diff --git a/.ansible/home_server.yaml b/.ansible/home_server.yaml index 4292376..1fdb792 100644 --- a/.ansible/home_server.yaml +++ b/.ansible/home_server.yaml @@ -5,4 +5,5 @@ - searx_server - matrix_server - media_server + - haproxy_server # - traccar_server diff --git a/.ansible/roles/common_server/vars/main.yaml b/.ansible/roles/common_server/vars/main.yaml index 7a07953..88da195 100644 --- a/.ansible/roles/common_server/vars/main.yaml +++ b/.ansible/roles/common_server/vars/main.yaml @@ -1,7 +1,6 @@ server_packages: - curl - git - - haproxy - letsencrypt - lsof - net-tools diff --git a/.ansible/roles/haproxy_server/files/haproxy.cfg b/.ansible/roles/haproxy_server/files/haproxy.cfg new file mode 100644 index 0000000..e67e0c3 --- /dev/null +++ b/.ansible/roles/haproxy_server/files/haproxy.cfg @@ -0,0 +1,94 @@ +global + ssl-default-bind-options force-tlsv12 + ssl-default-bind-options ssl-min-ver TLSv1.2 + ssl-default-bind-ciphers EECDH+AESGCM:EDH+AESGCM + + ssl-default-server-options force-tlsv12 + ssl-default-server-options ssl-min-ver TLSv1.2 + ssl-default-server-ciphers EECDH+AESGCM:EDH+AESGCM + + tune.ssl.default-dh-param 2048 + tune.ssl.cachesize 50000 + + maxconn 256 + + +defaults + mode http + option dontlognull + option forwardfor + option httpchk + option httpclose + option abortonclose + timeout server 30s + timeout client 30s + timeout connect 5s + + +frontend stats + bind :1936 + + maxconn 10 + + stats enable + stats hide-version + stats refresh 30s + stats show-node + stats uri / + + +frontend home.suborbit.com + bind :443 v4v6 ssl crt /etc/letsencrypt/live/home.suborbit.com/fullchain+key.pem + + http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + + http-request set-header Host home.suborbit.com + + http-request redirect code 301 location https://%[hdr(host)]/jackett%[capture.req.uri] if { path_beg /UI/ } + + use_backend qbittorrent-backend if { path_beg /bt/ } + use_backend sonarr-backend if { path_beg /sonarr/ } + use_backend radarr-backend if { path_beg /radarr/ } + use_backend sabnzbd-backend if { path_beg /sabnzbd/ } + use_backend jackett-backend if { path_beg /jackett/ } + use_backend matrix-backend if { path_beg /_matrix/ } + use_backend share-backend if { path_beg / } + + +frontend search.lan + bind :80 v4v6 + + acl network_allowed src 10.0.9.0/24 2a02:8010:652f::/48 + acl host_search hdr(host) -i search.lan + + block if !network_allowed + + use_backend searx-backend if host_search + + +backend qbittorrent-backend + server jupiter 10.0.9.110:8181 + reqrep ^([^\ :]*)\ /bt/(.*) \1\ /\2 + +backend sonarr-backend + server jupiter 10.0.9.110:8989 + +backend radarr-backend + server jupiter 10.0.9.110:7878 + +backend sabnzbd-backend + server jupiter 10.0.9.110:8080 + +backend jackett-backend + server jupiter 10.0.9.110:9117 + reqrep ^([^\ :]*)\ /jackett/(.*) \1\ /\2 + +backend matrix-backend + server localhost 127.0.0.1:8008 maxconn 64 + +backend searx-backend + server localhost 127.0.0.1:8888 + acl network_allowed src 10.0.9.0/24 + +backend share-backend + server jupiter 10.0.9.110:8182 diff --git a/.ansible/roles/haproxy_server/tasks/main.yaml b/.ansible/roles/haproxy_server/tasks/main.yaml new file mode 100644 index 0000000..0310213 --- /dev/null +++ b/.ansible/roles/haproxy_server/tasks/main.yaml @@ -0,0 +1,23 @@ +- name: 'HAProxy' + tags: + - install + - haproxy + block: + - name: 'HAProxy: package' + package: + name: 'haproxy' + state: latest + become: yes + + - name: 'HAProxy: Config' + copy: + dest: '/etc/haproxy/haproxy.cfg' + src: 'files/haproxy.cfg' + become: yes + + - name: 'HAProxy: Service' + systemd: + name: 'haproxy' + state: started + enabled: yes + become: yes