mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-04-28 18:30:24 +02:00
32 lines
1.6 KiB
Markdown
32 lines
1.6 KiB
Markdown
# Nginx Docker Reverse Proxy 🚀
|
||
|
||
## Description
|
||
|
||
This Ansible role deploys **Nginx** as a high-performance [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) in front of Docker-hosted services.
|
||
It provides automatic TLS integration, WebSocket support, and a flexible templating system for per-application configuration.
|
||
|
||
## Overview
|
||
|
||
Optimised for Arch Linux, the role installs Nginx, prepares opinionated configuration snippets and exposes a simple interface for other roles to drop in new virtual-hosts.
|
||
It plays well with **Let’s Encrypt**, **OAuth2 Proxy**, and your existing Docker stack.
|
||
|
||
## Purpose
|
||
|
||
The goal of this role is to deliver a **hassle-free, production-ready reverse proxy** for self-hosted containers, suitable for homelabs and small-scale production workloads.
|
||
|
||
## Features
|
||
|
||
- **Automatic TLS & HSTS** — integrates with the *nginx-https* role for certificate management.
|
||
- **Flexible vHost templates** — *basic* and *ws_generic* flavours cover standard HTTP and WebSocket applications.
|
||
- **Security headers** — sensible defaults plus optional X-Frame-Options / CSP based on application settings.
|
||
- **WebSocket & HTTP/2 aware** — upgrades, keep-alive tuning, and gzip already configured.
|
||
- **OAuth2 gating** — drop-in support when *docker-oauth2-proxy* is present.
|
||
- **Modular includes** — headers, locations, and global snippets are factored for easy extension.
|
||
|
||
## Credits 📝
|
||
|
||
Developed and maintained by **Kevin Veen-Birkenbach**.
|
||
More at <https://www.veen.world>
|
||
|
||
Part of the **CyMaIS Project** — licensed under the [CyMaIS NonCommercial License (CNCL)](https://s.veen.world/cncl)
|