nginx: http2
This commit is contained in:
parent
72188002d3
commit
5578180f6a
roles
airconnect/tasks
hass-nginx
tasks
templates
jellyfin/templates/jellyfin-web
nginx
defaults
tasks
templates
owntone
www/templates
|
@ -1,56 +0,0 @@
|
|||
---
|
||||
|
||||
- name: create airconnect dir
|
||||
file:
|
||||
path: "{{ airconnect_dir }}"
|
||||
state: directory
|
||||
mode: "0755"
|
||||
owner: "{{ owntone_user.uid }}"
|
||||
group: "{{ owntone_group.gid }}"
|
||||
tags:
|
||||
- airconnect-dirs
|
||||
|
||||
- name: airconnect config files
|
||||
template:
|
||||
src: "{{ item.name }}.j2"
|
||||
dest: "{{ airconnect_dir }}/{{ item.name }}"
|
||||
owner: "{{ owntone_user.uid }}"
|
||||
group: "{{ owntone_group.gid }}"
|
||||
mode: "{{ item.mode | default('0644') }}"
|
||||
notify: restart airconnect containers
|
||||
with_items:
|
||||
- name: airupnp.xml
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
tags:
|
||||
- airconnect-config
|
||||
- airconnect
|
||||
|
||||
- name: "set up the airconnect containers"
|
||||
docker_container:
|
||||
name: airconnect-{{ item.prog }}
|
||||
hostname: airconnect-{{ item.prog }}
|
||||
image: git.sudo.is/ben/airconnect
|
||||
detach: true
|
||||
pull: true
|
||||
auto_remove: false
|
||||
restart_policy: "unless-stopped"
|
||||
state: "{{ item.state | default('started') }}"
|
||||
network_mode: host
|
||||
user: "{{ owntone_user.uid }}:{{ owntone_group.gid }}"
|
||||
env:
|
||||
AIRCONNECT_PROG: "{{ item.prog }}"
|
||||
AIRCONNECT_ARGS: "{{ item.args|default() }}"
|
||||
mounts:
|
||||
- type: bind
|
||||
source: "{{ airconnect_dir }}/airupnp.xml"
|
||||
target: /etc/airupnp.xml
|
||||
read_only: true
|
||||
tags:
|
||||
- airconnect
|
||||
- airconnect-container
|
||||
- docker-containers
|
||||
register: airconnect_containers_task
|
||||
loop_control:
|
||||
label: airconnect-{{ item.prog }}
|
||||
with_items: "{{ airconnect_containers }}"
|
|
@ -1,5 +1,56 @@
|
|||
---
|
||||
- import_tasks: airconnect.yml
|
||||
tags:
|
||||
- airconnect
|
||||
- homeaudio
|
||||
|
||||
- name: create airconnect dir
|
||||
file:
|
||||
path: "{{ airconnect_dir }}"
|
||||
state: directory
|
||||
mode: "0755"
|
||||
owner: "{{ owntone_user.uid }}"
|
||||
group: "{{ owntone_group.gid }}"
|
||||
tags:
|
||||
- airconnect-dirs
|
||||
|
||||
- name: airconnect config files
|
||||
template:
|
||||
src: "{{ item.name }}.j2"
|
||||
dest: "{{ airconnect_dir }}/{{ item.name }}"
|
||||
owner: "{{ owntone_user.uid }}"
|
||||
group: "{{ owntone_group.gid }}"
|
||||
mode: "{{ item.mode | default('0644') }}"
|
||||
notify: restart airconnect containers
|
||||
with_items:
|
||||
- name: airupnp.xml
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
tags:
|
||||
- airconnect-config
|
||||
- airconnect
|
||||
|
||||
- name: "set up the airconnect containers"
|
||||
docker_container:
|
||||
name: airconnect-{{ item.prog }}
|
||||
hostname: airconnect-{{ item.prog }}
|
||||
image: git.sudo.is/ben/airconnect
|
||||
detach: true
|
||||
pull: true
|
||||
auto_remove: false
|
||||
restart_policy: "unless-stopped"
|
||||
state: "{{ item.state | default('started') }}"
|
||||
network_mode: host
|
||||
user: "{{ owntone_user.uid }}:{{ owntone_group.gid }}"
|
||||
env:
|
||||
AIRCONNECT_PROG: "{{ item.prog }}"
|
||||
AIRCONNECT_ARGS: "{{ item.args|default() }}"
|
||||
mounts:
|
||||
- type: bind
|
||||
source: "{{ airconnect_dir }}/airupnp.xml"
|
||||
target: /etc/airupnp.xml
|
||||
read_only: true
|
||||
tags:
|
||||
- airconnect
|
||||
- airconnect-container
|
||||
- docker-containers
|
||||
register: airconnect_containers_task
|
||||
loop_control:
|
||||
label: airconnect-{{ item.prog }}
|
||||
with_items: "{{ airconnect_containers }}"
|
||||
|
|
|
@ -1,108 +0,0 @@
|
|||
---
|
||||
|
||||
- name: install certs
|
||||
copy:
|
||||
src: "/usr/local/etc/letsencrypt/live/{{ item }}"
|
||||
dest: "/usr/local/etc/certs/"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
tags:
|
||||
- letsencrypt-certs
|
||||
notify: reload nginx
|
||||
vars:
|
||||
prediff_cmd: echo
|
||||
with_items:
|
||||
- "{{ domain }}"
|
||||
- "{{ inventory_hostname.split('.')[1:] | join('.') }}"
|
||||
|
||||
- name: create dir structure
|
||||
file:
|
||||
path: "/var/www/{{ item }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
owner: hass
|
||||
group: hass
|
||||
tags:
|
||||
- hass-dirs
|
||||
- hass-nginx-dirs
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
with_items:
|
||||
- hass
|
||||
- hass/entity_pictures
|
||||
|
||||
- name: copy entity picture files
|
||||
copy:
|
||||
src: "entity_pictures/{{ item }}"
|
||||
dest: "/var/www/hass/entity_pictures/{{ item }}"
|
||||
mode: 0644
|
||||
owner: hass
|
||||
group: hass
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
with_items:
|
||||
- sonos_dark.png
|
||||
tags:
|
||||
- hass-entity-pictures
|
||||
|
||||
- name: copy static files
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: /var/www/hass/{{ item }}
|
||||
mode: 0644
|
||||
owner: www-data
|
||||
group: www-data
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
with_items:
|
||||
- valetudo-api.json
|
||||
- dev.png
|
||||
no_log: false
|
||||
|
||||
- name: template nginx vhosts for hass and friends
|
||||
template:
|
||||
src: "01-{{ item }}.conf.j2"
|
||||
dest: /etc/nginx/sites-enabled/{{ item }}.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
with_items:
|
||||
- hass
|
||||
- zwavejs
|
||||
- valetudo
|
||||
when:
|
||||
- item in hass_nginx_vhosts
|
||||
tags:
|
||||
- nginx
|
||||
- hass-nginx
|
||||
- hass-vhosts
|
||||
- hass-nginx-vhosts
|
||||
- zwave-nginx
|
||||
- hass-zwave
|
||||
- hass-zwavejs
|
||||
- hass-zigbee
|
||||
- hass-zigbee2mqtt
|
||||
- hass-deconz
|
||||
notify: reload nginx
|
||||
|
||||
# different task because its better for the hass config to restart nginx
|
||||
- name: template nginx vhost for grafana-proxy
|
||||
template:
|
||||
src: 01-grafana-proxy.j2
|
||||
dest: /etc/nginx/sites-enabled/01-grafana
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
when:
|
||||
- hass_grafana_proxy_vhost == true
|
||||
tags:
|
||||
- nginx
|
||||
- grafana-proxy-nginx
|
||||
notify: reload nginx
|
||||
|
||||
- name: start and enable nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: started
|
||||
enabled: true
|
|
@ -1,5 +1,108 @@
|
|||
---
|
||||
- import_tasks: hass-nginx.yml
|
||||
tags:
|
||||
- hass
|
||||
- hass-nginx
|
||||
|
||||
- name: install certs
|
||||
copy:
|
||||
src: "/usr/local/etc/letsencrypt/live/{{ item }}"
|
||||
dest: "/usr/local/etc/certs/"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
tags:
|
||||
- letsencrypt-certs
|
||||
notify: reload nginx
|
||||
vars:
|
||||
prediff_cmd: echo
|
||||
with_items:
|
||||
- "{{ domain }}"
|
||||
- "{{ inventory_hostname.split('.')[1:] | join('.') }}"
|
||||
|
||||
- name: create dir structure
|
||||
file:
|
||||
path: "/var/www/{{ item }}"
|
||||
state: directory
|
||||
mode: 0755
|
||||
owner: hass
|
||||
group: hass
|
||||
tags:
|
||||
- hass-dirs
|
||||
- hass-nginx-dirs
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
with_items:
|
||||
- hass
|
||||
- hass/entity_pictures
|
||||
|
||||
- name: copy entity picture files
|
||||
copy:
|
||||
src: "entity_pictures/{{ item }}"
|
||||
dest: "/var/www/hass/entity_pictures/{{ item }}"
|
||||
mode: 0644
|
||||
owner: hass
|
||||
group: hass
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
with_items:
|
||||
- sonos_dark.png
|
||||
tags:
|
||||
- hass-entity-pictures
|
||||
|
||||
- name: copy static files
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: /var/www/hass/{{ item }}
|
||||
mode: 0644
|
||||
owner: www-data
|
||||
group: www-data
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
with_items:
|
||||
- valetudo-api.json
|
||||
- dev.png
|
||||
no_log: false
|
||||
|
||||
- name: template nginx vhosts for hass and friends
|
||||
template:
|
||||
src: "01-{{ item }}.conf.j2"
|
||||
dest: /etc/nginx/sites-enabled/{{ item }}.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
with_items:
|
||||
- hass
|
||||
- zwavejs
|
||||
- valetudo
|
||||
when:
|
||||
- item in hass_nginx_vhosts
|
||||
tags:
|
||||
- nginx
|
||||
- hass-nginx
|
||||
- hass-vhosts
|
||||
- hass-nginx-vhosts
|
||||
- zwave-nginx
|
||||
- hass-zwave
|
||||
- hass-zwavejs
|
||||
- hass-zigbee
|
||||
- hass-zigbee2mqtt
|
||||
- hass-deconz
|
||||
notify: reload nginx
|
||||
|
||||
# different task because its better for the hass config to restart nginx
|
||||
- name: template nginx vhost for grafana-proxy
|
||||
template:
|
||||
src: 01-grafana-proxy.j2
|
||||
dest: /etc/nginx/sites-enabled/01-grafana
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
when:
|
||||
- hass_grafana_proxy_vhost == true
|
||||
tags:
|
||||
- nginx
|
||||
- grafana-proxy-nginx
|
||||
notify: reload nginx
|
||||
|
||||
- name: start and enable nginx
|
||||
service:
|
||||
name: nginx
|
||||
state: started
|
||||
enabled: true
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
server {
|
||||
listen 443 ssl http2;
|
||||
listen 443 ssl;
|
||||
{% if nginx_http2 -%}
|
||||
http2 on;
|
||||
{% else -%}
|
||||
http2 off;
|
||||
{% endif %}
|
||||
|
||||
include /etc/nginx/sudo-known.conf;
|
||||
|
||||
|
|
|
@ -1,14 +1,19 @@
|
|||
map $http_upgrade $connection_upgrade {
|
||||
default Upgrade;
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
#default $http_connection;
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen 443 ssl;
|
||||
{% if inventory_hostname in wg_clients -%}
|
||||
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2;
|
||||
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl;
|
||||
{% endif -%}
|
||||
{% if nginx_http2 -%}
|
||||
http2 on;
|
||||
{% else -%}
|
||||
http2 off;
|
||||
{% endif %}
|
||||
|
||||
# include listen-proxy-protocol.conf;
|
||||
include /etc/nginx/authelia_internal.conf;
|
||||
|
@ -27,35 +32,30 @@ server {
|
|||
|
||||
location / {
|
||||
#proxy_set_header Host $host;
|
||||
proxy_set_header Host "{{ hass_url }}";
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
#proxy_set_header X-Forwarded-For $remote_addr;
|
||||
#proxy_set_header X-Forwarded-Proto $scheme;
|
||||
#proxy_set_header X-Forwarded-Protocol $scheme;
|
||||
#proxy_set_header X-Forwarded-Host $http_host;
|
||||
#proxy_set_header Upgrade $http_upgrade;
|
||||
#proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header Host "{{ hass_url }}";
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
#proxy_redirect http:// https://;
|
||||
#proxy_http_version 1.1;
|
||||
#proxy_buffering off;
|
||||
proxy_redirect http:// https://;
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_pass http://127.0.0.1:8123;
|
||||
}
|
||||
location = /api/websocket {
|
||||
#proxy_set_header Host $host;
|
||||
proxy_set_header Host "{{ hass_url }}";
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
#proxy_set_header X-Forwarded-Proto $scheme;
|
||||
#proxy_set_header X-Forwarded-Protocol $scheme;
|
||||
#proxy_set_header X-Forwarded-Host $http_host;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
#proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
#proxy_set_header Connection "Upgrade";
|
||||
|
||||
#proxy_redirect http:// https://;
|
||||
proxy_redirect http:// https://;
|
||||
proxy_buffering off;
|
||||
proxy_http_version 1.1;
|
||||
#proxy_buffering off;
|
||||
proxy_pass http://127.0.0.1:8123;
|
||||
}
|
||||
|
||||
|
|
|
@ -6,10 +6,15 @@ map $http_upgrade $connection_upgrade {
|
|||
server {
|
||||
{% set domain = valetudo_url.split('.')[1:] | join('.') %}
|
||||
|
||||
listen 443 ssl http2;
|
||||
listen 443 ssl;
|
||||
{% if inventory_hostname in wg_clients -%}
|
||||
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2;
|
||||
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl;
|
||||
{% endif -%}
|
||||
{% if nginx_http2 -%}
|
||||
http2 on;
|
||||
{% else -%}
|
||||
http2 off;
|
||||
{% endif %}
|
||||
|
||||
# include listen-proxy-protocol.conf;
|
||||
include /etc/nginx/authelia_internal.conf;
|
||||
|
|
|
@ -4,10 +4,15 @@ map $http_upgrade $connection_upgrade {
|
|||
'' close;
|
||||
}
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen 443 ssl;
|
||||
{% if inventory_hostname in wg_clients -%}
|
||||
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2;
|
||||
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl;
|
||||
{% endif -%}
|
||||
{% if nginx_http2 -%}
|
||||
http2 on;
|
||||
{% else -%}
|
||||
http2 off;
|
||||
{% endif %}
|
||||
|
||||
# include listen-proxy-protocol.conf;
|
||||
include /etc/nginx/authelia_internal.conf;
|
||||
|
|
|
@ -5,4 +5,4 @@ nginx_vhosts: []
|
|||
nginx_subdirs: {}
|
||||
|
||||
nginx_cleanup: true
|
||||
|
||||
nginx_http2: true
|
||||
|
|
|
@ -81,7 +81,7 @@
|
|||
- uploadsize.conf
|
||||
tags:
|
||||
- nginx-conf
|
||||
- nginx-conf
|
||||
- nginx.d
|
||||
notify: reload nginx
|
||||
|
||||
- name: template config files
|
||||
|
@ -97,6 +97,7 @@
|
|||
- sudo-known.conf
|
||||
- well-known.conf
|
||||
tags:
|
||||
- nginx.conf
|
||||
- nginx-conf
|
||||
- authelia-nginx
|
||||
- well-known
|
||||
|
|
|
@ -18,7 +18,12 @@ server {
|
|||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2 default_server;
|
||||
listen 443 ssl default_server;
|
||||
{% if nginx_http2 -%}
|
||||
http2 on;
|
||||
{% else -%}
|
||||
http2 off;
|
||||
{% endif %}
|
||||
|
||||
# listen [::]:443 ssl; # listen for ipv6
|
||||
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
listen 40443 ssl http2 proxy_protocol;
|
||||
listen 40443 ssl proxy_protocol;
|
||||
{% if nginx_http2 -%}
|
||||
#http2 on;
|
||||
{% else -%}
|
||||
#http2 off;
|
||||
{% endif %}
|
||||
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
|
|
|
@ -44,6 +44,7 @@ http {
|
|||
' "authelia_email": "$authelia_email", '
|
||||
' "authelia_groups": "$authelia_groups", '
|
||||
' "time_local": "$time_local", '
|
||||
' "timestamp": "$time_iso8601", '
|
||||
' "request": "$request", '
|
||||
' "request_method": "$request_method", '
|
||||
' "request_uri": "$request_uri", '
|
||||
|
|
|
@ -1,54 +1,58 @@
|
|||
{% for vhost in nginx_vhost_proxies %}
|
||||
server {
|
||||
{% if vhost.interface is defined %}
|
||||
listen {{ vhost.interface }}:443 ssl http2;
|
||||
listen {{ vhost.interface }}:443 ssl;
|
||||
|
||||
{% else %}
|
||||
|
||||
listen 443 ssl http2;
|
||||
listen 443 ssl;
|
||||
# listen [::]:443 ssl; # listen for ipv6
|
||||
{% endif %}
|
||||
|
||||
server_name {{ vhost.name }} {{ vhost.aliases | default([]) | join(" ") }};
|
||||
{% if nginx_http2 -%}
|
||||
http2 on;
|
||||
{% else -%}
|
||||
http2 off;
|
||||
{% endif %}
|
||||
|
||||
{% if 'ws' in vhost %}
|
||||
location /{{ vhost.ws }}/ {
|
||||
proxy_pass {{ vhost.upstream }};
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
{% endif %}
|
||||
server_name {{ vhost.name }} {{ vhost.aliases | default([]) | join(" ") }};
|
||||
|
||||
location / {
|
||||
proxy_pass {{ vhost.upstream }}/;
|
||||
{% if 'ws' in vhost %}
|
||||
location /{{ vhost.ws }}/ {
|
||||
proxy_pass {{ vhost.upstream }};
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
proxy_set_header Host $host;
|
||||
}
|
||||
{% endif %}
|
||||
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $server_name;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
location / {
|
||||
proxy_pass {{ vhost.upstream }}/;
|
||||
|
||||
}
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $server_name;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
|
||||
access_log /var/log/nginx/access_{{ vhost.name }}.log main;
|
||||
error_log /var/log/nginx/error_{{ vhost.name }}.log warn;
|
||||
access_log /var/log/nginx/access_{{ vhost.name }}.log main;
|
||||
error_log /var/log/nginx/error_{{ vhost.name }}.log warn;
|
||||
|
||||
ssl_session_timeout 5m;
|
||||
ssl_session_timeout 5m;
|
||||
ssl_certificate /usr/local/etc/certs/{{ inventory_hostname.split('.')[-2:] | join(".") }}/fullchain.pem;
|
||||
ssl_certificate_key /usr/local/etc/certs/{{ inventory_hostname.split('.')[-2:] | join(".") }}/privkey.pem;
|
||||
|
||||
ssl_certificate /usr/local/etc/certs/{{ inventory_hostname.split('.')[-2:] | join(".") }}/fullchain.pem;
|
||||
ssl_certificate_key /usr/local/etc/certs/{{ inventory_hostname.split('.')[-2:] | join(".") }}/privkey.pem;
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
add_header Referrer-Policy "no-referrer" always;
|
||||
add_header X-Content-Type-Options "nosniff" always;
|
||||
add_header X-Download-Options "noopen" always;
|
||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||
add_header X-Permitted-Cross-Domain-Policies "none" always;
|
||||
add_header X-Robots-Tag "none" always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
fastcgi_hide_header X-Powered-By;
|
||||
}
|
||||
{% endfor %}
|
||||
|
|
|
@ -1,6 +1,325 @@
|
|||
---
|
||||
|
||||
- import_tasks: owntone.yml
|
||||
- name: create dir structure
|
||||
file:
|
||||
state: directory
|
||||
path: "{{ owntone_path }}/{{ item.name }}"
|
||||
mode: "{{ item.mode | default('0770') }}"
|
||||
owner: "{{ owntone_user.uid }}"
|
||||
group: "{{ owntone_group.gid }}"
|
||||
tags:
|
||||
- owntone-dirs
|
||||
loop_control:
|
||||
label: "{{ owntone_path }}/{{ item.name }}"
|
||||
with_items:
|
||||
- name: ''
|
||||
mode: '0750'
|
||||
- name: config
|
||||
- name: log
|
||||
- name: fifo
|
||||
|
||||
- name: create log dir (used when running as systemd service)
|
||||
file:
|
||||
state: directory
|
||||
path: /var/log/owntone
|
||||
mode: '0775'
|
||||
owner: "{{ owntone_user.uid }}"
|
||||
group: "{{ owntone_group.gid }}"
|
||||
tags:
|
||||
- owntone-log-dir
|
||||
- owntone-dirs
|
||||
|
||||
- name: create pulseaudio dirs
|
||||
file:
|
||||
state: directory
|
||||
path: "{{ item }}"
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
tags:
|
||||
- owntone-pulseaudio
|
||||
with_items:
|
||||
- /etc/pulse/system.pa.d
|
||||
|
||||
|
||||
- name: ensure podcast audiobooks, and database dirs exists in {{ deadspace_root }}
|
||||
file:
|
||||
state: directory
|
||||
path: "{{ deadspace_root }}/{{ item.name }}"
|
||||
mode: "{{ item.mode | default('0750') }}"
|
||||
owner: "{{ owntone_user.uid }}"
|
||||
group: "{{ owntone_group.gid }}"
|
||||
tags:
|
||||
- owntone-dirs
|
||||
ignore_errors: "{{ item.mounted|default(false) }}"
|
||||
loop_control:
|
||||
label: "{{ deadspace_root }}/{{ item.name }}"
|
||||
with_items:
|
||||
- name: audiobooks
|
||||
- name: podcasts
|
||||
- name: music
|
||||
- name: playlists
|
||||
- name: local
|
||||
- name: local/music
|
||||
- name: local/compilations
|
||||
- name: local/owntone
|
||||
- name: local/owntone/pipes
|
||||
- name: owntone
|
||||
mode: '0750'
|
||||
- name: owntone/data
|
||||
- name: owntone/data/db
|
||||
|
||||
|
||||
- name: create input pipe
|
||||
command:
|
||||
cmd: mkfifo "{{ deadspace_root }}/local/owntone/pipes/{{ item }}"
|
||||
creates: "{{ deadspace_root }}/local/owntone/pipes/{{ item }}"
|
||||
become_user: "{{ owntone_user.username }}"
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
with_items:
|
||||
- shairport-output.fifo
|
||||
- shairport-metadata.fifo
|
||||
tags:
|
||||
- input.fifo
|
||||
# disabled
|
||||
when: false
|
||||
|
||||
- name: install certs
|
||||
copy:
|
||||
src: "/usr/local/etc/letsencrypt/live/{{ item }}"
|
||||
dest: "/usr/local/etc/certs/"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
tags:
|
||||
- letsencrypt-certs
|
||||
notify: reload nginx
|
||||
vars:
|
||||
prediff_cmd: echo
|
||||
with_items:
|
||||
- "{{ domain }}"
|
||||
|
||||
- name: template nginx vhost
|
||||
template:
|
||||
src: 01-owntone.conf.j2
|
||||
dest: /etc/nginx/sites-enabled/01-owntone.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
tags:
|
||||
- nginx
|
||||
- owntone-nginx
|
||||
notify: reload nginx
|
||||
|
||||
- name: template config file
|
||||
template:
|
||||
src: owntone.conf.j2
|
||||
dest: "/etc/owntone.conf"
|
||||
owner: "{{ owntone_user.uid }}"
|
||||
group: "{{ owntone_group.gid }}"
|
||||
mode: 0644
|
||||
notify:
|
||||
- restart owntone
|
||||
tags:
|
||||
- owntone.conf
|
||||
|
||||
- name: rescan script for cronjob
|
||||
template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: /usr/local/bin/{{ item }}
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
tags:
|
||||
- cron
|
||||
- owntone-cron
|
||||
with_items:
|
||||
- owntone-trigger-rescan.sh
|
||||
|
||||
- name: cron file
|
||||
template:
|
||||
src: owntone-cron.j2
|
||||
dest: /etc/cron.d/owntone
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0600
|
||||
tags:
|
||||
- cron
|
||||
- owntone-cron
|
||||
|
||||
- name: copy radio playlists
|
||||
copy:
|
||||
src: playlists/
|
||||
dest: "{{ deadspace_root }}/playlists/"
|
||||
owner: "{{ owntone_user.uid }}"
|
||||
group: "{{ owntone_group.gid }}"
|
||||
directory_mode: "0755"
|
||||
mode: "0644"
|
||||
tags:
|
||||
- owntone-playlists
|
||||
- owntone-radio
|
||||
|
||||
- name: fuse allow other
|
||||
lineinfile:
|
||||
path: /etc/fuse.conf
|
||||
line: user_allow_other
|
||||
state: present
|
||||
|
||||
- name: install owntone and pulseaudio
|
||||
when: not owntone_docker
|
||||
apt:
|
||||
name:
|
||||
- owntone-server
|
||||
- pulseaudio
|
||||
- pulseaudio-dlna
|
||||
update_cache: true
|
||||
state: latest
|
||||
tags:
|
||||
- owntone-packages
|
||||
- owntone-pulseaudio
|
||||
- packages
|
||||
|
||||
# may not be needed, pacakge already proides other systemd unit files
|
||||
# /etc/systemd/system/multi-user.target.wants/pulseaudio.service
|
||||
# /etc/systemd/user/default.target.wants/pulseaudio.service
|
||||
# /etc/systemd/user/sockets.target.wants/pulseaudio.socket
|
||||
- name: template systemd unit files for pulseaudio
|
||||
when: not owntone_docker
|
||||
template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: /etc/systemd/system/{{ item }}
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: systemctl daemon-reload
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
with_items:
|
||||
- pulseaudio.service
|
||||
- pulseaudio-dlna.service
|
||||
tags:
|
||||
- owntone-pulseaudio
|
||||
- systemd
|
||||
|
||||
- name: start and enable pulseaudio services
|
||||
when: not owntone_docker
|
||||
service:
|
||||
name: "{{ item }}"
|
||||
state: started
|
||||
enabled: true
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
notify: restart dbus
|
||||
with_items:
|
||||
- pulseaudio
|
||||
- pulseaudio-dlna
|
||||
tags:
|
||||
- owntone-pulseaudio
|
||||
- systemd
|
||||
|
||||
- name: start and enable owntone service
|
||||
when: not owntone_docker
|
||||
service:
|
||||
name: owntone
|
||||
state: started
|
||||
enabled: true
|
||||
tags:
|
||||
- systemd
|
||||
register: owntone_service
|
||||
|
||||
- name: start owntone container
|
||||
when: owntone_docker == true
|
||||
docker_container:
|
||||
name: owntone
|
||||
#image: git.sudo.is/ben/owntone:latest
|
||||
#image: git.sudo.is/ben/owntone:file-scan-dir-path
|
||||
image: git.sudo.is/ben/owntone-server:latest
|
||||
detach: true
|
||||
pull: true
|
||||
auto_remove: false
|
||||
restart_policy: "unless-stopped"
|
||||
state: "started"
|
||||
container_default_behavior: compatibility
|
||||
networks_cli_compatible: false
|
||||
# not needed, owntone drop privileges to {{ owntone_user }}, set in owntone.conf
|
||||
user: "{{ owntone_user.uid }}:{{ owntone_group.gid }}"
|
||||
network_mode: host
|
||||
privileged: false
|
||||
security_opts: "apparmor=unconfined"
|
||||
# network_mode: bridgewithdns
|
||||
# networks:
|
||||
# - name: bridgewithdns
|
||||
# ipv4_address: "{{ bridgewithdns.owntone }}"
|
||||
env:
|
||||
VITE_OWNTONE_URL: "https://{{ owntone_url }}"
|
||||
mounts:
|
||||
- type: bind
|
||||
source: /run/dbus
|
||||
target: /run/dbus
|
||||
- type: bind
|
||||
source: /run/avahi-daemon/socket
|
||||
target: /run/avahi-daemon/socket
|
||||
- type: bind
|
||||
source: "/etc/owntone.conf"
|
||||
target: "/etc/owntone.conf"
|
||||
- type: bind
|
||||
source: "{{ owntone_path }}/config"
|
||||
target: "/config"
|
||||
- type: bind
|
||||
source: "{{ owntone_path }}/fifo"
|
||||
target: "/fifo"
|
||||
- type: bind
|
||||
source: "{{ owntone_path }}/log"
|
||||
target: "/log"
|
||||
- type: bind
|
||||
source: "{{ deadspace_root }}/podcasts"
|
||||
target: "{{ deadspace_root }}/podcasts"
|
||||
- type: bind
|
||||
source: "{{ deadspace_root }}/audiobooks"
|
||||
target: "{{ deadspace_root }}/audiobooks"
|
||||
- type: bind
|
||||
source: "{{ deadspace_root }}/music"
|
||||
target: "{{ deadspace_root }}/music"
|
||||
- type: bind
|
||||
source: "{{ deadspace_root }}/playlists"
|
||||
target: "{{ deadspace_root }}/playlists"
|
||||
- type: bind
|
||||
source: "{{ deadspace_root }}/local"
|
||||
target: "{{ deadspace_root }}/local"
|
||||
- type: bind
|
||||
source: "{{ deadspace_root }}/owntone"
|
||||
target: "{{ deadspace_root }}/owntone"
|
||||
tags:
|
||||
- owntone-container
|
||||
- docker-containers
|
||||
|
||||
- name: stop and disable owntone and services
|
||||
when: owntone_docker == true
|
||||
service:
|
||||
name: "{{ item }}"
|
||||
state: stopped
|
||||
enabled: false
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
with_items:
|
||||
- owntone
|
||||
- homeaudio
|
||||
- pulseaudio
|
||||
- pulseaudio-dlna
|
||||
tags:
|
||||
- owntone-pulseaudio
|
||||
- systemd
|
||||
|
||||
- name: stop owntone container
|
||||
when: not owntone_docker
|
||||
docker_container:
|
||||
name: owntone
|
||||
state: stopped
|
||||
ignore_errors: true
|
||||
|
||||
- name: clean up old config file
|
||||
file:
|
||||
state: absent
|
||||
path: "{{ owntone_path }}/config/owntone.conf"
|
||||
|
|
|
@ -1,325 +0,0 @@
|
|||
---
|
||||
|
||||
- name: create dir structure
|
||||
file:
|
||||
state: directory
|
||||
path: "{{ owntone_path }}/{{ item.name }}"
|
||||
mode: "{{ item.mode | default('0770') }}"
|
||||
owner: "{{ owntone_user.uid }}"
|
||||
group: "{{ owntone_group.gid }}"
|
||||
tags:
|
||||
- owntone-dirs
|
||||
loop_control:
|
||||
label: "{{ owntone_path }}/{{ item.name }}"
|
||||
with_items:
|
||||
- name: ''
|
||||
mode: '0750'
|
||||
- name: config
|
||||
- name: log
|
||||
- name: fifo
|
||||
|
||||
- name: create log dir (used when running as systemd service)
|
||||
file:
|
||||
state: directory
|
||||
path: /var/log/owntone
|
||||
mode: '0775'
|
||||
owner: "{{ owntone_user.uid }}"
|
||||
group: "{{ owntone_group.gid }}"
|
||||
tags:
|
||||
- owntone-log-dir
|
||||
- owntone-dirs
|
||||
|
||||
- name: create pulseaudio dirs
|
||||
file:
|
||||
state: directory
|
||||
path: "{{ item }}"
|
||||
mode: '0644'
|
||||
owner: root
|
||||
group: root
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
tags:
|
||||
- owntone-pulseaudio
|
||||
with_items:
|
||||
- /etc/pulse/system.pa.d
|
||||
|
||||
|
||||
- name: ensure podcast audiobooks, and database dirs exists in {{ deadspace_root }}
|
||||
file:
|
||||
state: directory
|
||||
path: "{{ deadspace_root }}/{{ item.name }}"
|
||||
mode: "{{ item.mode | default('0750') }}"
|
||||
owner: "{{ owntone_user.uid }}"
|
||||
group: "{{ owntone_group.gid }}"
|
||||
tags:
|
||||
- owntone-dirs
|
||||
ignore_errors: "{{ item.mounted|default(false) }}"
|
||||
loop_control:
|
||||
label: "{{ deadspace_root }}/{{ item.name }}"
|
||||
with_items:
|
||||
- name: audiobooks
|
||||
- name: podcasts
|
||||
- name: music
|
||||
- name: playlists
|
||||
- name: local
|
||||
- name: local/music
|
||||
- name: local/compilations
|
||||
- name: local/owntone
|
||||
- name: local/owntone/pipes
|
||||
- name: owntone
|
||||
mode: '0750'
|
||||
- name: owntone/data
|
||||
- name: owntone/data/db
|
||||
|
||||
|
||||
- name: create input pipe
|
||||
command:
|
||||
cmd: mkfifo "{{ deadspace_root }}/local/owntone/pipes/{{ item }}"
|
||||
creates: "{{ deadspace_root }}/local/owntone/pipes/{{ item }}"
|
||||
become_user: "{{ owntone_user.username }}"
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
with_items:
|
||||
- shairport-output.fifo
|
||||
- shairport-metadata.fifo
|
||||
tags:
|
||||
- input.fifo
|
||||
# disabled
|
||||
when: false
|
||||
|
||||
- name: install certs
|
||||
copy:
|
||||
src: "/usr/local/etc/letsencrypt/live/{{ item }}"
|
||||
dest: "/usr/local/etc/certs/"
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
tags:
|
||||
- letsencrypt-certs
|
||||
notify: reload nginx
|
||||
vars:
|
||||
prediff_cmd: echo
|
||||
with_items:
|
||||
- "{{ domain }}"
|
||||
|
||||
- name: template nginx vhost
|
||||
template:
|
||||
src: 01-owntone.conf.j2
|
||||
dest: /etc/nginx/sites-enabled/01-owntone.conf
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
tags:
|
||||
- nginx
|
||||
- owntone-nginx
|
||||
notify: reload nginx
|
||||
|
||||
- name: template config file
|
||||
template:
|
||||
src: owntone.conf.j2
|
||||
dest: "/etc/owntone.conf"
|
||||
owner: "{{ owntone_user.uid }}"
|
||||
group: "{{ owntone_group.gid }}"
|
||||
mode: 0644
|
||||
notify:
|
||||
- restart owntone
|
||||
tags:
|
||||
- owntone.conf
|
||||
|
||||
- name: rescan script for cronjob
|
||||
template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: /usr/local/bin/{{ item }}
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0755
|
||||
tags:
|
||||
- cron
|
||||
- owntone-cron
|
||||
with_items:
|
||||
- owntone-trigger-rescan.sh
|
||||
|
||||
- name: cron file
|
||||
template:
|
||||
src: owntone-cron.j2
|
||||
dest: /etc/cron.d/owntone
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0600
|
||||
tags:
|
||||
- cron
|
||||
- owntone-cron
|
||||
|
||||
- name: copy radio playlists
|
||||
copy:
|
||||
src: playlists/
|
||||
dest: "{{ deadspace_root }}/playlists/"
|
||||
owner: "{{ owntone_user.uid }}"
|
||||
group: "{{ owntone_group.gid }}"
|
||||
directory_mode: "0755"
|
||||
mode: "0644"
|
||||
tags:
|
||||
- owntone-playlists
|
||||
- owntone-radio
|
||||
|
||||
- name: fuse allow other
|
||||
lineinfile:
|
||||
path: /etc/fuse.conf
|
||||
line: user_allow_other
|
||||
state: present
|
||||
|
||||
- name: install owntone and pulseaudio
|
||||
when: not owntone_docker
|
||||
apt:
|
||||
name:
|
||||
- owntone-server
|
||||
- pulseaudio
|
||||
- pulseaudio-dlna
|
||||
update_cache: true
|
||||
state: latest
|
||||
tags:
|
||||
- owntone-packages
|
||||
- owntone-pulseaudio
|
||||
- packages
|
||||
|
||||
# may not be needed, pacakge already proides other systemd unit files
|
||||
# /etc/systemd/system/multi-user.target.wants/pulseaudio.service
|
||||
# /etc/systemd/user/default.target.wants/pulseaudio.service
|
||||
# /etc/systemd/user/sockets.target.wants/pulseaudio.socket
|
||||
- name: template systemd unit files for pulseaudio
|
||||
when: not owntone_docker
|
||||
template:
|
||||
src: "{{ item }}.j2"
|
||||
dest: /etc/systemd/system/{{ item }}
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
notify: systemctl daemon-reload
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
with_items:
|
||||
- pulseaudio.service
|
||||
- pulseaudio-dlna.service
|
||||
tags:
|
||||
- owntone-pulseaudio
|
||||
- systemd
|
||||
|
||||
- name: start and enable pulseaudio services
|
||||
when: not owntone_docker
|
||||
service:
|
||||
name: "{{ item }}"
|
||||
state: started
|
||||
enabled: true
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
notify: restart dbus
|
||||
with_items:
|
||||
- pulseaudio
|
||||
- pulseaudio-dlna
|
||||
tags:
|
||||
- owntone-pulseaudio
|
||||
- systemd
|
||||
|
||||
- name: start and enable owntone service
|
||||
when: not owntone_docker
|
||||
service:
|
||||
name: owntone
|
||||
state: started
|
||||
enabled: true
|
||||
tags:
|
||||
- systemd
|
||||
register: owntone_service
|
||||
|
||||
- name: start owntone container
|
||||
when: owntone_docker == true
|
||||
docker_container:
|
||||
name: owntone
|
||||
#image: git.sudo.is/ben/owntone:latest
|
||||
#image: git.sudo.is/ben/owntone:file-scan-dir-path
|
||||
image: git.sudo.is/ben/owntone-server:latest
|
||||
detach: true
|
||||
pull: true
|
||||
auto_remove: false
|
||||
restart_policy: "unless-stopped"
|
||||
state: "started"
|
||||
container_default_behavior: compatibility
|
||||
networks_cli_compatible: false
|
||||
# not needed, owntone drop privileges to {{ owntone_user }}, set in owntone.conf
|
||||
user: "{{ owntone_user.uid }}:{{ owntone_group.gid }}"
|
||||
network_mode: host
|
||||
privileged: false
|
||||
security_opts: "apparmor=unconfined"
|
||||
# network_mode: bridgewithdns
|
||||
# networks:
|
||||
# - name: bridgewithdns
|
||||
# ipv4_address: "{{ bridgewithdns.owntone }}"
|
||||
env:
|
||||
VITE_OWNTONE_URL: "https://{{ owntone_url }}"
|
||||
mounts:
|
||||
- type: bind
|
||||
source: /run/dbus
|
||||
target: /run/dbus
|
||||
- type: bind
|
||||
source: /run/avahi-daemon/socket
|
||||
target: /run/avahi-daemon/socket
|
||||
- type: bind
|
||||
source: "/etc/owntone.conf"
|
||||
target: "/etc/owntone.conf"
|
||||
- type: bind
|
||||
source: "{{ owntone_path }}/config"
|
||||
target: "/config"
|
||||
- type: bind
|
||||
source: "{{ owntone_path }}/fifo"
|
||||
target: "/fifo"
|
||||
- type: bind
|
||||
source: "{{ owntone_path }}/log"
|
||||
target: "/log"
|
||||
- type: bind
|
||||
source: "{{ deadspace_root }}/podcasts"
|
||||
target: "{{ deadspace_root }}/podcasts"
|
||||
- type: bind
|
||||
source: "{{ deadspace_root }}/audiobooks"
|
||||
target: "{{ deadspace_root }}/audiobooks"
|
||||
- type: bind
|
||||
source: "{{ deadspace_root }}/music"
|
||||
target: "{{ deadspace_root }}/music"
|
||||
- type: bind
|
||||
source: "{{ deadspace_root }}/playlists"
|
||||
target: "{{ deadspace_root }}/playlists"
|
||||
- type: bind
|
||||
source: "{{ deadspace_root }}/local"
|
||||
target: "{{ deadspace_root }}/local"
|
||||
- type: bind
|
||||
source: "{{ deadspace_root }}/owntone"
|
||||
target: "{{ deadspace_root }}/owntone"
|
||||
tags:
|
||||
- owntone-container
|
||||
- docker-containers
|
||||
|
||||
- name: stop and disable owntone and services
|
||||
when: owntone_docker == true
|
||||
service:
|
||||
name: "{{ item }}"
|
||||
state: stopped
|
||||
enabled: false
|
||||
loop_control:
|
||||
label: "{{ item }}"
|
||||
with_items:
|
||||
- owntone
|
||||
- pulseaudio
|
||||
- pulseaudio-dlna
|
||||
tags:
|
||||
- owntone-pulseaudio
|
||||
- systemd
|
||||
|
||||
- name: stop owntone container
|
||||
when: not owntone_docker
|
||||
docker_container:
|
||||
name: owntone
|
||||
state: stopped
|
||||
ignore_errors: true
|
||||
|
||||
- name: clean up old config file
|
||||
file:
|
||||
state: absent
|
||||
path: "{{ owntone_path }}/config/owntone.conf"
|
|
@ -17,11 +17,15 @@ server {
|
|||
|
||||
#listen {{ ansible_default_ipv4.address }}:443 ssl;
|
||||
listen 443 ssl;
|
||||
# listen 443 ssl http2;
|
||||
{% if nginx_http2 -%}
|
||||
http2 on;
|
||||
{% else -%}
|
||||
http2 off;
|
||||
{% endif %}
|
||||
# listen {{ owntone_port_tcp }};
|
||||
|
||||
{% if inventory_hostname in wg_clients -%}
|
||||
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2;
|
||||
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl;
|
||||
{% endif -%}
|
||||
|
||||
# include listen-proxy-protocol.conf;
|
||||
|
|
|
@ -1,35 +1,18 @@
|
|||
{# server {
|
||||
# server_name {%- for d in server_names %} {{ d }}{% endfor %};
|
||||
#
|
||||
# {% if inventory_hostname in wg_clients -%}
|
||||
# listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2;
|
||||
# {% endif -%}
|
||||
# listen 443 ssl http2;
|
||||
#
|
||||
# include listen-proxy-protocol.conf;
|
||||
#
|
||||
# # but still include /.well-known/ and /.sudo-known/ urls.
|
||||
# include /etc/nginx/well-known.conf;
|
||||
# include /etc/nginx/sudo-known.conf;
|
||||
#
|
||||
# ssl_certificate /usr/local/etc/certs/www.{{ domain }}/fullchain.pem;
|
||||
# ssl_certificate_key /usr/local/etc/certs/www.{{ domain }}/privkey.pem;
|
||||
#
|
||||
# location / {
|
||||
# return 301 https://www.$http_host$request_uri;
|
||||
# }
|
||||
#
|
||||
# access_log /var/log/nginx/access_{{ domain }}.log main;
|
||||
# error_log /var/log/nginx/error_{{ domain }}.log warn;
|
||||
# } #}
|
||||
# {{ ansible_managed }}
|
||||
|
||||
server {
|
||||
server_name docs.{{ domain }};
|
||||
{% if inventory_hostname in wg_clients -%}
|
||||
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2;
|
||||
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl;
|
||||
{% endif -%}
|
||||
listen 443 ssl http2;
|
||||
|
||||
{% if nginx_http2 -%}
|
||||
#http2 on;
|
||||
{% else -%}
|
||||
#http2 off;
|
||||
{% endif %}
|
||||
|
||||
include listen-proxy-protocol.conf;
|
||||
|
||||
ssl_certificate /usr/local/etc/certs/docs.{{ domain }}/fullchain.pem;
|
||||
|
@ -50,9 +33,15 @@ server {
|
|||
server {
|
||||
server_name {{ domain }} {%- for d in additional_server_names %} {{ d }} www.{{ d }}{% endfor %};
|
||||
{% if inventory_hostname in wg_clients -%}
|
||||
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl http2;
|
||||
listen {{ wg_clients[inventory_hostname].ip }}:443 ssl;
|
||||
{% endif -%}
|
||||
listen 443 ssl http2;
|
||||
listen 443 ssl;
|
||||
|
||||
{% if nginx_http2 -%}
|
||||
#http2 on;
|
||||
{% else -%}
|
||||
#http2 off;
|
||||
{% endif %}
|
||||
|
||||
include listen-proxy-protocol.conf;
|
||||
|
||||
|
@ -243,12 +232,6 @@ server {
|
|||
sub_filter 'href="rain"' 'href="rain/"';
|
||||
sub_filter 'href="/docs/hass/rain"' 'href="/docs/hass/rain/"';
|
||||
sub_filter '/docs/hass/rain' '/docs/hass/rain/';
|
||||
#rewrite ^/docs/(.*)/index\.html$ /docs/$1/ redirect;
|
||||
if ($canonical_url != "") {
|
||||
include conf.d/headers-{{ domain }}.conf;
|
||||
#add_header "Link" '<$canonical_url>; rel="canonical"; rel="preconnect"';
|
||||
add_header "Link" '<$canonical_url>; rel="canonical"' always;
|
||||
}
|
||||
|
||||
# results in redirect loop..?
|
||||
#rewrite ^/docs/index.html /docs/ redirect;
|
||||
|
@ -282,6 +265,7 @@ server {
|
|||
#rewrite ^/docs/esphome/boards/(.*)\.html$ /docs/esphome/boards/$1/ redirect;
|
||||
#rewrite ^/docs/esphome/boards/index(.*)$ /docs/esphome/boards/ redirect;
|
||||
rewrite ^/docs/homeautomation/appletv.html$ /docs/hass/appletv redirect;
|
||||
rewrite ^/docs/homeautomation/rain/index.html /docs/hass/rain/ redirect;
|
||||
rewrite ^/docs/hass/appletv\.html$ /docs/hass/appletv/ redirect;
|
||||
rewrite ^/docs/notes/cmds\.html$ /docs/notes/cmds/ redirect;
|
||||
rewrite ^/docs/glossary/(.*)$ /docs/electronics/glossary/$1 redirect;
|
||||
|
@ -317,13 +301,19 @@ server {
|
|||
rewrite ^/docs/LICENSE(.*)$ /LICENSE.txt redirect;
|
||||
rewrite ^/docs/.*/LICENSE(.*)$ /LICENSE.txt redirect;
|
||||
|
||||
#rewrite ^/docs/(.*)/index\.html$ /docs/$1/ redirect;
|
||||
if ($canonical_url != "") {
|
||||
include conf.d/headers-{{ domain }}.conf;
|
||||
#add_header "Link" '<$canonical_url>; rel="canonical"; rel="preconnect"';
|
||||
add_header "Link" '<$canonical_url>; rel="canonical"' always;
|
||||
}
|
||||
#rewrite ^/docs/LICENSE(.*)$ /LICENSE.txt redirect;
|
||||
#rewrite ^/docs/.*/LICENSE(.*)$ /LICENSE.txt redirect;
|
||||
include conf.d/headers-{{ domain }}.conf;
|
||||
add_header X-Sudo-Section "docs" always;
|
||||
}
|
||||
|
||||
location /cal/ {
|
||||
location /cal/ {
|
||||
include /etc/nginx/require_auth.conf;
|
||||
include /etc/nginx/require_auth_proxy.conf;
|
||||
|
||||
|
@ -343,6 +333,12 @@ server {
|
|||
add_header X-Remote-User $authelia_user always;
|
||||
}
|
||||
|
||||
location /ls54/camera/ {
|
||||
include /etc/nginx/require_auth.conf;
|
||||
proxy_pass_request_headers on;
|
||||
proxy_pass http://{{ ls54_camera_url }}/;
|
||||
}
|
||||
|
||||
location /_media {
|
||||
include conf.d/headers-{{ domain }}.conf;
|
||||
include /etc/nginx/require_auth.conf;
|
||||
|
|
Loading…
Reference in New Issue