finallycoffee/matrix-docker-ansible-deploy
finallycoffee/matrix-docker-ansible-deploy
5
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

add suggested change; correct indent

Browse Source
This commit is contained in:
p5t2vspoqqw 2019-04-23 09:44:02 +02:00
parent deeefac84c
commit 7ee6927ca9
3 changed files with 26 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/configuring-playbook-ngnix.md
View File

@ -11,3 +11,11 @@ This will serve a statuspage to the hosting machine only. Useful for monitoring
```yaml ```yaml
matrix_nginx_proxy_nginx_status_enabled: true matrix_nginx_proxy_nginx_status_enabled: true
``` ```
In default ```matrix_nginx_proxy_nginx_status_enabled``` will add the local ip adress. If you wish to listen to other ip-adresses provide a list:
```yaml
matrix_nginx_proxy_nginx_status_allowed_addresses:
- 8.8.8.8
- 1.1.1.1
```

7
roles/matrix-nginx-proxy/defaults/main.yml
View File

@ -1,7 +1,5 @@
matrix_nginx_proxy_enabled: true matrix_nginx_proxy_enabled: true
matrix_nginx_proxy_nginx_status_enabled: false
# We use an official nginx image, which we fix-up to run unprivileged. # We use an official nginx image, which we fix-up to run unprivileged.
# An alternative would be an `nginxinc/nginx-unprivileged` image, but # An alternative would be an `nginxinc/nginx-unprivileged` image, but
# those as more frequently out of date. # those as more frequently out of date.
@ -142,3 +140,8 @@ matrix_ssl_lets_encrypt_support_email: ~
matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl"
matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config"
matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log"
# ngnix status page configurations.
matrix_nginx_proxy_nginx_status_enabled: false
matrix_nginx_proxy_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}']

14
roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2
View File

@ -4,25 +4,27 @@ server {
server_tokens off; server_tokens off;
{% if matrix_nginx_proxy_nginx_status_enabled %} {% if matrix_nginx_proxy_nginx_status_enabled %}
location /nginx_status { location /nginx_status {
stub_status on; stub_status on;
access_log off; access_log off;
allow {{ ansible_default_ipv4.address }}; {% for address in matrix_nginx_proxy_nginx_status_allowed_addresses %}
allow {{ address }};
{% endfor %}
deny all; deny all;
} }
{% endif %} {% endif %}
location /.well-known/acme-challenge { location /.well-known/acme-challenge {
{% if matrix_nginx_proxy_enabled %} {% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #} {# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s; resolver 127.0.0.11 valid=5s;
set $backend "matrix-certbot:8080"; set $backend "matrix-certbot:8080";
proxy_pass http://$backend; proxy_pass http://$backend;
{% else %} {% else %}
{# Generic configuration for use outside of our container setup #} {# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
{% endif %} {% endif %}
} }
location / { location / {