ansible/plays/reverse-proxy.yml

#!/usr/bin/env ansible-playbook
---
# Deploy reverse proxy
# Frontdaur is the backup of bakdaur (keepalived)
- hosts: bakdaur.adm.crans.org,frontdaur.adm.crans.org
  vars:
    certbot:
      dns_rfc2136_name: certbot_challenge.
      dns_rfc2136_secret: "{{ vault_certbot_dns_secret }}"
      mail: root@crans.org
      certname: crans.org
      domains: "crans.org, *.crans.org, crans.fr, *.crans.fr, crans.eu, *.crans.eu"
    bind:
      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
    nginx:
      ssl:
        cert: /etc/letsencrypt/live/crans.org/fullchain.pem
        cert_key: /etc/letsencrypt/live/crans.org/privkey.pem
        trusted_cert: /etc/letsencrypt/live/crans.org/chain.pem

      redirect_dnames:
        - crans.eu
        - crans.fr

      reverseproxy_sites:
        # Services web Crans
        - {from: lutim.crans.org, to: 10.231.136.69}
        - {from: zero.crans.org, to: 10.231.136.76}
        - {from: pad.crans.org, to: "10.231.136.76:9001"}
        - {from: ethercalc.crans.org, to: "10.231.136.203:8000"}
        - {from: mediadrop.crans.org, to: 10.231.136.106}
        - {from: videos.crans.org, to: 10.231.136.106}
        - {from: video.crans.org, to: 10.231.136.106}
        - {from: roundcube.crans.org, to: 10.231.136.105}
        - {from: phabricator.crans.org, to: 10.231.136.123}
        - {from: trackerusercontent.crans.org, to: 10.231.136.123}
        - {from: cas.crans.org, to: 10.231.136.18}
        - {from: auth.crans.org, to: 10.231.136.18}
        - {from: login.crans.org, to: 10.231.136.18}
        - {from: webmail.crans.org, to: 10.231.136.107}
        - {from: horde.crans.org, to: 10.231.136.107}
        - {from: owncloud.crans.org, to: 10.231.136.26}
        - {from: ftps.crans.org, to: 10.231.136.98}
        - {from: wiki.crans.org, to: 10.231.136.204}
        - {from: calendrier.crans.org, to: 10.231.136.204}
        - {from: www.crans.org, to: 10.231.136.46}
        - {from: doc.crans.org, to: 10.231.136.46}
        - {from: limesurvey.crans.org, to: 10.231.136.253}
        - {from: perso.crans.org, to: 10.231.136.1}
        - {from: webnews.crans.org, to: 10.231.136.63}
        - {from: re2o.crans.org, to: 10.231.136.9}
        - {from: intranet.crans.org, to: 10.231.136.9}
        - {from: autoconfig.crans.org, to: 10.231.136.46}