[nginx] setup nginx

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-05-25 09:48:58 +02:00
parent f9491c6553
commit 8c4684a450
20 changed files with 712 additions and 2 deletions
--- a/group_vars/certbot.yml
+++ b/group_vars/certbot.yml
@ -5,5 +5,4 @@ glob_certbot:
    dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
    mail: ynerant@crans.org
    certname: ynerant.fr
-    # domains: "*.ynerant.fr"
-    domains: "ynerant.fr, *.ynerant.fr, ens.kitchen, *.ens.kitchen, ananas.paris, *.ananas.paris, saperlistpopette.fr, *.saperlistpopette.fr"
+    domains: "*.ynerant.fr"
--- a/group_vars/nginx.yml
+++ b/group_vars/nginx.yml
@ -0,0 +1,32 @@
+---
+glob_nginx:
+  contact: ynerant@crans.org
+  who: "Ÿnérant"
+  service_name: service
+  ssl:
+    # Add adm.ynerant.fr if necessary
+    - name: ynerant.fr
+      cert: /etc/letsencrypt/live/ynerant.fr/fullchain.pem
+      cert_key: /etc/letsencrypt/live/ynerant.fr/privkey.pem
+      trusted_cert: /etc/letsencrypt/live/ynerant.fr/chain.pem
+  servers:
+    - ssl: false  # Replace by crans.org or adm.crans.org
+      default: true
+      server_name:
+        - "default"
+        - "_"
+      root: "/var/www/html"
+      locations:
+        - filter: "/"
+          params: []
+      additional_params: []
+  upstreams: []
+
+  auth_passwd: []
+  default_server:
+  default_ssl_server:
+  default_ssl_domain: ynerant.fr
+  real_ip_from:
+    - "172.16.0.0/16"
+    - "fd00:0:0:42::/64"
+  deploy_robots_file: false
--- a/group_vars/reverseproxy.yml
+++ b/group_vars/reverseproxy.yml
@ -0,0 +1,46 @@
+loc_certbot:
+  - dns_rfc2136_server: '172.16.42.103'
+    dns_rfc2136_name: certbot_challenge.
+    dns_rfc2136_secret: "{{ vault.certbot_dns_secret }}"
+    mail: ynerant@crans.org
+    certname: ynerant.fr
+    domains: "ynerant.fr, *.ynerant.fr, ens.kitchen, *.ens.kitchen, ananas.paris, *.ananas.paris, saperlistpopette.fr, *.saperlistpopette.fr"
+
+loc_nginx:
+  servers: []
+  ssl:
+    - name: ynerant.fr
+      cert: /etc/letsencrypt/live/ynerant.fr/fullchain.pem
+      cert_key: /etc/letsencrypt/live/ynerant.fr/privkey.pem
+      trusted_cert: /etc/letsencrypt/live/ynerant.fr/chain.pem
+
+
+glob_reverseproxy:
+  redirect_dnames: []
+
+  reverseproxy_sites:
+    - {from: mailu.ynerant.fr, to: 172.16.42.104}
+  # - {from: mirror.adm.ynerant.fr, to: "https://ftps.crans.org"}
+
+    - {from: element.ynerant.fr, to: "172.16.42.199:8002"}
+    - {from: hydrogen.ynerant.fr, to: "172.16.42.199:8003"}
+    - {from: git.ynerant.fr, to: "172.16.42.199:8007"}
+    - {from: cloud.ynerant.fr, to: "172.16.42.199:8007"}
+      # - {from: notls.adh.crans.org, to: "172.16.42.199:8011"}
+    - {from: thelounge.ynerant.fr, to: "172.16.42.199:8012"}
+    - {from: bibliogram.ynerant.fr, to: "172.16.42.199:8014"}
+    - {from: reddit.ynerant.fr, to: "172.16.42.199:8015"}
+    - {from: teddit.ynerant.fr, to: "172.16.42.199:8015"}
+    - {from: whoami.ynerant.fr, to: "172.16.42.199:8016"}
+
+    - {from: saperlistpopette.fr, to: "172.16.42.199:8010"}
+    - {from: kfet.saperlistpopette.fr, to: "172.16.42.199:8010"}
+
+    - {from: ens.kitchen, to: "https://perso.crans.org/club-kitchens/"}
+
+  redirect_sites: []
+  # - {from: machin.ynerant.fr, to: truc.ynerant.fr}
+
+  static_sites:
+    - ynerant.fr
+    - thelounge.ynerant.fr