feat: add nginx media & cdn from web1

2025-12-06 14:11:36 +01:00 · 2024-07-20 10:24:05 +00:00
parent 68b48fd211
commit 342e950274
6 changed files with 104 additions and 0 deletions
--- a/roles/docker-deployments/files/cdn.conf
+++ b/roles/docker-deployments/files/cdn.conf
@@ -0,0 +1,16 @@
+server {
+    autoindex on;
+    autoindex_localtime on;
+
+    listen 5051;
+    root /var/www/cdn/;
+
+    add_header Vary Accept-Encoding;
+    add_header Access-Control-Allow-Origin $http_origin;
+
+    location /videos/{
+        default_type video/mp4;
+        limit_rate 2m;
+        autoindex on;
+    }
+}
--- a/roles/docker-deployments/files/htpasswd
+++ b/roles/docker-deployments/files/htpasswd
@@ -0,0 +1,2 @@
+kathi:$y$j9T$HISTORY_PURGED_SECRET
+sheppy:$y$HISTORY_PURGED_SECRET
--- a/roles/docker-deployments/files/ipcheck.conf
+++ b/roles/docker-deployments/files/ipcheck.conf
@@ -0,0 +1,19 @@
+server {
+    listen 5053;
+
+    access_log off;
+    gzip off;
+    default_type text/plain;
+
+    if ($remote_addr ~* 172\.16\.1\.(.+)){
+        return 200 "$remote_addr (This is a local VPN ip, it is NOT your true external ip!)";
+    }
+
+    if ($remote_addr ~* 192\.168\.122\.1){
+        return 200 $http_x_real_ip;
+    }
+
+    location / {
+        return 200 $remote_addr;
+    }
+}
--- a/roles/docker-deployments/files/media.conf
+++ b/roles/docker-deployments/files/media.conf
@@ -0,0 +1,28 @@
+map $http_x_nginx_cert_auth $basic_auth_val {
+    default "private";
+    true off;
+} 
+
+server {
+
+
+    autoindex on;
+    autoindex_localtime on;
+
+    listen 5052;
+    root /var/www/media;
+
+    add_header Vary Accept-Encoding;
+    add_header Access-Control-Allow-Origin $http_origin;
+
+    location /videos/{
+        default_type video/mp4;
+        limit_rate 2m;
+        autoindex on;
+    }
+
+    location /auth/{
+        auth_basic $basic_auth_val;
+        auth_basic_user_file /etc/nginx/htpasswd_1;
+    }
+}
--- a/roles/docker-deployments/tasks/main.yaml
+++ b/roles/docker-deployments/tasks/main.yaml
@@ -64,6 +64,7 @@
    - atlantis-web-check
    - ntfy
    - code-server
+    - nginx-media-cdn

 - name: Copy AtlantisHub config
  copy:
@@ -116,6 +117,7 @@
    - ferchau-wscad
    - code-server
    - serienampel
+    - nginx-media-cdn

 - name: Copy compose templates
  template:
@@ -142,6 +144,30 @@
    - ferchau-wscad
    - code-server
    - serienampel
+    - nginx-media-cdn
+
+- name: create sites-enabled dir
+  file:
+    path: "/opt/nginx-media-cdn/sites-enabled/"
+    state: directory
+
+- name: Deploy nginx-media-cdn config files
+  copy:
+    src: "{{ item }}"
+    dest: "/opt/nginx-media-cdn/sites-enabled/"
+  with_items:
+    - media.conf
+    - cdn.conf
+    - ipcheck.conf
+
+- name: Deploy nginx auth
+  copy:
+    src: "{{ item }}"
+    dest: "/opt/nginx-media-cdn/"
+    owner: 101
+    group: 101
+  with_items:
+    - htpasswd

 - name: Log into private registry
  docker_login:
@@ -177,6 +203,7 @@
    #- ferchau-wscad
    - code-server
    - serienampel
+    - nginx-media-cdn

 - name: OAuth2Proxy directories
  file:
--- a/roles/docker-deployments/templates/nginx-media-cdn.yaml
+++ b/roles/docker-deployments/templates/nginx-media-cdn.yaml
@@ -0,0 +1,12 @@
+services:
+  nginx:
+    image: nginx:latest
+    ports:
+      - "5051:5051"
+      - "5052:5052"
+      - "5053:5053"
+    volumes:
+      - /opt/nginx-media-cdn/sites-enabled:/etc/nginx/conf.d
+      - /opt/nginx-media-cdn/htpasswd:/etc/nginx/htpasswd_1
+      - /data/nginx-media-cdn/cdn:/var/www/cdn
+      - /data/nginx-media-cdn/media:/var/www/media