From d23badb2a2c233be30ed6206339515e65e1a9159 Mon Sep 17 00:00:00 2001 From: Matt Spencer Date: Sun, 11 Jun 2023 08:37:18 +0100 Subject: [PATCH] Add frontend configuration Frontend for website - reverse proxy - website - registry --- .../reverseproxy/conf.d/reverse_proxy.conf | 39 +++++++++ frontend.yaml | 82 +++++++++++++++++++ inventory | 5 +- requirements.yml | 9 ++ 4 files changed, 134 insertions(+), 1 deletion(-) create mode 100644 apptabulous/reverseproxy/conf.d/reverse_proxy.conf create mode 100644 frontend.yaml create mode 100644 requirements.yml diff --git a/apptabulous/reverseproxy/conf.d/reverse_proxy.conf b/apptabulous/reverseproxy/conf.d/reverse_proxy.conf new file mode 100644 index 0000000..dc9f2b7 --- /dev/null +++ b/apptabulous/reverseproxy/conf.d/reverse_proxy.conf @@ -0,0 +1,39 @@ +# Webserver +server { + listen 80; + listen [::]:80; + listen 443 ssl; + listen [::]:443 ssl; + + ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem; + + server_name apptabulous.co.uk www.apptabulous.co.uk; + + location / { + proxy_pass http://rpi4-2:3000; + } +} + +# Container registry +server { + listen 80; + listen [::]:80; + listen 443 ssl; + listen [::]:443 ssl; + + ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem; + + # disable any limits to avoid HTTP 413 for large image uploads + client_max_body_size 0; + + # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486) + chunked_transfer_encoding on; + + server_name hub.apptabulous.co.uk; + + location / { + proxy_pass http://rpi4-2:5000; + } +} \ No newline at end of file diff --git a/frontend.yaml b/frontend.yaml new file mode 100644 index 0000000..3b62e00 --- /dev/null +++ b/frontend.yaml @@ -0,0 +1,82 @@ +--- +- name: Frontend setup + hosts: frontend + + vars: + username: matt + + certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}" + certbot_auto_renew_hour: "3" + certbot_auto_renew_minute: "30" + + certbot_create_if_missing: true + certbot_admin_email: matthew@thespencers.me.uk + + certbot_certs: + - webroot: "/var/www/html" + domains: + - "apptabulous.co.uk" + - "www.apptabulous.co.uk" + - "hub.apptabulous.co.uk" + + certbot_repo: https://github.com/certbot/certbot.git + certbot_version: master + certbot_keep_updated: true + certbot_dir: /opt/certbot + + docker_add_repo: true + docker_users: + - "{{ username }}" + + roles: + - role: geerlingguy.git + become: true + - role: geerlingguy.docker + become: true + - role: geerlingguy.certbot + become: true + + tasks: + + # - name: Install Docker + # ansible.builtin.include_tasks: + # file: tasks/install_docker.yaml + + - name: Copy referse proxy configuration to host + become: true + ansible.builtin.copy: + src: apptabulous/reverseproxy + dest: /etc + + - name: Start reverse proxy container + community.docker.docker_container: + name: reverse_proxy + image: nginx:mainline-alpine-slim + volumes: + - /etc/reverseproxy/conf.d:/etc/nginx/conf.d + - /etc/letsencrypt:/etc/letsencrypt + ports: + - "80:80" + - "443:443" + state: started + + - name: Start docker registry + community.docker.docker_container: + name: registry + image: registry:2 + restart_policy: always + ports: + - "5000:5000" + state: started + +# NOTE: This will fail on the first run because the container has not been +# uploaded to the registry yet + - name: Start website + community.docker.docker_container: + name: website + image: hub.apptabulous.co.uk/apptabulous/website + restart_policy: always + ports: + - "3000:3000" + state: started + diff --git a/inventory b/inventory index e00389b..49cbfd6 100644 --- a/inventory +++ b/inventory @@ -1,2 +1,5 @@ [kiosk] -pi@kiosk64.local \ No newline at end of file +kiosk@kiosk.localdomain + +[frontend] +rpi4-2.local \ No newline at end of file diff --git a/requirements.yml b/requirements.yml new file mode 100644 index 0000000..a55b1c7 --- /dev/null +++ b/requirements.yml @@ -0,0 +1,9 @@ +--- +collections: +- community.docker + +roles: +- geerlingguy.certbot +- geerlingguy.git +- geerlingguy.nginx +- geerlingguy.docker