diff options
Diffstat (limited to 'roles/pad-proxy')
| -rw-r--r-- | roles/pad-proxy/defaults/main.yml | 2 | ||||
| -rw-r--r-- | roles/pad-proxy/handlers/main.yml | 5 | ||||
| -rw-r--r-- | roles/pad-proxy/tasks/main.yml | 21 | ||||
| -rw-r--r-- | roles/pad-proxy/templates/etherpad.nginx.conf | 65 | ||||
| -rw-r--r-- | roles/pad-proxy/templates/wikimedia.etherpad.nginx.conf | 33 |
5 files changed, 126 insertions, 0 deletions
diff --git a/roles/pad-proxy/defaults/main.yml b/roles/pad-proxy/defaults/main.yml new file mode 100644 index 0000000..cec03da --- /dev/null +++ b/roles/pad-proxy/defaults/main.yml @@ -0,0 +1,2 @@ +etherpad_server_name: pad.emacsconf.org +etherpad_tls: /etc/nginx/tls/emacsconf.org.conf diff --git a/roles/pad-proxy/handlers/main.yml b/roles/pad-proxy/handlers/main.yml new file mode 100644 index 0000000..e01a9d0 --- /dev/null +++ b/roles/pad-proxy/handlers/main.yml @@ -0,0 +1,5 @@ +- name: Restart etherpad + become: true + service: + name: etherpad + state: restarted diff --git a/roles/pad-proxy/tasks/main.yml b/roles/pad-proxy/tasks/main.yml new file mode 100644 index 0000000..8de72df --- /dev/null +++ b/roles/pad-proxy/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: Set up Nginx as root + become: true + block: + - name: Install Nginx + apt: + name: nginx + state: present + - name: Add proxy configuration + template: + src: etherpad.nginx.conf + dest: /etc/nginx/sites-available/pad.emacsconf.org + - name: Enable site + file: + src: /etc/nginx/sites-available/pad.emacsconf.org + dest: /etc/nginx/sites-enabled/pad.emacsconf.org + state: link + - name: Reload nginx + service: + name: nginx + state: reloaded diff --git a/roles/pad-proxy/templates/etherpad.nginx.conf b/roles/pad-proxy/templates/etherpad.nginx.conf new file mode 100644 index 0000000..90a7c1c --- /dev/null +++ b/roles/pad-proxy/templates/etherpad.nginx.conf @@ -0,0 +1,65 @@ +upstream etherpad_upstream { + server 127.0.0.1:9001; +} + +server { + listen 80; + server_name {{ etherpad_server_name }}; + {% if etherpad_tls %} + include snippets/well-known-acme-challenge.conf; + location / { + return 302 https://$server_name$request_uri; + } + } + server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name {{ etherpad_server_name }}; + include {{ etherpad_tls }}; + + {% endif %} + access_log /var/log/nginx/{{ etherpad_server_name }}.access.log; + location ~ ^/(locales/|locales.json|admin/|static/|pluginfw/|javascripts/|socket.io/|ep/|minified/|api/|ro/|error/|jserror/|favicon.ico|robots.txt) { + proxy_buffering off; + proxy_pass http://etherpad_upstream; + } + location /p/ { + rewrite ^/p/(.*) /$1 redirect; + } + location /direct/ { + rewrite /direct/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://etherpad_upstream/p/; + } + + {% if use_wikimedia %} + location ~ ^/$ { + return 302 https://etherpad.wikimedia.org/p/emacsconf-2022; + } + location / { + rewrite /(.*) https://etherpad.wikimedia.org/p/emacsconf-$1 redirect; + } + {% else %} + location ~ ^/$ { + proxy_buffering off; + proxy_pass http://etherpad_upstream; + } + location ~ ^/pad-lister($|\/.*) { + proxy_buffering off; + proxy_pass http://etherpad_upstream; + } + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://etherpad_upstream/p/; + proxy_redirect / /p/; + proxy_read_timeout 90; + } + {% endif %} +} + diff --git a/roles/pad-proxy/templates/wikimedia.etherpad.nginx.conf b/roles/pad-proxy/templates/wikimedia.etherpad.nginx.conf new file mode 100644 index 0000000..2288c65 --- /dev/null +++ b/roles/pad-proxy/templates/wikimedia.etherpad.nginx.conf @@ -0,0 +1,33 @@ +upstream etherpad_upstream { + server 127.0.0.1:9001; +} +server { + listen 80; + server_name {{ etherpad_server_name }}; + access_log /var/log/nginx/{{ etherpad_server_name }}.access.log; + location /p/ { + rewrite ^/p/(.*) /$1 redirect; + } + location ~ ^/$ { + return 302 https://etherpad.wikimedia.org/p/emacsconf-2022; + } + location ~ ^/(locales/|locales.json|admin/|static/|pluginfw/|javascripts/|socket.io/|ep/|minified/|api/|ro/|error/|jserror/|favicon.ico|robots.txt) { + proxy_buffering off; + proxy_pass http://etherpad_upstream; + } + location ~ ^/pad-lister($|\/.*) { + proxy_buffering off; + proxy_pass http://etherpad_upstream; + } + location /direct/ { + rewrite /direct/(.*) /$1 break; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://etherpad_upstream/p/; + } + location / { + rewrite /(.*) https://etherpad.wikimedia.org/p/emacsconf-$1 redirect; + } +} |