mfocko/dotfiles
1
0
Fork 0
Code Issues 15 Pull requests Projects Releases Wiki Activity

fix(forgejo): handle reverse proxy

Browse source 
Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
Matej Focko 2024-11-18 15:31:15 +01:00
parent 1f4c009197
commit e0f3fbe22b
Signed by: mfocko
SSH key fingerprint: SHA256:icm0fIOSJUpy5+1x23sfr+hLtF9UhY8VpMC7H4WFJP8
4 changed files with 43 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
roles/forgejo/defaults/main.yml Normal file
View file

@ -0,0 +1,13 @@
---
# Defines whether Forgejo is deployed behind a reverse proxy
# if so, installs the nginx config file
forgejo_reverse_proxy: true
# Subdomain to be used for the reverse proxy configuration
forgejo_subdomain: git
# HTTP port that's both exposed by container and used by the reverse proxy
forgejo_http_port: 3000
# SSH port that's exposed from the container
forgejo_ssh_port: 2222

10
roles/forgejo/tasks/main.yml
View file

@ -11,6 +11,16 @@
- forgejo.network
- forgejo.volume
- name: Install the reverse proxy config
ansible.builtin.template:
src: templates/nginx.conf
dest: "/etc/nginx/conf.d/forgejo.conf"
mode: 0644
owner: root
group: root
when: forgejo_reverse_proxy
notify: Restart nginx
- name: Enable the Forgejo quadlet
ansible.builtin.systemd_service:
daemon_reload: true

4
roles/forgejo/templates/forgejo.container
View file

@ -15,8 +15,8 @@ Environment=SSH_CREATE_AUTHORIZED_PRINCIPALS_FILES=true
Environment=SSH_AUTHORIZED_PRINCIPALS_ALLOW="username,email"
Network=forgejo.network
PublishPort=2222:22
PublishPort=3000:3000
PublishPort={{ forgejo_ssh_port }}:22
PublishPort={{ forgejo_http_port }}:3000
Volume=forgejo-data:/data

18
roles/forgejo/templates/nginx.conf Normal file
View file

@ -0,0 +1,18 @@
# {{ ansible_managed }}
upstream forgejo {
server 127.0.0.1:{{ forgejo_http_port }};
}
server {
listen 443 ssl http2; # managed by Certbot
listen [::]:443 ssl http2; # managed by Certbot
include ssl.conf;
server_name {{ forgejo_subdomain }}.{{ host_fqdn }};
location ~ / {
include proxy.conf;
proxy_pass http://forgejo;
}
}