services/homelab
1
1
Fork 0
Code Issues 5 Pull Requests Actions Packages Projects Releases Wiki Activity

add ipv6 to nginx

Browse Source
This commit is contained in:
Reese Wells
2024-06-06 20:39:13 -04:00
parent 450ae4afa6
commit 7bfd3331e3
11 changed files with 83 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
nginx/certbot.yaml
View File

@@ -1,6 +1,7 @@
- name: Update certbot certs - name: Update certbot certs
hosts: yellow hosts: colors
serial: 1
become: true become: true
become_user: root become_user: root
become_method: sudo become_method: sudo
@@ -21,3 +22,23 @@
# Loops over every external.domains sub list # Loops over every external.domains sub list
loop: "{{ http }}" loop: "{{ http }}"
when: item.external.expose when: item.external.expose
- name: Create certbot renew service
template:
src: service/certbot-renew.service
dest: /etc/systemd/system/certbot-renew.service
owner: root
group: root
mode: '0644'
- name: Create certbot renew timer
template:
src: service/certbot-renew.timer
dest: /etc/systemd/system/certbot-renew.timer
owner: root
group: root
mode: '0644'
- name: Reload certbot-renew timer service
ansible.builtin.systemd_service:
daemon_reload: true
enabled: true
state: restarted
name: certbot-renew.timer

2
nginx/nginx.conf
View File

@@ -65,11 +65,13 @@ stream {
# The default http ports # The default http ports
{% for port in defaults.listen_ports %} {% for port in defaults.listen_ports %}
listen {{ ansible_default_ipv4.address }}:{{ port }}; listen {{ ansible_default_ipv4.address }}:{{ port }};
listen [{{ ansible_default_ipv6.address }}]:{{ port }};
{% endfor %} {% endfor %}
# Any unique ports listed in the extra_ports field # Any unique ports listed in the extra_ports field
{% for port in unique_ports %} {% for port in unique_ports %}
listen {{ ansible_default_ipv4.address }}:{{ port }}; listen {{ ansible_default_ipv4.address }}:{{ port }};
listen [{{ ansible_default_ipv6.address }}]:{{ port }};
{% endfor %} {% endfor %}
proxy_pass $map_forward_ip:$upstream_port; proxy_pass $map_forward_ip:$upstream_port;

2
nginx/nginx.yaml
View File

@@ -1,5 +1,5 @@
- name: Update nginx stream configuration - name: Update nginx stream configuration
hosts: yellow hosts: colors
become: true become: true
become_user: root become_user: root
become_method: sudo become_method: sudo

6
nginx/service/certbot-renew.service Normal file
View File

@@ -0,0 +1,6 @@
[Unit]
Description=Certbot Renewal
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew

9
nginx/service/certbot-renew.timer Normal file
View File

@@ -0,0 +1,9 @@
[Unit]
Description=Timer for Certbot Renewal
[Timer]
OnBootSec=300
OnUnitActiveSec=1w
[Install]
WantedBy=multi-user.target

1
nginx/stream.d/gitea-ssh.conf
View File

@@ -3,5 +3,6 @@ server {
error_log /var/log/nginx/nginx_stream_error.log warn; error_log /var/log/nginx/nginx_stream_error.log warn;
listen {{ ansible_default_ipv4.address }}:2222; listen {{ ansible_default_ipv4.address }}:2222;
listen [{{ ansible_default_ipv6.address }}]:2222;
proxy_pass 10.1.2.100:2222; proxy_pass 10.1.2.100:2222;
} }

2
nginx/stream.d/iperf3.conf
View File

@@ -4,5 +4,7 @@ server {
listen {{ ansible_default_ipv4.address }}:5201; listen {{ ansible_default_ipv4.address }}:5201;
listen {{ ansible_default_ipv4.address }}:5201 udp; listen {{ ansible_default_ipv4.address }}:5201 udp;
listen [{{ ansible_default_ipv6.address }}]:5201;
listen [{{ ansible_default_ipv6.address }}]:5201 udp;
proxy_pass 127.0.0.1:5201; proxy_pass 127.0.0.1:5201;
} }

1
nginx/stream.d/kube.conf
View File

@@ -9,5 +9,6 @@ server {
error_log /var/log/nginx/nginx_stream_error.log warn; error_log /var/log/nginx/nginx_stream_error.log warn;
listen {{ ansible_default_ipv4.address }}:6443; listen {{ ansible_default_ipv4.address }}:6443;
listen [{{ ansible_default_ipv6.address }}]:6443;
proxy_pass kube_backend; proxy_pass kube_backend;
} }

8
nginx/stream.d/minecraft.conf Normal file
View File

@@ -0,0 +1,8 @@
server {
access_log /var/log/nginx/nginx_stream_access.log basic;
error_log /var/log/nginx/nginx_stream_error.log warn;
listen {{ ansible_default_ipv4.address }}:25565-25575;
listen [{{ ansible_default_ipv6.address }}]:25565-25575;
proxy_pass 10.1.2.100:$server_port;
}

8
nginx/stream.d/unifi-external.conf
View File

@@ -1,8 +0,0 @@
# server {
# access_log /var/log/nginx/nginx_stream_access.log basic;
# error_log /var/log/nginx/nginx_stream_error.log warn;
# resolver 1.1.1.1;
# listen {{ ansible_default_ipv4.address }}:8082;
# proxy_pass {{ ansible_default_ipv4.address }}:8080;
# }

33
nginx/vars.yaml
View File

@@ -1,5 +1,6 @@
defaults: defaults:
forward_ip: "10.1.2.101" forward_ip: "10.1.2.101"
dns_ip: "10.1.2.102"
listen_ports: listen_ports:
- 443 - 443
- 80 - 80
@@ -51,6 +52,15 @@ http:
ip: "10.1.203.197" ip: "10.1.203.197"
port: 9090 port: 9090
protocol: https protocol: https
- external:
domain: orange
expose: false
extra_http_ports: []
extra_https_ports: []
internal:
ip: "10.1.200.253"
port: 9090
protocol: https
- external: - external:
domain: node1 domain: node1
expose: false expose: false
@@ -93,12 +103,21 @@ http:
port: 80 port: 80
protocol: http protocol: http
- external: - external:
domain: pihole domain: pihole-yellow
expose: false expose: false
extra_http_ports: [] extra_http_ports: []
extra_https_ports: [] extra_https_ports: []
internal: internal:
ip: 10.1.203.197 ip: "10.1.203.197"
port: 8081
protocol: http
- external:
domain: pihole-orange
expose: false
extra_http_ports: []
extra_https_ports: []
internal:
ip: "10.1.200.253"
port: 8081 port: 8081
protocol: http protocol: http
- external: - external:
@@ -119,3 +138,13 @@ http:
ip: 10.1.175.237 ip: 10.1.175.237
port: 11000 port: 11000
protocol: http protocol: http
- external:
domain: unifi-external
expose: true
extra_http_ports:
- 8080
extra_https_ports: []
internal:
ip: 10.1.241.139
port: 8443
protocol: https