fix(forgejo): handle reverse proxy

Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
Matej Focko 2024-11-18 15:31:15 +01:00
parent 1f4c009197
commit e0f3fbe22b
Signed by: mfocko
SSH key fingerprint: SHA256:icm0fIOSJUpy5+1x23sfr+hLtF9UhY8VpMC7H4WFJP8
4 changed files with 43 additions and 2 deletions

View file

@ -0,0 +1,13 @@
---
# Defines whether Forgejo is deployed behind a reverse proxy
# if so, installs the nginx config file
forgejo_reverse_proxy: true
# Subdomain to be used for the reverse proxy configuration
forgejo_subdomain: git
# HTTP port that's both exposed by container and used by the reverse proxy
forgejo_http_port: 3000
# SSH port that's exposed from the container
forgejo_ssh_port: 2222

View file

@ -11,6 +11,16 @@
- forgejo.network - forgejo.network
- forgejo.volume - forgejo.volume
- name: Install the reverse proxy config
ansible.builtin.template:
src: templates/nginx.conf
dest: "/etc/nginx/conf.d/forgejo.conf"
mode: 0644
owner: root
group: root
when: forgejo_reverse_proxy
notify: Restart nginx
- name: Enable the Forgejo quadlet - name: Enable the Forgejo quadlet
ansible.builtin.systemd_service: ansible.builtin.systemd_service:
daemon_reload: true daemon_reload: true

View file

@ -15,8 +15,8 @@ Environment=SSH_CREATE_AUTHORIZED_PRINCIPALS_FILES=true
Environment=SSH_AUTHORIZED_PRINCIPALS_ALLOW="username,email" Environment=SSH_AUTHORIZED_PRINCIPALS_ALLOW="username,email"
Network=forgejo.network Network=forgejo.network
PublishPort=2222:22 PublishPort={{ forgejo_ssh_port }}:22
PublishPort=3000:3000 PublishPort={{ forgejo_http_port }}:3000
Volume=forgejo-data:/data Volume=forgejo-data:/data

View file

@ -0,0 +1,18 @@
# {{ ansible_managed }}
upstream forgejo {
server 127.0.0.1:{{ forgejo_http_port }};
}
server {
listen 443 ssl http2; # managed by Certbot
listen [::]:443 ssl http2; # managed by Certbot
include ssl.conf;
server_name {{ forgejo_subdomain }}.{{ host_fqdn }};
location ~ / {
include proxy.conf;
proxy_pass http://forgejo;
}
}