From 2f669bd3bbefebc925a53448e623d18cac36db8a Mon Sep 17 00:00:00 2001 From: theadam Date: Fri, 15 Nov 2024 16:01:39 +0100 Subject: [PATCH] initial commit --- README.md | 22 ++++++++++++++++++ defaults/main.yml | 26 +++++++++++++++++++++ meta/main.yml | 8 +++++++ tasks/main.yml | 30 +++++++++++++++++++++++++ templates/docker-compose.yml.j2 | 40 +++++++++++++++++++++++++++++++++ 5 files changed, 126 insertions(+) create mode 100644 README.md create mode 100644 defaults/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/main.yml create mode 100644 templates/docker-compose.yml.j2 diff --git a/README.md b/README.md new file mode 100644 index 0000000..f72f745 --- /dev/null +++ b/README.md @@ -0,0 +1,22 @@ +# docker-nginx-proxy-with-nginx-gen + +## Purpose + +This role installs [nginx-proxy](https://github.com/nginx-proxy/nginx-proxy) with [separated nginx container](https://github.com/nginx-proxy/docker-gen#separate-container-install). + +It will not use the automated acme script because it uses webroot. To be more flexible, the suggested role to use is install-acme-sh role, that installs acme.sh on host OS, can use DNS challenges and wildcard certs and is can be easily added to nginx-proxy with hooks. +More advantage of this solution is that it does not matter that if you use only nginx-proxy with certs or use proxy solutions, E.G. Cloudflare. + +## Variables + +Important variables in this role are the following +- nginx_proxy_container_name: Name of the nginx-proxy container. To be more flexible we use docker-compose files (not start only the container) but give an explicit name to this container to avoid the name changes. +- nginx_proxy_base_dir: Base dir of this project on the host OS. +- nginx_proxy_copy_files[]: Array, that need to be filled with dicts. Dicts are passed directly to [ansible.builtin.copy](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html) module if you want to add other files to the project. +> Note: You can do the copy in different step, E.G. if you copy back a backup. Ansible only changes files that requires it. + +See the variables file for more variables. + +## Template + +It uses a docker-compose.yml.j2 template that can be easily replaced. However keep in mind that if you rerun this role Ansible will replace the remote docker-compose.yml file with the version that is here so do not change only on the remote side. \ No newline at end of file diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..ebb59aa --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,26 @@ +--- +nginx_proxy_container_name: "nginx-proxy" +nginx_proxy_base_dir: "/srv/nginx_proxy" +nginx_proxy_network: "nginx_proxy" +nginx_proxy_nginx_env_vars: + TZ: "Europe/Budapest" + ENABLE_HTTP3: false + ENABLE_IPV6: false + +nginx_proxy_nginx_gen_env_vars: + TZ: "Europe/Budapest" + DEFAULT_HOST: "" + +nginx_proxy_ports: + - "80:80" + - "443:443" +nginx_proxy_docker_socket: "/var/run/docker.sock" +nginx_proxy_docker_compose_template: "templates/docker-compose.yml.j2" +nginx_proxy_nginx_tmpl_url: "https://raw.githubusercontent.com/nginx-proxy/nginx-proxy/refs/heads/main/nginx.tmpl" +nginx_proxy_folders: + - "{{ nginx_proxy_base_dir }}" + - "{{ nginx_proxy_base_dir }}/certs" + - "{{ nginx_proxy_base_dir }}/conf.d" + - "{{ nginx_proxy_base_dir }}/html" +nginx_proxy_copy_files: [] +ansible_become: true \ No newline at end of file diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..4a74a22 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,8 @@ +galaxy_info: + author: TheAdam + description: With this role you can install Nginx with Nginx gen. Acme not included because this solution requires to provide SSL certs from external resource, E.G. DNS API. + + + min_ansible_version: 2.1 + + galaxy_tags: ["nginx","nginx-gen","docker"] diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..2acbb65 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: "Create {{ nginx_proxy_base_dir }} and it's contents" + ansible.builtin.file: + path: "{{ item }}" + owner: root + group: root + state: directory + mode: '0644' + loop: "{{ nginx_proxy_folders }}" + +- name: Copy extra files + ansible.builtin.copy: + "{{ item }} " + loop: "{{ nginx_proxy_copy_files }}" + +- name: Copy template + ansible.builtin.template: + src: "{{ nginx_proxy_docker_compose_template }}" + dest: "{{ nginx_proxy_base_dir }}/docker-compose.yml" + mode: '0644' + +- name: Fetch template + ansible.builtin.get_url: + dest: "{{ nginx_proxy_base_dir }}/nginx.tmpl" + url: "{{ nginx_proxy_nginx_tmpl_url }}" + +- name: Start Nginx and generator + community.docker.docker_compose_v2: + project_src: "{{ nginx_proxy_base_dir }}" + state: present \ No newline at end of file diff --git a/templates/docker-compose.yml.j2 b/templates/docker-compose.yml.j2 new file mode 100644 index 0000000..d7df096 --- /dev/null +++ b/templates/docker-compose.yml.j2 @@ -0,0 +1,40 @@ +#jinja2: lstrip_blocks: "True" +services: + nginx-proxy: + image: nginx:latest + container_name: {{ nginx_proxy_container_name }} + ports: + {% for port in nginx_proxy_ports %} + - "{{ port }}" + {% endfor %} + volumes: + - {{ nginx_proxy_base_dir }}/conf.d:/etc/nginx/conf.d + - {{ nginx_proxy_base_dir }}/html:/usr/share/nginx/html + - {{ nginx_proxy_base_dir }}/certs:/etc/nginx/certs:ro + environment: + {% for key, value in nginx_proxy_nginx_env_vars.items() %} + - "{{ key }}={{ value }}" + {% endfor %} + restart: always + + docker-gen: + image: nginxproxy/docker-gen + container_name: {{ nginx_proxy_container_name }}-gen + command: -notify-sighup {{ nginx_proxy_container_name }} -watch -wait 5s:30s /etc/docker-gen/templates/nginx.tmpl /etc/nginx/conf.d/default.conf + volumes_from: + - nginx-proxy + volumes: + - {{ nginx_proxy_base_dir }}/nginx.tmpl:/etc/docker-gen/templates/nginx.tmpl:ro + - {{ nginx_proxy_docker_socket }}:/tmp/docker.sock:ro + labels: + - "com.github.nginx-proxy.docker-gen" + environment: + {% for key, value in nginx_proxy_nginx_gen_env_vars.items() %} + - {{ key }}={{ value }} + {% endfor %} + restart: always + +networks: + default: + name: {{ nginx_proxy_network }} +