crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

(gitlab] Configure nginx reverse-proxy to manage multiple certificates 

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
certbot_on_virtu
Yohann D'ANELLO 2021-02-18 18:49:44 +01:00
parent 7eae75a470
commit e6c4b70efd
Signed by: _ynerant
GPG Key ID: 3A75C55819C8CF85
2 changed files with 19 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
group_vars/git.yml
View File

@ -10,6 +10,7 @@ glob_gitlab:
port: 389 port: 389
uid: 'uid' uid: 'uid'
bind_dn: 'cn=gitlab,ou=service-users,dc=crans,dc=org' bind_dn: 'cn=gitlab,ou=service-users,dc=crans,dc=org'
bind_password: "{{ vault_gitlab_ldap_password }}"
base: 'cn=Utilisateurs,dc=crans,dc=org' base: 'cn=Utilisateurs,dc=crans,dc=org'
user_filter: '(&(!(shadowExpire=0))(uid=*))' user_filter: '(&(!(shadowExpire=0))(uid=*))'
cas_name: 'cas3' cas_name: 'cas3'
@ -18,22 +19,3 @@ glob_gitlab:
smtp: smtp:
address: "{{ query('ldap', 'ip', 'redisdead', 'adm') | first }}" address: "{{ query('ldap', 'ip', 'redisdead', 'adm') | first }}"
port: 25 port: 25
glob_nginx:
service_name: gitlab-omnibus-ssl-nginx
servers:
- server_name:
- "gitlab.crans.org"
root: "/opt/gitlab/embedded/service/gitlab-rails/public"
locations:
- filter: "/"
params:
- "include snippets/options-proxypass.conf"
- "client_max_body_size 0"
- "gzip off"
- "proxy_read_timeout 300"
- "proxy_connect_timeout 300"
- "proxy_pass http://gitlab-workhorse"
upstreams:
- name: gitlab-workhorse
server: "unix:/var/opt/gitlab/gitlab-workhorse/sockets/socket fail_timeout=0"

21
host_vars/gitzly.adm.crans.org.yml
View File

@ -18,6 +18,21 @@ loc_certbot:
certname: adm.crans.org certname: adm.crans.org
domains: "*.adm.crans.org" domains: "*.adm.crans.org"
loc_gitlab: loc_nginx:
ldap: ssl:
bind_password: "{{ vault_gitlab_ldap_password }}" - name: adm.crans.org
cert: /etc/letsencrypt/live/adm.crans.org/fullchain.pem
cert_key: /etc/letsencrypt/live/adm.crans.org/privkey.pem
trusted_cert: /etc/letsencrypt/live/adm.crans.org/chain.pem
- name: crans.org
cert: /etc/letsencrypt/live/crans.org/fullchain.pem
cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem
servers: []
loc_reverseproxy:
reverseproxy_sites:
- {from: gitlab.crans.org, to: "127.0.0.1:8000"}
- {from: gitlab.adm.crans.org, to: "127.0.0.1:8000", ssl: adm.crans.corg}
static_sites: []