aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbinary <me@rgoncalves.se>2021-01-24 16:42:45 +0100
committerbinary <me@rgoncalves.se>2021-01-24 16:42:45 +0100
commit6f402c3dfbc3d4702c1b758f60afbec912ca2c24 (patch)
treeee98dc68de6b0f8ec1110092994b68ef954ac0bd
parent461f8a25fadd7e86640a4db1b87a0eef7636d443 (diff)
downloadinfrastructure-6f402c3dfbc3d4702c1b758f60afbec912ca2c24.tar.gz
Force http to https with httpd block return from relayd
-rw-r--r--roles/httpd/templates/httpd.conf.j29
-rw-r--r--roles/relayd/templates/relayd.conf.j29
2 files changed, 11 insertions, 7 deletions
diff --git a/roles/httpd/templates/httpd.conf.j2 b/roles/httpd/templates/httpd.conf.j2
index 45b46c3..9a028f9 100644
--- a/roles/httpd/templates/httpd.conf.j2
+++ b/roles/httpd/templates/httpd.conf.j2
@@ -12,6 +12,15 @@ types {
image/png png
}
+{% if ansible_host == global.dcontroller %}
+server "default" {
+ listen on localhost port 8888
+ location * {
+ block return 302 "https://\$HTTP_HOST\$REQUEST_URI"
+ }
+}
+{% endif %}
+
{% for file in configurations.files %}
include "{{ file.path }}"
{% endfor %}
diff --git a/roles/relayd/templates/relayd.conf.j2 b/roles/relayd/templates/relayd.conf.j2
index 243a0cc..1b48d7d 100644
--- a/roles/relayd/templates/relayd.conf.j2
+++ b/roles/relayd/templates/relayd.conf.j2
@@ -70,13 +70,8 @@ http protocol "http" {
relay "www" {
listen on egress port 80
protocol "http"
- forward to <local> port 80 check icmp
-{% for hostname in groups["servers"] %}
-{% set h = dict(hostvars[hostname]) %}
-{% for service in h.services if service.domain is defined %}
- forward to <{{ hostname }}> port {{ service.port }} check icmp
-{% endfor %}
-{% endfor %}
+ # assume httpd reverse proxy is running for https redirection
+ forward to <local> port 8888 check icmp
}
relay "wwwtls" {
remember that computers suck.