aboutsummaryrefslogtreecommitdiff
path: root/roles/nginx_reverse_proxy
diff options
context:
space:
mode:
Diffstat (limited to 'roles/nginx_reverse_proxy')
-rw-r--r--roles/nginx_reverse_proxy/Readme.md12
-rw-r--r--roles/nginx_reverse_proxy/defaults/main.yml6
-rw-r--r--roles/nginx_reverse_proxy/handlers/main.yml7
-rw-r--r--roles/nginx_reverse_proxy/tasks/main.yml21
-rw-r--r--roles/nginx_reverse_proxy/templates/nginx.conf.j212
5 files changed, 58 insertions, 0 deletions
diff --git a/roles/nginx_reverse_proxy/Readme.md b/roles/nginx_reverse_proxy/Readme.md
new file mode 100644
index 0000000..8c3c735
--- /dev/null
+++ b/roles/nginx_reverse_proxy/Readme.md
@@ -0,0 +1,12 @@
+# nginx_reverse_proxy
+
+Small reverse proxy for local HTTPS proxieing.
+
+```yml
+---
+nginx_reverse_proxy:
+ cert: '/etc/ssl/certs/{{ ansible_facts.fqdn }}.pem'
+ key: '/etc/ssl/private/{{ ansible_facts.fqdn }}.key'
+ proxy_address: 'http://localhost:8080'
+ server_name: '{{ ansible_facts.fqdn }}'
+```
diff --git a/roles/nginx_reverse_proxy/defaults/main.yml b/roles/nginx_reverse_proxy/defaults/main.yml
new file mode 100644
index 0000000..ffe53ab
--- /dev/null
+++ b/roles/nginx_reverse_proxy/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+nginx_reverse_proxy:
+ cert: '/etc/ssl/certs/{{ ansible_facts.fqdn }}.pem'
+ key: '/etc/ssl/private/{{ ansible_facts.fqdn }}.key'
+ proxy_address: 'http://localhost:8080'
+ server_name: '{{ ansible_facts.fqdn }}'
diff --git a/roles/nginx_reverse_proxy/handlers/main.yml b/roles/nginx_reverse_proxy/handlers/main.yml
new file mode 100644
index 0000000..eb42f9a
--- /dev/null
+++ b/roles/nginx_reverse_proxy/handlers/main.yml
@@ -0,0 +1,7 @@
+---
+- name: restart nginx
+ systemd:
+ name: nginx
+ enabled: yes
+ state: restarted
+ become: yes
diff --git a/roles/nginx_reverse_proxy/tasks/main.yml b/roles/nginx_reverse_proxy/tasks/main.yml
new file mode 100644
index 0000000..975bf71
--- /dev/null
+++ b/roles/nginx_reverse_proxy/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+- name: Install packages
+ apt:
+ name:
+ - nginx
+ become: yes
+
+- name: Check for changed cert
+ command: /bin/true
+ when:
+ - '{{ cert_changed | default(False) }}'
+ notify:
+ - Restart nginx
+
+- name: Install nginx config
+ template:
+ src: nginx.conf.j2
+ dest: /etc/nginx/sites-available/default
+ become: yes
+ notify:
+ - restart nginx
diff --git a/roles/nginx_reverse_proxy/templates/nginx.conf.j2 b/roles/nginx_reverse_proxy/templates/nginx.conf.j2
new file mode 100644
index 0000000..4c8ed3a
--- /dev/null
+++ b/roles/nginx_reverse_proxy/templates/nginx.conf.j2
@@ -0,0 +1,12 @@
+# vi: ft=nginx
+server {
+ listen 443 ssl;
+ server_name {{ nginx_reverse_proxy.server_name }} ;
+
+ ssl_certificate {{ nginx_reverse_proxy.cert }};
+ ssl_certificate_key {{ nginx_reverse_proxy.key }};
+
+ location / {
+ proxy_pass {{ nginx_reverse_proxy.proxy_address }};
+ }
+}