add ipv6 to nginx

2024-06-06 20:39:13 -04:00
parent 450ae4afa6
commit 7bfd3331e3
11 changed files with 83 additions and 12 deletions
--- a/nginx/certbot.yaml
+++ b/nginx/certbot.yaml
@@ -1,6 +1,7 @@

 - name: Update certbot certs
-  hosts: yellow
+  hosts: colors
+  serial: 1
  become: true
  become_user: root
  become_method: sudo
@@ -21,3 +22,23 @@
    # Loops over every external.domains sub list
    loop: "{{ http }}"
    when: item.external.expose
+  - name: Create certbot renew service
+    template:
+      src: service/certbot-renew.service
+      dest: /etc/systemd/system/certbot-renew.service
+      owner: root
+      group: root
+      mode: '0644'
+  - name: Create certbot renew timer
+    template:
+      src: service/certbot-renew.timer
+      dest: /etc/systemd/system/certbot-renew.timer
+      owner: root
+      group: root
+      mode: '0644'
+  - name: Reload certbot-renew timer service
+    ansible.builtin.systemd_service:
+      daemon_reload: true
+      enabled: true
+      state: restarted
+      name: certbot-renew.timer
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -65,11 +65,13 @@ stream {
        # The default http ports
 {% for port in defaults.listen_ports %}
        listen {{ ansible_default_ipv4.address }}:{{ port }};
+        listen [{{ ansible_default_ipv6.address }}]:{{ port }};
 {% endfor %}

        # Any unique ports listed in the extra_ports field
 {% for port in unique_ports %}
        listen {{ ansible_default_ipv4.address }}:{{ port }};
+        listen [{{ ansible_default_ipv6.address }}]:{{ port }};
 {% endfor %}

        proxy_pass $map_forward_ip:$upstream_port;
--- a/nginx/nginx.yaml
+++ b/nginx/nginx.yaml
@@ -1,5 +1,5 @@
 - name: Update nginx stream configuration
-  hosts: yellow
+  hosts: colors
  become: true
  become_user: root
  become_method: sudo
--- a/nginx/service/certbot-renew.service
+++ b/nginx/service/certbot-renew.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=Certbot Renewal
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/certbot renew
--- a/nginx/service/certbot-renew.timer
+++ b/nginx/service/certbot-renew.timer
@@ -0,0 +1,9 @@
+[Unit]
+Description=Timer for Certbot Renewal
+
+[Timer]
+OnBootSec=300
+OnUnitActiveSec=1w
+
+[Install]
+WantedBy=multi-user.target
--- a/nginx/stream.d/gitea-ssh.conf
+++ b/nginx/stream.d/gitea-ssh.conf
@@ -3,5 +3,6 @@ server {
    error_log /var/log/nginx/nginx_stream_error.log warn;

    listen {{ ansible_default_ipv4.address }}:2222;
+    listen [{{ ansible_default_ipv6.address }}]:2222;
    proxy_pass 10.1.2.100:2222;
 }
--- a/nginx/stream.d/iperf3.conf
+++ b/nginx/stream.d/iperf3.conf
@@ -4,5 +4,7 @@ server {

    listen {{ ansible_default_ipv4.address }}:5201;
    listen {{ ansible_default_ipv4.address }}:5201 udp;
+    listen [{{ ansible_default_ipv6.address }}]:5201;
+    listen [{{ ansible_default_ipv6.address }}]:5201 udp;
    proxy_pass 127.0.0.1:5201;
 }
--- a/nginx/stream.d/kube.conf
+++ b/nginx/stream.d/kube.conf
@@ -9,5 +9,6 @@ server {
    error_log /var/log/nginx/nginx_stream_error.log warn;

    listen {{ ansible_default_ipv4.address }}:6443;
+    listen [{{ ansible_default_ipv6.address }}]:6443;
    proxy_pass kube_backend;
 }
--- a/nginx/stream.d/minecraft.conf
+++ b/nginx/stream.d/minecraft.conf
@@ -0,0 +1,8 @@
+server {
+    access_log /var/log/nginx/nginx_stream_access.log basic;
+    error_log /var/log/nginx/nginx_stream_error.log warn;
+
+    listen {{ ansible_default_ipv4.address }}:25565-25575;
+    listen [{{ ansible_default_ipv6.address }}]:25565-25575;
+    proxy_pass 10.1.2.100:$server_port;
+}
--- a/nginx/stream.d/unifi-external.conf
+++ b/nginx/stream.d/unifi-external.conf
@@ -1,8 +0,0 @@
-# server {
-#     access_log /var/log/nginx/nginx_stream_access.log basic;
-#     error_log /var/log/nginx/nginx_stream_error.log warn;
-
-#     resolver 1.1.1.1;
-#     listen {{ ansible_default_ipv4.address }}:8082;
-#     proxy_pass {{ ansible_default_ipv4.address }}:8080;
-# }
--- a/nginx/vars.yaml
+++ b/nginx/vars.yaml
@@ -1,5 +1,6 @@
 defaults:
  forward_ip: "10.1.2.101"
+  dns_ip: "10.1.2.102"
  listen_ports:
  - 443
  - 80
@@ -51,6 +52,15 @@ http:
      ip: "10.1.203.197"
      port: 9090
      protocol: https
+  - external:
+      domain: orange
+      expose: false
+      extra_http_ports: []
+      extra_https_ports: []
+    internal:
+      ip: "10.1.200.253"
+      port: 9090
+      protocol: https
  - external:
      domain: node1
      expose: false
@@ -93,12 +103,21 @@ http:
      port: 80
      protocol: http
  - external:
-      domain: pihole
+      domain: pihole-yellow
      expose: false
      extra_http_ports: []
      extra_https_ports: []
    internal:
-      ip: 10.1.203.197
+      ip: "10.1.203.197"
+      port: 8081
+      protocol: http
+  - external:
+      domain: pihole-orange
+      expose: false
+      extra_http_ports: []
+      extra_https_ports: []
+    internal:
+      ip: "10.1.200.253"
      port: 8081
      protocol: http
  - external:
@@ -119,3 +138,13 @@ http:
      ip: 10.1.175.237
      port: 11000
      protocol: http
+  - external:
+      domain: unifi-external
+      expose: true
+      extra_http_ports:
+      - 8080
+      extra_https_ports: []
+    internal:
+      ip: 10.1.241.139
+      port: 8443
+      protocol: https