Added role nginx/proxy

Also added needed dependencies

README.md

@@ -19,5 +19,6 @@ Following roles have been defined to make creating a server configuration easy:
 - **nginx** defines roles to set up virtual servers, certificates will be requested by default
   - **application** installs and configures the main requirements
   - **forward** sets up a forwarding from one domain to another
+  - **proxy** sets up a reverse proxy to a local port / proxy
 - **server** defines roles using different kind of server applications, applications will be configured using separated system users
   - **gitea** sets up a git repository using *Gitea* as web overlay

roles/nginx/port_upstream/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+
+# backend: 12345
+upstream_name: "localhost{{ backend }}"
+keep_alive: 32

roles/nginx/port_upstream/meta/main.yml

@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: nginx/application

roles/nginx/port_upstream/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Configure upstream for service on {{ backend }}
+  template:
+    src: upstream.conf
+    dest: "{{ nginx_upstreams_directory }}/{{ upstream_name }}"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+  notify: reload nginx

roles/nginx/port_upstream/templates/upstream.conf

@@ -0,0 +1,4 @@
+upstream {{ upstream_name }} {
+	keepalive {{ keep_alive }};
+	server localhost:{{ backend }};
+}

roles/nginx/proxy/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+
+# domain: example.com
+# backend: 12345 or /example.socket
+type: port # port / socket

roles/nginx/proxy/meta/main.yml

@@ -0,0 +1,7 @@
+---
+
+dependencies:
+  - role: acme/certificate
+    domain: "{{ domain }}"
+  - role: "nginx/{{ type }}_upstream"
+    backend: "{{ backend }}"

roles/nginx/proxy/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Configure proxy for {{ domain }} to {{ type }} {{ backend }}
+  template:
+    src: proxy.conf
+    dest: "{{ nginx_sites_directory }}/{{ domain }}"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+  notify: reload nginx

roles/nginx/proxy/templates/proxy.conf

@@ -0,0 +1,25 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name {{ domain }};
+
+  ssl on;
+  ssl_certificate {{ acme_certificate_location }};
+  ssl_certificate_key {{ acme_key_location }};
+
+  include {{ nginx_snippets_directory }}/https;
+  include {{ nginx_snippets_directory }}/global;
+
+  location / {
+    proxy_pass http://{{ upstream_name }};
+    proxy_read_timeout 300;
+    proxy_connect_timeout 300;
+    proxy_http_version 1.1;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+  }
+}

roles/nginx/socket_upstream/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+
+# backend: /example.socket
+upstream_name: "{{ backend | basename }}"
+keep_alive: 32

roles/nginx/socket_upstream/meta/main.yml

@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: nginx/application

roles/nginx/socket_upstream/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Configure upstream for service on {{ backend }}
+  template:
+    src: upstream.conf
+    dest: "{{ nginx_upstreams_directory }}/{{ upstream_name }}"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+  notify: reload nginx

roles/nginx/socket_upstream/templates/upstream.conf

@@ -0,0 +1,4 @@
+upstream {{ upstream_name }} {
+	keepalive {{ keep_alive }};
+	server unix:{{ backend }};
+}