[nginx/cas] Factorize nginx configuration

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
2021-02-22 19:11:47 +01:00 · 2021-02-22 19:11:47 +01:00 · d6f15d4210
parent 82119c746e
commit d6f15d4210
7 changed files with 30 additions and 61 deletions
--- a/group_vars/django_cas.yml
+++ b/group_vars/django_cas.yml
@ -2,13 +2,6 @@
 glob_django_cas:
  repo: 'http://gitlab.adm.crans.org/nounous/django-cas.git'
  path: '/var/local/django-cas'
-  url:
-    - cas.crans.org
-    - cas.adm.crans.org
-    - login.crans.org
-    - login.adm.crans.org
-    - auth.crans.org
-    - auth.adm.crans.org
  ldap:
    dn: 'cn=Utilisateurs,dc=crans,dc=org'
    password: "{{ vault.cas_ldap_password }}"
@ -18,6 +11,30 @@ glob_django_cas:
    host: tealc.adm.crans.org
    password: "{{ vault.cas_database_password }}"
  secret_key: "{{ vault.cas_secret_key }}"
-  reverse_proxy:
-    - '10.231.136.0/24'
-    - '2a0c:700:0:2::/64'
+
+loc_nginx:
+  service_name: "cas"
+  ssl: []
+  servers:
+    - server_name:
+        - cas.crans.org
+        - cas.adm.crans.org
+        - login.crans.org
+        - login.adm.crans.org
+        - auth.crans.org
+        - auth.adm.crans.org
+      default: true
+      locations:
+        - filter: "/cas"
+          params:
+            - "rewrite ^/cas$ / redirect"
+            - "rewrite ^/cas/(.*)$ /$1 redirect"
+
+        - filter: "/static"
+          params:
+            - "alias /var/local/django-cas/cas/local_static"
+
+        - filter: "/"
+          params:
+            - "uwsgi_pass unix:///var/run/uwsgi/app/cas/socket"
+            - "include uwsgi_params"
--- a/1
+++ b/1
@ -88,6 +88,7 @@ monitoring.adm.crans.org
 charybde.adm.crans.org

 [nginx:children]
+django_cas
 mailman
 reverseproxy
 roundcube
--- a/plays/cas.yml
+++ b/plays/cas.yml
@ -5,5 +5,7 @@
 - hosts: django_cas
  vars:
    django_cas: "{{ glob_django_cas | default({}) | combine(loc_django_cas | default({})) }}"
+    nginx: "{{ glob_nginx | default({}) | combine(loc_nginx | default({})) }}"
  roles:
    - django-cas
+    - nginx
--- a/roles/django-cas/handlers/main.yml
+++ b/roles/django-cas/handlers/main.yml
@ -1,9 +1,4 @@
 ---
- name: Restart nginx
-  service:
-    name: nginx
-    state: restarted
-
 - name: Restart uwsgi
  service:
    name: uwsgi
--- a/roles/django-cas/tasks/main.yml
+++ b/roles/django-cas/tasks/main.yml
@ -3,7 +3,6 @@
  apt:
    update_cache: true
    name:
-      - nginx
      - uwsgi
      - uwsgi-plugin-python3
      - python3-django
@ -30,20 +29,6 @@
    owner: www-data
  notify: Restart uwsgi

- name: Configure NGINX site
-  template:
-    src: nginx/sites-available/cas.j2
-    dest: /etc/nginx/sites-available/cas
-    mode: 0644
-  notify: Restart nginx
-
- name: Enable nginx site
-  file:
-    src: /etc/nginx/sites-available/cas
-    dest: /etc/nginx/sites-enabled/cas
-    state: link
-  notify: Restart nginx
-
 - name: Configure UWSGI app
  template:
    src: uwsgi/apps-available/cas.ini.j2
--- a/roles/django-cas/templates/nginx/sites-available/cas.j2
+++ b/roles/django-cas/templates/nginx/sites-available/cas.j2
@ -1,26 +0,0 @@
-{{ ansible_header | comment }}
-
-server {
-     server_name {{ django_cas.url | join(' ') }};
-     listen 80;
-     listen [::]:80;
-
-     location /cas {
-         rewrite ^/cas$ / redirect;
-         rewrite ^/cas/(.*)$ /$1 redirect;
-     }
-
-     location /static {
-         alias {{ django_cas.path }}/cas/local_static;
-     }
-
-{% for ip in django_cas.reverse_proxy | default([]) %}
-     set_real_ip_from {{ ip }};
-{% endfor %}
-     real_ip_header P-Real-Ip;
-
-     location / {
-         uwsgi_pass unix:///var/run/uwsgi/app/cas/socket;
-         include uwsgi_params;
-     }
-}
--- a/roles/roundcube/handlers/main.yml
+++ b/roles/roundcube/handlers/main.yml
@ -1,5 +0,0 @@
---
- name: Restart nginx
-  service:
-    name: nginx
-    state: restarted