roles/dch-proxy: Deploy reverse HTTP/HTTPS proxy
The *dch-proxy* role sets up HAProxy to provide a revers proxy for all public-facing web services on the Pyrocufflink network. It uses the TLS Server Name Indication (SNI) extension to determine the proper backend server based on the name requested by the client. For now, only Gitea is configured; the name *git.pyrocufflink.blue* is proxied to *git0.pyrocufflink.blue*. All other names are proxied to Myala.
This commit is contained in:
20
roles/dch-proxy/tasks/main.yml
Normal file
20
roles/dch-proxy/tasks/main.yml
Normal file
@@ -0,0 +1,20 @@
|
||||
- name: ensure main haproxy frontend is configured
|
||||
template:
|
||||
src=frontend-main.haproxy.cfg.j2
|
||||
dest=/etc/haproxy/50-frontend-main.cfg
|
||||
mode=0644
|
||||
notify: reload haproxy
|
||||
|
||||
- name: ensure default haproxy backend is configured
|
||||
template:
|
||||
src=backend-myala.haproxy.cfg.j2
|
||||
dest=/etc/haproxy/70-backend-myala.cfg
|
||||
mode=0644
|
||||
notify: reload haproxy
|
||||
|
||||
- name: ensure gitea haproxy backend is configured
|
||||
template:
|
||||
src=backend-gitea.haproxy.cfg.j2
|
||||
dest=/etc/haproxy/70-backend-gitea.cfg
|
||||
mode=0644
|
||||
notify: reload haproxy
|
||||
Reference in New Issue
Block a user