From 342e95027410b2b69e3b7469803df7e64f5c7d76 Mon Sep 17 00:00:00 2001
From: Sheppy <sheppy@atlantishq.de>
Date: Sat, 20 Jul 2024 10:24:05 +0000
Subject: [PATCH] feat: add nginx media & cdn from web1

---
 roles/docker-deployments/files/cdn.conf       | 16 +++++++++++
 roles/docker-deployments/files/htpasswd       |  2 ++
 roles/docker-deployments/files/ipcheck.conf   | 19 +++++++++++++
 roles/docker-deployments/files/media.conf     | 28 +++++++++++++++++++
 roles/docker-deployments/tasks/main.yaml      | 27 ++++++++++++++++++
 .../templates/nginx-media-cdn.yaml            | 12 ++++++++
 6 files changed, 104 insertions(+)
 create mode 100644 roles/docker-deployments/files/cdn.conf
 create mode 100644 roles/docker-deployments/files/htpasswd
 create mode 100644 roles/docker-deployments/files/ipcheck.conf
 create mode 100644 roles/docker-deployments/files/media.conf
 create mode 100644 roles/docker-deployments/templates/nginx-media-cdn.yaml

diff --git a/roles/docker-deployments/files/cdn.conf b/roles/docker-deployments/files/cdn.conf
new file mode 100644
index 0000000..8f023d6
--- /dev/null
+++ b/roles/docker-deployments/files/cdn.conf
@@ -0,0 +1,16 @@
+server {
+    autoindex on;
+    autoindex_localtime on;
+
+    listen 5051;
+    root /var/www/cdn/;
+
+    add_header Vary Accept-Encoding;
+    add_header Access-Control-Allow-Origin $http_origin;
+
+    location /videos/{
+        default_type video/mp4;
+        limit_rate 2m;
+        autoindex on;
+    }
+}
diff --git a/roles/docker-deployments/files/htpasswd b/roles/docker-deployments/files/htpasswd
new file mode 100644
index 0000000..eaa76ca
--- /dev/null
+++ b/roles/docker-deployments/files/htpasswd
@@ -0,0 +1,2 @@
+kathi:$y$j9T$HISTORY_PURGED_SECRET
+sheppy:$y$HISTORY_PURGED_SECRET
diff --git a/roles/docker-deployments/files/ipcheck.conf b/roles/docker-deployments/files/ipcheck.conf
new file mode 100644
index 0000000..59e941f
--- /dev/null
+++ b/roles/docker-deployments/files/ipcheck.conf
@@ -0,0 +1,19 @@
+server {
+    listen 5053;
+
+    access_log off;
+    gzip off;
+    default_type text/plain;
+
+    if ($remote_addr ~* 172\.16\.1\.(.+)){
+        return 200 "$remote_addr (This is a local VPN ip, it is NOT your true external ip!)";
+    }
+
+    if ($remote_addr ~* 192\.168\.122\.1){
+        return 200 $http_x_real_ip;
+    }
+
+    location / {
+        return 200 $remote_addr;
+    }
+}
diff --git a/roles/docker-deployments/files/media.conf b/roles/docker-deployments/files/media.conf
new file mode 100644
index 0000000..7f9f41c
--- /dev/null
+++ b/roles/docker-deployments/files/media.conf
@@ -0,0 +1,28 @@
+map $http_x_nginx_cert_auth $basic_auth_val {
+    default "private";
+    true off;
+} 
+
+server {
+
+
+    autoindex on;
+    autoindex_localtime on;
+
+    listen 5052;
+    root /var/www/media;
+
+    add_header Vary Accept-Encoding;
+    add_header Access-Control-Allow-Origin $http_origin;
+
+    location /videos/{
+        default_type video/mp4;
+        limit_rate 2m;
+        autoindex on;
+    }
+
+    location /auth/{
+        auth_basic $basic_auth_val;
+        auth_basic_user_file /etc/nginx/htpasswd_1;
+    }
+}
diff --git a/roles/docker-deployments/tasks/main.yaml b/roles/docker-deployments/tasks/main.yaml
index eb6dc29..760a9bd 100644
--- a/roles/docker-deployments/tasks/main.yaml
+++ b/roles/docker-deployments/tasks/main.yaml
@@ -64,6 +64,7 @@
     - atlantis-web-check
     - ntfy
     - code-server
+    - nginx-media-cdn
 
 - name: Copy AtlantisHub config
   copy:
@@ -116,6 +117,7 @@
     - ferchau-wscad
     - code-server
     - serienampel
+    - nginx-media-cdn
 
 - name: Copy compose templates
   template:
@@ -142,6 +144,30 @@
     - ferchau-wscad
     - code-server
     - serienampel
+    - nginx-media-cdn
+
+- name: create sites-enabled dir
+  file:
+    path: "/opt/nginx-media-cdn/sites-enabled/"
+    state: directory
+
+- name: Deploy nginx-media-cdn config files
+  copy:
+    src: "{{ item }}"
+    dest: "/opt/nginx-media-cdn/sites-enabled/"
+  with_items:
+    - media.conf
+    - cdn.conf
+    - ipcheck.conf
+
+- name: Deploy nginx auth
+  copy:
+    src: "{{ item }}"
+    dest: "/opt/nginx-media-cdn/"
+    owner: 101
+    group: 101
+  with_items:
+    - htpasswd
 
 - name: Log into private registry
   docker_login:
@@ -177,6 +203,7 @@
     #- ferchau-wscad
     - code-server
     - serienampel
+    - nginx-media-cdn
 
 - name: OAuth2Proxy directories
   file:
diff --git a/roles/docker-deployments/templates/nginx-media-cdn.yaml b/roles/docker-deployments/templates/nginx-media-cdn.yaml
new file mode 100644
index 0000000..643c091
--- /dev/null
+++ b/roles/docker-deployments/templates/nginx-media-cdn.yaml
@@ -0,0 +1,12 @@
+services:
+  nginx:
+    image: nginx:latest
+    ports:
+      - "5051:5051"
+      - "5052:5052"
+      - "5053:5053"
+    volumes:
+      - /opt/nginx-media-cdn/sites-enabled:/etc/nginx/conf.d
+      - /opt/nginx-media-cdn/htpasswd:/etc/nginx/htpasswd_1
+      - /data/nginx-media-cdn/cdn:/var/www/cdn
+      - /data/nginx-media-cdn/media:/var/www/media