aboutsummaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorbinary <me@rgoncalves.se>2021-01-29 11:37:13 +0100
committerbinary <me@rgoncalves.se>2021-01-29 11:37:13 +0100
commit4a33686063aa236bc2217cce4c55e2ae463a7408 (patch)
treede99f7744b56007a090baa4b29efd4f3d2b88a5d /roles
parent6e685470d7696967b0c114179bd8d8c730c9a4f4 (diff)
downloadinfrastructure-4a33686063aa236bc2217cce4c55e2ae463a7408.tar.gz
Allow multiple subdomain on same host
Diffstat (limited to 'roles')
-rw-r--r--roles/relayd/templates/relayd.conf.j218
1 files changed, 13 insertions, 5 deletions
diff --git a/roles/relayd/templates/relayd.conf.j2 b/roles/relayd/templates/relayd.conf.j2
index 1b48d7d..e3a2db5 100644
--- a/roles/relayd/templates/relayd.conf.j2
+++ b/roles/relayd/templates/relayd.conf.j2
@@ -9,11 +9,17 @@ table <local> { 127.0.0.1 }
{% set h = dict(hostvars[h]) %}
{##}
{% if h.ip.in is defined %}
+# {{ h.ansible_host }}
table <{{ h.ansible_host }}> { {{ h.ip.in }} }
+{% for service in h.services if service.domain is defined %}
+table <{{ h.ansible_host }}_{{ service.domain }}> { {{ h.ip.in }} }
+{% endfor %}
{% endif %}
{##}
{% endfor %}
+# services
+
# protocols
http protocol "https" {
@@ -32,13 +38,15 @@ http protocol "https" {
tls keypair "{{ global.domain_name }}"
pass request quick header "Host" value "{{ global.domain_name }}" forward to <local>
+
{% for h in groups["servers"] %}
{% set h = dict(hostvars[h]) %}
{##}
{% if h.ip.in is defined %}
{% for service in h.services if service.domain is defined %}
tls keypair "{{ service.domain }}.{{ global.domain_name }}"
- pass request quick header "Host" value "{{ service.domain }}.{{ global.domain_name }}" forward to <{{ h.ansible_host }}>
+ pass request quick header "Host" value "{{ service.domain }}.{{ global.domain_name }}" forward to <{{ h.ansible_host }}_{{ service.domain }}>
+
{% endfor %}
{% endif %}
{##}
@@ -51,13 +59,13 @@ http protocol "http" {
# acme
pass request quick path "/.well-known/acme-challenge/*" forward to <local>
- pass request header "Host" value "{{ global.domain_name }}" forward to <local>
+ pass request quick header "Host" value "{{ global.domain_name }}" forward to <local>
{% for h in groups["servers"] %}
{% set h = dict(hostvars[h]) %}
{##}
{% if h.ip.in is defined %}
{% for service in h.services if service.domain is defined %}
- pass request header "Host" value "{{ service.domain }}.{{ global.domain_name }}" forward to <{{ h.ansible_host }}>
+ pass request quick header "Host" value "{{ service.domain }}.{{ global.domain_name }}" forward to <{{ h.ansible_host }}_{{ service.domain }}>
{% endfor %}
{% endif %}
{##}
@@ -77,11 +85,11 @@ relay "www" {
relay "wwwtls" {
listen on egress port 443 tls
protocol "https"
- forward to <local> port 80 check icmp
+ forward to <local> port 80 check http "/" code 200
{% for hostname in groups["servers"] %}
{% set h = dict(hostvars[hostname]) %}
{% for service in h.services if service.domain is defined %}
- forward to <{{ hostname }}> port {{ service.port }}
+ forward to <{{ hostname }}_{{ service.domain }}> port {{ service.port }} check tcp
{% endfor %}
{% endfor %}
remember that computers suck.