From e618dfe5588d2c9c5d7fb954f81001f5f84d6e1f Mon Sep 17 00:00:00 2001
From: Sacha Chua <sacha@sachachua.com>
Date: Thu, 13 Oct 2022 14:12:29 -0400
Subject: Actually add pad-proxy, document things

---
 README.org                                        |  4 +++
 pad-proxy/defaults/main.yml                       |  1 +
 pad-proxy/handlers/main.yml                       |  5 ++++
 pad-proxy/tasks/main.yml                          | 27 +++++++++++++++++++
 pad-proxy/templates/etherpad.nginx.conf           | 33 +++++++++++++++++++++++
 pad-proxy/templates/wikimedia.etherpad.nginx.conf | 33 +++++++++++++++++++++++
 6 files changed, 103 insertions(+)
 create mode 100644 pad-proxy/defaults/main.yml
 create mode 100644 pad-proxy/handlers/main.yml
 create mode 100644 pad-proxy/tasks/main.yml
 create mode 100644 pad-proxy/templates/etherpad.nginx.conf
 create mode 100644 pad-proxy/templates/wikimedia.etherpad.nginx.conf

diff --git a/README.org b/README.org
index d55c153..89eed1f 100644
--- a/README.org
+++ b/README.org
@@ -26,6 +26,10 @@ https://stackoverflow.com/questions/24738264/how-to-test-ansible-playbook-using-
 ansible-playbook -i inventory.yml prod-playbook.yml --tags pad,proxy
 To fall back to wikimedia rewrite:
 ansible-playbook -i inventory.yml prod-playbook.yml --tags proxy -e "use_wikimedia=true"
+You can still access pads directly with direct/p like this:
+http://pad.emacsconf.org/direct/p/2022-journalism
+To undo wikimedia rewrite:
+ansible-playbook -i inventory.yml prod-playbook.yml --tags proxy -e "use_wikimedia=false"
 
 ** Docker
 Creating:
diff --git a/pad-proxy/defaults/main.yml b/pad-proxy/defaults/main.yml
new file mode 100644
index 0000000..c548560
--- /dev/null
+++ b/pad-proxy/defaults/main.yml
@@ -0,0 +1 @@
+etherpad_server_name: pad.emacsconf.org
diff --git a/pad-proxy/handlers/main.yml b/pad-proxy/handlers/main.yml
new file mode 100644
index 0000000..e01a9d0
--- /dev/null
+++ b/pad-proxy/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: Restart etherpad
+  become: true
+  service:
+    name: etherpad
+    state: restarted
diff --git a/pad-proxy/tasks/main.yml b/pad-proxy/tasks/main.yml
new file mode 100644
index 0000000..d47573a
--- /dev/null
+++ b/pad-proxy/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- name: Set up Nginx as root
+  become: true
+  block:
+  - name: Install Nginx
+    apt:
+      name: nginx
+      state: present
+  - name: Add proxy configuration
+    template:
+      src: etherpad.nginx.conf
+      dest: /etc/nginx/sites-available/etherpad.conf
+    when: not use_wikimedia
+  - name: Add rewrite configuration
+    template:
+      src: wikimedia.etherpad.nginx.conf
+      dest: /etc/nginx/sites-available/etherpad.conf
+    when: use_wikimedia
+  - name: Enable site
+    file:
+      src: /etc/nginx/sites-available/etherpad.conf
+      dest: /etc/nginx/sites-enabled/etherpad.conf
+      state: link
+  - name: Restart nginx
+    service:
+      name: nginx
+      state: restarted
diff --git a/pad-proxy/templates/etherpad.nginx.conf b/pad-proxy/templates/etherpad.nginx.conf
new file mode 100644
index 0000000..92ba974
--- /dev/null
+++ b/pad-proxy/templates/etherpad.nginx.conf
@@ -0,0 +1,33 @@
+upstream etherpad_upstream {
+	server 127.0.0.1:9001;
+}
+
+server {
+  listen 80;
+  server_name {{ etherpad_server_name }};
+  access_log  /var/log/nginx/{{ etherpad_server_name }}.access.log;
+  location ~ ^/(locales/|locales.json|admin/|static/|pluginfw/|javascripts/|socket.io/|ep/|minified/|api/|ro/|error/|jserror/|favicon.ico|robots.txt) {
+    proxy_buffering off;
+    proxy_pass http://etherpad_upstream;
+    }
+  location /p/ {
+    rewrite ^/p/(.*) /$1 redirect;
+  }
+  location ~ ^/$ {
+    proxy_buffering off;
+    proxy_pass http://etherpad_upstream;
+  }
+  location ~ ^/pad-lister($|\/.*) {
+    proxy_buffering off;
+    proxy_pass http://etherpad_upstream;
+  }
+  location / {
+    proxy_set_header        Host $host;
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Proto $scheme;
+    proxy_pass http://etherpad_upstream/p/;
+    proxy_redirect / /p/;
+    proxy_read_timeout  90;
+  }
+}
diff --git a/pad-proxy/templates/wikimedia.etherpad.nginx.conf b/pad-proxy/templates/wikimedia.etherpad.nginx.conf
new file mode 100644
index 0000000..2288c65
--- /dev/null
+++ b/pad-proxy/templates/wikimedia.etherpad.nginx.conf
@@ -0,0 +1,33 @@
+upstream etherpad_upstream {
+	server 127.0.0.1:9001;
+}
+server {
+  listen 80;
+  server_name {{ etherpad_server_name }};
+  access_log  /var/log/nginx/{{ etherpad_server_name }}.access.log;
+  location /p/ {
+    rewrite ^/p/(.*) /$1 redirect;
+  }
+  location ~ ^/$ {
+    return 302 https://etherpad.wikimedia.org/p/emacsconf-2022;
+  }
+  location ~ ^/(locales/|locales.json|admin/|static/|pluginfw/|javascripts/|socket.io/|ep/|minified/|api/|ro/|error/|jserror/|favicon.ico|robots.txt) {
+    proxy_buffering off;
+    proxy_pass http://etherpad_upstream;
+  }
+  location ~ ^/pad-lister($|\/.*) {
+    proxy_buffering off;
+    proxy_pass http://etherpad_upstream;
+  }
+  location /direct/ {
+    rewrite /direct/(.*) /$1 break;
+    proxy_set_header        Host $host;
+    proxy_set_header        X-Real-IP $remote_addr;
+    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header        X-Forwarded-Proto $scheme;
+    proxy_pass http://etherpad_upstream/p/;
+  }
+  location / {
+    rewrite /(.*) https://etherpad.wikimedia.org/p/emacsconf-$1 redirect;
+  }
+}
-- 
cgit v1.2.3