Add apache2 handling
This commit is contained in:
parent
35a6c6a355
commit
73ec166871
3 changed files with 46 additions and 4 deletions
|
|
@ -1,3 +1,7 @@
|
||||||
## ansible-role-invidious
|
## ansible-role-invidious
|
||||||
|
|
||||||
Work in progress...
|
Work in progress...
|
||||||
|
|
||||||
|
# Requirements
|
||||||
|
|
||||||
|
https://gitlab.com/antoniodelgado/ansible-role-apache_ssl_vhosts
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
---
|
---
|
||||||
invidious_repository: https://github.com/iv-org/invidious.git
|
invidious_repository: https://github.com/iv-org/invidious.git
|
||||||
invidious_folder: /srv/invidious
|
invidious_folder: /srv/invidious
|
||||||
|
invidious_hostname: invidious.example.com
|
||||||
invidious_internal_port: 3000
|
invidious_internal_port: 3000
|
||||||
#handle_ufw will allow access to individious_internal_port from everywhere, use it only if Invidious handles SSL or you don't want to use SSL (what?)
|
#handle_ufw will allow access to individious_internal_port from everywhere, use it only if Invidious handles SSL or you don't want to use SSL (what?)
|
||||||
handle_ufw: false
|
handle_ufw: false
|
||||||
|
|
@ -27,7 +28,7 @@ docker_compose_options:
|
||||||
port: 5432
|
port: 5432
|
||||||
check_tables: true
|
check_tables: true
|
||||||
external_port: 443
|
external_port: 443
|
||||||
domain: invi.susurrando.com
|
domain: {{ invidious_hostname }}
|
||||||
https_only: true
|
https_only: true
|
||||||
statistics_enabled: true
|
statistics_enabled: true
|
||||||
use_quic: true
|
use_quic: true
|
||||||
|
|
@ -67,6 +68,37 @@ docker_compose_options:
|
||||||
POSTGRES_PASSWORD: kemal
|
POSTGRES_PASSWORD: kemal
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
|
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
postgresdata:
|
postgresdata:
|
||||||
|
invidious_vhosts:
|
||||||
|
- vhostname: "{{ invidious_hostname }}"
|
||||||
|
weight: 25
|
||||||
|
web_port: 80
|
||||||
|
ssl_port: 443
|
||||||
|
ssl: yes
|
||||||
|
docroot: "/var/www/{{ invidious_hostname }}"
|
||||||
|
serveradmin: "webmaster@{{ invidious_hostname }}"
|
||||||
|
server_aliases: []
|
||||||
|
root_options:
|
||||||
|
- '+FollowSymlinks'
|
||||||
|
- '+MultiViews'
|
||||||
|
root_custom_code: |
|
||||||
|
<IfModule mod_dav.c>
|
||||||
|
Dav off
|
||||||
|
</IfModule>
|
||||||
|
aliases: []
|
||||||
|
directories: []
|
||||||
|
custom_code: |
|
||||||
|
<IfModule mod_headers.c>
|
||||||
|
Header always set Strict-Transport-Security "max-age=15552001; includeSubDomains"
|
||||||
|
</IfModule>
|
||||||
|
SSLHonorCipherOrder on
|
||||||
|
SSLProxyEngine On
|
||||||
|
ProxyPreserveHost On
|
||||||
|
ProxyRequests off
|
||||||
|
SSLProxyCheckPeerCN on
|
||||||
|
SSLProxyCheckPeerExpire on
|
||||||
|
ProxyPass / http://127.0.0.1:{{ invidious_internal_port }}/ nocanon
|
||||||
|
ProxyPassReverse / http://127.0.0.1:{{ invidious_internal_port }}/
|
||||||
|
AllowEncodedSlashes on
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,12 @@
|
||||||
---
|
---
|
||||||
#- name: Ensure Apache virtual host is configured
|
- name: Add Invidious vhosts to list
|
||||||
# when: handle_apache2_reverse_proxy
|
set_fact:
|
||||||
|
vhosts: "{{ vhosts + invidious_vhosts }}"
|
||||||
|
|
||||||
|
- name: Ensure Apache virtual host is configured
|
||||||
|
ansible.builtin.import_role:
|
||||||
|
name: apache_ssl_vhosts
|
||||||
|
when: handle_apache2_reverse_proxy
|
||||||
|
|
||||||
- name: Ensure Invicious composition is created
|
- name: Ensure Invicious composition is created
|
||||||
template:
|
template:
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue