admin/it-ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updates caddy, separates caddyfiles, introduces env file for secrets, improves deployment/update process

Browse Source
This commit is contained in:
Jannik Kramer
2025-11-29 08:13:47 +01:00
parent 518ec7decd
commit 26dcdb0f83
6 changed files with 96 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

101
docker_compose_applications/reverse-proxy/Caddyfile
View File

@@ -1,100 +1 @@
(oauth2_protect) { import /etc/caddy/sites/*.caddy
handle /oauth2/* {
reverse_proxy oauth2-proxy:4180
}
handle {
forward_auth oauth2-proxy:4180 {
uri /oauth2/auth
copy_headers Authorization
@bad status 4xx
handle_response @bad {
redir https://{args[0]}/oauth2/start
}
}
reverse_proxy {args[1]}
}
}
pseudo.cortex.consider-funding.de {
import oauth2_protect pseudo.cortex.consider-funding.de http://transcript-anonymizer-frontend:5000
}
# transcript-prompter
p-3001.cortex.consider-funding.de {
reverse_proxy http://10.20.0.2:3001
}
#hubspot-writer
p-8002.cortex.consider-funding.de {
reverse_proxy http://10.20.0.2:8002
}
# pseudomizer
p-8003.cortex.consider-funding.de {
reverse_proxy http://transcript-anonymizer:8003
}
pdf.consider-it.de {
import oauth2_protect pdf.consider-it.de http://stirling-pdf:8080
}
registry.cortex.consider-funding.de {
handle /oauth2/* {
reverse_proxy oauth2-proxy:4180
}
handle {
forward_auth oauth2-proxy:4180 {
uri /oauth2/auth
copy_headers Authorization
copy_headers X-Auth-Request-Email
@bad status 4xx
handle_response @bad {
redir https://registry.cortex.consider-funding.de/oauth2/start
}
}
reverse_proxy https://ai-registry.neukiefer.de {
header_up Host ai-registry.neukiefer.de
header_up Authorization "Basic Y2l0OnBDMVpUNVFtZjc2WWVGYzA="
}
}
}
enricher.cortex.consider-funding.de {
handle /oauth2/* {
reverse_proxy oauth2-proxy:4180
}
handle {
forward_auth oauth2-proxy:4180 {
uri /oauth2/auth
copy_headers Authorization
copy_headers X-Auth-Request-Email
@bad status 4xx
handle_response @bad {
redir https://enricher.cortex.consider-funding.de/oauth2/start
}
}
reverse_proxy https://ai-enricher.neukiefer.de {
header_up Host ai-enricher.neukiefer.de
header_up Authorization "Basic Y2l0OnBDMVpUNVFtZjc2WWVGYzA="
}
}
}
n8n.consider-funding.de {
reverse_proxy n8n:5678 {
flush_interval -1
}
}
metabase.consider-it.de {
reverse_proxy metabase:3000
}

14
docker_compose_applications/reverse-proxy/compose.yaml
View File

@@ -3,19 +3,21 @@
# - https://caddyserver.com/docs/ # - https://caddyserver.com/docs/
services: services:
caddy: caddy:
image: caddy
container_name: caddy container_name: caddy
image: caddy:2.10
restart: unless-stopped
ports:
- 0.0.0.0:80:80
- 0.0.0.0:443:443
volumes: volumes:
- ./Caddyfile:/etc/caddy/Caddyfile:ro - ./Caddyfile:/etc/caddy/Caddyfile:ro
- ./sites/:/etc/caddy/sites/:ro
- /ansible_docker_compose/project_data/reverse-proxy/caddy/data:/data - /ansible_docker_compose/project_data/reverse-proxy/caddy/data:/data
ports: env_file:
- '0.0.0.0:80:80' - .env
- '0.0.0.0:443:443'
networks: networks:
- caddy_net - caddy_net
restart: unless-stopped
networks: networks:
caddy_net: caddy_net:

50
docker_compose_applications/reverse-proxy/sites/oauthed.caddy Normal file
View File

@@ -0,0 +1,50 @@
(oauth2) {
handle /oauth2/* {
reverse_proxy oauth2-proxy:4180
}
handle {
forward_auth oauth2-proxy:4180 {
uri /oauth2/auth
copy_headers Authorization
copy_headers X-Auth-Request-Email
@bad status 4xx
handle_response @bad {
redir https://{args[0]}/oauth2/start
}
}
{block}
}
}
registry.cortex.consider-funding.de {
import oauth2 registry.cortex.consider-funding.de {
reverse_proxy https://ai-registry.neukiefer.de {
header_up Host ai-registry.neukiefer.de
header_up Authorization {env.REGISTRY_DOWNSTREAM_AUTH}
}
}
}
pdf.consider-it.de {
import oauth2 pdf.consider-it.de {
reverse_proxy http://stirling-pdf:8080
}
}
pseudo.cortex.consider-funding.de {
import oauth2 pseudo.cortex.consider-funding.de {
reverse_proxy http://transcript-anonymizer-frontend:5000
}
}
enricher.cortex.consider-funding.de {
import oauth2 enricher.cortex.consider-funding.de {
reverse_proxy https://ai-enricher.neukiefer.de {
header_up Host ai-enricher.neukiefer.de
header_up Authorization {env.ENRICHER_DOWNSTREAM_AUTH}
}
}
}

11
docker_compose_applications/reverse-proxy/sites/redirect.caddy Normal file
View File

@@ -0,0 +1,11 @@
adlerpersonal.de, www.adlerpersonal.de {
redir https://consider-it.de permanent
}
arbeiterkneipe.de, www.arbeiterkneipe.de {
redir https://consider-it.de permanent
}
consider-us.com, www.consider-us.com {
redir https://consider-it.de permanent
}

24
docker_compose_applications/reverse-proxy/sites/services.caddy Normal file
View File

@@ -0,0 +1,24 @@
n8n.consider-funding.de {
reverse_proxy n8n:5678 {
flush_interval -1
}
}
metabase.consider-it.de {
reverse_proxy metabase:3000
}
# transcript-prompter
p-3001.cortex.consider-funding.de {
reverse_proxy http://10.20.0.2:3001
}
#hubspot-writer
p-8002.cortex.consider-funding.de {
reverse_proxy http://10.20.0.2:8002
}
# pseudomizer
p-8003.cortex.consider-funding.de {
reverse_proxy http://transcript-anonymizer:8003
}

4
playbooks/05-update-caddy.yml
View File

@@ -3,8 +3,8 @@
tasks: tasks:
- name: Deploy desired projects, adding new ones and updating existing ones - name: Deploy desired projects, adding new ones and updating existing ones
ansible.posix.synchronize: ansible.posix.synchronize:
src: "../docker_compose_applications/reverse-proxy/Caddyfile" src: "../docker_compose_applications/reverse-proxy/"
dest: "/ansible_docker_compose/projects/reverse-proxy/Caddyfile" dest: "/ansible_docker_compose/projects/reverse-proxy/"
mode: push mode: push
archive: false archive: false
copy_links: false copy_links: false