kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-11-09 14:46:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
493d5bbbda725f1dcfe5c5a9571e93f0fbd58fed
computer-playbook/roles/sys-svc-proxy/templates/location
History
Kevin Veen-Birkenbach 493d5bbbda refactor(web-app-shopware): externalize trusted proxy and host configuration with mounted framework.yaml 
- added new file roles/web-app-shopware/files/framework.yaml defining trusted_proxies and trusted_headers for Symfony
 - mounted framework.yaml into /var/www/html/config/packages/ in docker-compose
 - exposed new role vars SHOPWARE_FRAMEWORK_HOST/DOCKER for mounting path
 - rendered framework.yaml via Ansible copy task with proper permissions
 - adjusted env.j2 to set TRUSTED_PROXIES and TRUSTED_HOSTS dynamically from domains and networks
 - added SHOPWARE_DOMAIN var to vars/main.yml
 - removed inline framework.yaml creation from Dockerfile (now managed via mount)
 - updated proxy template (html.conf.j2) to include X-Forwarded-Ssl header
 - improved init.sh permission handling for shared volumes

See ChatGPT conversation for implementation details and rationale:
https://chatgpt.com/share/690d4fe7-2830-800f-8b6d-b868e7fe0e97
2025-11-07 02:48:49 +01:00
..
html.conf.j2
refactor(web-app-shopware): externalize trusted proxy and host configuration with mounted framework.yaml
2025-11-07 02:48:49 +01:00
media.conf.j2
README.md
TODO.md
upload.conf.j2
ws.conf.j2

README.md

Nginx Location Templates

This directory contains Jinja2 templates for different Nginx location blocks, each designed to proxy and optimize different types of web traffic. These templates are used by the sys-svc-proxy role to modularize and standardize reverse proxy configuration across a wide variety of applications.

Overview of Files

html.conf.j2

  • Purpose:
    Handles "normal" web traffic such as HTML pages, API endpoints, and general HTTP(S) requests.
  • Features:
    • Proxies requests to the backend service.
    • Optionally integrates with OAuth2 proxy for authentication.
    • Sets all necessary proxy headers.
    • Applies a Content Security Policy header.
    • Activates buffering for advanced features such as Lua-based string replacements.
    • Supports WebSocket upgrades for hybrid APIs.

ws.conf.j2

  • Purpose:
    Handles WebSocket connections, enabling real-time features such as live updates or chats.
  • Features:
    • Sets all headers required for WebSocket upgrades.
    • Disables proxy buffering (required for WebSockets).
    • Uses tcp_nodelay for low latency.
    • Proxies traffic to the backend WebSocket server.

media.conf.j2

  • Purpose:
    Proxies and caches static media files (images, icons, etc.).
  • Features:
    • Matches image file extensions (jpg, png, gif, webp, ico, svg, etc.).
    • Enables browser-side and proxy-side caching for efficient delivery.
    • Adds cache control headers and exposes the upstream cache status.

Usage

These templates are intended for inclusion in larger Nginx configuration files via Jinja2.
They modularize your configuration by separating HTML, WebSocket, and media proxying, allowing for clear, reusable, and maintainable reverse proxy logic.

  • Use html.conf.j2 for standard application HTTP/S endpoints.
  • Use ws.conf.j2 for dedicated WebSocket endpoints.
  • Use media.conf.j2 for efficient handling of static media content.

Best Practices

  • Only enable WebSocket proxying (ws.conf.j2) for routes that actually require it, to avoid breaking buffering for standard HTTP.
  • Activate media proxying (media.conf.j2) if your application benefits from image caching at the proxy layer.
  • Keep templates modular for maintainability and scalability as your application grows.