From b3169c0fcfd1c8ac8700d84e58bd835e978691d2 Mon Sep 17 00:00:00 2001 From: Wilfried OLLIVIER Date: Fri, 1 Feb 2019 16:11:31 +0100 Subject: [PATCH] Bootstrap caddy reverse role --- LICENCE | 13 +++++++++++ README.md | 44 ++++++++++++++++++++++++++++++++++++++ defaults/main.yml | 13 +++++++++++ handlers/main.yml | 13 +++++++++++ meta/main.yml | 20 +++++++++++++++++ tasks/main.yml | 16 ++++++++++++++ templates/reverse.caddy.j2 | 25 ++++++++++++++++++++++ tests/inventory | 1 + tests/test.yml | 5 +++++ 9 files changed, 150 insertions(+) create mode 100644 LICENCE create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/main.yml create mode 100644 templates/reverse.caddy.j2 create mode 100644 tests/inventory create mode 100644 tests/test.yml diff --git a/LICENCE b/LICENCE new file mode 100644 index 0000000..5568253 --- /dev/null +++ b/LICENCE @@ -0,0 +1,13 @@ + DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + Version 2, December 2004 + + Copyright (C) 2019 Wilfried OLLIVIER + + Everyone is permitted to copy and distribute verbatim or modified + copies of this license document, and changing it is allowed as long + as the name is changed. + + DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. You just DO WHAT THE FUCK YOU WANT TO. diff --git a/README.md b/README.md new file mode 100644 index 0000000..86b9e31 --- /dev/null +++ b/README.md @@ -0,0 +1,44 @@ +galaxy-caddy.reverse +==================== + +Push a reverse caddy config file + +Requirements +------------ + +Caddy webserver + +Role Variables +-------------- + +- caddy_home: caddy home directory +- caddy_logs: caddy log directory +- caddy_conf: caddy config directory +- caddy_confd: caddy conf.d directory +- caddy_www: /var/www/caddy + +- reverse_location: reverse destination point +- reverse_port: port to redirect to + +- vhost_name: name of the vhost + +Dependencies +------------ + +- galaxy-caddy + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: galaxy-caddy.reverse, vhostname: none, reverse_location: localhost, reverse_port: 4242 } + +Run tests +--------- + +Ensure galaxy-vagrant is up + + ansible-playbook -i tests/inventory tests/test.yml \ No newline at end of file diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..1dcc34f --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,13 @@ +--- +# defaults file for galaxy-caddy.reverse + +caddy_home: /srv/caddy +caddy_logs: /srv/caddy/logs +caddy_conf: /etc/caddy +caddy_confd: /etc/caddy/conf.d +caddy_www: /var/www/caddy + +reverse_location: localhost +reverse_port: 8080 + +vhost_name: default \ No newline at end of file diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..055f40c --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,13 @@ +--- +# handlers file for galaxy-caddy.reverse + +- name: start caddy + service: name=caddy + state=started + enabled=yes + daemon_reload=yes + +- name: restart caddy + service: name=caddy + state=restarted + enabled=yes diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..39c39fb --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,20 @@ +galaxy_info: + author: Wilfried OLLIVIER + description: Push caddy reverse config file + company: none + + license: WTFPL + + min_ansible_version: 2.4 + + platforms: + - name: Debian + versions: + - Stretch + + galaxy_tags: + - webserver + - caddy + - reverse + +dependencies: [] \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..c5d96d4 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,16 @@ +--- +# tasks file for galaxy-caddy.reverse + +- name: Push caddy template file + template: + src: reverse.caddy.j2 + dest: "{{ caddy.confd }}/{{ vhost_name }}.caddy" + owner: caddy + notify: restart caddy + + +- name: Ensure log dir + file: + path: "{{ caddy_logs }}/{{ vhost_name }}" + state: directory + owner: caddy \ No newline at end of file diff --git a/templates/reverse.caddy.j2 b/templates/reverse.caddy.j2 new file mode 100644 index 0000000..81df421 --- /dev/null +++ b/templates/reverse.caddy.j2 @@ -0,0 +1,25 @@ +{{ vhost_url }} { + + header / { + # Enable HTTP Strict Transport Security (HSTS) to force clients to always + # connect via HTTPS (do not use if only testing) + Strict-Transport-Security "max-age=31536000;" + # Enable cross-site filter (XSS) and tell browser to block detected attacks + X-XSS-Protection "1; mode=block" + # Prevent some browsers from MIME-sniffing a response away from the declared Content-Type + X-Content-Type-Options "nosniff" + # Disallow the site to be rendered within a frame (clickjacking protection) + X-Frame-Options "DENY" + } + + proxy / http://{{ reverse_location }}:{{ reverse_port }} { + transparent + } + + log {{ caddy_logs }}/{{ vhost_name }}/access.log { + rotate_size 100 + rotate_age 30 + rotate_keep 10 + } + +} diff --git a/tests/inventory b/tests/inventory new file mode 100644 index 0000000..38d0757 --- /dev/null +++ b/tests/inventory @@ -0,0 +1 @@ +galaxy-vagrant.example.com diff --git a/tests/test.yml b/tests/test.yml new file mode 100644 index 0000000..50617ef --- /dev/null +++ b/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: galaxy-vagrant.example.com + remote_user: root + roles: + - ../galaxy-caddy.reverse \ No newline at end of file