sheppy/no-secrets-athq-ansible
1
0
Fork 0
mirror of https://github.com/FAUSheppy/no-secrets-athq-ansible synced 2025-12-07 22:31:37 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: add nginx media & cdn from web1

Browse Source
This commit is contained in:
Johnathen Sheppard
2024-07-20 10:24:05 +00:00
parent 68b48fd211
commit 342e950274
6 changed files with 104 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
roles/docker-deployments/files/cdn.conf Normal file
View File

@@ -0,0 +1,16 @@
server {
autoindex on;
autoindex_localtime on;
listen 5051;
root /var/www/cdn/;
add_header Vary Accept-Encoding;
add_header Access-Control-Allow-Origin $http_origin;
location /videos/{
default_type video/mp4;
limit_rate 2m;
autoindex on;
}
}

2
roles/docker-deployments/files/htpasswd Normal file
View File

@@ -0,0 +1,2 @@
kathi:$y$j9T$HISTORY_PURGED_SECRET
sheppy:$y$HISTORY_PURGED_SECRET

19
roles/docker-deployments/files/ipcheck.conf Normal file
View File

@@ -0,0 +1,19 @@
server {
listen 5053;
access_log off;
gzip off;
default_type text/plain;
if ($remote_addr ~* 172\.16\.1\.(.+)){
return 200 "$remote_addr (This is a local VPN ip, it is NOT your true external ip!)";
}
if ($remote_addr ~* 192\.168\.122\.1){
return 200 $http_x_real_ip;
}
location / {
return 200 $remote_addr;
}
}

28
roles/docker-deployments/files/media.conf Normal file
View File

@@ -0,0 +1,28 @@
map $http_x_nginx_cert_auth $basic_auth_val {
default "private";
true off;
}
server {
autoindex on;
autoindex_localtime on;
listen 5052;
root /var/www/media;
add_header Vary Accept-Encoding;
add_header Access-Control-Allow-Origin $http_origin;
location /videos/{
default_type video/mp4;
limit_rate 2m;
autoindex on;
}
location /auth/{
auth_basic $basic_auth_val;
auth_basic_user_file /etc/nginx/htpasswd_1;
}
}

27
roles/docker-deployments/tasks/main.yaml
View File

@@ -64,6 +64,7 @@
- atlantis-web-check - atlantis-web-check
- ntfy - ntfy
- code-server - code-server
- nginx-media-cdn
- name: Copy AtlantisHub config - name: Copy AtlantisHub config
copy: copy:
@@ -116,6 +117,7 @@
- ferchau-wscad - ferchau-wscad
- code-server - code-server
- serienampel - serienampel
- nginx-media-cdn
- name: Copy compose templates - name: Copy compose templates
template: template:
@@ -142,6 +144,30 @@
- ferchau-wscad - ferchau-wscad
- code-server - code-server
- serienampel - serienampel
- nginx-media-cdn
- name: create sites-enabled dir
file:
path: "/opt/nginx-media-cdn/sites-enabled/"
state: directory
- name: Deploy nginx-media-cdn config files
copy:
src: "{{ item }}"
dest: "/opt/nginx-media-cdn/sites-enabled/"
with_items:
- media.conf
- cdn.conf
- ipcheck.conf
- name: Deploy nginx auth
copy:
src: "{{ item }}"
dest: "/opt/nginx-media-cdn/"
owner: 101
group: 101
with_items:
- htpasswd
- name: Log into private registry - name: Log into private registry
docker_login: docker_login:
@@ -177,6 +203,7 @@
#- ferchau-wscad #- ferchau-wscad
- code-server - code-server
- serienampel - serienampel
- nginx-media-cdn
- name: OAuth2Proxy directories - name: OAuth2Proxy directories
file: file:

12
roles/docker-deployments/templates/nginx-media-cdn.yaml Normal file
View File

@@ -0,0 +1,12 @@
services:
nginx:
image: nginx:latest
ports:
- "5051:5051"
- "5052:5052"
- "5053:5053"
volumes:
- /opt/nginx-media-cdn/sites-enabled:/etc/nginx/conf.d
- /opt/nginx-media-cdn/htpasswd:/etc/nginx/htpasswd_1
- /data/nginx-media-cdn/cdn:/var/www/cdn
- /data/nginx-media-cdn/media:/var/www/media