dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity

roles/dch-proxy: Add haproxy config for Bitwarden 

This commit adds an HAProxy backend for Bitwarden, and adds ACL rules to
the frontend to proxy traffic to *bitwarden.pyrocufflink.blue* or
*bitwarden.pyrocufflink.net* to it.
jenkins-master
Dustin 2019-09-19 18:46:59 -05:00
parent c68f9bb6af
commit c676aa2a0b
3 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
roles/dch-proxy/tasks/main.yml
View File

@ -19,6 +19,13 @@
mode=0644 mode=0644
notify: reload haproxy notify: reload haproxy
- name: ensure bitwarden haproxy backend is configured
template:
src=backend-bitwarden.haproxy.cfg.j2
dest=/etc/haproxy/70-backend-bitwarden.cfg
mode=0644
notify: reload haproxy
- name: ensure openvpn haproxy backend is configured - name: ensure openvpn haproxy backend is configured
template: template:
src=backend-openvpn.haproxy.cfg.j2 src=backend-openvpn.haproxy.cfg.j2

7
roles/dch-proxy/templates/backend-bitwarden.haproxy.cfg.j2 Normal file
View File

@ -0,0 +1,7 @@
backend bitwarden
server bitwarden bitwarden.pyrocufflink.blue:80 check
backend bitwarden-tls
mode tcp
server bitwarden bitwarden.pyrocufflink.blue:443 check

4
roles/dch-proxy/templates/frontend-main.haproxy.cfg.j2
View File

@ -5,6 +5,8 @@ frontend main
use_backend gitea if { hdr(host) -i git.pyrocufflink.net } use_backend gitea if { hdr(host) -i git.pyrocufflink.net }
use_backend jenkins if { hdr(host) -i jenkins.pyrocufflink.blue } use_backend jenkins if { hdr(host) -i jenkins.pyrocufflink.blue }
use_backend jenkins if { hdr(host) -i jenkins.pyrocufflink.net } use_backend jenkins if { hdr(host) -i jenkins.pyrocufflink.net }
use_backend bitwarden if { hdr(host) -i bitwarden.pyrocufflink.blue }
use_backend bitwarden if { hdr(host) -i bitwarden.pyrocufflink.net }
default_backend web default_backend web
@ -20,6 +22,8 @@ frontend main-tls
use_backend gitea-tls if { req_ssl_sni -i git.pyrocufflink.net } use_backend gitea-tls if { req_ssl_sni -i git.pyrocufflink.net }
use_backend jenkins-tls if { req_ssl_sni -i jenkins.pyrocufflink.blue } use_backend jenkins-tls if { req_ssl_sni -i jenkins.pyrocufflink.blue }
use_backend jenkins-tls if { req_ssl_sni -i jenkins.pyrocufflink.net } use_backend jenkins-tls if { req_ssl_sni -i jenkins.pyrocufflink.net }
use_backend bitwarden-tls if { req_ssl_sni -i bitwarden.pyrocufflink.blue }
use_backend bitwarden-tls if { req_ssl_sni -i bitwarden.pyrocufflink.net }
use_backend web-tls if { req_ssl_sni -i darkchestofwonders.us } use_backend web-tls if { req_ssl_sni -i darkchestofwonders.us }
use_backend web-tls if { req_ssl_sni -i pyrocufflink.net } use_backend web-tls if { req_ssl_sni -i pyrocufflink.net }
default_backend openvpn default_backend openvpn