From 4fa3f26d4328d9514d7ad4b0003f57cca10b61f4 Mon Sep 17 00:00:00 2001 From: Matej Focko Date: Mon, 18 Nov 2024 15:35:55 +0100 Subject: [PATCH] fix(thelounge): handle reverse proxy Signed-off-by: Matej Focko --- roles/thelounge/defaults/main.yml | 10 ++++++++++ roles/thelounge/tasks/main.yml | 10 ++++++++++ roles/thelounge/templates/nginx.conf | 18 ++++++++++++++++++ roles/thelounge/templates/thelounge.container | 2 +- 4 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 roles/thelounge/defaults/main.yml create mode 100644 roles/thelounge/templates/nginx.conf diff --git a/roles/thelounge/defaults/main.yml b/roles/thelounge/defaults/main.yml new file mode 100644 index 0000000..4bc7911 --- /dev/null +++ b/roles/thelounge/defaults/main.yml @@ -0,0 +1,10 @@ +--- +# Defines whether TheLounge is deployed behind a reverse proxy +# if so, installs the nginx config file +thelounge_reverse_proxy: true + +# Subdomain to be used for the reverse proxy configuration +thelounge_subdomain: lounge + +# HTTP port that's both exposed by container and used by the reverse proxy +thelounge_http_port: 9000 diff --git a/roles/thelounge/tasks/main.yml b/roles/thelounge/tasks/main.yml index f012f02..2522054 100644 --- a/roles/thelounge/tasks/main.yml +++ b/roles/thelounge/tasks/main.yml @@ -9,6 +9,16 @@ - thelounge.container - thelounge.volume +- name: Install the reverse proxy config + ansible.builtin.template: + src: templates/nginx.conf + dest: "/etc/nginx/conf.d/thelounge.conf" + mode: 0644 + owner: root + group: root + when: thelounge_reverse_proxy + notify: Restart nginx + - name: Enable the TheLounge quadlet ansible.builtin.systemd_service: daemon_reload: true diff --git a/roles/thelounge/templates/nginx.conf b/roles/thelounge/templates/nginx.conf new file mode 100644 index 0000000..3ab742f --- /dev/null +++ b/roles/thelounge/templates/nginx.conf @@ -0,0 +1,18 @@ +# {{ ansible_managed }} + +upstream thelounge { + server 127.0.0.1:{{ thelounge_http_port }}; +} + +server { + listen 443 ssl http2; # managed by Certbot + listen [::]:443 ssl http2; # managed by Certbot + + include ssl.conf; + server_name {{ thelounge_subdomain }}.{{ host_fqdn }}; + + location ~ / { + include proxy.conf; + proxy_pass http://thelounge; + } +} diff --git a/roles/thelounge/templates/thelounge.container b/roles/thelounge/templates/thelounge.container index cf3115e..cef6476 100644 --- a/roles/thelounge/templates/thelounge.container +++ b/roles/thelounge/templates/thelounge.container @@ -7,7 +7,7 @@ Description=The Lounge ContainerName=thelounge Image=ghcr.io/thelounge/thelounge:latest -PublishPort=9000:9000 +PublishPort={{ thelounge_http_port }}:9000 Volume=thelounge-data:/var/opt/thelounge