Add frontend configuration

Frontend for website
- reverse proxy
- website
- registry

apptabulous/reverseproxy/conf.d/reverse_proxy.conf

@@ -0,0 +1,39 @@
+# Webserver
+server {
+    listen 80;
+    listen [::]:80;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
+
+    server_name apptabulous.co.uk www.apptabulous.co.uk;
+
+    location / {
+        proxy_pass http://rpi4-2:3000;
+    }
+}
+
+# Container registry
+server {
+    listen 80;
+    listen [::]:80;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    ssl_certificate /etc/letsencrypt/live/apptabulous.co.uk/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/apptabulous.co.uk/privkey.pem;
+
+    # disable any limits to avoid HTTP 413 for large image uploads
+    client_max_body_size 0;
+    
+    # required to avoid HTTP 411: see Issue #1486 (https://github.com/docker/docker/issues/1486)
+    chunked_transfer_encoding on;
+
+    server_name hub.apptabulous.co.uk;
+
+    location / {
+        proxy_pass http://rpi4-2:5000;
+    }
+}

frontend.yaml

@@ -0,0 +1,82 @@
+---
+- name: Frontend setup
+  hosts: frontend
+
+  vars:
+    username: matt
+
+    certbot_auto_renew_user: "{{ ansible_user | default(lookup('env', 'USER')) }}"
+    certbot_auto_renew_hour: "3"
+    certbot_auto_renew_minute: "30"
+
+    certbot_create_if_missing: true
+    certbot_admin_email: matthew@thespencers.me.uk
+
+    certbot_certs:
+      - webroot: "/var/www/html"
+        domains:
+          - "apptabulous.co.uk"
+          - "www.apptabulous.co.uk"
+          - "hub.apptabulous.co.uk"
+
+    certbot_repo: https://github.com/certbot/certbot.git
+    certbot_version: master
+    certbot_keep_updated: true
+    certbot_dir: /opt/certbot
+
+    docker_add_repo: true
+    docker_users:
+      - "{{ username }}"
+
+  roles:
+    - role: geerlingguy.git
+      become: true
+    - role: geerlingguy.docker
+      become: true
+    - role: geerlingguy.certbot
+      become: true
+
+  tasks:
+
+  # - name: Install Docker
+  #   ansible.builtin.include_tasks:
+  #     file: tasks/install_docker.yaml
+
+  - name: Copy referse proxy configuration to host
+    become: true
+    ansible.builtin.copy:
+      src: apptabulous/reverseproxy
+      dest: /etc
+
+  - name: Start reverse proxy container
+    community.docker.docker_container:
+      name: reverse_proxy
+      image: nginx:mainline-alpine-slim
+      volumes:
+      - /etc/reverseproxy/conf.d:/etc/nginx/conf.d
+      - /etc/letsencrypt:/etc/letsencrypt
+      ports:
+      - "80:80"
+      - "443:443"
+      state: started
+
+  - name: Start docker registry
+    community.docker.docker_container:
+      name: registry
+      image: registry:2
+      restart_policy: always
+      ports:
+        - "5000:5000"
+      state: started
+
+# NOTE: This will fail on the first run because the container has not been
+#       uploaded to the registry yet
+  - name: Start website
+    community.docker.docker_container:
+      name: website
+      image: hub.apptabulous.co.uk/apptabulous/website
+      restart_policy: always
+      ports:
+        - "3000:3000"
+      state: started
+

inventory

@@ -1,2 +1,5 @@
 [kiosk]
-pi@kiosk64.local
+kiosk@kiosk.localdomain
+
+[frontend]
+rpi4-2.local

requirements.yml

@@ -0,0 +1,9 @@
+---
+collections:
+- community.docker
+
+roles:
+- geerlingguy.certbot
+- geerlingguy.git
+- geerlingguy.nginx
+- geerlingguy.docker