fix: Mastodon https headers
This commit is contained in:
Lino Silva
@@ -2,3 +2,5 @@
|
|||||||
roles_path = ./roles
|
roles_path = ./roles
|
||||||
inventory = ./inventories/production.yml
|
inventory = ./inventories/production.yml
|
||||||
host_key_checking = False
|
host_key_checking = False
|
||||||
|
deprecation_warnings = False
|
||||||
|
interpreter_python = auto_silent
|
||||||
@@ -141,6 +141,7 @@ auto_configure_traefik:
|
|||||||
host: "10.0.2.20"
|
host: "10.0.2.20"
|
||||||
port: 80
|
port: 80
|
||||||
auth_required: false
|
auth_required: false
|
||||||
|
forward_https: true
|
||||||
matrix:
|
matrix:
|
||||||
subdomain: "chat"
|
subdomain: "chat"
|
||||||
host: "10.0.2.20"
|
host: "10.0.2.20"
|
||||||
|
|||||||
@@ -19,6 +19,18 @@ http:
|
|||||||
scheme: https
|
scheme: https
|
||||||
permanent: true
|
permanent: true
|
||||||
|
|
||||||
|
{% for service_name, config in auto_configure_traefik.items() %}
|
||||||
|
{% if config.forward_https | default(false) %}
|
||||||
|
{{ service_name }}-https-headers:
|
||||||
|
headers:
|
||||||
|
customRequestHeaders:
|
||||||
|
X-Forwarded-Proto: "https"
|
||||||
|
X-Forwarded-Ssl: "on"
|
||||||
|
X-Forwarded-Host: "{{ config.subdomain }}.{{ domain }}"
|
||||||
|
X-Forwarded-Port: "443"
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
serversTransports:
|
serversTransports:
|
||||||
ignore-tls:
|
ignore-tls:
|
||||||
insecureSkipVerify: true
|
insecureSkipVerify: true
|
||||||
@@ -102,6 +114,10 @@ http:
|
|||||||
entryPoints:
|
entryPoints:
|
||||||
- https
|
- https
|
||||||
priority: 100
|
priority: 100
|
||||||
|
{% if config.forward_https | default(false) %}
|
||||||
|
middlewares:
|
||||||
|
- {{ service_name }}-https-headers
|
||||||
|
{% endif %}
|
||||||
service: {{ service_name }}
|
service: {{ service_name }}
|
||||||
tls:
|
tls:
|
||||||
certResolver: cloudflare
|
certResolver: cloudflare
|
||||||
@@ -112,9 +128,14 @@ http:
|
|||||||
entryPoints:
|
entryPoints:
|
||||||
- https
|
- https
|
||||||
priority: 1
|
priority: 1
|
||||||
{% if config.auth_required | default(true) %}
|
{% if config.auth_required | default(true) or config.forward_https | default(false) %}
|
||||||
middlewares:
|
middlewares:
|
||||||
|
{% if config.auth_required | default(true) %}
|
||||||
- pocketid-auth
|
- pocketid-auth
|
||||||
|
{% endif %}
|
||||||
|
{% if config.forward_https | default(false) %}
|
||||||
|
- {{ service_name }}-https-headers
|
||||||
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
service: {{ service_name }}
|
service: {{ service_name }}
|
||||||
tls:
|
tls:
|
||||||
@@ -124,9 +145,14 @@ http:
|
|||||||
rule: "Host(`{{ config.subdomain }}.{{ domain }}`)"
|
rule: "Host(`{{ config.subdomain }}.{{ domain }}`)"
|
||||||
entryPoints:
|
entryPoints:
|
||||||
- https
|
- https
|
||||||
{% if config.auth_required | default(true) %}
|
{% if config.auth_required | default(true) or config.forward_https | default(false) %}
|
||||||
middlewares:
|
middlewares:
|
||||||
|
{% if config.auth_required | default(true) %}
|
||||||
- pocketid-auth
|
- pocketid-auth
|
||||||
|
{% endif %}
|
||||||
|
{% if config.forward_https | default(false) %}
|
||||||
|
- {{ service_name }}-https-headers
|
||||||
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
service: {{ service_name }}
|
service: {{ service_name }}
|
||||||
tls:
|
tls:
|
||||||
|
|||||||
Reference in New Issue
Block a user