summaryrefslogtreecommitdiffstats
path: root/roles/pad-proxy
diff options
context:
space:
mode:
authorOpal <847966@proton.me>2022-10-16 10:36:38 -0700
committerOpal <847966@proton.me>2022-10-16 10:36:38 -0700
commit54af5163644ef58a641e86288c7af8653970a319 (patch)
tree037f4754b3a931474f434c139dfe8bc408e48f28 /roles/pad-proxy
parenta287e741842f67d0a04c48276221d85f16079d55 (diff)
parent8024842def28dd151759ee46cd160c7794463aef (diff)
downloademacsconf-ansible-54af5163644ef58a641e86288c7af8653970a319.tar.xz
emacsconf-ansible-54af5163644ef58a641e86288c7af8653970a319.zip
Merge branch 'main' of git.emacsconf:pub/emacsconf-ansible
Diffstat (limited to 'roles/pad-proxy')
-rw-r--r--roles/pad-proxy/defaults/main.yml1
-rw-r--r--roles/pad-proxy/tasks/main.yml16
-rw-r--r--roles/pad-proxy/templates/etherpad.nginx.conf34
3 files changed, 39 insertions, 12 deletions
diff --git a/roles/pad-proxy/defaults/main.yml b/roles/pad-proxy/defaults/main.yml
index c548560..cec03da 100644
--- a/roles/pad-proxy/defaults/main.yml
+++ b/roles/pad-proxy/defaults/main.yml
@@ -1 +1,2 @@
etherpad_server_name: pad.emacsconf.org
+etherpad_tls: /etc/nginx/tls/emacsconf.org.conf
diff --git a/roles/pad-proxy/tasks/main.yml b/roles/pad-proxy/tasks/main.yml
index d47573a..8de72df 100644
--- a/roles/pad-proxy/tasks/main.yml
+++ b/roles/pad-proxy/tasks/main.yml
@@ -9,19 +9,13 @@
- name: Add proxy configuration
template:
src: etherpad.nginx.conf
- dest: /etc/nginx/sites-available/etherpad.conf
- when: not use_wikimedia
- - name: Add rewrite configuration
- template:
- src: wikimedia.etherpad.nginx.conf
- dest: /etc/nginx/sites-available/etherpad.conf
- when: use_wikimedia
+ dest: /etc/nginx/sites-available/pad.emacsconf.org
- name: Enable site
file:
- src: /etc/nginx/sites-available/etherpad.conf
- dest: /etc/nginx/sites-enabled/etherpad.conf
+ src: /etc/nginx/sites-available/pad.emacsconf.org
+ dest: /etc/nginx/sites-enabled/pad.emacsconf.org
state: link
- - name: Restart nginx
+ - name: Reload nginx
service:
name: nginx
- state: restarted
+ state: reloaded
diff --git a/roles/pad-proxy/templates/etherpad.nginx.conf b/roles/pad-proxy/templates/etherpad.nginx.conf
index 92ba974..90a7c1c 100644
--- a/roles/pad-proxy/templates/etherpad.nginx.conf
+++ b/roles/pad-proxy/templates/etherpad.nginx.conf
@@ -5,6 +5,19 @@ upstream etherpad_upstream {
server {
listen 80;
server_name {{ etherpad_server_name }};
+ {% if etherpad_tls %}
+ include snippets/well-known-acme-challenge.conf;
+ location / {
+ return 302 https://$server_name$request_uri;
+ }
+ }
+ server {
+ listen 443 ssl http2;
+ listen [::]:443 ssl http2;
+ server_name {{ etherpad_server_name }};
+ include {{ etherpad_tls }};
+
+ {% endif %}
access_log /var/log/nginx/{{ etherpad_server_name }}.access.log;
location ~ ^/(locales/|locales.json|admin/|static/|pluginfw/|javascripts/|socket.io/|ep/|minified/|api/|ro/|error/|jserror/|favicon.ico|robots.txt) {
proxy_buffering off;
@@ -12,7 +25,24 @@ server {
}
location /p/ {
rewrite ^/p/(.*) /$1 redirect;
+ }
+ location /direct/ {
+ rewrite /direct/(.*) /$1 break;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_pass http://etherpad_upstream/p/;
}
+
+ {% if use_wikimedia %}
+ location ~ ^/$ {
+ return 302 https://etherpad.wikimedia.org/p/emacsconf-2022;
+ }
+ location / {
+ rewrite /(.*) https://etherpad.wikimedia.org/p/emacsconf-$1 redirect;
+ }
+ {% else %}
location ~ ^/$ {
proxy_buffering off;
proxy_pass http://etherpad_upstream;
@@ -29,5 +59,7 @@ server {
proxy_pass http://etherpad_upstream/p/;
proxy_redirect / /p/;
proxy_read_timeout 90;
- }
+ }
+ {% endif %}
}
+