diff options
author | Opal <847966@proton.me> | 2022-10-16 10:36:38 -0700 |
---|---|---|
committer | Opal <847966@proton.me> | 2022-10-16 10:36:38 -0700 |
commit | 54af5163644ef58a641e86288c7af8653970a319 (patch) | |
tree | 037f4754b3a931474f434c139dfe8bc408e48f28 /roles/pad-proxy | |
parent | a287e741842f67d0a04c48276221d85f16079d55 (diff) | |
parent | 8024842def28dd151759ee46cd160c7794463aef (diff) | |
download | emacsconf-ansible-54af5163644ef58a641e86288c7af8653970a319.tar.xz emacsconf-ansible-54af5163644ef58a641e86288c7af8653970a319.zip |
Merge branch 'main' of git.emacsconf:pub/emacsconf-ansible
Diffstat (limited to 'roles/pad-proxy')
-rw-r--r-- | roles/pad-proxy/defaults/main.yml | 1 | ||||
-rw-r--r-- | roles/pad-proxy/tasks/main.yml | 16 | ||||
-rw-r--r-- | roles/pad-proxy/templates/etherpad.nginx.conf | 34 |
3 files changed, 39 insertions, 12 deletions
diff --git a/roles/pad-proxy/defaults/main.yml b/roles/pad-proxy/defaults/main.yml index c548560..cec03da 100644 --- a/roles/pad-proxy/defaults/main.yml +++ b/roles/pad-proxy/defaults/main.yml @@ -1 +1,2 @@ etherpad_server_name: pad.emacsconf.org +etherpad_tls: /etc/nginx/tls/emacsconf.org.conf diff --git a/roles/pad-proxy/tasks/main.yml b/roles/pad-proxy/tasks/main.yml index d47573a..8de72df 100644 --- a/roles/pad-proxy/tasks/main.yml +++ b/roles/pad-proxy/tasks/main.yml @@ -9,19 +9,13 @@ - name: Add proxy configuration template: src: etherpad.nginx.conf - dest: /etc/nginx/sites-available/etherpad.conf - when: not use_wikimedia - - name: Add rewrite configuration - template: - src: wikimedia.etherpad.nginx.conf - dest: /etc/nginx/sites-available/etherpad.conf - when: use_wikimedia + dest: /etc/nginx/sites-available/pad.emacsconf.org - name: Enable site file: - src: /etc/nginx/sites-available/etherpad.conf - dest: /etc/nginx/sites-enabled/etherpad.conf + src: /etc/nginx/sites-available/pad.emacsconf.org + dest: /etc/nginx/sites-enabled/pad.emacsconf.org state: link - - name: Restart nginx + - name: Reload nginx service: name: nginx - state: restarted + state: reloaded diff --git a/roles/pad-proxy/templates/etherpad.nginx.conf b/roles/pad-proxy/templates/etherpad.nginx.conf index 92ba974..90a7c1c 100644 --- a/roles/pad-proxy/templates/etherpad.nginx.conf +++ b/roles/pad-proxy/templates/etherpad.nginx.conf @@ -5,6 +5,19 @@ upstream etherpad_upstream { server { listen 80; server_name {{ etherpad_server_name }}; + {% if etherpad_tls %} + include snippets/well-known-acme-challenge.conf; + location / { + return 302 https://$server_name$request_uri; + } + } + server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ etherpad_server_name }}; + include {{ etherpad_tls }}; + + {% endif %} access_log /var/log/nginx/{{ etherpad_server_name }}.access.log; location ~ ^/(locales/|locales.json|admin/|static/|pluginfw/|javascripts/|socket.io/|ep/|minified/|api/|ro/|error/|jserror/|favicon.ico|robots.txt) { proxy_buffering off; @@ -12,7 +25,24 @@ server { } location /p/ { rewrite ^/p/(.*) /$1 redirect; + } + location /direct/ { + rewrite /direct/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://etherpad_upstream/p/; } + + {% if use_wikimedia %} + location ~ ^/$ { + return 302 https://etherpad.wikimedia.org/p/emacsconf-2022; + } + location / { + rewrite /(.*) https://etherpad.wikimedia.org/p/emacsconf-$1 redirect; + } + {% else %} location ~ ^/$ { proxy_buffering off; proxy_pass http://etherpad_upstream; @@ -29,5 +59,7 @@ server { proxy_pass http://etherpad_upstream/p/; proxy_redirect / /p/; proxy_read_timeout 90; - } + } + {% endif %} } + |