From f502ba4574381a75d1e3470a0b9d433cafc66086 Mon Sep 17 00:00:00 2001
From: Felix Stupp <felix.stupp@outlook.com>
Date: Thu, 9 May 2019 22:55:37 +0200
Subject: [PATCH] Added role nginx/proxy

Also added needed dependencies
---
 README.md                                     |  1 +
 roles/nginx/port_upstream/defaults/main.yml   |  5 ++++
 roles/nginx/port_upstream/meta/main.yml       |  4 +++
 roles/nginx/port_upstream/tasks/main.yml      | 10 ++++++++
 .../port_upstream/templates/upstream.conf     |  4 +++
 roles/nginx/proxy/defaults/main.yml           |  5 ++++
 roles/nginx/proxy/meta/main.yml               |  7 ++++++
 roles/nginx/proxy/tasks/main.yml              | 10 ++++++++
 roles/nginx/proxy/templates/proxy.conf        | 25 +++++++++++++++++++
 roles/nginx/socket_upstream/defaults/main.yml |  5 ++++
 roles/nginx/socket_upstream/meta/main.yml     |  4 +++
 roles/nginx/socket_upstream/tasks/main.yml    | 10 ++++++++
 .../socket_upstream/templates/upstream.conf   |  4 +++
 13 files changed, 94 insertions(+)
 create mode 100644 roles/nginx/port_upstream/defaults/main.yml
 create mode 100644 roles/nginx/port_upstream/meta/main.yml
 create mode 100644 roles/nginx/port_upstream/tasks/main.yml
 create mode 100644 roles/nginx/port_upstream/templates/upstream.conf
 create mode 100644 roles/nginx/proxy/defaults/main.yml
 create mode 100644 roles/nginx/proxy/meta/main.yml
 create mode 100644 roles/nginx/proxy/tasks/main.yml
 create mode 100644 roles/nginx/proxy/templates/proxy.conf
 create mode 100644 roles/nginx/socket_upstream/defaults/main.yml
 create mode 100644 roles/nginx/socket_upstream/meta/main.yml
 create mode 100644 roles/nginx/socket_upstream/tasks/main.yml
 create mode 100644 roles/nginx/socket_upstream/templates/upstream.conf

diff --git a/README.md b/README.md
index 5f21bf8..599bed5 100644
--- a/README.md
+++ b/README.md
@@ -19,5 +19,6 @@ Following roles have been defined to make creating a server configuration easy:
 - **nginx** defines roles to set up virtual servers, certificates will be requested by default
   - **application** installs and configures the main requirements
   - **forward** sets up a forwarding from one domain to another
+  - **proxy** sets up a reverse proxy to a local port / proxy
 - **server** defines roles using different kind of server applications, applications will be configured using separated system users
   - **gitea** sets up a git repository using *Gitea* as web overlay
diff --git a/roles/nginx/port_upstream/defaults/main.yml b/roles/nginx/port_upstream/defaults/main.yml
new file mode 100644
index 0000000..3c59e60
--- /dev/null
+++ b/roles/nginx/port_upstream/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+# backend: 12345
+upstream_name: "localhost{{ backend }}"
+keep_alive: 32
diff --git a/roles/nginx/port_upstream/meta/main.yml b/roles/nginx/port_upstream/meta/main.yml
new file mode 100644
index 0000000..e2d6cfc
--- /dev/null
+++ b/roles/nginx/port_upstream/meta/main.yml
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: nginx/application
diff --git a/roles/nginx/port_upstream/tasks/main.yml b/roles/nginx/port_upstream/tasks/main.yml
new file mode 100644
index 0000000..ce3c2e0
--- /dev/null
+++ b/roles/nginx/port_upstream/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Configure upstream for service on {{ backend }}
+  template:
+    src: upstream.conf
+    dest: "{{ nginx_upstreams_directory }}/{{ upstream_name }}"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+  notify: reload nginx
diff --git a/roles/nginx/port_upstream/templates/upstream.conf b/roles/nginx/port_upstream/templates/upstream.conf
new file mode 100644
index 0000000..b1e9354
--- /dev/null
+++ b/roles/nginx/port_upstream/templates/upstream.conf
@@ -0,0 +1,4 @@
+upstream {{ upstream_name }} {
+	keepalive {{ keep_alive }};
+	server localhost:{{ backend }};
+}
diff --git a/roles/nginx/proxy/defaults/main.yml b/roles/nginx/proxy/defaults/main.yml
new file mode 100644
index 0000000..85db434
--- /dev/null
+++ b/roles/nginx/proxy/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+# domain: example.com
+# backend: 12345 or /example.socket
+type: port # port / socket
diff --git a/roles/nginx/proxy/meta/main.yml b/roles/nginx/proxy/meta/main.yml
new file mode 100644
index 0000000..f891f33
--- /dev/null
+++ b/roles/nginx/proxy/meta/main.yml
@@ -0,0 +1,7 @@
+---
+
+dependencies:
+  - role: acme/certificate
+    domain: "{{ domain }}"
+  - role: "nginx/{{ type }}_upstream"
+    backend: "{{ backend }}"
diff --git a/roles/nginx/proxy/tasks/main.yml b/roles/nginx/proxy/tasks/main.yml
new file mode 100644
index 0000000..7396543
--- /dev/null
+++ b/roles/nginx/proxy/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Configure proxy for {{ domain }} to {{ type }} {{ backend }}
+  template:
+    src: proxy.conf
+    dest: "{{ nginx_sites_directory }}/{{ domain }}"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+  notify: reload nginx
diff --git a/roles/nginx/proxy/templates/proxy.conf b/roles/nginx/proxy/templates/proxy.conf
new file mode 100644
index 0000000..243c3b6
--- /dev/null
+++ b/roles/nginx/proxy/templates/proxy.conf
@@ -0,0 +1,25 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name {{ domain }};
+
+  ssl on;
+  ssl_certificate {{ acme_certificate_location }};
+  ssl_certificate_key {{ acme_key_location }};
+
+  include {{ nginx_snippets_directory }}/https;
+  include {{ nginx_snippets_directory }}/global;
+
+  location / {
+    proxy_pass http://{{ upstream_name }};
+    proxy_read_timeout 300;
+    proxy_connect_timeout 300;
+    proxy_http_version 1.1;
+    proxy_set_header Connection $connection_upgrade;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+  }
+}
diff --git a/roles/nginx/socket_upstream/defaults/main.yml b/roles/nginx/socket_upstream/defaults/main.yml
new file mode 100644
index 0000000..8b87be3
--- /dev/null
+++ b/roles/nginx/socket_upstream/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+# backend: /example.socket
+upstream_name: "{{ backend | basename }}"
+keep_alive: 32
diff --git a/roles/nginx/socket_upstream/meta/main.yml b/roles/nginx/socket_upstream/meta/main.yml
new file mode 100644
index 0000000..e2d6cfc
--- /dev/null
+++ b/roles/nginx/socket_upstream/meta/main.yml
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - role: nginx/application
diff --git a/roles/nginx/socket_upstream/tasks/main.yml b/roles/nginx/socket_upstream/tasks/main.yml
new file mode 100644
index 0000000..ce3c2e0
--- /dev/null
+++ b/roles/nginx/socket_upstream/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Configure upstream for service on {{ backend }}
+  template:
+    src: upstream.conf
+    dest: "{{ nginx_upstreams_directory }}/{{ upstream_name }}"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o=r"
+  notify: reload nginx
diff --git a/roles/nginx/socket_upstream/templates/upstream.conf b/roles/nginx/socket_upstream/templates/upstream.conf
new file mode 100644
index 0000000..981430e
--- /dev/null
+++ b/roles/nginx/socket_upstream/templates/upstream.conf
@@ -0,0 +1,4 @@
+upstream {{ upstream_name }} {
+	keepalive {{ keep_alive }};
+	server unix:{{ backend }};
+}