mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-12-02 15:39:57 +00:00
Kevin Veen-Birkenbach
007963044b
Unify reverse proxy handling across apps via sys-stk-front-proxy and cleanly separate internal docker nginx configs from external vhosts. Changes: - docker-compose: use with_first_found for optional env and docker-compose.override files so roles can provide either a template or a static file without noisy 'Could not find or access' failures. - sys-stk-front-proxy: remove front_proxy_domain_conf_src and switch nginx vhost rendering to with_first_found over app-specific proxy.conf.j2 and the generic roles/sys-svc-proxy vhost flavour; keep health-check and handler logic unchanged. - web-app-nextcloud: migrate to sys-stk-full-stateful (front proxy + DB + docker), move internal nginx config to docker.conf.j2 under the volume path, and rename host.conf.j2 to proxy.conf.j2 for the external vhost. - web-app-magento: rename nginx.conf.j2 to docker.conf.j2 and update the runtime template task accordingly to make the intent (internal nginx) explicit. - web-app-matrix: rename nginx.conf.j2 to synapse.conf.j2 and adjust the webserver task to use the new template name for the synapse vhost. - web-app-bridgy-fed & web-app-flowise: pass domain and http_port explicitly when including sys-stk-front-proxy so the front stack has all required context. - web-svc-cdn/file/html: replace direct sys-stk-front-base + sys-util-csp-cert + nginx.conf.j2 handling with sys-stk-front-proxy and proxy.conf.j2, relying on the shared front-stack for TLS/CSP/vHost wiring. - web-svc-collabora: drop the direct nginx.conf.j2 vhost generation and rename it to proxy.conf.j2 so it is picked up by sys-stk-front-proxy like other services. - web-opt-rdr-domains: rename redirect.domain.nginx.conf.j2 to redirect-domain.conf.j2 and adjust the task for clearer and more consistent naming. Context: see ChatGPT refactor discussion on 2025-11-30 (proxy unification, Collabora/Nextcloud/CDN stacks, CSP/header handling): https://chatgpt.com/share/692c64ea-a488-800f-ad42-7f7692a3742f
Nginx File Server
🔥 Description
The Nginx File Server role sets up a simple and secure static file server using Nginx. It provides an easy way to serve files over HTTPS, including directory listing, .well-known support, and automatic SSL/TLS certificate integration via Let's Encrypt.
📖 Overview
Optimized for Archlinux, this role configures Nginx to act as a lightweight and efficient file server. It ensures that files are served securely, with optional directory browsing enabled, and proper MIME type handling for standard web clients.
Key Features
- HTTPS Secured File Hosting: Automatically retrieves SSL/TLS certificates using Let's Encrypt.
- Autoindex Directory Listing: Displays files and folders in a clean and human-readable format.
- .well-known Support: Fully supports ACME and other
.well-knownpath requirements. - Customizable File Path: Easily adjust the root directory for your files through Ansible variables.
- Local Time Display: Enhances directory listings by showing local timestamps.
🎯 Purpose
The Nginx File Server role is ideal for hosting static files, sharing resources internally or externally, and serving ACME challenges for certificate issuance. It offers a reliable and minimalistic alternative to more complex file-sharing solutions.
🚀 Features
- Automatic SSL/TLS Certificate Management: Integrates with Let's Encrypt for secure access.
- Simple Configuration: Minimal setup with clear, maintainable templates.
- Directory Listings: Enables browsing through served files with human-readable file sizes and timestamps.
- Static Content Hosting: Serve any type of static files (documents, software, media, etc.).
- Well-Known Folder Support: Allows serving validation files and other standardized resources easily.