Initial reverseproxy role

14 files changed, 348 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index 4c2957f..0e19a9e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,5 @@ roles/dnsserver/templates/keys.j2
 roles/torrelay/templates/keys.j2
 roles/mtaserver/files/virtual
 roles/mtaserver/files/credentials
+roles/reverseproxy/vars/email.yml
 .jabbersecrets
diff --git a/reverseproxy.yml b/reverseproxy.yml
new file mode 100644
index 0000000..effbb51
--- /dev/null
+++ b/reverseproxy.yml
@@ -0,0 +1,5 @@
+- hosts: reverseproxy
+  remote_user: root
+  any_errors_fatal: true
+  roles:
+    - reverseproxy
diff --git a/roles/reverseproxy/files/caddy-reverse-proxy.service b/roles/reverseproxy/files/caddy-reverse-proxy.service
new file mode 100644
index 0000000..244aad2
--- /dev/null
+++ b/roles/reverseproxy/files/caddy-reverse-proxy.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=Caddy Reverse Proxy web
+After=docker.service
+
+[Service]
+Restart=always
+ExecStart=/usr/bin/docker run -i --dns 208.67.222.222 -p 80:80 -p 443:443 \
+          -v /contener/%p/root/.caddy:/root/.caddy:Z \
+          -v /contener/%p/etc/Caddyfile:/etc/Caddyfile:Z \
+          -v /contener/%p/srv:/srv:Z \
+          docker.io/abiosoft/caddy:latest
+ExecReload=/usr/bin/kill -HUP $MAINPID
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/reverseproxy/files/containercleaning.sh b/roles/reverseproxy/files/containercleaning.sh
new file mode 100644
index 0000000..b81486e
--- /dev/null
+++ b/roles/reverseproxy/files/containercleaning.sh
@@ -0,0 +1,3 @@
+#!/usr/bin/bash
+
+docker rm  $(docker ps -a | awk  '{ print $1 }')
diff --git a/roles/reverseproxy/files/index.html b/roles/reverseproxy/files/index.html
new file mode 100644
index 0000000..1b7ea03
--- /dev/null
+++ b/roles/reverseproxy/files/index.html
@@ -0,0 +1,132 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+	<head>
+		<title>Test Page for the Apache HTTP Server on Fedora</title>
+		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+		<style type="text/css">
+			/*<![CDATA[*/
+			body {
+				background-color: #fff;
+				color: #000;
+				font-size: 0.9em;
+				font-family: sans-serif,helvetica;
+				margin: 0;
+				padding: 0;
+			}
+			:link {
+				color: #c00;
+			}
+			:visited {
+				color: #c00;
+			}
+			a:hover {
+				color: #f50;
+			}
+			h1 {
+				text-align: center;
+				margin: 0;
+				padding: 0.6em 2em 0.4em;
+				background-color: #22437f;
+				color: #fff;
+				font-weight: normal;
+				font-size: 1.75em;
+				border-bottom: 2px solid #000;
+			}
+			h1 strong {
+				font-weight: bold;
+			}
+			h2 {
+				font-size: 1.1em;
+				font-weight: bold;
+			}
+			hr {
+				display: none;
+			}
+			.content {
+				padding: 1em 5em;
+			}
+			.content-columns {
+				/* Setting relative positioning allows for 
+				absolute positioning for sub-classes */
+				position: relative;
+				padding-top: 1em;
+			}
+			.content-column-left {
+				/* Value for IE/Win; will be overwritten for other browsers */
+				width: 47%;
+				padding-right: 3%;
+				float: left;
+				padding-bottom: 2em;
+			}
+			.content-column-left hr {
+				display: none;
+			}
+			.content-column-right {
+				/* Values for IE/Win; will be overwritten for other browsers */
+				width: 47%;
+				padding-left: 3%;
+				float: left;
+				padding-bottom: 2em;
+			}
+			.content-columns>.content-column-left, .content-columns>.content-column-right {
+				/* Non-IE/Win */
+			}
+			img {
+				border: 2px solid #fff;
+				padding: 2px;
+				margin: 2px;
+			}
+			a:hover img {
+				border: 2px solid #f50;
+			}
+			/*]]>*/
+		</style>
+	</head>
+
+	<body>
+		<h1>Fedora <strong>Test Page</strong></h1>
+
+		<div class="content">
+			<div class="content-middle">
+				<p>This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the web server installed at this site is working properly, but has not yet been configured.</p>
+			</div>
+			<hr />
+
+			<div class="content-columns">
+				<div class="content-column-left">
+					<h2>If you are a member of the general public:</h2>
+
+					<p>The fact that you are seeing this page indicates that the website you just visited is either experiencing problems, or is undergoing routine maintenance.</p>
+
+					<p>If you would like to let the administrators of this website know that you've seen this page instead of the page you expected, you should send them e-mail. In general, mail sent to the name "webmaster" and directed to the website's domain should reach the appropriate person.</p>
+
+					<p>For example, if you experienced problems while visiting www.example.com, you should send e-mail to "webmaster@example.com".</p>
+
+					<p>Fedora is a distribution of Linux, a popular computer operating system. It is commonly used by hosting companies because it is free, and includes free web server software. Many times, they do not set up their web server correctly, and it displays this "test page" instead of the expected website.</p>
+
+					<p>Accordingly, please keep these facts in mind:</p>
+					<ul>
+					<li>Neither the Fedora Project or Red Hat has any affiliation with any website or content hosted from this server (unless otherwise explicitly stated).</li>
+					<li>Neither the Fedora Project or Red Hat has "hacked" this webserver, this test page is an included component of Apache's httpd webserver software.</li>
+					</ul>
+
+					<p>For more information about Fedora, please visit the <a href="https://getfedora.org/">Fedora Project website</a>.</p>
+					<hr />
+				</div>
+
+				<div class="content-column-right">
+					<h2>If you are the website administrator:</h2>
+
+					<p>You may now add content to the directory <code>/var/www/html/</code>. Note that until you do so, people visiting your website will see this page, and not your content. To prevent this page from ever being used, follow the instructions in the file <code>/etc/httpd/conf.d/welcome.conf</code>.</p>
+
+					<div class="logos">
+						<p>You are free to use the images below on Apache and Fedora powered HTTP servers. Thanks for using Apache and Fedora!</p>
+
+						<p><a href="https://httpd.apache.org/"><img src="/icons/apache_pb2.gif" alt="[ Powered by Apache ]"/></a> <a href="https://getfedora.org/"><img src="/icons/poweredby.png" alt="[ Powered by Fedora ]" width="88" height="31" /></a></p>
+					</div>
+				</div>
+			</div>
+		</div>
+	</body>
+</html>
diff --git a/roles/reverseproxy/handlers/main.yml b/roles/reverseproxy/handlers/main.yml
new file mode 100644
index 0000000..8db0dde
--- /dev/null
+++ b/roles/reverseproxy/handlers/main.yml
@@ -0,0 +1 @@
+- import_tasks: systemd.yml
diff --git a/roles/reverseproxy/handlers/systemd.yml b/roles/reverseproxy/handlers/systemd.yml
new file mode 100644
index 0000000..d81fdba
--- /dev/null
+++ b/roles/reverseproxy/handlers/systemd.yml
@@ -0,0 +1,2 @@
+- name: reload systemd
+  command: /usr/bin/systemctl --system daemon-reload
diff --git a/roles/reverseproxy/tasks/config.yml b/roles/reverseproxy/tasks/config.yml
new file mode 100644
index 0000000..a6ecfec
--- /dev/null
+++ b/roles/reverseproxy/tasks/config.yml
@@ -0,0 +1,26 @@
+- name: Installation des unités systemd
+  copy:
+    src: caddy-reverse-proxy.service
+    dest: /etc/systemd/system/
+    mode: 0644
+  notify: reload systemd
+
+- name: Installation de la page web statique
+  copy:
+    src: index.html
+    dest: /contener/caddy-reverse-proxy/srv
+    mode: 0644
+
+- name: Installation du script de nettoyage des containers inactifs
+  copy:
+    src: containercleaning.sh
+    dest: /usr/local/bin/containercleaning
+    mode: 0755
+
+- name: Configuration du reverse proxy
+  template:
+    src: Caddyfile.j2
+    dest: /contener/caddy-reverse-proxy/etc/Caddyfile
+    owner: root
+    group: root
+    mode: 0644
diff --git a/roles/reverseproxy/tasks/dirs.yml b/roles/reverseproxy/tasks/dirs.yml
new file mode 100644
index 0000000..39f4789
--- /dev/null
+++ b/roles/reverseproxy/tasks/dirs.yml
@@ -0,0 +1,23 @@
+- name: Création du répertoire racine
+  file:
+    path: /contener/caddy-reverse-proxy
+    state: directory
+    mode: 0700
+
+- name: Création du répertoire etc
+  file:
+    path: /contener/caddy-reverse-proxy/etc
+    state: directory
+    mode: 0755
+
+- name: Création du répertoire root
+  file:
+    path: /contener/caddy-reverse-proxy/root
+    state: directory
+    mode: 0755
+
+- name: Création du répertoire srv
+  file:
+    path: /contener/caddy-reverse-proxy/srv
+    state: directory
+    mode: 0755
diff --git a/roles/reverseproxy/tasks/fw.yml b/roles/reverseproxy/tasks/fw.yml
new file mode 100644
index 0000000..0636c9f
--- /dev/null
+++ b/roles/reverseproxy/tasks/fw.yml
@@ -0,0 +1,10 @@
+- name: Ouverture des ports Firewalld
+  firewalld:
+    service: {{ item }}
+    permanent: yes
+    immediate: yes
+    state: enabled
+  with_items:
+    - http
+    - https
+  when: ansible_distribution == "Fedora"
diff --git a/roles/reverseproxy/tasks/main.yml b/roles/reverseproxy/tasks/main.yml
new file mode 100644
index 0000000..dd880d6
--- /dev/null
+++ b/roles/reverseproxy/tasks/main.yml
@@ -0,0 +1,3 @@
+- import_tasks: dirs.yml
+- import_tasks: config.yml
+- import_tasks: fw.yml
diff --git a/roles/reverseproxy/templates/Caddyfile.j2 b/roles/reverseproxy/templates/Caddyfile.j2
new file mode 100644
index 0000000..86ce98c
--- /dev/null
+++ b/roles/reverseproxy/templates/Caddyfile.j2
@@ -0,0 +1,81 @@
+{% for item in {{ ansible_hostname }}.static %}
+"{{ item }}" {
+    tls "{{ email }}"
+    gzip
+    log "{{ item }}_access.log" {
+            rotate_size 1
+            rotate_keep 10
+    }
+    errors "{{ item }}_error.log" {
+            rotate_size 1
+            rotate_keep 10
+    }
+}
+{% endfor %}
+{% for item in {{ ansible_hostname }}.redir %}
+"{{ item.1 }}" {
+    tls "{{ email }}"
+    gzip
+    log "{{ item.1 }}_access.log" {
+            rotate_size 1
+            rotate_keep 10
+    }
+    errors "{{ item.1 }}_error.log" {
+            rotate_size 1
+            rotate_keep 10
+    }
+    redir https://"{{ item.2 }}"{uri}
+}
+
+{% if outdoor is defined %}
+{% for item in public.static %}
+"{{ item }}" {
+    tls "{{ email }}"
+    gzip
+    log "{{ item }}_access.log" {
+            rotate_size 1
+            rotate_keep 10
+    }
+    errors "{{ item }}_error.log" {
+            rotate_size 1
+            rotate_keep 10
+    }
+}
+{% endfor %}
+
+{% for item in public.redir %}
+"{{ item.1 }}" {
+    tls "{{ email }}"
+    gzip
+    log "{{ item.1 }}_access.log" {
+            rotate_size 1
+            rotate_keep 10
+    }
+    errors "{{ item.1 }}_error.log" {
+            rotate_size 1
+            rotate_keep 10
+    }
+    redir https://"{{ item.2 }}"{uri}
+}
+{% endfor %}
+
+{% for item in public.reverse %}
+"{{ item }}" {
+    tls "{{ email }}"
+    gzip
+    log "{{ item }}_access.log" {
+        rotate_size 1
+        rotate_keep 10
+    }
+    errors "{{ item }}_error.log" {
+        rotate_size 1
+        rotate_keep 10
+    }
+    proxy / https://"{{ backendhost }}":"{{ backendport }}" {
+        transparent
+        insecure_skip_verify
+        max_fails 60
+    }
+}
+{% endfor %}
+{% endif %}
diff --git a/roles/reverseproxy/vars/main.yml b/roles/reverseproxy/vars/main.yml
new file mode 100644
index 0000000..88da4fe
--- /dev/null
+++ b/roles/reverseproxy/vars/main.yml
@@ -0,0 +1,45 @@
+- include_vars: email.yml
+
+backendhost: 82.247.103.117
+backendport: 4433
+
+public:
+  - static:
+    - "{{ ansible_hostname }}.casperlefantom.net"
+    - jaysfoodventure.com
+  - redir:
+    - [ 'www.casperlefantom.net', 'casperlefantom.net' ]
+    - [ 'blog.casperlefantom.net', 'casperlefantom.net' ]
+  - reverse:
+    - casperlefantom.net
+    - search.casperlefantom.net
+    - dl.casperlefantom.net
+    - cirrus.casperlefantom.net
+
+manchester:
+  - static:
+    - admin.casperlefantom.net
+    - nsa.casperlefantom.net
+    - ns1.casperlefantom.net
+    - ntp1.casperlefantom.net
+    - imap.casperlefantom.net
+    - ssl.casperlefantom.net
+    - mail.casperlefantom.net
+    - smtp.casperlefantom.net
+    - voip.casperlefantom.net
+    - jabber.casperlefantom.net
+    - conference.casperlefantom.net
+    - manchester.admin.casperlefantom.net
+  - redir:
+    - [ 'mirror.casperlefantom.net', 'mirror.casperlefantom.net:4433' ]
+    - [ 'nsa.admin.casperlefantom.net', 'nsa.admin.casperlefantom.net:4433' ]
+    - [ 'bt1.admin.casperlefantom.net', 'bt1.admin.casperlefantom.net:4433' ]
+
+sd-129211:
+  - static:
+    - ns4.casperlefantom.net
+    - nsd.casperlefantom.net
+    - ntp4.casperlefantom.net
+  - redir:
+    - [ 'nsd.admin.casperlefantom.net', 'nsd.admin.casperlefantom.net:4433' ]
+    - [ 'bt2.admin.casperlefantom.net', 'bt2.admin.casperlefantom.net:4433' ]
diff --git a/site.yml b/site.yml
index 5d09768..912c584 100644
--- a/site.yml
+++ b/site.yml
@@ -11,5 +11,6 @@
 - import_playbook: dnsserver.yml
 - import_playbook: torrelay.yml
 - import_playbook: bittorrent.yml
+- import_playbook: reverseproxy.yml
 # modules at and jabber not working
 #- import_playbook: update.yml