Configure SSL passthrough
This commit is contained in:
parent
dbb294679c
commit
a6b2bfa467
@ -1 +0,0 @@
|
|||||||
../../rproxy/files/config
|
|
@ -13,7 +13,7 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 127.0.0.1:443 ssl;
|
||||||
server_name archive.music.wojciechkozlowski.eu;
|
server_name archive.music.wojciechkozlowski.eu;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/archive.music.wojciechkozlowski.eu/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/archive.music.wojciechkozlowski.eu/fullchain.pem;
|
@ -13,7 +13,7 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 127.0.0.1:443 ssl;
|
||||||
server_name cloud.wojciechkozlowski.eu;
|
server_name cloud.wojciechkozlowski.eu;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/cloud.wojciechkozlowski.eu/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/cloud.wojciechkozlowski.eu/fullchain.pem;
|
@ -13,7 +13,7 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 127.0.0.1:443 ssl;
|
||||||
server_name git.wojciechkozlowski.eu;
|
server_name git.wojciechkozlowski.eu;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/git.wojciechkozlowski.eu/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/git.wojciechkozlowski.eu/fullchain.pem;
|
@ -13,7 +13,7 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 127.0.0.1:443 ssl;
|
||||||
server_name music.wojciechkozlowski.eu;
|
server_name music.wojciechkozlowski.eu;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/music.wojciechkozlowski.eu/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/music.wojciechkozlowski.eu/fullchain.pem;
|
@ -13,7 +13,7 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 127.0.0.1:443 ssl;
|
||||||
server_name notes.wojciechkozlowski.eu;
|
server_name notes.wojciechkozlowski.eu;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/notes.wojciechkozlowski.eu/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/notes.wojciechkozlowski.eu/fullchain.pem;
|
1
playbooks/roles/services/deploy/lrproxy/files/config/nginx.conf
Symbolic link
1
playbooks/roles/services/deploy/lrproxy/files/config/nginx.conf
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../../../rproxy/files/config/nginx.conf
|
@ -0,0 +1,22 @@
|
|||||||
|
stream {
|
||||||
|
|
||||||
|
map $ssl_preread_server_name $name {
|
||||||
|
wojciechkozlowski.eu rproxy;
|
||||||
|
www.wojciechkozlowski.eu rproxy;
|
||||||
|
default lrproxy;
|
||||||
|
}
|
||||||
|
|
||||||
|
upstream rproxy {
|
||||||
|
server pod-rproxy:443;
|
||||||
|
}
|
||||||
|
|
||||||
|
upstream lrproxy {
|
||||||
|
server 127.0.0.1:443;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen pod-lrproxy:443;
|
||||||
|
proxy_pass $name;
|
||||||
|
ssl_preread on;
|
||||||
|
}
|
||||||
|
}
|
@ -27,7 +27,14 @@
|
|||||||
src: "./config/{{ item }}"
|
src: "./config/{{ item }}"
|
||||||
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}"
|
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
loop: "{{ services_rproxy_nginx_conf_d_files }}"
|
loop:
|
||||||
|
- "nginx.conf"
|
||||||
|
- "stream.conf"
|
||||||
|
- "nginx-conf.d/archive.music.wojciechkozlowski.eu.conf"
|
||||||
|
- "nginx-conf.d/cloud.wojciechkozlowski.eu.conf"
|
||||||
|
- "nginx-conf.d/git.wojciechkozlowski.eu.conf"
|
||||||
|
- "nginx-conf.d/music.wojciechkozlowski.eu.conf"
|
||||||
|
- "nginx-conf.d/notes.wojciechkozlowski.eu.conf"
|
||||||
register: services_deploy_lrproxy_config_files
|
register: services_deploy_lrproxy_config_files
|
||||||
|
|
||||||
- name: "configure systemd service"
|
- name: "configure systemd service"
|
||||||
@ -38,6 +45,8 @@
|
|||||||
loop:
|
loop:
|
||||||
- "pod-lrproxy.service"
|
- "pod-lrproxy.service"
|
||||||
- "container-lrproxy-nginx.service"
|
- "container-lrproxy-nginx.service"
|
||||||
|
- "container-lrproxy-certbot.service"
|
||||||
|
- "container-lrproxy-certbot.timer"
|
||||||
register: services_deploy_lrproxy_systemd_files
|
register: services_deploy_lrproxy_systemd_files
|
||||||
|
|
||||||
- name: "systemd user daemon reload"
|
- name: "systemd user daemon reload"
|
||||||
@ -47,6 +56,13 @@
|
|||||||
when:
|
when:
|
||||||
services_deploy_lrproxy_systemd_files.changed
|
services_deploy_lrproxy_systemd_files.changed
|
||||||
|
|
||||||
|
- name: "enable container-lrproxy-certbot timer"
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: "container-lrproxy-certbot.timer"
|
||||||
|
enabled: true
|
||||||
|
scope: "user"
|
||||||
|
register: services_deploy_lrproxy_certbot_timer
|
||||||
|
|
||||||
- name: "generate diffie hellman ephemeral parameters"
|
- name: "generate diffie hellman ephemeral parameters"
|
||||||
ansible.builtin.command: >-
|
ansible.builtin.command: >-
|
||||||
openssl dhparam
|
openssl dhparam
|
||||||
@ -57,65 +73,6 @@
|
|||||||
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
|
{{ services_service_user_home }}/.config/{{ services_service_user_name }}/dhparam.pem"
|
||||||
register: services_deploy_lrproxy_dhparam
|
register: services_deploy_lrproxy_dhparam
|
||||||
|
|
||||||
- block:
|
|
||||||
|
|
||||||
- name: "configure rsync-certificates service"
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: "./systemd/{{ item }}"
|
|
||||||
dest: "{{ services_service_user_home }}/.config/systemd/user/{{ item }}"
|
|
||||||
mode: 0600
|
|
||||||
loop:
|
|
||||||
- "rsync-certificates.service"
|
|
||||||
- "rsync-certificates.timer"
|
|
||||||
register: services_deploy_lrproxy_rsync_certificates_files
|
|
||||||
|
|
||||||
- name: "systemd user daemon reload"
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
daemon_reload: true
|
|
||||||
scope: "user"
|
|
||||||
when:
|
|
||||||
services_deploy_lrproxy_rsync_certificates_files.changed
|
|
||||||
|
|
||||||
- name: "enable rsync-certificates timer"
|
|
||||||
ansible.builtin.systemd:
|
|
||||||
name: "rsync-certificates.timer"
|
|
||||||
enabled: true
|
|
||||||
scope: "user"
|
|
||||||
register: services_deploy_lrproxy_rsync_certificates_timer
|
|
||||||
|
|
||||||
- name: "create the .ssh directory"
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ services_service_user_home }}/.ssh"
|
|
||||||
state: "directory"
|
|
||||||
mode: 0700
|
|
||||||
|
|
||||||
- name: "generate ssh keypair for rsync"
|
|
||||||
community.crypto.openssh_keypair:
|
|
||||||
path: "\
|
|
||||||
{{ services_service_user_home }}/.ssh/\
|
|
||||||
{{ services_host_services.lrproxy.rproxy_host }}-\
|
|
||||||
{{ services_host_services.lrproxy.rproxy_user }}"
|
|
||||||
type: "ed25519"
|
|
||||||
register: services_deploy_lrproxy_keypair
|
|
||||||
|
|
||||||
- name: "configure public key on {{ services_host_services.lrproxy.rproxy_host }}"
|
|
||||||
ignore_unreachable: "{{ services_deploy_lrproxy_ignore_unreachable_rproxy }}"
|
|
||||||
delegate_to: "{{ services_host_services.lrproxy.rproxy_host }}"
|
|
||||||
become_user: "{{ services_host_services.lrproxy.rproxy_user }}"
|
|
||||||
ansible.posix.authorized_key:
|
|
||||||
user: "{{ services_host_services.lrproxy.rproxy_user }}"
|
|
||||||
state: "present"
|
|
||||||
key: "{{ services_deploy_lrproxy_keypair.public_key }}"
|
|
||||||
key_options: "\
|
|
||||||
command=\"rsync --server --sender -avz . \
|
|
||||||
{{ hostvars[services_host_services.lrproxy.rproxy_host].services_data_directory }}/\
|
|
||||||
{{ services_host_services.lrproxy.rproxy_user }}/etc-letsencrypt/\
|
|
||||||
\",from=\"{{ vpn_wireguard_address }}\",\
|
|
||||||
no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding"
|
|
||||||
|
|
||||||
when:
|
|
||||||
services_host_services.lrproxy.rproxy_host is defined
|
|
||||||
|
|
||||||
- name: "get uid"
|
- name: "get uid"
|
||||||
ansible.builtin.getent:
|
ansible.builtin.getent:
|
||||||
database: "passwd"
|
database: "passwd"
|
||||||
@ -138,10 +95,8 @@
|
|||||||
when:
|
when:
|
||||||
(services_deploy_lrproxy_config_files.changed or
|
(services_deploy_lrproxy_config_files.changed or
|
||||||
services_deploy_lrproxy_systemd_files.changed or
|
services_deploy_lrproxy_systemd_files.changed or
|
||||||
services_deploy_lrproxy_rsync_certificates_files.changed or
|
services_deploy_lrproxy_certbot_timer.changed or
|
||||||
services_deploy_lrproxy_rsync_certificates_timer.changed or
|
services_deploy_lrproxy_dhparam.changed) and
|
||||||
services_deploy_lrproxy_dhparam.changed or
|
|
||||||
services_deploy_lrproxy_keypair.changed) and
|
|
||||||
services_deploy_lrproxy_service_active_state.stdout == "active"
|
services_deploy_lrproxy_service_active_state.stdout == "active"
|
||||||
|
|
||||||
become_user: "{{ services_service_user_name }}"
|
become_user: "{{ services_service_user_name }}"
|
||||||
|
@ -0,0 +1,24 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Podman container-lrproxy-certbot.service
|
||||||
|
Documentation=man:podman-generate-systemd(1)
|
||||||
|
OnFailure=status-mail@%n.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
|
TimeoutStopSec=70
|
||||||
|
ExecStartPre=/bin/rm -f %t/container-lrproxy-certbot.pid %t/container-lrproxy-certbot.ctr-id
|
||||||
|
ExecStartPre=/usr/bin/podman pull docker.io/certbot/certbot
|
||||||
|
ExecStart=/usr/bin/podman run \
|
||||||
|
--conmon-pidfile %t/container-lrproxy-certbot.pid \
|
||||||
|
--cidfile %t/container-lrproxy-certbot.ctr-id \
|
||||||
|
--cgroups=no-conmon \
|
||||||
|
--pod-id-file %t/pod-lrproxy.pod-id \
|
||||||
|
--replace \
|
||||||
|
-v /etc/resolv.conf:/etc/resolv.conf:ro \
|
||||||
|
-v {{ services_data_directory }}/pod-lrproxy/etc-letsencrypt/_data:/etc/letsencrypt \
|
||||||
|
-v var-lib-letsencrypt:/var/lib/letsencrypt \
|
||||||
|
-v var-www-html:/var/www/html \
|
||||||
|
--name=pod-lrproxy-certbot \
|
||||||
|
docker.io/certbot/certbot --non-interactive renew
|
||||||
|
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/container-lrproxy-certbot.ctr-id
|
||||||
|
Type=oneshot
|
@ -1,12 +1,12 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=Rsync certificates obtained by certbot
|
Description=Renew certificates with certbot
|
||||||
Documentation=man:rsync(1)
|
Documentation=man:certbot(1)
|
||||||
BindsTo=pod-lrproxy.service
|
BindsTo=pod-lrproxy.service
|
||||||
After=pod-lrproxy.service
|
After=pod-lrproxy.service
|
||||||
DefaultDependencies=no
|
DefaultDependencies=no
|
||||||
|
|
||||||
[Timer]
|
[Timer]
|
||||||
OnCalendar=Fri *-*-* 18:00:00
|
OnCalendar=Fri *-*-* 06:00:00
|
||||||
Persistent=true
|
Persistent=true
|
||||||
RandomizedDelaySec=1h
|
RandomizedDelaySec=1h
|
||||||
|
|
@ -23,9 +23,12 @@ ExecStart=/usr/bin/podman run \
|
|||||||
{{ services_rproxy_nginx_add_hosts }} \
|
{{ services_rproxy_nginx_add_hosts }} \
|
||||||
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
-v {{ services_root_directory }}/{{ services_resolv_host }}-resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro \
|
-v ./.config/pod-lrproxy/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||||
|
-v ./.config/pod-lrproxy/stream.conf:/etc/nginx/stream.conf:ro \
|
||||||
-v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro \
|
-v ./.config/pod-lrproxy/nginx-conf.d:/etc/nginx/conf.d:ro \
|
||||||
-v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
|
-v ./.config/pod-lrproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
|
||||||
-v {{ services_data_directory }}/pod-lrproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \
|
-v {{ services_data_directory }}/pod-lrproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \
|
||||||
|
-v var-lib-letsencrypt:/var/lib/letsencrypt:ro \
|
||||||
|
-v var-www-html:/var/www/html \
|
||||||
--name=pod-lrproxy-nginx \
|
--name=pod-lrproxy-nginx \
|
||||||
docker.io/library/nginx:{{ services_deploy_versions.lrproxy.nginx }}
|
docker.io/library/nginx:{{ services_deploy_versions.lrproxy.nginx }}
|
||||||
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10
|
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/container-lrproxy-nginx.ctr-id -t 10
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=Podman rsync-certificates.service
|
|
||||||
Documentation=man:rsync(1)
|
|
||||||
OnFailure=status-mail@%n.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
ExecStart=/usr/bin/rsync -e 'ssh -i .ssh/{{ services_host_services.lrproxy.rproxy_host }}-{{ services_host_services.lrproxy.rproxy_user }} -l {{ services_host_services.lrproxy.rproxy_user }}' \
|
|
||||||
-avz \
|
|
||||||
--delete \
|
|
||||||
{{ hostvars[services_host_services.lrproxy.rproxy_host].vpn_wireguard_address }}:{{ hostvars[services_host_services.lrproxy.rproxy_host].services_data_directory }}/{{ services_host_services.lrproxy.rproxy_user }}/etc-letsencrypt/ \
|
|
||||||
{{ services_data_directory }}/pod-lrproxy/etc-letsencrypt
|
|
@ -0,0 +1,11 @@
|
|||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name _;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass http://pod-lrproxy;
|
||||||
|
}
|
||||||
|
}
|
@ -1,6 +1,6 @@
|
|||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
server_name wojciechkozlowski.eu www.wojciechkozlowski.eu;
|
server_name wojciechkozlowski.eu;
|
||||||
|
|
||||||
location ^~ /.well-known {
|
location ^~ /.well-known {
|
||||||
allow all;
|
allow all;
|
||||||
@ -13,7 +13,7 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 127.0.0.1:443 ssl;
|
||||||
server_name wojciechkozlowski.eu;
|
server_name wojciechkozlowski.eu;
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/wojciechkozlowski.eu/fullchain.pem;
|
ssl_certificate /etc/letsencrypt/live/wojciechkozlowski.eu/fullchain.pem;
|
||||||
@ -33,25 +33,3 @@ server {
|
|||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
server_name www.wojciechkozlowski.eu;
|
|
||||||
|
|
||||||
ssl_certificate /etc/letsencrypt/live/www.wojciechkozlowski.eu/fullchain.pem;
|
|
||||||
ssl_certificate_key /etc/letsencrypt/live/www.wojciechkozlowski.eu/privkey.pem;
|
|
||||||
ssl_trusted_certificate /etc/letsencrypt/live/www.wojciechkozlowski.eu/chain.pem;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://pod-www;
|
|
||||||
}
|
|
||||||
|
|
||||||
error_page 500 502 503 504 /50x.html;
|
|
||||||
location = /50x.html {
|
|
||||||
root /usr/share/nginx/html;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
@ -0,0 +1,35 @@
|
|||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name www.wojciechkozlowski.eu;
|
||||||
|
|
||||||
|
location ^~ /.well-known {
|
||||||
|
allow all;
|
||||||
|
root /var/www/html;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
return 301 https://$server_name$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 127.0.0.1:443 ssl;
|
||||||
|
server_name www.wojciechkozlowski.eu;
|
||||||
|
|
||||||
|
ssl_certificate /etc/letsencrypt/live/www.wojciechkozlowski.eu/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/www.wojciechkozlowski.eu/privkey.pem;
|
||||||
|
ssl_trusted_certificate /etc/letsencrypt/live/www.wojciechkozlowski.eu/chain.pem;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass http://pod-www;
|
||||||
|
}
|
||||||
|
|
||||||
|
error_page 500 502 503 504 /50x.html;
|
||||||
|
location = /50x.html {
|
||||||
|
root /usr/share/nginx/html;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -55,3 +55,5 @@ http {
|
|||||||
|
|
||||||
include /etc/nginx/conf.d/*.conf;
|
include /etc/nginx/conf.d/*.conf;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
include /etc/nginx/stream.conf;
|
||||||
|
@ -0,0 +1,22 @@
|
|||||||
|
stream {
|
||||||
|
|
||||||
|
map $ssl_preread_server_name $name {
|
||||||
|
wojciechkozlowski.eu rproxy;
|
||||||
|
www.wojciechkozlowski.eu rproxy;
|
||||||
|
default lrproxy;
|
||||||
|
}
|
||||||
|
|
||||||
|
upstream rproxy {
|
||||||
|
server 127.0.0.1:443;
|
||||||
|
}
|
||||||
|
|
||||||
|
upstream lrproxy {
|
||||||
|
server pod-lrproxy:443;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen pod-rproxy:443;
|
||||||
|
proxy_pass $name;
|
||||||
|
ssl_preread on;
|
||||||
|
}
|
||||||
|
}
|
@ -27,7 +27,12 @@
|
|||||||
src: "./config/{{ item }}"
|
src: "./config/{{ item }}"
|
||||||
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}"
|
dest: "{{ services_service_user_home }}/.config/{{ services_service_user_name }}/{{ item }}"
|
||||||
mode: 0644
|
mode: 0644
|
||||||
loop: "{{ services_rproxy_nginx_conf_d_files }}"
|
loop:
|
||||||
|
- "nginx.conf"
|
||||||
|
- "stream.conf"
|
||||||
|
- "nginx-conf.d/http-default.conf"
|
||||||
|
- "nginx-conf.d/wojciechkozlowski.eu.conf"
|
||||||
|
- "nginx-conf.d/www.wojciechkozlowski.eu.conf"
|
||||||
register: services_deploy_rproxy_config_files
|
register: services_deploy_rproxy_config_files
|
||||||
|
|
||||||
- name: "configure systemd service"
|
- name: "configure systemd service"
|
||||||
|
@ -23,6 +23,7 @@ ExecStart=/usr/bin/podman run \
|
|||||||
{{ services_rproxy_nginx_add_hosts }} \
|
{{ services_rproxy_nginx_add_hosts }} \
|
||||||
-v /etc/resolv.conf:/etc/resolv.conf:ro \
|
-v /etc/resolv.conf:/etc/resolv.conf:ro \
|
||||||
-v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro \
|
-v ./.config/pod-rproxy/nginx.conf:/etc/nginx/nginx.conf:ro \
|
||||||
|
-v ./.config/pod-rproxy/stream.conf:/etc/nginx/stream.conf:ro \
|
||||||
-v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro \
|
-v ./.config/pod-rproxy/nginx-conf.d:/etc/nginx/conf.d:ro \
|
||||||
-v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
|
-v ./.config/pod-rproxy/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro \
|
||||||
-v {{ services_data_directory }}/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \
|
-v {{ services_data_directory }}/pod-rproxy/etc-letsencrypt/_data:/etc/letsencrypt:ro \
|
||||||
|
@ -5,11 +5,3 @@ services_rproxy_nginx_add_hosts: "\
|
|||||||
{{ add_host_list.append('--add-host=pod-' ~ service.key ~ ':' ~ service.value.address) }}\
|
{{ add_host_list.append('--add-host=pod-' ~ service.key ~ ':' ~ service.value.address) }}\
|
||||||
{% endfor %}\
|
{% endfor %}\
|
||||||
{{ add_host_list | join(' ') }}"
|
{{ add_host_list | join(' ') }}"
|
||||||
services_rproxy_nginx_conf_d_files:
|
|
||||||
- "nginx.conf"
|
|
||||||
- "nginx-conf.d/archive.music.wojciechkozlowski.eu.conf"
|
|
||||||
- "nginx-conf.d/cloud.wojciechkozlowski.eu.conf"
|
|
||||||
- "nginx-conf.d/git.wojciechkozlowski.eu.conf"
|
|
||||||
- "nginx-conf.d/music.wojciechkozlowski.eu.conf"
|
|
||||||
- "nginx-conf.d/notes.wojciechkozlowski.eu.conf"
|
|
||||||
- "nginx-conf.d/wojciechkozlowski.eu.conf"
|
|
||||||
|
Loading…
Reference in New Issue
Block a user