uumas/ansible-general
1
0
Fork 0
Code Issues 5 Pull Requests Projects Releases Wiki Activity

vhost: add support for locations, headers, and responds

Browse Source
This commit is contained in:
uumas
2023-03-14 01:59:35 +02:00
parent f3b627e7ee
commit 4f3f9e0fa3
4 changed files with 180 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
roles/vhost/vars/main.yml → roles/vhost/defaults/main.yml
View File

@@ -2,7 +2,13 @@
web_server: caddy
vhost_locations: []
vhost_headers: {}
proxy_target_protocol: http
proxy_target_host: localhost
redirect_type: temporary
redirect_preserve_path: false
respond_content_type: plain

117
roles/vhost/meta/argument_specs.yml
View File

@@ -14,6 +14,7 @@ argument_specs:
choices:
- reverse_proxy
- redirect
- respond
vhost_domains:
type: list
required: true
@@ -26,26 +27,134 @@ argument_specs:
choices:
- caddy
- none
vhost_headers:
description: dict of headers and their values
type: dict
required: false
default: {}
proxy_target_port:
description: Required and only applicable if vhost_type is reverse_proxy
description: Port where to proxy requests to. Only applicable if vhost_type is reverse_proxy
type: int
required: "{{ vhost_type == 'reverse_proxy' }}"
proxy_target_host:
description: Only applicable if vhost_type is reverse_proxy
description: Host where to proxy requests to. Only applicable if vhost_type is reverse_proxy
type: str
required: false
default: localhost
proxy_target_protocol:
description: Only applicable if vhost_type is reverse_proxy
description: Protocol to use for proxy requests. Only applicable if vhost_type is reverse_proxy
type: str
required: false
default: http
choices:
- http
- https
redirect_target:
description: "Required and only applicable if vhost_type is redirect. Example: https://www.domain.tld/location"
description: "Only applicable if vhost_type is redirect. Example: https://www.domain.tld/location"
type: str
required: "{{ vhost_type == 'redirect' }}"
redirect_preserve_path:
description: Whether to keep the original request path
type: bool
required: false
default: false
redirect type:
description: Only applicable if vhost_type is reverse_proxy
type: str
required: false
default: temporary
choices:
- temporary
- permanent
respond_content:
description: Content to respond with. Json content can be set as yaml as long as respond_content_type is set to json
type: str
required: "{{ vhost_type == 'respond' }}"
respond_content_type:
description: Type of the respond content
type: str
required: false
default: plain
choices:
- plain
- json
vhost_locations:
description: List of locations to handle differently from the default for vhost
type: list
required: false
default: []
elements: dict
options:
path:
description: Path to match. Only supports full paths for now.
type: str
required: true
type:
type: str
required: false
default: "{{ vhost_type }}"
choices:
- reverse_proxy
- redirect
- respond
headers:
description: dict of headers and their values
type: dict
required: false
default: "{{ vhost_headers }}"
proxy_target_port:
description: Port where to proxy requests to. Only applicable if type is reverse_proxy.
type: int
required: false
default: "{{ proxy_target_port if vhost_type == 'reverse_proxy' else 0 }}"
proxy_target_host:
description: Host where to proxy requests to. Only applicable if type is reverse_proxy
type: str
required: false
default: "{{ proxy_target_host }}"
proxy_target_protocol:
description: Protocol to use for proxy requests. Only applicable if type is reverse_proxy
type: str
required: false
default: "{{ proxy_target_protocol }}"
choices:
- http
- https
redirect_target:
description: "Only applicable if vhost_type is redirect. Example: https://www.domain.tld/location"
type: str
required: false
default: "{{ redirect_target if vhost_type == 'redirect' else '' }}"
redirect_preserve_path:
description: Whether to keep the original request path
type: bool
required: false
default: "{{ redirect_preserve_path }}"
redirect type:
description: Only applicable if vhost_type is reverse_proxy
type: str
required: false
default: "{{ redirect_type }}"
choices:
- temporary
- permanent
respond_content:
description: Content to respond with. Json content can be set as yaml as long as respond_content_type is set to json
type: str
required: false
default: "{{ respond_content if vhost_type == 'respond' else '' }}"
respond_content_type:
description: Type of the respond content
type: str
required: false
default: "{{ respond_content_type }}"
choices:
- plain
- json

32
roles/vhost/tasks/caddy.yml
View File

@@ -6,18 +6,30 @@
marker: "# {mark} ANSIBLE MANAGED BLOCK {{ vhost_id }}"
block: |
{{ vhost_domains | join(' ') }} {
{% if vhost_type == 'reverse_proxy' %}
reverse_proxy {{ proxy_target_protocol }}://{{ proxy_target_host }}:{{ proxy_target_port }} {
{% if proxy_target_protocol == 'https' and proxy_target_host == 'localhost' %}
transport http {
tls_insecure_skip_verify
{% for location in vhost_locations_all %}
handle {{ location.path }} {
{% for header in location.headers | dict2items %}
header {{ header.key }} `{{ header.value }}`
{% endfor %}
{% if location.type == 'reverse_proxy' %}
reverse_proxy {{ location.proxy_target_protocol }}://{{ location.proxy_target_host }}:{{ location.proxy_target_port }} {
{% if location.proxy_target_protocol == 'https' and location.proxy_target_host == 'localhost' %}
transport http {
tls_insecure_skip_verify
}
{% endif %}
}
{% endif %}
{% elif location.type == 'redirect' %}
redir {{ location.redirect_target }}{{ '{uri}' if location.redirect_preserve_path }} {{ location.redirect_type }}
{% elif location.type == 'respond' %}
{% if location.respond_content_type == 'json' %}
respond `{{ location.respond_content | to_json }}`
{% else %}
respond `{{ location.respond_content }}`
{% endif %}
{% endif %}
}
{% endif %}
{% if vhost_type == 'redirect' %}
redir {{ redirect_target }} {{ redirect_type }}
{% endif %}
{% endfor %}
}
validate: 'caddy validate --config %s --adapter caddyfile'
backup: true

40
roles/vhost/tasks/main.yml
View File

@@ -1,6 +1,44 @@
---
- name: Fail if redirect_target is a relative path and redirect_preserve_path is true
fail:
msg: redirect_target must be an absolute url or absolute path if redirect_preserve_path is true
when:
- redirect_preserve_path
- redirect_target.split('://') | length < 2
- not redirect_target.startswith('/')
- name: "Setup {{ vhost_id }} vhost on {{ web_server }}"
- name: Fail if redirect_tartget ends with / and redirect_preserve_path is true
fail:
msg: redirect_target must not end with / if redirect_preserve_path is true
when:
- redirect_preserve_path
- redirect_target.endswith('/')
- name: Reset vhost_locations_all
set_fact:
vhost_locations_all: []
- name: Set vhost_locations_all reverse proxies
set_fact:
vhost_locations_all: >
{{ vhost_locations_all + [{
'path': item.path,
'type': item.type | default(vhost_type),
'headers': item.headers | default(vhost_headers),
'proxy_target_port': item.proxy_target_port | default(proxy_target_port if vhost_type == 'reverse_proxy' else ''),
'proxy_target_host': item.proxy_target_host | default(proxy_target_host),
'proxy_target_protocol': item.proxy_target_protocol | default(proxy_target_protocol),
'redirect_target': item.redirect_target | default(redirect_target if vhost_type == 'redirect' else ''),
'redirect_preserve_path': item.redirect_preserve_path | default(redirect_preserve_path),
'redirect_type': item.redirect_type | default(redirect_type),
'respond_content': item.respond_content | default(respond_content if vhost_type == 'respond' else ''),
'respond_content_type': item.respond_content_type | default(respond_content_type)
}] }}
loop: "{{ vhost_locations + [{'path': ''}] }}"
- name: "Setup {{ vhost_id + ' vhost on ' + web_server }}"
include_tasks: "{{ web_server }}.yml"
when: web_server != 'none'