +105,7 @@ WEB_WEBMAIL=/webmail
|
||||
SITENAME=Mailservices
|
||||
|
||||
# Linked Website URL
|
||||
WEBSITE=https://{{domain}}
|
||||
WEBSITE=https://{{domains[application_id]}}
|
||||
|
||||
|
||||
|
||||
@ -162,7 +162,7 @@ OIDC_ENABLED={{ applications[application_id].oidc.enabled | string | capitalize
|
||||
# OpenID Connect provider configuration URL
|
||||
OIDC_PROVIDER_INFO_URL={{oidc.client.issuer_url}}
|
||||
# OpenID redirect URL if HOSTNAME not matching your login url
|
||||
OIDC_REDIRECT_URL=https://{{domain}}
|
||||
OIDC_REDIRECT_URL=https://{{domains[application_id]}}
|
||||
# OpenID Connect Client ID for Mailu
|
||||
OIDC_CLIENT_ID={{oidc.client.id}}
|
||||
# OpenID Connect Client secret for Mailu
|
||||
|
||||
@ -1,9 +1,11 @@
|
||||
- name: "include role receive certbot certificate"
|
||||
include_role:
|
||||
name: nginx-https-recieve-certificate
|
||||
vars:
|
||||
domain: "{{domains[application_id]}}"
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
- name: configure {{domains[application_id]}}.conf
|
||||
template:
|
||||
src: "mastodon.conf.j2"
|
||||
dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
|
||||
dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
|
||||
notify: restart nginx
|
||||
@ -3,7 +3,7 @@
|
||||
# @see https://github.com/mastodon/mastodon/blob/main/.env.production.sample
|
||||
|
||||
|
||||
LOCAL_DOMAIN={{domain}}
|
||||
LOCAL_DOMAIN={{domains[application_id]}}
|
||||
ALTERNATE_DOMAINS="{{ domains.mastodon_alternates | join(',') }}"
|
||||
SINGLE_USER_MODE={{applications.mastodon.single_user_mode}}
|
||||
|
||||
@ -66,7 +66,7 @@ OIDC_DISCOVERY=true
|
||||
OIDC_SCOPE="openid,profile,email"
|
||||
OIDC_UID_FIELD=preferred_username # @see https://stackoverflow.com/questions/72108087/how-to-set-the-username-of-mastodon-by-log-in-via-keycloak
|
||||
OIDC_CLIENT_ID={{oidc.client.id}}
|
||||
OIDC_REDIRECT_URI=https://{{domain}}/auth/auth/openid_connect/callback
|
||||
OIDC_REDIRECT_URI=https://{{domains[application_id]}}/auth/auth/openid_connect/callback
|
||||
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=true
|
||||
OIDC_CLIENT_SECRET={{oidc.client.secret}}
|
||||
OMNIAUTH_ONLY=true # uncomment to only use OIDC for login / registration buttons
|
||||
|
||||
@ -26,7 +26,7 @@
|
||||
src: "templates/nginx.conf.j2"
|
||||
dest: "{{nginx.directories.http.servers}}{{domains.matrix_synapse}}.conf"
|
||||
vars:
|
||||
# domain: "{{domains.matrix_synapse}}" This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
|
||||
domain: "{{domains.matrix_synapse}}" # Didn't work in the past. May it works now. This does not seem to work @todo Check how to solve without declaring set_fact, seems a bug at templates
|
||||
http_port: "{{ports.localhost.http.matrix_synapse}}"
|
||||
notify: restart nginx
|
||||
|
||||
|
||||
@ -3,7 +3,7 @@
|
||||
include_role:
|
||||
name: docker-central-database
|
||||
|
||||
- name: "include tasks setup-domain.yml with {{domain}}"
|
||||
- name: "include tasks setup-domain.yml with {{domains[application_id]}}"
|
||||
include_tasks: setup-domain.yml
|
||||
loop: "{{ mybb_domains + [source_domain] }}"
|
||||
loop_control:
|
||||
|
||||
@ -3,11 +3,13 @@
|
||||
- name: "include role receive certbot certificate"
|
||||
include_role:
|
||||
name: nginx-https-recieve-certificate
|
||||
vars:
|
||||
domain: "{{domains[application_id]}}"
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
- name: configure {{domains[application_id]}}.conf
|
||||
template:
|
||||
src: "roles/nginx-docker-reverse-proxy/templates/domain.conf.j2"
|
||||
dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
|
||||
dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
|
||||
notify: restart nginx
|
||||
vars:
|
||||
nginx_docker_reverse_proxy_extra_configuration: "sub_filter '{{source_domain}}' '{{domain}}';"
|
||||
nginx_docker_reverse_proxy_extra_configuration: "sub_filter '{{source_domain}}' '{{domains[application_id]}}';"
|
||||
|
||||
@ -6,11 +6,13 @@
|
||||
- name: "include role receive certbot certificate"
|
||||
include_role:
|
||||
name: nginx-https-recieve-certificate
|
||||
vars:
|
||||
domain: "{{domains[application_id]}}"
|
||||
|
||||
- name: create nextcloud nginx proxy configuration file
|
||||
template:
|
||||
src: "proxy-nginx.conf.j2"
|
||||
dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
|
||||
dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
|
||||
notify: restart nginx
|
||||
|
||||
- name: create internal nextcloud nginx configuration
|
||||
|
||||
@ -7,7 +7,7 @@
|
||||
# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
|
||||
#
|
||||
OPENPROJECT_HTTPS=true
|
||||
OPENPROJECT_HOST__NAME={{domain}}
|
||||
OPENPROJECT_HOST__NAME={{domains[application_id]}}
|
||||
OPENPROJECT_RAILS__RELATIVE__URL__ROOT=
|
||||
IMAP_ENABLED=false
|
||||
POSTGRES_PASSWORD="{{ database_password }}"
|
||||
|
||||
@ -1,9 +1,11 @@
|
||||
- name: "include role receive certbot certificate"
|
||||
include_role:
|
||||
name: nginx-https-recieve-certificate
|
||||
vars:
|
||||
domain: "{{domains[application_id]}}"
|
||||
|
||||
- name: configure {{domain}}.conf
|
||||
- name: configure {{domains[application_id]}}.conf
|
||||
template:
|
||||
src: "templates/peertube.conf.j2"
|
||||
dest: "{{nginx.directories.http.servers}}{{domain}}.conf"
|
||||
dest: "{{nginx.directories.http.servers}}{{domains[application_id]}}.conf"
|
||||
notify: restart nginx
|
||||
@ -8,7 +8,7 @@ PEERTUBE_DB_SSL=false
|
||||
PEERTUBE_DB_HOSTNAME={{database_host}}
|
||||
|
||||
# PeerTube server configuration
|
||||
PEERTUBE_WEBSERVER_HOSTNAME={{domain}}
|
||||
PEERTUBE_WEBSERVER_HOSTNAME={{domains[application_id]}}
|
||||
PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback"]
|
||||
|
||||
PEERTUBE_SECRET={{peertube_secret}}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
server {
|
||||
server_name {{domain}};
|
||||
server_name {{domains[application_id]}};
|
||||
|
||||
{% include 'roles/letsencrypt/templates/ssl_header.j2' %}
|
||||
|
||||
|
||||
@ -5,10 +5,10 @@ APP_KEY={{pixelfed_app_key}}
|
||||
APP_NAME="{{applications.pixelfed.titel}}"
|
||||
APP_ENV=production
|
||||
APP_DEBUG={{enable_debug | string | lower }}
|
||||
APP_URL=https://{{domain}}
|
||||
APP_DOMAIN="{{domain}}"
|
||||
ADMIN_DOMAIN="{{domain}}"
|
||||
SESSION_DOMAIN="{{domain}}"
|
||||
APP_URL=https://{{domains[application_id]}}
|
||||
APP_DOMAIN="{{domains[application_id]}}"
|
||||
ADMIN_DOMAIN="{{domains[application_id]}}"
|
||||
SESSION_DOMAIN="{{domains[application_id]}}"
|
||||
|
||||
OPEN_REGISTRATION=false
|
||||
ENFORCE_EMAIL_VERIFICATION=false
|
||||
|
||||
@ -5,7 +5,7 @@ APP_ENV=production
|
||||
APP_DEBUG={{enable_debug | string | lower }}
|
||||
# Please regenerate the APP_KEY value by calling `docker compose run --rm app php artisan key:generate --show`. Copy paste the value here
|
||||
APP_KEY={{applications.snipe_it.app_key}}
|
||||
APP_URL=https://{{domain}}
|
||||
APP_URL=https://{{domains[application_id]}}
|
||||
# https://en.wikipedia.org/wiki/List_of_tz_database_time_zones - TZ identifier
|
||||
APP_TIMEZONE='{{timezone}}'
|
||||
APP_LOCALE={{locale}}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
# Taiga's URLs - Variables to define where Taiga should be served
|
||||
TAIGA_SITES_SCHEME = https # serve Taiga using "http" or "https" (secured) connection
|
||||
TAIGA_SITES_DOMAIN = "{{domain}}" # Taiga's base URL
|
||||
TAIGA_SITES_DOMAIN = "{{domains[application_id]}}" # Taiga's base URL
|
||||
|
||||
TAIGA_SUBPATH = "" # it'll be appended to the TAIGA_DOMAIN (use either "" or a "/subpath")
|
||||
WEBSOCKETS_SCHEME = wss # events connection protocol (use either "ws" or "wss")
|
||||
|
||||
@ -2,6 +2,6 @@ YOURLS_DB_HOST: "{{database_host}}"
|
||||
YOURLS_DB_USER: "{{database_username}}"
|
||||
YOURLS_DB_PASS: "{{database_password}}"
|
||||
YOURLS_DB_NAME: "{{database_name}}"
|
||||
YOURLS_SITE: "https://{{domain}}"
|
||||
YOURLS_SITE: "https://{{domains[application_id]}}"
|
||||
YOURLS_USER: "{{applications.yourls.administrator_username}}"
|
||||
YOURLS_PASS: "{{yourls_administrator_password}}"
|
||||
@ -907,6 +907,12 @@ div.statusError {
|
||||
background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-55), var(--color-60), var(--color-61), var(--color-65));
|
||||
}
|
||||
|
||||
div.wrapper footer.main-footer, div.wrapper div.content-wrapper{
|
||||
background-color: var(--color-85);
|
||||
background: linear-gradient({{ range(0, 361) | random }}deg, var(--color-89), var(--color-85), var(--color-80), var(--color-79));
|
||||
color: var(--color-39);
|
||||
}
|
||||
|
||||
/** Nextcloud specific **/
|
||||
html.ng-csp header#header{
|
||||
background-color: var(--color-80);
|
||||
|
||||
@ -1,11 +1,13 @@
|
||||
---
|
||||
- name: "include role nginx-modifier-all for {{domain}}"
|
||||
- name: "include role nginx-modifier-all for {{domains[application_id]}}"
|
||||
include_role:
|
||||
name: nginx-modifier-all
|
||||
|
||||
- name: "include role nginx-https-recieve-certificate for {{domain}}"
|
||||
- name: "include role nginx-https-recieve-certificate for {{domains[application_id]}}"
|
||||
include_role:
|
||||
name: nginx-https-recieve-certificate
|
||||
vars:
|
||||
domain: "{{domains[application_id]}}"
|
||||
|
||||
- name: "generate {{domains[application_id]}}.conf"
|
||||
template:
|
||||
|
||||
@ -1,11 +1,13 @@
|
||||
---
|
||||
- name: "include role nginx-modifier-all for {{domain}}"
|
||||
- name: "include role nginx-modifier-all for {{domains[application_id]}}"
|
||||
include_role:
|
||||
name: nginx-modifier-all
|
||||
|
||||
- name: "include role nginx-https-recieve-certificate for {{domain}}"
|
||||
- name: "include role nginx-https-recieve-certificate for {{domains[application_id]}}"
|
||||
include_role:
|
||||
name: nginx-https-recieve-certificate
|
||||
vars:
|
||||
domain: "{{domains[application_id]}}"
|
||||
|
||||
- name: "generate {{domains[application_id]}}.conf"
|
||||
template:
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user