Merge branch 'main' of git.emacsconf.org:pub/emacsconf-ansible into main

5 files changed, 126 insertions, 0 deletions

diff --git a/roles/pad-proxy/defaults/main.yml b/roles/pad-proxy/defaults/main.yml
new file mode 100644
index 0000000..cec03da
--- /dev/null
+++ b/roles/pad-proxy/defaults/main.yml
@@ -0,0 +1,2 @@
+etherpad_server_name: pad.emacsconf.org
+etherpad_tls: /etc/nginx/tls/emacsconf.org.conf
diff --git a/roles/pad-proxy/handlers/main.yml b/roles/pad-proxy/handlers/main.yml
new file mode 100644
index 0000000..e01a9d0
--- /dev/null
+++ b/roles/pad-proxy/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: Restart etherpad
+  become: true
+  service:
+    name: etherpad
+    state: restarted
diff --git a/roles/pad-proxy/tasks/main.yml b/roles/pad-proxy/tasks/main.yml
new file mode 100644
index 0000000..8de72df
--- /dev/null
+++ b/roles/pad-proxy/tasks/main.yml
@@ -0,0 +1,21 @@
+---
+- name: Set up Nginx as root
+  become: true
+  block:
+  - name: Install Nginx
+    apt:
+      name: nginx
+      state: present
+  - name: Add proxy configuration
+    template:
+      src: etherpad.nginx.conf
+      dest: /etc/nginx/sites-available/pad.emacsconf.org
+  - name: Enable site
+    file:
+      src: /etc/nginx/sites-available/pad.emacsconf.org
+      dest: /etc/nginx/sites-enabled/pad.emacsconf.org
+      state: link
+  - name: Reload nginx
+    service:
+      name: nginx
+      state: reloaded
diff --git a/roles/pad-proxy/templates/etherpad.nginx.conf b/roles/pad-proxy/templates/etherpad.nginx.conf
new file mode 100644
index 0000000..90a7c1c
--- /dev/null
+++ b/roles/pad-proxy/templates/etherpad.nginx.conf
@@ -0,0 +1,65 @@
+upstream etherpad_upstream {
+	server 127.0.0.1:9001;
+}
+
+server {
+  listen 80;
+  server_name {{ etherpad_server_name }};
+  {% if etherpad_tls %}
+  include snippets/well-known-acme-challenge.conf;
+  location / {
+    return 302 https://$server_name$request_uri;
+    }
+    }
+  server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name {{ etherpad_server_name }};
+    include {{ etherpad_tls }};
+
+  {% endif %}
+  access_log  /var/log/nginx/{{ etherpad_server_name }}.access.log;
+  location ~ ^/(locales/|locales.json|admin/|static/|pluginfw/|javascripts/|socket.io/|ep/|minified/|api/|ro/|error/|jserror/|favicon.ico|robots.txt) {
+    proxy_buffering off;
+    proxy_pass http://etherpad_upstream;
+    }
+  location /p/ {
+    rewrite ^/p/(.*) /$1 redirect;
+    }
+  location /direct/ {
+    rewrite /direct/(.*) /$1 break;
+    proxy_set_header        Host $host;
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Proto $scheme;
+    proxy_pass http://etherpad_upstream/p/;
+  }
+
+  {% if use_wikimedia %} 
+  location ~ ^/$ {
+    return 302 https://etherpad.wikimedia.org/p/emacsconf-2022;
+  }
+  location / {
+    rewrite /(.*) https://etherpad.wikimedia.org/p/emacsconf-$1 redirect;
+  }
+  {% else %}
+  location ~ ^/$ {
+    proxy_buffering off;
+    proxy_pass http://etherpad_upstream;
+  }
+  location ~ ^/pad-lister($|\/.*) {
+    proxy_buffering off;
+    proxy_pass http://etherpad_upstream;
+  }
+  location / {
+    proxy_set_header        Host $host;
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Proto $scheme;
+    proxy_pass http://etherpad_upstream/p/;
+    proxy_redirect / /p/;
+    proxy_read_timeout  90;
+    }
+  {% endif %}
+}
+
diff --git a/roles/pad-proxy/templates/wikimedia.etherpad.nginx.conf b/roles/pad-proxy/templates/wikimedia.etherpad.nginx.conf
new file mode 100644
index 0000000..2288c65
--- /dev/null
+++ b/roles/pad-proxy/templates/wikimedia.etherpad.nginx.conf
@@ -0,0 +1,33 @@
+upstream etherpad_upstream {
+	server 127.0.0.1:9001;
+}
+server {
+  listen 80;
+  server_name {{ etherpad_server_name }};
+  access_log  /var/log/nginx/{{ etherpad_server_name }}.access.log;
+  location /p/ {
+    rewrite ^/p/(.*) /$1 redirect;
+  }
+  location ~ ^/$ {
+    return 302 https://etherpad.wikimedia.org/p/emacsconf-2022;
+  }
+  location ~ ^/(locales/|locales.json|admin/|static/|pluginfw/|javascripts/|socket.io/|ep/|minified/|api/|ro/|error/|jserror/|favicon.ico|robots.txt) {
+    proxy_buffering off;
+    proxy_pass http://etherpad_upstream;
+  }
+  location ~ ^/pad-lister($|\/.*) {
+    proxy_buffering off;
+    proxy_pass http://etherpad_upstream;
+  }
+  location /direct/ {
+    rewrite /direct/(.*) /$1 break;
+    proxy_set_header        Host $host;
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Proto $scheme;
+    proxy_pass http://etherpad_upstream/p/;
+  }
+  location / {
+    rewrite /(.*) https://etherpad.wikimedia.org/p/emacsconf-$1 redirect;
+  }
+}