Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
---
- name: Place configuration file.
copy:
dest: /root/ingress.conf
owner: root
mode: 0644
content: |
server {
listen 80;
location /config/ {
sub_filter
"{{ lockss_hostname }}:24621"
"{{ lockss_hostname }}/config";
sub_filter
"{{ lockss_hostname }}:24621"
"{{ lockss_hostname }}/config";
sub_filter_once off;
proxy_pass http://127.0.0.1:24621/;
proxy_set_header Accept-Encoding "";
}
}
- name: Add ferm rule.
copy:
dest: /etc/ferm.d/11-in-lockss-frontend.ferm
content: |
@def $MGMT_NET = ({{ lockss_admin_ips | join(" ") }});
domain (ip ip6) table filter chain INPUT
saddr $MGMT_NET proto tcp dport 80 ACCEPT;
validate: ferm -n %s
- service:
name: ferm
state: restarted
- name: Remove nginx Docker container.
command:
cmd: docker rm -f nginx
ignore_errors: true
- name: Create nginx Docker container.
command:
cmd: docker run -d --rm
--name nginx
-p 80:80
--network host
-v /root/ingress.conf:/etc/nginx/conf.d/default.conf
nginx