kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-07 01:46:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
eca7ffea3613c6b012f4194fdaf1a6dc1b630b0f
computer-playbook/roles/sys-svc-proxy
History
Kevin Veen-Birkenbach 986f959696 Refactor webserver proxy variables and fix BigBlueButton deployment behavior 
Refactor proxy/webserver configuration variables to a consistent webserver_* naming scheme across roles. Replace legacy variables like proxy_extra_configuration, client_max_body_size, vhost_flavour, location_ws and ws_port with webserver_extra_configuration, webserver_client_max_body_size, webserver_vhost_flavour, webserver_websocket_location and webserver_websocket_port. Update NGINX vhost and location templates (html, upload, ws, basic, ws_generic) as well as callers (sys-front-inj-all, sys-stk-front-proxy, various web-app-* and web-svc-* roles) to use the new naming.

Tighten docker-compose Git repository handling by making docker_git_repository_pull depend on docker_git_repository_address being defined, a string and non-empty. This avoids accidental Git operations when the repository address is unset or of the wrong type.

Refactor the BigBlueButton role structure and fix deployment bugs: introduce 01_core.yml to orchestrate docker/proxy setup, database seeding, websocket map deployment, docker-compose overrides and admin/bootstrap logic in a single once-executed entrypoint. Rename supporting task files (02_docker-compose.yml, 03_administrator.yml, 04_dependencies.yml) and update tasks/main.yml to delegate via include_tasks with run_once_web_app_bigbluebutton. Improve Greenlight admin creation behavior by treating the 'Email has already been taken' error as a non-fatal, unchanged outcome and running user:set_admin_role as a fallback, both for the primary password and the OIDC starred-password path.

Also standardize vhost flavour selection for services like Mailu, Discourse, CDN, Collabora, Coturn, OnlyOffice, Simpleicons and web-svc-logout by explicitly passing webserver_vhost_flavour where needed and aligning client_max_body_size and websocket configuration with the new webserver_* variables.

Reference: ChatGPT conversation https://chatgpt.com/share/6931c530-bba8-800f-9997-dd61dc1d497b
2025-12-04 18:31:09 +01:00
..
meta
templates
Refactor webserver proxy variables and fix BigBlueButton deployment behavior
2025-12-04 18:31:09 +01:00
README.md
TODO.md

README.md

Nginx Docker Reverse Proxy 🚀

Description

This Ansible role deploys Nginx as a high-performance reverse proxy in front of Docker-hosted services.
It provides automatic TLS integration, WebSocket support, and a flexible templating system for per-application configuration.

Overview

Optimised for Arch Linux, the role installs Nginx, prepares opinionated configuration snippets and exposes a simple interface for other roles to drop in new virtual-hosts.
It plays well with Lets Encrypt, OAuth2 Proxy, and your existing Docker stack.

Purpose

The goal of this role is to deliver a hassle-free, production-ready reverse proxy for self-hosted containers, suitable for homelabs and small-scale production workloads.

Features

  • Automatic TLS & HSTS — integrates with the sys-svc-webserver-https role for certificate management.
  • Flexible vHost templatesbasic and ws_generic flavours cover standard HTTP and WebSocket applications.
  • Security headers — sensible defaults plus optional X-Frame-Options / CSP based on application settings.
  • WebSocket & HTTP/2 aware — upgrades, keep-alive tuning, and gzip already configured.
  • OAuth2 gating — drop-in support when web-app-oauth2-proxy is present.
  • Modular includes — headers, locations, and global snippets are factored for easy extension.

Credits 📝

Developed and maintained by Kevin Veen-Birkenbach.
More at https://www.veen.world

Part of the Infinito.Nexus Project — licensed under the Infinito.Nexus NonCommercial License

Reference in New Issue View Git Blame Copy Permalink