fix: Mastodon https headers
This commit is contained in:
Lino Silva
@@ -2,3 +2,5 @@
|
||||
roles_path = ./roles
|
||||
inventory = ./inventories/production.yml
|
||||
host_key_checking = False
|
||||
deprecation_warnings = False
|
||||
interpreter_python = auto_silent
|
||||
@@ -141,6 +141,7 @@ auto_configure_traefik:
|
||||
host: "10.0.2.20"
|
||||
port: 80
|
||||
auth_required: false
|
||||
forward_https: true
|
||||
matrix:
|
||||
subdomain: "chat"
|
||||
host: "10.0.2.20"
|
||||
|
||||
@@ -19,6 +19,18 @@ http:
|
||||
scheme: https
|
||||
permanent: true
|
||||
|
||||
{% for service_name, config in auto_configure_traefik.items() %}
|
||||
{% if config.forward_https | default(false) %}
|
||||
{{ service_name }}-https-headers:
|
||||
headers:
|
||||
customRequestHeaders:
|
||||
X-Forwarded-Proto: "https"
|
||||
X-Forwarded-Ssl: "on"
|
||||
X-Forwarded-Host: "{{ config.subdomain }}.{{ domain }}"
|
||||
X-Forwarded-Port: "443"
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
serversTransports:
|
||||
ignore-tls:
|
||||
insecureSkipVerify: true
|
||||
@@ -102,6 +114,10 @@ http:
|
||||
entryPoints:
|
||||
- https
|
||||
priority: 100
|
||||
{% if config.forward_https | default(false) %}
|
||||
middlewares:
|
||||
- {{ service_name }}-https-headers
|
||||
{% endif %}
|
||||
service: {{ service_name }}
|
||||
tls:
|
||||
certResolver: cloudflare
|
||||
@@ -112,9 +128,14 @@ http:
|
||||
entryPoints:
|
||||
- https
|
||||
priority: 1
|
||||
{% if config.auth_required | default(true) %}
|
||||
{% if config.auth_required | default(true) or config.forward_https | default(false) %}
|
||||
middlewares:
|
||||
{% if config.auth_required | default(true) %}
|
||||
- pocketid-auth
|
||||
{% endif %}
|
||||
{% if config.forward_https | default(false) %}
|
||||
- {{ service_name }}-https-headers
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
service: {{ service_name }}
|
||||
tls:
|
||||
@@ -124,9 +145,14 @@ http:
|
||||
rule: "Host(`{{ config.subdomain }}.{{ domain }}`)"
|
||||
entryPoints:
|
||||
- https
|
||||
{% if config.auth_required | default(true) %}
|
||||
{% if config.auth_required | default(true) or config.forward_https | default(false) %}
|
||||
middlewares:
|
||||
{% if config.auth_required | default(true) %}
|
||||
- pocketid-auth
|
||||
{% endif %}
|
||||
{% if config.forward_https | default(false) %}
|
||||
- {{ service_name }}-https-headers
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
service: {{ service_name }}
|
||||
tls:
|
||||
|
||||
Reference in New Issue
Block a user