vhost: support proxying to unix sockets

2024-07-28 17:45:50 +03:00
parent 1dc6ea7f8e
commit b892da1b89
4 changed files with 76 additions and 22 deletions
--- a/roles/vhost/tasks/caddy.yaml
+++ b/roles/vhost/tasks/caddy.yaml
@@ -22,10 +22,18 @@
          }
          {% endif %}
          {% if location.type == 'reverse_proxy' %}
-          reverse_proxy {{ location.proxy_target_protocol }}://{{ location.proxy_target_host }}:{{ location.proxy_target_port }} {
-            {% if location.proxy_target_protocol == 'https' and location.proxy_target_host == 'localhost' %}
+          reverse_proxy  {
+            {% if location.proxy_target_netproto == 'tcp' %}
+            to tcp/{{ location.proxy_target_host }}:{{ location.proxy_target_port }}
+            {% else %}
+            to unix/{{ location.proxy_target_socket }}
+            {% endif %}
+            {% if location.proxy_target_protocol == 'https' %}
            transport http {
+              tls
+              {% if location.proxy_target_host == 'localhost' %}
              tls_insecure_skip_verify
+              {% endif %}
            }
            {% endif %}
          }
--- a/roles/vhost/tasks/main.yaml
+++ b/roles/vhost/tasks/main.yaml
@@ -30,9 +30,13 @@
      'basicauth': item.basicauth | default(vhost_basicauth),
      'basicauth_users': item.basicauth_users | default(vhost_basicauth_users),

-      'proxy_target_port': item.proxy_target_port | default(vhost_proxy_target_port if vhost_type == 'reverse_proxy' else ''),
-      'proxy_target_host': item.proxy_target_host | default(vhost_proxy_target_host),
+      'proxy_target_netproto': item.proxy_target_netproto | default(vhost_proxy_target_netproto),
      'proxy_target_protocol': item.proxy_target_protocol | default(vhost_proxy_target_protocol),
+      'proxy_target_host': item.proxy_target_host | default(vhost_proxy_target_host),
+      'proxy_target_port': item.proxy_target_port | default(vhost_proxy_target_port if
+        vhost_type == 'reverse_proxy' and vhost_proxy_target_netproto == 'tcp' else ''),
+      'proxy_target_socket': item.proxy_target_socket | default(vhost_proxy_target_socket if
+        vhost_type == 'reverse_proxy' and vhost_proxy_target_netproto == 'unix' else ''),
      'proxy_delete_headers': item.proxy_delete_headers | default(vhost_proxy_delete_headers),

      'redirect_target': item.redirect_target | default(vhost_redirect_target if vhost_type == 'redirect' else ''),
@@ -45,5 +49,5 @@
  loop: "{{ vhost_locations + [{'path': ''}] }}"

 - name: "Setup {{ vhost_id + ' vhost on ' + vhost_web_server }}"
-  ansible.builtin.include_tasks: "{{ vhost_web_server }}.yml"
+  ansible.builtin.include_tasks: "{{ vhost_web_server }}.yaml"
  when: vhost_web_server != 'none'