av/pet-project-server
1
0
Fork 0
Code Pull Requests Activity

Добавлен прокси для Яндекс.Диска

Browse Source
This commit is contained in:
Anton Vakhrushev
2019-07-17 22:39:26 +03:00
parent 7e1cb26f5c
commit 9c46b9510d
6 changed files with 63 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@@ -32,6 +32,7 @@ configure:
$(TAGS_ARGS) \ $(TAGS_ARGS) \
--inventory="$(INVENTORY)" \ --inventory="$(INVENTORY)" \
--extra-vars='ansible_python_interpreter=/usr/bin/python3' \ --extra-vars='ansible_python_interpreter=/usr/bin/python3' \
--ask-vault-pass \
$(PLAYBOOK) $(PLAYBOOK)
configure-apps: configure-apps:
@@ -44,6 +45,7 @@ dry-run:
$(TAGS_ARGS) \ $(TAGS_ARGS) \
--inventory="$(INVENTORY)" \ --inventory="$(INVENTORY)" \
--extra-vars='ansible_python_interpreter=/usr/bin/python3' \ --extra-vars='ansible_python_interpreter=/usr/bin/python3' \
--ask-vault-pass \
--check \ --check \
--diff \ --diff \
$(PLAYBOOK) $(PLAYBOOK)

9
ansible/configuration.yml
View File

@@ -1,5 +1,9 @@
--- ---
- hosts: all - hosts: all
vars:
notes_port: 41080
vars_files:
- vars/vars.yml
tasks: tasks:
@@ -34,6 +38,7 @@
name: antoiner77.caddy name: antoiner77.caddy
vars: vars:
caddy_config: '{{ lookup("template", "templates/Caddyfile.j2") }}' caddy_config: '{{ lookup("template", "templates/Caddyfile.j2") }}'
caddy_update: False
caddy_setcap: True caddy_setcap: True
caddy_systemd_capabilities_enabled: True caddy_systemd_capabilities_enabled: True
caddy_systemd_capabilities: "CAP_NET_BIND_SERVICE" caddy_systemd_capabilities: "CAP_NET_BIND_SERVICE"
@@ -73,12 +78,12 @@
PROJECT_NAME: notes PROJECT_NAME: notes
IMAGE_PREFIX: notes IMAGE_PREFIX: notes
CONTAINER_PREFIX: notes CONTAINER_PREFIX: notes
WEB_SERVER_PORT: 127.0.0.1:41080 WEB_SERVER_PORT: '127.0.0.1:{{ notes_port }}'
DATA_DIR: /home/notes/app/data DATA_DIR: /home/notes/app/data
CACHE_DIR: /home/notes/app/cache CACHE_DIR: /home/notes/app/cache
APP_ENV: prod APP_ENV: prod
SYMFONY_ENV: prod SYMFONY_ENV: prod
SECRET_TOKEN: C56gRpAtBYS3V98A3ZjQZCXzJz9gBVdz SECRET_TOKEN: '{{ notes.secret }}'
DATABASE_HOST: notes-db DATABASE_HOST: notes-db
DATABASE_PORT: 3306 DATABASE_PORT: 3306
DATABASE_NAME: notes DATABASE_NAME: notes

26
ansible/files/av_id_rsa.pub
View File

@@ -1 +1,25 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDxqDV6RWsmTgWmgKGwL0B9NdNH3zdRIo5dZrLK8rRvvOKVUwHxK8V0i0qaxBho/hVTuI2Jk3dt+/3/E7CsK9qxTci0272nIizkJd4nzicTIrT2K7NQQLrvhnNvDx3g2KGLqChcaDrICgHsCv2VTH1Cm64pvE4cqom0xJz/tG7ijqzBzGDybubC4TAItkNDmtp7F4Ia06yzfL2CExBz8zxeTG4oT0sy5e0j/NjxP2MYPrQW5tL60r65VFy9a1x+8dp6IqrZkM3z6oDER0Gzhl0zfB/EAp4KhN06Bs+2UyhaQbi4+owIUVNTP+amFicyZFSu6VAeVr4JWsmrsWaKYVMD av@sol $ANSIBLE_VAULT;1.1;AES256
39343035656562656632323766356561386665373036383564616331333333613765353737663632
3531663835303562393063343231623464663232333532380a663838663938316566616532623065
66336463643862626538366462346231386333366464323131363836326436373563623164336632
6234353437383432380a396136653136616335343936343335633236373363353766666539396334
36613836663831333838633231363731323234323761306630646632616238363662376462333039
32373938343562313064663334383766653161613032623936646361316561666532356465623133
32303663313834663834366363383265653939316336356239313364623366386631626536643439
31333362353961353434333636343336323239363461663937313931616262316330376165393263
63366665396431323034383939633365316134356564656136393032393864393636616234316231
37616336396435626264643232343766616364306264376338313238356261653863336535363237
34653638316161636431653465343536323331656230633332333139386132653433626662343837
35396437633233363637376561303338386432643039626336376366373334613463663465613637
36643734626163623738336435383032353837366532316566613864306430653336616637383262
65646131643533323563393133373964633863636666633338616236386531323064396137376232
37653333666566386563383235356232663338643161313635643661326339333661393135643030
62356662623365376662646166316262353964383936373463393339623961376232653664306439
36336231393434356661316336653033346430386366663138323832613532303265343136373836
64666561616535623732326464643831363866326265343165356330646561653066393764336134
30326436663066633163393163306265383834306634663639336437303965373063323335333537
38643234623061376565636536323563623739313165343464316466363364613963636437363830
33306632313839373132636130326331363538323763326333316165363633336561373030373963
38313135343464303331343866646634393162393361333962356133376163393865373239323763
31303336613937303031343532333036653133363439643864663661373639646566643831313662
35613430333861376565

17
ansible/templates/Caddyfile.j2
View File

@@ -5,7 +5,7 @@ status.vakhrushev.me, :29999 {
} }
tls anwinged@ya.ru tls anwinged@ya.ru
basicauth / anton show-me-the-status basicauth / {{ netdata.login }} {{ netdata.password }}
} }
# Homepage # Homepage
@@ -22,10 +22,21 @@ homepage.vakhrushev.me, vakhrushev.me {
# Notes app # Notes app
notes.vakhrushev.me { notes.vakhrushev.me {
proxy / 127.0.0.1:41080 { proxy / 127.0.0.1:{{ notes_port }} {
transparent transparent
} }
tls anwinged@ya.ru tls anwinged@ya.ru
basicauth / anton show-me-the-notes basicauth / {{ notes.login }} {{ notes.password }}
}
# Yandex Proxy Imager
preview.vakhrushev.me {
proxy /img https://webdav.yandex.ru {
transparent
header_upstream User-Agent "yandex-disk-previewer/1.0"
header_upstream Authorization "Basic {{ (yandex_disk.login ~ ':' ~ yandex_disk.password) | b64encode }}"
}
tls anwinged@ya.ru
} }

38
ansible/templates/vakhrushev.me.conf.j2
View File

@@ -1,38 +0,0 @@
server {
server_name docker.vakhrushev.me;
return 301 https://docker.vakhrushev.me$request_uri;
}
server {
server_name www.docker.vakhrushev.me;
return 301 https://docker.vakhrushev.me$request_uri;
}
server {
listen 443 ssl http2;
server_name docker.vakhrushev.me;
ssl on;
ssl_certificate {{ vars[nginx_ssl_name + "_ssl_certificate"] }};
ssl_certificate_key {{ vars[nginx_ssl_name + "_ssl_key"] }};
ssl_trusted_certificate {{ vars[nginx_ssl_name + "_ssl_certificate"] }};
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_dhparam {{ vars[nginx_ssl_name + "_ssl_dhparam"] }};
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:{{ nginx_proxy_params.port }};
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
}
}

15
ansible/vars/vars.yml Normal file
View File

@@ -0,0 +1,15 @@
$ANSIBLE_VAULT;1.1;AES256
35363437643463396366363661386530363562373533313237383533356662303136386265623638
6365396330653231656162393964343866633865613437340a393261633963353661633864613664
62616131366434666563353437316332306236643032313535343062343464363762373331663061
3132396362326365640a306435646134306165383236383266343138626362656537386636643162
36316630396361383666323262666566616264626166646265346431363730653364653432363561
63326161323736663336373061353434626563316561633336353664316231666130323832623864
39636534336634353734613836616134353531633335386636313537323163313166616533366163
37373130336232376232613036643730326638333130313739643132333231646365313830333762
63393837653463363332326334636662383738393730353438346534663931653063663062373139
62346163346566376664333331336433316530386139623266376665333638666633346261393763
62636464663766346537633161356164373631363834383931336432336162303232663534663136
62373265373464656163353037313935383664343834336231653561633533373063313231386336
65343533343436663264636232653832636164663166373739396435336639303437633364373262
3332643634646535313331306131613166306461313030323862