kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-02 15:39:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
48cd7743b59a58b95c736cf902e76ac869f26905
computer-playbook/roles/sys-stk-front-proxy
History
Kevin Veen-Birkenbach 007963044b refactor: centralize web front proxy and internal nginx configs 
Unify reverse proxy handling across apps via sys-stk-front-proxy and cleanly separate internal docker nginx configs from external vhosts.

Changes:

- docker-compose: use with_first_found for optional env and docker-compose.override files so roles can provide either a template or a static file without noisy 'Could not find or access' failures.

- sys-stk-front-proxy: remove front_proxy_domain_conf_src and switch nginx vhost rendering to with_first_found over app-specific proxy.conf.j2 and the generic roles/sys-svc-proxy vhost flavour; keep health-check and handler logic unchanged.

- web-app-nextcloud: migrate to sys-stk-full-stateful (front proxy + DB + docker), move internal nginx config to docker.conf.j2 under the volume path, and rename host.conf.j2 to proxy.conf.j2 for the external vhost.

- web-app-magento: rename nginx.conf.j2 to docker.conf.j2 and update the runtime template task accordingly to make the intent (internal nginx) explicit.

- web-app-matrix: rename nginx.conf.j2 to synapse.conf.j2 and adjust the webserver task to use the new template name for the synapse vhost.

- web-app-bridgy-fed & web-app-flowise: pass domain and http_port explicitly when including sys-stk-front-proxy so the front stack has all required context.

- web-svc-cdn/file/html: replace direct sys-stk-front-base + sys-util-csp-cert + nginx.conf.j2 handling with sys-stk-front-proxy and proxy.conf.j2, relying on the shared front-stack for TLS/CSP/vHost wiring.

- web-svc-collabora: drop the direct nginx.conf.j2 vhost generation and rename it to proxy.conf.j2 so it is picked up by sys-stk-front-proxy like other services.

- web-opt-rdr-domains: rename redirect.domain.nginx.conf.j2 to redirect-domain.conf.j2 and adjust the task for clearer and more consistent naming.

Context: see ChatGPT refactor discussion on 2025-11-30 (proxy unification, Collabora/Nextcloud/CDN stacks, CSP/header handling): https://chatgpt.com/share/692c64ea-a488-800f-ad42-7f7692a3742f
2025-11-30 16:38:39 +01:00
..
defaults
Restructured Front Proxy variables
2025-09-26 18:43:09 +02:00
meta
tasks
refactor: centralize web front proxy and internal nginx configs
2025-11-30 16:38:39 +01:00
vars
README.md

README.md

Nginx Domain Setup 🚀

Description

This role bootstraps per-domain Nginx configuration: it requests TLS certificates, applies global modifiers, deploys a ready-made vHost file, and can optionally lock down access via OAuth2.

Overview

A higher-level orchestration wrapper, sys-stk-front-proxy ties together several lower-level roles:

  1. sys-front-inj-all applies global tweaks and includes.
  2. sys-svc-certs obtains Lets Encrypt certificates.
  3. Domain template deployment copies a Jinja2 vHost from sys-svc-proxy.
  4. web-app-oauth2-proxy (optional) protects the site with OAuth2.

The result is a complete, reproducible domain rollout in a single playbook task.

Purpose

Provide one-stop, idempotent domain provisioning for Nginx-based homelabs or small production environments.

Features

  • End-to-end TLS — certificate retrieval and secure headers included.
  • Template-driven vHosts — choose basic or ws_generic flavours (or your own).
  • Conditional OAuth2 — easily toggle authentication per application.
  • Handler-safe — automatically triggers an Nginx reload when templates change.
  • Composable — designed to be called repeatedly for many domains.

Credits 📝

Developed and maintained by Kevin Veen-Birkenbach.
Learn more at https://www.veen.world

Part of the Infinito.Nexus Project — licensed under the Infinito.Nexus NonCommercial License

Reference in New Issue View Git Blame Copy Permalink