mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-12-02 07:38:22 +00:00
Kevin Veen-Birkenbach
007963044b
Unify reverse proxy handling across apps via sys-stk-front-proxy and cleanly separate internal docker nginx configs from external vhosts. Changes: - docker-compose: use with_first_found for optional env and docker-compose.override files so roles can provide either a template or a static file without noisy 'Could not find or access' failures. - sys-stk-front-proxy: remove front_proxy_domain_conf_src and switch nginx vhost rendering to with_first_found over app-specific proxy.conf.j2 and the generic roles/sys-svc-proxy vhost flavour; keep health-check and handler logic unchanged. - web-app-nextcloud: migrate to sys-stk-full-stateful (front proxy + DB + docker), move internal nginx config to docker.conf.j2 under the volume path, and rename host.conf.j2 to proxy.conf.j2 for the external vhost. - web-app-magento: rename nginx.conf.j2 to docker.conf.j2 and update the runtime template task accordingly to make the intent (internal nginx) explicit. - web-app-matrix: rename nginx.conf.j2 to synapse.conf.j2 and adjust the webserver task to use the new template name for the synapse vhost. - web-app-bridgy-fed & web-app-flowise: pass domain and http_port explicitly when including sys-stk-front-proxy so the front stack has all required context. - web-svc-cdn/file/html: replace direct sys-stk-front-base + sys-util-csp-cert + nginx.conf.j2 handling with sys-stk-front-proxy and proxy.conf.j2, relying on the shared front-stack for TLS/CSP/vHost wiring. - web-svc-collabora: drop the direct nginx.conf.j2 vhost generation and rename it to proxy.conf.j2 so it is picked up by sys-stk-front-proxy like other services. - web-opt-rdr-domains: rename redirect.domain.nginx.conf.j2 to redirect-domain.conf.j2 and adjust the task for clearer and more consistent naming. Context: see ChatGPT refactor discussion on 2025-11-30 (proxy unification, Collabora/Nextcloud/CDN stacks, CSP/header handling): https://chatgpt.com/share/692c64ea-a488-800f-ad42-7f7692a3742f
39 lines
1.2 KiB
YAML
39 lines
1.2 KiB
YAML
- name: Front bootstrap
|
|
include_role:
|
|
name: sys-stk-front-base
|
|
|
|
- name: "include role for '{{ domain }}' to receive certificates and do the modification routines"
|
|
include_role:
|
|
name: sys-util-csp-cert
|
|
|
|
- name: "Copy nginx config to '{{ front_proxy_domain_conf_dst }}'"
|
|
template:
|
|
src: "{{ item }}"
|
|
dest: "{{ front_proxy_domain_conf_dst }}"
|
|
register: nginx_conf
|
|
notify: restart openresty
|
|
vars:
|
|
nginx_template_candidates:
|
|
- "{{ application_id | abs_role_path_by_application_id }}/templates/proxy.conf.j2"
|
|
- "roles/sys-svc-proxy/templates/vhost/{{ vhost_flavour }}.conf.j2"
|
|
with_first_found: "{{ nginx_template_candidates }}"
|
|
|
|
- block:
|
|
- name: "Check if {{ domains | get_domain(application_id) }} is reachable (only if config unchanged)"
|
|
uri:
|
|
url: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
|
|
register: site_check
|
|
failed_when: false
|
|
changed_when: false
|
|
|
|
- name: Restart nginx if site is down
|
|
command:
|
|
cmd: "true"
|
|
notify: restart openresty
|
|
when:
|
|
- site_check.status is defined
|
|
- not site_check.status in [200,301,302]
|
|
when: not nginx_conf.changed
|
|
|
|
- name: "Restart Webserver for '{{ front_proxy_domain_conf_dst }}'"
|
|
meta: flush_handlers |