initial commit

2024-11-15 16:01:39 +01:00 · 2024-11-15 16:01:39 +01:00 · 2f669bd3bb
commit 2f669bd3bb
5 changed files with 126 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,22 @@
+# docker-nginx-proxy-with-nginx-gen
+
+## Purpose
+
+This role installs [nginx-proxy](https://github.com/nginx-proxy/nginx-proxy) with [separated nginx container](https://github.com/nginx-proxy/docker-gen#separate-container-install).
+
+It will not use the automated acme script because it uses webroot. To be more flexible, the suggested role to use is install-acme-sh role, that installs acme.sh on host OS, can use DNS challenges and wildcard certs and is can be easily added to nginx-proxy with hooks.
+More advantage of this solution is that it does not matter that if you use only nginx-proxy with certs or use proxy solutions, E.G. Cloudflare.
+
+## Variables
+
+Important variables in this role are the following
+- nginx_proxy_container_name: Name of the nginx-proxy container. To be more flexible we use docker-compose files (not start only the container) but give an explicit name to this container to avoid the name changes.
+- nginx_proxy_base_dir: Base dir of this project on the host OS.
+- nginx_proxy_copy_files[]: Array, that need to be filled with dicts. Dicts are passed directly to [ansible.builtin.copy](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html) module if you want to add other files to the project.
+> Note: You can do the copy in different step, E.G. if you copy back a backup. Ansible only changes files that requires it.
+
+See the variables file for more variables.
+
+## Template
+
+It uses a docker-compose.yml.j2 template that can be easily replaced. However keep in mind that if you rerun this role Ansible will replace the remote docker-compose.yml file with the version that is here so do not change only on the remote side.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,26 @@
+---
+nginx_proxy_container_name: "nginx-proxy"
+nginx_proxy_base_dir: "/srv/nginx_proxy"
+nginx_proxy_network: "nginx_proxy"
+nginx_proxy_nginx_env_vars:
+  TZ: "Europe/Budapest"
+  ENABLE_HTTP3: false
+  ENABLE_IPV6: false
+
+nginx_proxy_nginx_gen_env_vars:
+  TZ: "Europe/Budapest"
+  DEFAULT_HOST: ""
+
+nginx_proxy_ports:
+  - "80:80"
+  - "443:443"
+nginx_proxy_docker_socket: "/var/run/docker.sock"
+nginx_proxy_docker_compose_template: "templates/docker-compose.yml.j2"
+nginx_proxy_nginx_tmpl_url: "https://raw.githubusercontent.com/nginx-proxy/nginx-proxy/refs/heads/main/nginx.tmpl"
+nginx_proxy_folders:
+  - "{{ nginx_proxy_base_dir   }}"
+  - "{{ nginx_proxy_base_dir   }}/certs"
+  - "{{ nginx_proxy_base_dir   }}/conf.d"
+  - "{{ nginx_proxy_base_dir   }}/html"
+nginx_proxy_copy_files: []
+ansible_become: true
--- a/meta/main.yml
+++ b/meta/main.yml
@ -0,0 +1,8 @@
+galaxy_info:
+  author: TheAdam
+  description: With this role you can install Nginx with Nginx gen. Acme not included because this solution requires to provide SSL certs from external resource, E.G. DNS API.
+  
+
+  min_ansible_version: 2.1
+
+  galaxy_tags: ["nginx","nginx-gen","docker"]
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,30 @@
+---
+- name: "Create {{ nginx_proxy_base_dir }} and it's contents"
+  ansible.builtin.file:
+    path: "{{ item }}"
+    owner: root
+    group: root
+    state: directory
+    mode: '0644'
+  loop: "{{ nginx_proxy_folders }}"
+
+- name: Copy extra files
+  ansible.builtin.copy:
+    "{{ item }} "
+  loop: "{{ nginx_proxy_copy_files }}"
+
+- name: Copy template
+  ansible.builtin.template:
+    src: "{{ nginx_proxy_docker_compose_template }}"
+    dest: "{{ nginx_proxy_base_dir }}/docker-compose.yml"
+    mode: '0644'
+
+- name: Fetch template
+  ansible.builtin.get_url:
+    dest: "{{ nginx_proxy_base_dir }}/nginx.tmpl"
+    url: "{{ nginx_proxy_nginx_tmpl_url }}"
+
+- name: Start Nginx and generator
+  community.docker.docker_compose_v2:
+    project_src: "{{ nginx_proxy_base_dir }}"
+    state: present
--- a/templates/docker-compose.yml.j2
+++ b/templates/docker-compose.yml.j2
@ -0,0 +1,40 @@
+#jinja2: lstrip_blocks: "True"
+services:
+  nginx-proxy:
+    image: nginx:latest
+    container_name: {{ nginx_proxy_container_name }}
+    ports:
+      {% for port in nginx_proxy_ports %}
+      - "{{ port }}"
+      {% endfor %}
+    volumes:
+      - {{ nginx_proxy_base_dir }}/conf.d:/etc/nginx/conf.d
+      - {{ nginx_proxy_base_dir }}/html:/usr/share/nginx/html
+      - {{ nginx_proxy_base_dir }}/certs:/etc/nginx/certs:ro
+    environment:
+      {% for key, value in nginx_proxy_nginx_env_vars.items() %}
+      - "{{ key }}={{ value }}"
+      {% endfor %}
+    restart: always
+
+  docker-gen:
+    image: nginxproxy/docker-gen
+    container_name: {{ nginx_proxy_container_name }}-gen
+    command: -notify-sighup {{ nginx_proxy_container_name }} -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf
+    volumes_from:
+      - nginx-proxy
+    volumes:
+      - {{ nginx_proxy_base_dir }}/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro
+      - {{ nginx_proxy_docker_socket }}:/tmp/docker.sock:ro
+    labels:
+      - "com.github.nginx-proxy.docker-gen"
+    environment:
+      {% for key, value in nginx_proxy_nginx_gen_env_vars.items() %}
+      - {{ key }}={{ value }}
+      {% endfor %}
+    restart: always
+
+networks:
+  default:
+    name: {{ nginx_proxy_network }}
+