fix(forgejo): handle reverse proxy
Signed-off-by: Matej Focko <me@mfocko.xyz>
This commit is contained in:
parent
1f4c009197
commit
e0f3fbe22b
SSH key fingerprint:
SHA256:icm0fIOSJUpy5+1x23sfr+hLtF9UhY8VpMC7H4WFJP8
4 changed files with 43 additions and 2 deletions
13
roles/forgejo/defaults/main.yml
Normal file
13
roles/forgejo/defaults/main.yml
Normal file
|
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
# Defines whether Forgejo is deployed behind a reverse proxy
|
||||||
|
# if so, installs the nginx config file
|
||||||
|
forgejo_reverse_proxy: true
|
||||||
|
|
||||||
|
# Subdomain to be used for the reverse proxy configuration
|
||||||
|
forgejo_subdomain: git
|
||||||
|
|
||||||
|
# HTTP port that's both exposed by container and used by the reverse proxy
|
||||||
|
forgejo_http_port: 3000
|
||||||
|
|
||||||
|
# SSH port that's exposed from the container
|
||||||
|
forgejo_ssh_port: 2222
|
||||||
|
|
@ -11,6 +11,16 @@
|
||||||
- forgejo.network
|
- forgejo.network
|
||||||
- forgejo.volume
|
- forgejo.volume
|
||||||
|
|
||||||
|
- name: Install the reverse proxy config
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: templates/nginx.conf
|
||||||
|
dest: "/etc/nginx/conf.d/forgejo.conf"
|
||||||
|
mode: 0644
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
when: forgejo_reverse_proxy
|
||||||
|
notify: Restart nginx
|
||||||
|
|
||||||
- name: Enable the Forgejo quadlet
|
- name: Enable the Forgejo quadlet
|
||||||
ansible.builtin.systemd_service:
|
ansible.builtin.systemd_service:
|
||||||
daemon_reload: true
|
daemon_reload: true
|
||||||
|
|
|
||||||
|
|
@ -15,8 +15,8 @@ Environment=SSH_CREATE_AUTHORIZED_PRINCIPALS_FILES=true
|
||||||
Environment=SSH_AUTHORIZED_PRINCIPALS_ALLOW="username,email"
|
Environment=SSH_AUTHORIZED_PRINCIPALS_ALLOW="username,email"
|
||||||
|
|
||||||
Network=forgejo.network
|
Network=forgejo.network
|
||||||
PublishPort=2222:22
|
PublishPort={{ forgejo_ssh_port }}:22
|
||||||
PublishPort=3000:3000
|
PublishPort={{ forgejo_http_port }}:3000
|
||||||
|
|
||||||
Volume=forgejo-data:/data
|
Volume=forgejo-data:/data
|
||||||
|
|
||||||
|
|
|
||||||
18
roles/forgejo/templates/nginx.conf
Normal file
18
roles/forgejo/templates/nginx.conf
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
upstream forgejo {
|
||||||
|
server 127.0.0.1:{{ forgejo_http_port }};
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2; # managed by Certbot
|
||||||
|
listen [::]:443 ssl http2; # managed by Certbot
|
||||||
|
|
||||||
|
include ssl.conf;
|
||||||
|
server_name {{ forgejo_subdomain }}.{{ host_fqdn }};
|
||||||
|
|
||||||
|
location ~ / {
|
||||||
|
include proxy.conf;
|
||||||
|
proxy_pass http://forgejo;
|
||||||
|
}
|
||||||
|
}
|
||||||
Loading…
Reference in a new issue