Merge branch 'master' into prosshy

roles/proxy/tasks/main.yml

@@ -14,13 +14,13 @@
       vars: # forcing since this role is included statically
         service_name: proxy
 
-    - name: configuration path
-      file: path={{ conf_path }} state=directory
-
-#   TODO leaving unused vhosts bugs proxy    
-    - name: clean vhosts_path
-      file: path={{ vhosts_path }} state=absent
-      when: clean_vhosts is defined
+    - name: configuration paths
+      file: path={{ comun }} state=directory
+      with_items:
+        - "{{ stream_path }}"
+        - "{{ conf_path }}"
+      loop_control:
+        loop_var: comun
 
     - name: virtual hosts path
       file: path={{ vhosts_path }} state=directory
@@ -35,6 +35,7 @@
       with_items:
         - common.conf
         - common_ssl.conf
+        - nginx.conf
       loop_control:
         loop_var: common
 
@@ -62,3 +63,10 @@
           loop_control:
             loop_var: vhost
           when: (service is undefined) or (service is defined and service == vhost.service_name)
+        
+        - name: streams loop
+          include_tasks: stream.yml
+          with_items: "{{ matrix_loop }}"
+          loop_control:
+            loop_var: vhost
+          when: (service is undefined) or (service is defined and service == vhost.service_name)

roles/proxy/tasks/stream.yml

@@ -0,0 +1,9 @@
+- set_fact:
+    vhost_dest: "{{ stream_path }}/{{ vhost.domains[0] }}.conf"
+    
+- name: default stream for ssh
+  template:
+    src: "{{ default_stream }}"
+    dest: "{{ vhost_dest }}"
+  notify:
+    - reload proxy

roles/proxy/templates/nginx.conf

@@ -0,0 +1,36 @@
+user  nginx;
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log notice;
+pid        /var/run/nginx.pid;
+
+
+events {
+    worker_connections  1024;
+}
+
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    include /etc/nginx/conf.d/*.conf;
+}
+
+stream {
+    include /etc/nginx/stream.d/*.conf;
+}
+

roles/proxy/templates/services.yml

@@ -8,11 +8,13 @@
     ports:
       - "80:80"
       - "443:443"
+      - "222:222"
+      - "2222:2222"
     networks:
       - proxy
     volumes:
       - "{{ vhosts_path }}:/etc/nginx/conf.d/"
       - "{{ conf_path }}:/etc/nginx/conf/"
       - "certs_data:{{ nginx_certs_path }}:ro"
-
-
+      - "{{ conf_path }}/nginx.conf:/etc/nginx/nginx.conf:ro"
+      - "{{ stream_path }}:/etc/nginx/stream.d/"

roles/proxy/templates/stream.conf

@@ -0,0 +1,26 @@
+upstream ssh_{{ vhost.nodo | replace(".", "") }} {
+    server {{ vhost.nodo }}:22;
+}
+
+upstream gitea_{{ vhost.nodo | replace(".", "") }} {
+    server {{ vhost.nodo }}:2222;
+}
+
+server {
+    listen 222;
+    
+    server_name {{ vhost.domains | join(' ') }};
+    
+    proxy_pass ssh_{{ vhost.nodo | replace(".", "") }};
+    
+
+}
+
+server {
+    listen 2222;
+    
+    server_name git.{{ vhost.domains[0] }};
+    
+    proxy_pass gitea_{{ vhost.nodo | replace(".", "") }};
+
+}

roles/proxy/vars/main.yml

@@ -3,12 +3,14 @@ domains_default_force_https: no
 
 # nginx
 vhosts_path: "{{ compose_path }}/proxy/vhosts"
+stream_path: "{{ compose_path }}/proxy/stream"
 conf_path: "{{ compose_path }}/proxy/conf"
 nginx_certs_path: /etc/nginx/certs
 
 # defaults
 needs_vhost: no
 default_vhost: roles/proxy/templates/vhost.conf
+default_stream: roles/proxy/templates/stream.conf
 
 # certbot
 webmaster_email: webmaster@numerica.cl