mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-12-07 18:05:09 +00:00
Kevin Veen-Birkenbach
986f959696
Refactor proxy/webserver configuration variables to a consistent webserver_* naming scheme across roles. Replace legacy variables like proxy_extra_configuration, client_max_body_size, vhost_flavour, location_ws and ws_port with webserver_extra_configuration, webserver_client_max_body_size, webserver_vhost_flavour, webserver_websocket_location and webserver_websocket_port. Update NGINX vhost and location templates (html, upload, ws, basic, ws_generic) as well as callers (sys-front-inj-all, sys-stk-front-proxy, various web-app-* and web-svc-* roles) to use the new naming. Tighten docker-compose Git repository handling by making docker_git_repository_pull depend on docker_git_repository_address being defined, a string and non-empty. This avoids accidental Git operations when the repository address is unset or of the wrong type. Refactor the BigBlueButton role structure and fix deployment bugs: introduce 01_core.yml to orchestrate docker/proxy setup, database seeding, websocket map deployment, docker-compose overrides and admin/bootstrap logic in a single once-executed entrypoint. Rename supporting task files (02_docker-compose.yml, 03_administrator.yml, 04_dependencies.yml) and update tasks/main.yml to delegate via include_tasks with run_once_web_app_bigbluebutton. Improve Greenlight admin creation behavior by treating the 'Email has already been taken' error as a non-fatal, unchanged outcome and running user:set_admin_role as a fallback, both for the primary password and the OIDC starred-password path. Also standardize vhost flavour selection for services like Mailu, Discourse, CDN, Collabora, Coturn, OnlyOffice, Simpleicons and web-svc-logout by explicitly passing webserver_vhost_flavour where needed and aligning client_max_body_size and websocket configuration with the new webserver_* variables. Reference: ChatGPT conversation https://chatgpt.com/share/6931c530-bba8-800f-9997-dd61dc1d497b
63 lines
1.8 KiB
Django/Jinja
63 lines
1.8 KiB
Django/Jinja
server {
|
|
server_name {{ domain }};
|
|
|
|
{% include 'roles/sys-svc-letsencrypt/templates/ssl_header.j2' %}
|
|
|
|
{% include 'roles/sys-front-inj-all/templates/server.conf.j2'%}
|
|
|
|
{% include 'roles/sys-svc-proxy/templates/headers/content_security_policy.conf.j2' %}
|
|
|
|
{% include 'roles/sys-svc-proxy/templates/headers/access_control_allow.conf.j2' %}
|
|
|
|
##
|
|
# Application
|
|
##
|
|
|
|
{% set location = "@html" %}
|
|
{% include 'roles/sys-svc-proxy/templates/location/html.conf.j2' %}
|
|
|
|
location / {
|
|
try_files /dev/null {{ location }};
|
|
}
|
|
|
|
location = /api/v1/videos/upload-resumable {
|
|
client_max_body_size 0;
|
|
proxy_request_buffering off;
|
|
|
|
try_files /dev/null {{ location }};
|
|
}
|
|
|
|
location ~ ^/api/v1/videos/(upload|([^/]+/studio/edit))$ {
|
|
limit_except POST HEAD { deny all; }
|
|
client_max_body_size 12G; # default is 1M
|
|
add_header X-File-Maximum-Size 8G always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
|
|
|
|
try_files /dev/null {{ location }};
|
|
}
|
|
|
|
location ~ ^/api/v1/(videos|video-playlists|video-channels|users/me) {
|
|
client_max_body_size 6M; # default is 1M
|
|
add_header X-File-Maximum-Size 4M always; # inform backend of the set value in bytes before mime-encoding (x * 1.4 >= client_max_body_size)
|
|
|
|
try_files /dev/null {{ location }};
|
|
}
|
|
|
|
##
|
|
# Websocket
|
|
##
|
|
|
|
{% set webserver_websocket_location = "@websocket" %}
|
|
{% include 'roles/sys-svc-proxy/templates/location/ws.conf.j2' %}
|
|
|
|
location /socket.io {
|
|
try_files /dev/null {{ webserver_websocket_location }};
|
|
}
|
|
|
|
location /tracker/socket {
|
|
# Peers send a message to the tracker every 15 minutes
|
|
# Don't close the websocket before then
|
|
proxy_read_timeout 15m; # default is 60s
|
|
|
|
try_files /dev/null {{ webserver_websocket_location }};
|
|
}
|
|
} |