template for ngnix reverse proxy + rocketchat task updates converted from assetto role

2022-05-29 19:03:23 -07:00 · 2022-05-29 19:03:23 -07:00 · ff33b68e88
parent 099943f324
commit ff33b68e88
2 changed files with 49 additions and 9 deletions
--- a/tasks/rocketchat.yml
+++ b/tasks/rocketchat.yml
@ -15,18 +15,18 @@

 - name: Creates directory structure for assetto content
  file:
-    path: /home/{{ main_user }}/data
+    path: /home/{{ main_user }}/rocketchat/data
    state: directory
    owner: "{{ main_user }}"
    group: "{{ main_user }}"
    mode: 0775

- name: bring down server-manager docker-compose
+- name: bring down rocketchat docker-compose
  become_user: "{{ main_user }}"
  docker_compose:
-    project_src: /home/{{ main_user }}/server-manager/
+    project_src: /home/{{ main_user }}/rocketchat/
    state: absent
-  register: __remove_assetto_server_manager
+  register: __remove_rocketchat
  tags:
    - bring-down

@ -39,17 +39,22 @@
    group: "{{ main_user }}"
    mode: 0775

+- name: setup nginx reverse proxy from template
+  template:
+    src: templates/rocketchat/nginx.conf.j2
+    dest: /home/{{ main_user }}/rocketchat/nginx/nginx.conf
+
 - name: docker compose up
  become_user: "{{ main_user }}"
  docker_compose:
-    project_src: /home/{{ main_user }}/server-manager/
+    project_src: /home/{{ main_user }}/rocketchat/
    state: present
-  register: __assetto_server_manager
+  register: __rocketchat

 - name: debug docker compose down
  debug:
-    var: __remove_assetto_server_manager
+    var: __remove_rocketchat

- name: debug docker compose up
+- name: debug docker compose up debug
  debug:
-    var: __assetto_server_manager
+    var: __rocketchat
--- a/templates/nginx.conf.j2
+++ b/templates/nginx.conf.j2
@ -0,0 +1,35 @@
+# Upstreams
+upstream backend {
+    server 127.0.0.1:3000;
+}
+
+# HTTPS Server
+server {
+    listen 443;
+    server_name {{ rocketchat_hostname }};
+
+    # You can increase the limit if your need to.
+    client_max_body_size 200M;
+
+    error_log /var/log/nginx/rocketchat.access.log;
+
+    ssl on;
+    ssl_certificate /etc/nginx/rocketchat.crt;
+    ssl_certificate_key /etc/nginx/rocketchat.key;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
+
+    location / {
+        proxy_pass http://backend;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+        proxy_set_header Host $http_host;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto https;
+        proxy_set_header X-Nginx-Proxy true;
+
+        proxy_redirect off;
+    }
+}