mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-15 08:30:46 +02:00
Kevin Veen-Birkenbach
03290eafe1
- proxy(html.conf.j2): * Make proxy_pass more robust (strip '=', '^~' prefixes; ignore @/~ match locations) * Switch WS header to $connection_upgrade * Unify timeouts (proxy_connect_timeout 5s) * Lua optional: include only when proxy_lua_enabled=true; unset Accept-Encoding only then * Buffering via flag: proxy_buffering/proxy_request_buffering 'on' with Lua, otherwise 'off' - proxy(media.conf.j2): minor formatting/spacing fix - inj-css(head_sub.j2): consistent spacing for global_css_version - bigbluebutton(tasks/main.yml): * Render HTML location block once before include_role (location='^~ /html5client', OAuth2/Lua disabled) * Pass rendered snippet via proxy_extra_configuration to the vHost * Cleanup afterwards: proxy_extra_configuration = undef() - docker-compose(handlers): * Build with retry: if 'docker compose build' fails -> retry with '--no-cache --pull' * Enable BuildKit (DOCKER_BUILDKIT=1, COMPOSE_DOCKER_CLI_BUILD=1) - vars: trailing newline / minor formatting Motivation: - BBB HTML5 client (^~ /html5client) needs a separate location without Lua/buffering. - More resilient CI/CD builds via automatic no-cache retry. - Cleaner headers/proxy defaults and fewer side effects. Files: - roles/docker-compose/handlers/main.yml - roles/srv-proxy-7-4-core/templates/location/html.conf.j2 - roles/srv-proxy-7-4-core/templates/location/media.conf.j2 - roles/srv-web-7-7-inj-css/templates/head_sub.j2 - roles/web-app-bigbluebutton/tasks/main.yml - roles/web-app-bigbluebutton/vars/main.yml
Nginx Location Templates
This directory contains Jinja2 templates for different Nginx location blocks, each designed to proxy and optimize different types of web traffic. These templates are used by the srv-proxy-7-4-core role to modularize and standardize reverse proxy configuration across a wide variety of applications.
Overview of Files
html.conf.j2
- Purpose:
Handles "normal" web traffic such as HTML pages, API endpoints, and general HTTP(S) requests. - Features:
- Proxies requests to the backend service.
- Optionally integrates with OAuth2 proxy for authentication.
- Sets all necessary proxy headers.
- Applies a Content Security Policy header.
- Activates buffering for advanced features such as Lua-based string replacements.
- Supports WebSocket upgrades for hybrid APIs.
ws.conf.j2
- Purpose:
Handles WebSocket connections, enabling real-time features such as live updates or chats. - Features:
- Sets all headers required for WebSocket upgrades.
- Disables proxy buffering (required for WebSockets).
- Uses
tcp_nodelayfor low latency. - Proxies traffic to the backend WebSocket server.
media.conf.j2
- Purpose:
Proxies and caches static media files (images, icons, etc.). - Features:
- Matches image file extensions (jpg, png, gif, webp, ico, svg, etc.).
- Enables browser-side and proxy-side caching for efficient delivery.
- Adds cache control headers and exposes the upstream cache status.
Usage
These templates are intended for inclusion in larger Nginx configuration files via Jinja2.
They modularize your configuration by separating HTML, WebSocket, and media proxying, allowing for clear, reusable, and maintainable reverse proxy logic.
- Use
html.conf.j2for standard application HTTP/S endpoints. - Use
ws.conf.j2for dedicated WebSocket endpoints. - Use
media.conf.j2for efficient handling of static media content.
Best Practices
- Only enable WebSocket proxying (
ws.conf.j2) for routes that actually require it, to avoid breaking buffering for standard HTTP. - Activate media proxying (
media.conf.j2) if your application benefits from image caching at the proxy layer. - Keep templates modular for maintainability and scalability as your application grows.