Merge pull request #88 from Duke-GCB/webhook-proxy

Add webhook-proxy role
Duke-GCB · May 24, 2021 · b0a8752 · b0a8752
2 parents 3b6390c + feb2e65
commit b0a8752
Show file tree

Hide file tree

Showing 4 changed files with 86 additions and 0 deletions.
diff --git a/webhook-proxy/README.md b/webhook-proxy/README.md
@@ -0,0 +1,10 @@
+# webhook-proxy
+
+Ansible role for deploying nginx/letsencrypt as a webhook proxy for Openshift.
+
+## Requirements
+
+The following variables need to be defined before running this role:
+- `domain`: proxy website url
+- `sysadmin_email`: support email address for letsencrypt
+- `openshift_url`: url of openshift
diff --git a/webhook-proxy/tasks/main.yml b/webhook-proxy/tasks/main.yml
@@ -0,0 +1,48 @@
+- name: Install NGINX
+  apt:
+    name: nginx
+    state: latest
+    update_cache: yes
+
+- name: "create www directory"
+  file:
+    path: /var/www/{{ domain }}
+    state: directory
+    mode: '0775'
+    owner: "{{ ansible_user }}"
+    group: "{{ ansible_user }}"
+
+- name: copy index.html
+  template:
+    src: index.html.j2
+    dest: /var/www/{{ domain }}/index.html
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: delete default nginx site
+  file:
+    path: /etc/nginx/sites-enabled/default
+    state: absent
+
+- name: copy nginx site.conf
+  template:
+    src: site.conf.j2
+    dest: /etc/nginx/sites-enabled/{{ domain }}
+    owner: root
+    group: root
+    mode: '0644'
+
+- name: Install Let's Encrypt (certbot)
+  apt:
+    pkg:
+    - certbot
+    - python3-certbot-nginx
+
+- name: Configure certbot
+  command: certbot --nginx -d {{ domain }} --non-interactive --agree-tos -m {{ sysadmin_email }} --redirect
+
+- name: restart nginx
+  service:
+    name: nginx
+    state: restarted
diff --git a/webhook-proxy/templates/index.html.j2 b/webhook-proxy/templates/index.html.j2
@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Webhook Proxy</title>
+<style>
+    body {
+        width: 35em;
+        margin: 0 auto;
+        font-family: Tahoma, Verdana, Arial, sans-serif;
+    }
+</style>
+</head>
+<body>
+<h1>Webhook Proxy Server</h1>
+</body>
+</html>
diff --git a/webhook-proxy/templates/site.conf.j2 b/webhook-proxy/templates/site.conf.j2
@@ -0,0 +1,12 @@
+server {
+  listen 80;
+  listen [::]:80;
+  server_name {{ domain }} www.{{ domain }};
+  root /var/www/{{ domain }};
+  location / {
+    try_files $uri $uri/ =404;
+  }
+  location /openshift/ {
+    proxy_pass {{ openshift_url }};
+  }
+}