Mirrors/RealOrangeOne-infrastructure
1
0
Fork 1
mirror of https://github.com/RealOrangeOne/infrastructure.git synced 2026-01-23 02:14:14 +00:00
Code Issues Projects Releases Wiki Activity

Remove whoami CDN

Browse source
This commit is contained in:
Jake Howard 2025-12-03 23:30:13 +00:00
parent 004df7acd8
commit efca6e351c
No known key found for this signature in database
GPG key ID: 57AFB45680EDD477
6 changed files with 1 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

5
ansible/host_vars/casey/main.yml
View file

@ -4,11 +4,6 @@ nginx_https_redirect: true
certbot_certs: certbot_certs:
- domains: - domains:
- headscale.jakehoward.tech - headscale.jakehoward.tech
- domains:
- whoami-cdn.theorangeone.net
cdn_domains:
- whoami-cdn.theorangeone.net
restic_backup_locations: restic_backup_locations:
- /var/lib/headscale/ - /var/lib/headscale/

29
ansible/roles/gateway/files/nginx-cdn.conf
View file

@ -1,29 +0,0 @@
# {{ ansible_managed }}
proxy_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=cdncache:20m max_size=1g inactive=48h;
{% for domain in cdn_domains %}
server {
listen 8800 ssl http2 proxy_protocol;
server_name {{ domain }};
ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ domain }}/chain.pem;
include includes/ssl.conf;
real_ip_header proxy_protocol;
set_real_ip_from 127.0.0.1;
proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504;
location / {
proxy_cache cdncache;
add_header X-Cache-Status $upstream_cache_status;
proxy_pass https://{{ wireguard.clients.ingress.ip }}:443;
}
}
{% endfor %}

4
ansible/roles/gateway/files/nginx.conf
View file

@ -12,10 +12,6 @@ map $ssl_preread_server_name $gateway_destination {
default {{ wireguard.clients.ingress.ip }}:8443; default {{ wireguard.clients.ingress.ip }}:8443;
headscale.jakehoward.tech 127.0.0.1:8888; headscale.jakehoward.tech 127.0.0.1:8888;
{% for domain in cdn_domains %}
{{ domain }} 127.0.0.1:8800;
{% endfor %}
} }
server { server {

7
ansible/roles/gateway/tasks/nginx.yml
View file

@ -5,13 +5,6 @@
mode: "0644" mode: "0644"
register: nginx_config register: nginx_config
- name: Install CDN config
template:
src: files/nginx-cdn.conf
dest: /etc/nginx/http.d/cdn.conf
mode: "0644"
register: nginx_config
- name: Reload Nginx - name: Reload Nginx
service: service:
name: nginx name: nginx

2
ansible/roles/pve_docker/files/whoami/docker-compose.yml
View file

@ -4,7 +4,7 @@ services:
restart: unless-stopped restart: unless-stopped
labels: labels:
- traefik.enable=true - traefik.enable=true
- traefik.http.routers.whoami.rule=Host(`whoami.theorangeone.net`) || Host(`whoami-cdn.theorangeone.net`) || Host(`who.0rng.one`) - traefik.http.routers.whoami.rule=Host(`whoami.theorangeone.net`) || Host(`who.0rng.one`)
networks: networks:
- default - default
- traefik - traefik

10
terraform/theorangeone.net.tf
View file

@ -22,16 +22,6 @@ resource "gandi_livedns_record" "theorangeonenet_whoami" {
] ]
} }
resource "gandi_livedns_record" "theorangeonenet_whoami_cdn" {
zone = data.gandi_livedns_domain.theorangeonenet.id
name = "whoami-cdn"
type = "CNAME"
ttl = 3600
values = [
"${gandi_livedns_record.sys_domain_pve.name}.${gandi_livedns_record.sys_domain_pve.zone}."
]
}
resource "gandi_livedns_record" "theorangeonenet_mx" { resource "gandi_livedns_record" "theorangeonenet_mx" {
zone = data.gandi_livedns_domain.theorangeonenet.id zone = data.gandi_livedns_domain.theorangeonenet.id
name = "@" name = "@"