dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity
configpolicy/group_vars
History
Dustin 70909d1b13 websites: Enable PROXY protocol for HTTPS sites 
Since the reverse proxy does TLS pass-through instead of termination,
the original source address is lost.  Since the source address is
important for logging, rate limiting, and access control, we need to use
the HAProxy PROXY protocol to pass it along to the web server.

Since the PROXY protocol works at the TCP layer, _all_ connections must
use it. Fortunately, all of the sites hosted by the public web server
are in fact public and only accessed through HAProxy.  Similarly,
enabling it for one named virtual host enables it for all virtual hosts
on that port.  Thus, we only have to explicitly set it for one site, and
all the rest will use it as well.
 		2025-08-23 22:21:54 -05:00
..
dch-gw Move dch_networks definition to all group 2018-10-13 12:43:35 -05:00
public-web r/mod_md: Configure Apache for ACME certificates 2025-07-23 10:07:16 -05:00
pxe hosts: Migrate remaining hosts to Restic 2024-09-07 20:45:24 -05:00
pyrocufflink all: Set root authorized keys 2025-02-08 15:29:57 -06:00
unifi unifi: Back up with Restic 2025-03-29 09:36:37 -05:00
Fedora.yml r/useproxy: Configure system-wide proxy 2024-08-12 18:47:04 -05:00
Fedora37.yml Fedora37: Set collectd SELinux domain permissive 2022-12-19 10:22:00 -06:00
all.yml fluent-bit: send md alerts to ntfy 2025-08-05 10:28:20 -05:00
aria2.yml aria2: Deploy aria2 download manager 2018-08-19 14:17:48 -05:00
bitwarden_rs.yml r/bitwarden_rs: Redirect to canonical host name 2024-11-05 06:37:03 -06:00
burp-client.yml hosts: Add burp1.p.b 2020-01-25 13:57:04 -06:00
burp-server.yml burp-server: Keep more backups 2023-07-17 16:36:37 -05:00
chrony.yml chrony: Add role/PB for chrony 2025-03-16 16:37:19 -05:00
cm4-k8s-node.yml cm4-k8s-node: Add group 2025-07-27 17:45:46 -05:00
collectd.yml Switch Prometheus/collectd to pull 2021-10-30 16:41:17 -05:00
dch-proxy.yml websites: Enable PROXY protocol for HTTPS sites 2025-08-23 22:21:54 -05:00
dch-vpn.yml dch-vpn: Avoid configuring firewalld 2018-10-13 12:19:25 -05:00
docker-proxy.yml docker-proxy: Deploy a proxy/cache for Docker Hub 2025-07-12 16:45:47 -05:00
file-servers.yml hosts: Migrate remaining hosts to Restic 2024-09-07 20:45:24 -05:00
frigate-prod.yml frigate: Set logout URL 2025-04-21 08:28:49 -05:00
frigate.yml r/frigate-caddy: Deploy Caddy in front of Frigate 2024-08-12 18:47:04 -05:00
gitea.yml hosts: Migrate remaining hosts to Restic 2024-09-07 20:45:24 -05:00
home-assistant.yml home-assistant: Back up Zigbee/ZWave/Mosquitto 2022-12-23 06:56:52 -06:00
jenkins-slave.yml jenkins-slave: Allow Jenkins to connect to Docker 2019-09-19 19:50:35 -05:00
k8s-controller.yml r/k8s-controller: Deploy HAProxy 2025-07-22 16:21:49 -05:00
k8s-iot-net-ctrl.yml k8s-iot-net-ctrl: Add node role taints 2025-07-29 21:44:29 -05:00
k8s-longhorn.yml kubernetes: Manage worker nodes 2024-11-24 10:33:21 -06:00
k8s-node.yml kubernetes: Manage worker nodes 2024-11-24 10:33:21 -06:00
k8s-test.yml Add k8s-test group 2025-07-22 16:21:49 -05:00
koji-hub.yml hosts: Add koji0.pyrocufflink.blue 2018-08-12 10:27:20 -05:00
koji.yml hosts: Add koji0.pyrocufflink.blue 2018-08-12 10:27:20 -05:00
kubelet.yml kubelet: Fix CA cert for Docker Hub proxy 2025-07-16 16:05:19 -05:00
loki.yml r/loki-caddy: Caddy reverse proxy for Loki 2024-11-05 06:54:27 -06:00
minio-backups.yml minio-backups: Disable nginx access logs entirely 2025-07-03 11:15:40 -05:00
needproxy.yml needproxy: Add logs.p.b to NO_PROXY 2025-08-06 10:46:03 -05:00
nextcloud.yml nextcloud: Scrape logs with Promtail 2024-10-13 18:05:50 -05:00
nut-monitor.yml nut-monitor: Require both UPS to be online 2024-01-25 21:22:04 -06:00
postgresql.yml postgresql: Add receipts/user DB 2025-03-16 14:47:30 -05:00
prometheus.yml Switch Prometheus/collectd to pull 2021-10-30 16:41:17 -05:00
pyrocufflink-dhcp.yml pyrocufflink-dhcp: DHCP reservations for VM hosts 2021-02-17 20:33:41 -06:00
radius.yml Move APs to Management network 2018-07-15 09:19:39 -05:00
raspberry-pi.yml raspberry-pi: Add collectd sensors, thermal plugins 2025-07-28 17:50:39 -05:00
remote-blackbox.yml remote-blackbox: Scrape HTTPS for some sites 2025-08-08 11:09:28 -05:00
repohost.yml r/repohost: Configure Yum package repo host 2023-11-07 20:51:10 -06:00
restic.yml restic: Add role+playbook for Restic backups 2024-09-04 09:40:29 -05:00
samba-dc.yml r/samba-cert: Obtain LDAP/TLS cert via ACME 2024-06-12 18:33:24 -05:00
smtp-relay.yml smtp-relay: Rewrite dustin@hatch.name 2024-08-22 16:17:00 -05:00
sudo.yml users: Configure sudo on some machines 2025-01-26 13:08:59 -06:00
taiga.yml taiga: Add playbook for Taiga 2019-09-19 19:51:45 -05:00
unifi-test.yml unifi: Switch from nginx to Caddy 2025-03-16 17:17:00 -05:00
victoria-logs-test.yml r/victoria-logs: Deploy VictoriaLogs 2025-05-30 21:19:05 -05:00
victoria-logs.yml victoria-logs: Listen for Linux netconsole logs 2025-07-27 17:47:31 -05:00
vm-hosts.yml vm-hosts: Update vm_autostart list 2025-07-28 18:12:09 -05:00
wildcard-cert.yml plugins: Add lookup cache plugin 2025-07-13 16:02:57 -05:00
zabbix-server.yml zabbix-server: Allow SMTP relay from any loopback 2019-04-15 10:05:04 -05:00
zabbix.yml hosts: Add hosts to zabbix group 2018-04-14 15:47:49 -05:00