kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-15 08:30:46 +02:00
Code Issues Packages Projects Releases Wiki Activity
computer-playbook/roles/srv-proxy-7-4-core
History
Kevin Veen-Birkenbach 03290eafe1
feat(proxy,bigbluebutton): use parameterized HTML location template & add build retry 
- proxy(html.conf.j2):
  * Make proxy_pass more robust (strip '=', '^~' prefixes; ignore @/~ match locations)
  * Switch WS header to $connection_upgrade
  * Unify timeouts (proxy_connect_timeout 5s)
  * Lua optional: include only when proxy_lua_enabled=true; unset Accept-Encoding only then
  * Buffering via flag: proxy_buffering/proxy_request_buffering 'on' with Lua, otherwise 'off'
- proxy(media.conf.j2): minor formatting/spacing fix
- inj-css(head_sub.j2): consistent spacing for global_css_version
- bigbluebutton(tasks/main.yml):
  * Render HTML location block once before include_role (location='^~ /html5client', OAuth2/Lua disabled)
  * Pass rendered snippet via proxy_extra_configuration to the vHost
  * Cleanup afterwards: proxy_extra_configuration = undef()
- docker-compose(handlers):
  * Build with retry: if 'docker compose build' fails -> retry with '--no-cache --pull'
  * Enable BuildKit (DOCKER_BUILDKIT=1, COMPOSE_DOCKER_CLI_BUILD=1)
- vars: trailing newline / minor formatting

Motivation:
- BBB HTML5 client (^~ /html5client) needs a separate location without Lua/buffering.
- More resilient CI/CD builds via automatic no-cache retry.
- Cleaner headers/proxy defaults and fewer side effects.

Files:
- roles/docker-compose/handlers/main.yml
- roles/srv-proxy-7-4-core/templates/location/html.conf.j2
- roles/srv-proxy-7-4-core/templates/location/media.conf.j2
- roles/srv-web-7-7-inj-css/templates/head_sub.j2
- roles/web-app-bigbluebutton/tasks/main.yml
- roles/web-app-bigbluebutton/vars/main.yml
2025-08-13 06:01:50 +02:00
..
meta
Optimized URLS
2025-08-13 00:33:47 +02:00
tasks
Replaced depenencies by includes for performance reasons
2025-08-12 03:08:33 +02:00
templates
feat(proxy,bigbluebutton): use parameterized HTML location template & add build retry
2025-08-13 06:01:50 +02:00
README.md
Optimized URLS
2025-08-13 00:33:47 +02:00
Todo.md
Renamed server roles by osi they work on
2025-07-10 12:33:46 +02:00

README.md

Nginx Docker Reverse Proxy 🚀

Description

This Ansible role deploys Nginx as a high-performance reverse proxy in front of Docker-hosted services.
It provides automatic TLS integration, WebSocket support, and a flexible templating system for per-application configuration.

Overview

Optimised for Arch Linux, the role installs Nginx, prepares opinionated configuration snippets and exposes a simple interface for other roles to drop in new virtual-hosts.
It plays well with Lets Encrypt, OAuth2 Proxy, and your existing Docker stack.

Purpose

The goal of this role is to deliver a hassle-free, production-ready reverse proxy for self-hosted containers, suitable for homelabs and small-scale production workloads.

Features

  • Automatic TLS & HSTS — integrates with the srv-web-7-6-https role for certificate management.
  • Flexible vHost templatesbasic and ws_generic flavours cover standard HTTP and WebSocket applications.
  • Security headers — sensible defaults plus optional X-Frame-Options / CSP based on application settings.
  • WebSocket & HTTP/2 aware — upgrades, keep-alive tuning, and gzip already configured.
  • OAuth2 gating — drop-in support when web-app-oauth2-proxy is present.
  • Modular includes — headers, locations, and global snippets are factored for easy extension.

Credits 📝

Developed and maintained by Kevin Veen-Birkenbach.
More at https://www.veen.world

Part of the Infinito.Nexus Project — licensed under the Infinito.Nexus NonCommercial License (CNCL)