uumas/ansible-general
1
0
Fork 0
Code Issues 5 Pull Requests Projects Releases Wiki Activity

vhost: support proxying to unix sockets

Browse Source
This commit is contained in:
uumas
2024-07-28 17:45:50 +03:00
parent 1dc6ea7f8e
commit b892da1b89
4 changed files with 76 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
roles/vhost/defaults/main.yaml
View File

@@ -12,6 +12,7 @@ vhost_delete_headers: []
vhost_basicauth: false vhost_basicauth: false
vhost_basicauth_users: {} vhost_basicauth_users: {}
vhost_proxy_target_netproto: tcp
vhost_proxy_target_protocol: http vhost_proxy_target_protocol: http
vhost_proxy_target_host: localhost vhost_proxy_target_host: localhost
vhost_proxy_delete_headers: [] vhost_proxy_delete_headers: []

75
roles/vhost/meta/argument_specs.yaml
View File

@@ -62,23 +62,45 @@ argument_specs:
required: false required: false
default: {} default: {}
vhost_proxy_target_port: vhost_proxy_target_netproto:
description: Port where to proxy requests to. Only applicable if vhost_type is reverse_proxy description:
type: int - Network protocol to use for proxy requests.
required: "{{ vhost_state == 'present' and vhost_type == 'reverse_proxy' }}" - Only applicable if vhost_type is reverse_proxy.
vhost_proxy_target_host:
description: Host where to proxy requests to. Only applicable if vhost_type is reverse_proxy
type: str type: str
required: false required: false
default: localhost default: tcp
choices:
- tcp
- unix
vhost_proxy_target_protocol: vhost_proxy_target_protocol:
description: Protocol to use for proxy requests. Only applicable if vhost_type is reverse_proxy description:
- Transport protocol (scheme) to use for proxy requests.
- Only applicable if vhost_type is reverse_proxy.
type: str type: str
required: false required: false
default: http default: http
choices: choices:
- http - http
- https - https
vhost_proxy_target_host:
description:
- Host where to proxy requests to.
- Only applicable if vhost_type is reverse_proxy and vhost_proxy_target_netproto is tcp.
type: str
required: false
default: localhost
vhost_proxy_target_port:
description:
- Port where to proxy requests to.
- Only applicable if vhost_type is reverse_proxy and vhost_proxy_target_netproto is tcp.
type: int
required: "{{ vhost_state == 'present' and vhost_type == 'reverse_proxy' and vhost_proxy_target_netproto == 'tcp' }}"
vhost_proxy_target_socket:
description:
- Unix socket path to proxy requests to.
- Only applicable if vhost_type is reverse_proxy and vhost_proxy_target_netproto is unix.
type: str
required: "{{ vhost_state == 'present' and vhost_type == 'reverse_proxy' and vhost_proxy_target_netproto == 'unix' }}"
vhost_proxy_delete_headers: vhost_proxy_delete_headers:
description: List of headers to delete from proxied requests description: List of headers to delete from proxied requests
type: list type: list
@@ -158,24 +180,43 @@ argument_specs:
type: dict type: dict
default: "{{ vhost_basicauth_users }}" default: "{{ vhost_basicauth_users }}"
proxy_target_port: proxy_target_netproto:
description: Port where to proxy requests to. Only applicable if type is reverse_proxy. description:
type: int - Network protocol to use for proxy requests.
required: false - Only applicable if type is reverse_proxy.
default: "{{ vhost_proxy_target_port if vhost_type == 'reverse_proxy' else 0 }}"
proxy_target_host:
description: Host where to proxy requests to. Only applicable if type is reverse_proxy
type: str type: str
required: false required: false
default: "{{ vhost_proxy_target_host }}" default: "{{ vhost_proxy_target_netproto }}"
choices:
- tcp
- unix
proxy_target_protocol: proxy_target_protocol:
description: Protocol to use for proxy requests. Only applicable if type is reverse_proxy description:
- Transport protocol (scheme) to use for proxy requests.
- Only applicable if type is reverse_proxy.
type: str type: str
required: false required: false
default: "{{ vhost_proxy_target_protocol }}" default: "{{ vhost_proxy_target_protocol }}"
choices: choices:
- http - http
- https - https
proxy_target_host:
description: Host where to proxy requests to. Only applicable if type is reverse_proxy
type: str
required: false
default: "{{ vhost_proxy_target_host }}"
proxy_target_port:
description: Port where to proxy requests to. Only applicable if type is reverse_proxy.
type: int
required: false
default: "{{ vhost_proxy_target_port if vhost_type == 'reverse_proxy' and vhost_proxy_target_netproto == 'tcp' else 0 }}"
proxy_target_socket:
description:
- Unix socket path to proxy requests to.
- Only applicable if type is reverse_proxy and proxy_target_netproto is unix.
type: str
required: false
default: "{{ vhost_proxy_target_socket if vhost_type == 'reverse_proxy' and vhost_proxy_target_netproto == 'unix' else '' }}"
proxy_delete_headers: proxy_delete_headers:
description: List of request headers to delete from proxied requests description: List of request headers to delete from proxied requests
type: list type: list

12
roles/vhost/tasks/caddy.yaml
View File

@@ -22,10 +22,18 @@
} }
{% endif %} {% endif %}
{% if location.type == 'reverse_proxy' %} {% if location.type == 'reverse_proxy' %}
reverse_proxy {{ location.proxy_target_protocol }}://{{ location.proxy_target_host }}:{{ location.proxy_target_port }} { reverse_proxy {
{% if location.proxy_target_protocol == 'https' and location.proxy_target_host == 'localhost' %} {% if location.proxy_target_netproto == 'tcp' %}
to tcp/{{ location.proxy_target_host }}:{{ location.proxy_target_port }}
{% else %}
to unix/{{ location.proxy_target_socket }}
{% endif %}
{% if location.proxy_target_protocol == 'https' %}
transport http { transport http {
tls
{% if location.proxy_target_host == 'localhost' %}
tls_insecure_skip_verify tls_insecure_skip_verify
{% endif %}
} }
{% endif %} {% endif %}
} }

10
roles/vhost/tasks/main.yaml
View File

@@ -30,9 +30,13 @@
'basicauth': item.basicauth | default(vhost_basicauth), 'basicauth': item.basicauth | default(vhost_basicauth),
'basicauth_users': item.basicauth_users | default(vhost_basicauth_users), 'basicauth_users': item.basicauth_users | default(vhost_basicauth_users),
'proxy_target_port': item.proxy_target_port | default(vhost_proxy_target_port if vhost_type == 'reverse_proxy' else ''), 'proxy_target_netproto': item.proxy_target_netproto | default(vhost_proxy_target_netproto),
'proxy_target_host': item.proxy_target_host | default(vhost_proxy_target_host),
'proxy_target_protocol': item.proxy_target_protocol | default(vhost_proxy_target_protocol), 'proxy_target_protocol': item.proxy_target_protocol | default(vhost_proxy_target_protocol),
'proxy_target_host': item.proxy_target_host | default(vhost_proxy_target_host),
'proxy_target_port': item.proxy_target_port | default(vhost_proxy_target_port if
vhost_type == 'reverse_proxy' and vhost_proxy_target_netproto == 'tcp' else ''),
'proxy_target_socket': item.proxy_target_socket | default(vhost_proxy_target_socket if
vhost_type == 'reverse_proxy' and vhost_proxy_target_netproto == 'unix' else ''),
'proxy_delete_headers': item.proxy_delete_headers | default(vhost_proxy_delete_headers), 'proxy_delete_headers': item.proxy_delete_headers | default(vhost_proxy_delete_headers),
'redirect_target': item.redirect_target | default(vhost_redirect_target if vhost_type == 'redirect' else ''), 'redirect_target': item.redirect_target | default(vhost_redirect_target if vhost_type == 'redirect' else ''),
@@ -45,5 +49,5 @@
loop: "{{ vhost_locations + [{'path': ''}] }}" loop: "{{ vhost_locations + [{'path': ''}] }}"
- name: "Setup {{ vhost_id + ' vhost on ' + vhost_web_server }}" - name: "Setup {{ vhost_id + ' vhost on ' + vhost_web_server }}"
ansible.builtin.include_tasks: "{{ vhost_web_server }}.yml" ansible.builtin.include_tasks: "{{ vhost_web_server }}.yaml"
when: vhost_web_server != 'none' when: vhost_web_server != 'none'