From 95ff9fb065c8ce48aaa5a162667c24f561b37334 Mon Sep 17 00:00:00 2001
From: norbey <ngyimesi@sch.bme.hu>
Date: Sun, 19 Mar 2023 11:54:28 +0100
Subject: [PATCH] Added webserver config

---
 files/default                 |  6 ++++++
 files/index.html              | 11 ++++++++++
 tasks/letsencrypt.yml         | 39 ++++++++++++++++++++++++++++++++++
 tasks/webserver.yml           | 40 +++++++++++++++++++++++++++++++++++
 templates/proxy-hosts.conf.j2 | 25 ++++++++++++++++++++++
 5 files changed, 121 insertions(+)
 create mode 100644 files/default
 create mode 100644 files/index.html
 create mode 100644 tasks/letsencrypt.yml
 create mode 100644 tasks/webserver.yml
 create mode 100644 templates/proxy-hosts.conf.j2

diff --git a/files/default b/files/default
new file mode 100644
index 0000000..461d0a9
--- /dev/null
+++ b/files/default
@@ -0,0 +1,6 @@
+server {
+    listen 80;
+    listen [::]:80 default_server;
+    server_name _;
+    return 301 https://$host$request_uri;
+}
diff --git a/files/index.html b/files/index.html
new file mode 100644
index 0000000..47c51c3
--- /dev/null
+++ b/files/index.html
@@ -0,0 +1,11 @@
+<html>
+<head>
+    <meta charset="UTF-8">
+    <title>Ooops!</title>
+</head>
+<body>
+    <img src="https://m.blog.hu/st/starwarsesen/image/ep4-nemazokadroidok.jpg" style="display: block; margin-left: auto; margin-right: auto; width: 50%; " />
+    <h2 style="text-align: center" >Nem ezt az oldalt keresed...</h2>
+    <img src="https://http.cat/404"style="display: block; margin-left: auto; margin-right: auto; width: 50%; " />
+</body>
+</html>
\ No newline at end of file
diff --git a/tasks/letsencrypt.yml b/tasks/letsencrypt.yml
new file mode 100644
index 0000000..154b59e
--- /dev/null
+++ b/tasks/letsencrypt.yml
@@ -0,0 +1,39 @@
+- name: Update and upgrade
+  apt:
+    update_cache: yes
+    upgrade: yes
+
+- name: Install certbot
+  apt:
+    name:
+      - certbot
+    state: present
+
+- name: Register certbot
+  shell: |
+    certbot -n register --agree-tos --email ngyimesi@sch.bme.hu
+    touch /etc/letsencrypt/.registered
+  args:
+    creates: /etc/letsencrypt/.registered
+  tags:
+    - nginx
+    - certbot
+
+- name: Setup cronjob for renewal
+  cron:
+    name: certbot-renewal
+    job: "certbot -q renew'"
+    minute: "0"
+    hour: "14"
+  tags:
+    - nginx
+    - certbot
+
+- name: 'Get certificate'
+  command: 'certbot -n --nginx certonly -d {{ full_hostname }}'
+  args:
+    creates: '/etc/letsencrypt/live/{{ full_hostname }}'
+  ignore_errors: true
+  tags:
+    - nginx
+    - certbot
\ No newline at end of file
diff --git a/tasks/webserver.yml b/tasks/webserver.yml
new file mode 100644
index 0000000..188977f
--- /dev/null
+++ b/tasks/webserver.yml
@@ -0,0 +1,40 @@
+- name: overwrite default config
+  copy:
+    src: default
+    dest: /etc/nginx/sites-available/default
+    force: yes
+
+- name: reverse proxy config
+  template:
+    src: proxy-hosts.conf.j2
+    dest: /etc/nginx/sites-available/proxy-hosts.conf
+    owner: www-data
+    group: www-data
+    mode: 0644
+
+- name: enable reverse proxy
+  file:
+    src: /etc/nginx/sites-available/proxy-hosts.conf
+    dest: /etc/nginx/sites-enabled/proxy-hosts.conf
+    owner: www-data
+    group: www-data
+    mode: 0644
+    state: link
+          
+
+- name: overwrite index html
+  copy:
+    src: index.html
+    dest: /var/www/html/index.html
+    owner: www-data
+    group: www-data
+    mode: 0644
+    force: yes
+
+- name: import certbot config
+  import_tasks: letsencrypt.yml
+
+- name: restart nginx
+  systemd:
+    name: nginx
+    state: restarted
\ No newline at end of file
diff --git a/templates/proxy-hosts.conf.j2 b/templates/proxy-hosts.conf.j2
new file mode 100644
index 0000000..a05733e
--- /dev/null
+++ b/templates/proxy-hosts.conf.j2
@@ -0,0 +1,25 @@
+server { # simple reverse-proxy
+    listen       443 ssl;
+    server_name  {{ full_hostname }};
+    root /var/www/html;
+
+    index index.html;
+
+    error_page 400 401 402 403 404 500 501 502 /index.html;
+
+    ssl_certificate     /etc/letsencrypt/live/{{ full_hostname }}/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/{{ full_hostname }}/privkey.pem;
+    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers         HIGH:!aNULL:!MD5;
+
+    {% set cnt = 253 %}
+    {% for i in range(cnt) %}
+    location /{{ i + 1 }} {
+          return 302 /{{ i + 1 }}/;
+    }
+
+    location /{{ i + 1 }}/ {
+      proxy_pass      http://192.168.69.{{ i + 1 }}:80/;
+    }
+    {% endfor %}
+  }
-- 
GitLab