uumas/ansible-general
1
0
Fork 0
Code Issues 5 Pull Requests Projects Releases Wiki Activity

Compare commits

base: uumas:9a94786becd0ef24d942473009996758a6679ac2
Branches Tags
uumas:master
...
compare: uumas:3331a96cbc81bf037a05ae1d8ebce8e0f9ee2d4f
Branches Tags
uumas:master

2 Commits
9a94786bec ... 3331a96cbc

Author SHA1 Message Date
uumas
3331a96cbc vhost: Support manipulating headers 2024-07-28 00:45:37 +03:00
uumas
1dbb9eac4c Support deleting vhosts 2024-07-28 00:45:20 +03:00
4 changed files with 55 additions and 8 deletions
Expand all files Collapse all files

5
roles/vhost/defaults/main.yml
View File

@@ -1,15 +1,20 @@
--- ---
vhost_state: present
vhost_type: "{{ vhost_state }}"
vhost_domains: []
web_server: caddy web_server: caddy
vhost_locations: [] vhost_locations: []
vhost_headers: {} vhost_headers: {}
vhost_delete_headers: []
vhost_basicauth: false vhost_basicauth: false
vhost_basicauth_users: {} vhost_basicauth_users: {}
proxy_target_protocol: http proxy_target_protocol: http
proxy_target_host: localhost proxy_target_host: localhost
proxy_delete_headers: []
redirect_type: temporary redirect_type: temporary
redirect_preserve_path: false redirect_preserve_path: false

47
roles/vhost/meta/argument_specs.yml
View File

@@ -8,16 +8,25 @@ argument_specs:
description: A unique identifier for this vhost. Not visible to end users. description: A unique identifier for this vhost. Not visible to end users.
type: str type: str
required: true required: true
vhost_state:
description: Whether the vhost should exist or not
type: str
required: false
default: present
choices:
- present
- absent
vhost_type: vhost_type:
type: str type: str
required: true required: "{{ vhost_state == 'present' }}"
choices: choices:
- reverse_proxy - reverse_proxy
- redirect - redirect
- respond - respond
- absent
vhost_domains: vhost_domains:
type: list type: list
required: true required: "{{ vhost_state == 'present' }}"
elements: str elements: str
web_server: web_server:
description: Defines which server software to use for vhost. This role does nothing if set to none description: Defines which server software to use for vhost. This role does nothing if set to none
@@ -28,10 +37,16 @@ argument_specs:
- caddy - caddy
- none - none
vhost_headers: vhost_headers:
description: dict of headers and their values description: Dict of response headers and their values
type: dict type: dict
required: false required: false
default: {} default: {}
vhost_delete_headers:
description: List of reponse headers to delete
type: list
elements: str
required: false
default: []
vhost_basicauth: vhost_basicauth:
description: Whether to require basic auth for the vhost description: Whether to require basic auth for the vhost
@@ -47,7 +62,7 @@ argument_specs:
proxy_target_port: proxy_target_port:
description: Port where to proxy requests to. Only applicable if vhost_type is reverse_proxy description: Port where to proxy requests to. Only applicable if vhost_type is reverse_proxy
type: int type: int
required: "{{ vhost_type == 'reverse_proxy' }}" required: "{{ vhost_state == 'present' and vhost_type == 'reverse_proxy' }}"
proxy_target_host: proxy_target_host:
description: Host where to proxy requests to. Only applicable if vhost_type is reverse_proxy description: Host where to proxy requests to. Only applicable if vhost_type is reverse_proxy
type: str type: str
@@ -61,11 +76,17 @@ argument_specs:
choices: choices:
- http - http
- https - https
proxy_delete_headers:
description: List of headers to delete from proxied requests
type: list
elements: str
required: false
default: []
redirect_target: redirect_target:
description: "Only applicable if vhost_type is redirect. Example: https://www.domain.tld/location" description: "Only applicable if vhost_type is redirect. Example: https://www.domain.tld/location"
type: str type: str
required: "{{ vhost_type == 'redirect' }}" required: "{{ vhost_state == 'present' and vhost_type == 'redirect' }}"
redirect_preserve_path: redirect_preserve_path:
description: Whether to keep the original request path description: Whether to keep the original request path
type: bool type: bool
@@ -83,7 +104,7 @@ argument_specs:
respond_content: respond_content:
description: Content to respond with. Json content can be set as yaml as long as respond_content_type is set to json description: Content to respond with. Json content can be set as yaml as long as respond_content_type is set to json
type: str type: str
required: "{{ vhost_type == 'respond' }}" required: "{{ vhost_state == 'present' and vhost_type == 'respond' }}"
respond_content_type: respond_content_type:
description: Type of the respond content description: Type of the respond content
type: str type: str
@@ -113,10 +134,16 @@ argument_specs:
- redirect - redirect
- respond - respond
headers: headers:
description: dict of headers and their values description: Dict of response headers and their values
type: dict type: dict
required: false required: false
default: "{{ vhost_headers }}" default: "{{ vhost_headers }}"
delete_headers:
description: List of response headers to delete
type: list
elements: str
required: false
default: "{{ vhost_delete_headers }}"
basicauth: basicauth:
description: Whether to require basic auth for the location description: Whether to require basic auth for the location
@@ -146,6 +173,12 @@ argument_specs:
choices: choices:
- http - http
- https - https
proxy_delete_headers:
description: List of request headers to delete from proxied requests
type: list
elements: str
required: false
default: "{{ proxy_delete_headers }}"
redirect_target: redirect_target:
description: "Only applicable if vhost_type is redirect. Example: https://www.domain.tld/location" description: "Only applicable if vhost_type is redirect. Example: https://www.domain.tld/location"

7
roles/vhost/tasks/caddy.yml
View File

@@ -8,6 +8,9 @@
{{ vhost_domains | join(' ') }} { {{ vhost_domains | join(' ') }} {
{% for location in vhost_locations_all %} {% for location in vhost_locations_all %}
handle {{ location.path }} { handle {{ location.path }} {
{% for header in location.delete_headers %}
header -{{ header }}
{% endfor %}
{% for header in location.headers | dict2items %} {% for header in location.headers | dict2items %}
header {{ header.key }} `{{ header.value }}` header {{ header.key }} `{{ header.value }}`
{% endfor %} {% endfor %}
@@ -26,6 +29,9 @@
} }
{% endif %} {% endif %}
} }
{% for header in location.proxy_delete_headers %}
request_header -{{ header }}
{% endfor %}
{% elif location.type == 'redirect' %} {% elif location.type == 'redirect' %}
redir {{ location.redirect_target }}{{ '{uri}' if location.redirect_preserve_path }} {{ location.redirect_type }} redir {{ location.redirect_target }}{{ '{uri}' if location.redirect_preserve_path }} {{ location.redirect_type }}
{% elif location.type == 'respond' %} {% elif location.type == 'respond' %}
@@ -40,4 +46,5 @@
} }
validate: 'caddy validate --config %s --adapter caddyfile' validate: 'caddy validate --config %s --adapter caddyfile'
backup: true backup: true
state: "{{ vhost_state }}"
notify: Reload caddy notify: Reload caddy

4
roles/vhost/tasks/main.yml
View File

@@ -8,7 +8,7 @@
- redirect_target.split('://') | length < 2 - redirect_target.split('://') | length < 2
- not redirect_target.startswith('/') - not redirect_target.startswith('/')
- name: Fail if redirect_tartget ends with / and redirect_preserve_path is true - name: Fail if redirect_target ends with / and redirect_preserve_path is true
ansible.builtin.fail: ansible.builtin.fail:
msg: redirect_target must not end with / if redirect_preserve_path is true msg: redirect_target must not end with / if redirect_preserve_path is true
when: when:
@@ -25,6 +25,7 @@
'path': item.path, 'path': item.path,
'type': item.type | default(vhost_type), 'type': item.type | default(vhost_type),
'headers': item.headers | default(vhost_headers), 'headers': item.headers | default(vhost_headers),
'delete_headers': item.delete_headers | default(vhost_delete_headers),
'basicauth': item.basicauth | default(vhost_basicauth), 'basicauth': item.basicauth | default(vhost_basicauth),
'basicauth_users': item.basicauth_users | default(vhost_basicauth_users), 'basicauth_users': item.basicauth_users | default(vhost_basicauth_users),
@@ -32,6 +33,7 @@
'proxy_target_port': item.proxy_target_port | default(proxy_target_port if vhost_type == 'reverse_proxy' else ''), 'proxy_target_port': item.proxy_target_port | default(proxy_target_port if vhost_type == 'reverse_proxy' else ''),
'proxy_target_host': item.proxy_target_host | default(proxy_target_host), 'proxy_target_host': item.proxy_target_host | default(proxy_target_host),
'proxy_target_protocol': item.proxy_target_protocol | default(proxy_target_protocol), 'proxy_target_protocol': item.proxy_target_protocol | default(proxy_target_protocol),
'proxy_delete_headers': item.proxy_delete_headers | default(proxy_delete_headers),
'redirect_target': item.redirect_target | default(redirect_target if vhost_type == 'redirect' else ''), 'redirect_target': item.redirect_target | default(redirect_target if vhost_type == 'redirect' else ''),
'redirect_preserve_path': item.redirect_preserve_path | default(redirect_preserve_path), 'redirect_preserve_path': item.redirect_preserve_path | default(redirect_preserve_path),