Add caddy vhost role and setup playbook
This commit is contained in:
parent
8c7d64bbcf
commit
69d9448ff3
4
roles/vhosts/caddy/handlers/main.yml
Normal file
4
roles/vhosts/caddy/handlers/main.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
- name: Reload caddy
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: caddy
|
||||||
|
state: reloaded
|
||||||
67
roles/vhosts/caddy/tasks/main.yml
Normal file
67
roles/vhosts/caddy/tasks/main.yml
Normal file
@ -0,0 +1,67 @@
|
|||||||
|
- name: Ensure Caddy repo prerequisites
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name:
|
||||||
|
- ca-certificates
|
||||||
|
- gnupg
|
||||||
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
when:
|
||||||
|
- "(ansible_facts['distribution'] == 'Debian' and (ansible_facts['distribution_version'] is version('13', '=='))) or (ansible_facts['distribution'] == 'Ubuntu' and (ansible_facts['distribution_version'] is version('24.04', '==')))"
|
||||||
|
|
||||||
|
- name: Ensure apt keyring directory exists
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/apt/keyrings
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: Download Caddy GPG key
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: https://dl.cloudsmith.io/public/caddy/stable/gpg.key
|
||||||
|
dest: /etc/apt/keyrings/caddy-stable.asc
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
|
- name: Dearmor Caddy GPG key
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: gpg --dearmor -o /etc/apt/keyrings/caddy-stable.gpg /etc/apt/keyrings/caddy-stable.asc
|
||||||
|
creates: /etc/apt/keyrings/caddy-stable.gpg
|
||||||
|
|
||||||
|
- name: Add Caddy repository (Debian)
|
||||||
|
ansible.builtin.apt_repository:
|
||||||
|
repo: "deb [signed-by=/etc/apt/keyrings/caddy-stable.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main"
|
||||||
|
filename: caddy-stable
|
||||||
|
state: present
|
||||||
|
when:
|
||||||
|
- ansible_facts['distribution'] == 'Debian'
|
||||||
|
- ansible_facts['distribution_version'] is version('13', '==')
|
||||||
|
|
||||||
|
- name: Add Caddy repository (Ubuntu)
|
||||||
|
ansible.builtin.apt_repository:
|
||||||
|
repo: "deb [signed-by=/etc/apt/keyrings/caddy-stable.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/ubuntu any-version main"
|
||||||
|
filename: caddy-stable
|
||||||
|
state: present
|
||||||
|
when:
|
||||||
|
- ansible_facts['distribution'] == 'Ubuntu'
|
||||||
|
- ansible_facts['distribution_version'] is version('24.04', '==')
|
||||||
|
|
||||||
|
- name: Install Caddy
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: caddy
|
||||||
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
when:
|
||||||
|
- "(ansible_facts['distribution'] == 'Debian' and (ansible_facts['distribution_version'] is version('13', '=='))) or (ansible_facts['distribution'] == 'Ubuntu' and (ansible_facts['distribution_version'] is version('24.04', '==')))"
|
||||||
|
|
||||||
|
- name: Deploy Caddyfile
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: Caddyfile.j2
|
||||||
|
dest: /etc/caddy/Caddyfile
|
||||||
|
mode: '0644'
|
||||||
|
notify: Reload caddy
|
||||||
|
|
||||||
|
- name: Ensure Caddy is running
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: caddy
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
86
roles/vhosts/caddy/templates/Caddyfile.j2
Normal file
86
roles/vhosts/caddy/templates/Caddyfile.j2
Normal file
@ -0,0 +1,86 @@
|
|||||||
|
{
|
||||||
|
# debug
|
||||||
|
}
|
||||||
|
|
||||||
|
############################
|
||||||
|
# portal.onwalk.net
|
||||||
|
# Next.js yarn dev
|
||||||
|
############################
|
||||||
|
{{ caddy_portal_domains | join(', ') }} {
|
||||||
|
|
||||||
|
# dev 阶段:禁止浏览器缓存
|
||||||
|
header {
|
||||||
|
Cache-Control "no-store"
|
||||||
|
}
|
||||||
|
|
||||||
|
# health check
|
||||||
|
@health {
|
||||||
|
path /health
|
||||||
|
}
|
||||||
|
handle @health {
|
||||||
|
respond 200
|
||||||
|
}
|
||||||
|
|
||||||
|
# 所有请求 → Next.js dev server
|
||||||
|
handle {
|
||||||
|
reverse_proxy {{ caddy_portal_proxy }} {
|
||||||
|
# WebSocket / HMR 必需
|
||||||
|
header_up Connection {>Connection}
|
||||||
|
header_up Upgrade {>Upgrade}
|
||||||
|
|
||||||
|
transport http {
|
||||||
|
read_timeout 0
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
############################
|
||||||
|
# dl.onwalk.net
|
||||||
|
# 静态下载站
|
||||||
|
############################
|
||||||
|
{{ caddy_download_domain }} {
|
||||||
|
|
||||||
|
root * {{ caddy_download_root }}
|
||||||
|
|
||||||
|
# 禁止访问 dotfiles
|
||||||
|
@dotfiles {
|
||||||
|
path_regexp hidden (^|/)\.
|
||||||
|
}
|
||||||
|
handle @dotfiles {
|
||||||
|
respond 403
|
||||||
|
}
|
||||||
|
|
||||||
|
# well-known 直出
|
||||||
|
@wellknown {
|
||||||
|
path /.well-known/*
|
||||||
|
}
|
||||||
|
handle @wellknown {
|
||||||
|
file_server
|
||||||
|
}
|
||||||
|
|
||||||
|
# JSON 文件(轻缓存)
|
||||||
|
@json {
|
||||||
|
path *.json
|
||||||
|
}
|
||||||
|
handle @json {
|
||||||
|
header {
|
||||||
|
Content-Type application/json
|
||||||
|
Cache-Control "public, max-age=60"
|
||||||
|
}
|
||||||
|
file_server
|
||||||
|
}
|
||||||
|
|
||||||
|
# 大文件(允许 Range)
|
||||||
|
@bigfiles {
|
||||||
|
path *.dmg *.zip *.tar.gz *.deb *.rpm *.exe *.pkg *.appimage *.apk *.ipa
|
||||||
|
}
|
||||||
|
handle @bigfiles {
|
||||||
|
file_server
|
||||||
|
}
|
||||||
|
|
||||||
|
# 默认:目录浏览
|
||||||
|
handle {
|
||||||
|
file_server browse
|
||||||
|
}
|
||||||
|
}
|
||||||
13
setup-caddy.yml
Normal file
13
setup-caddy.yml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
- name: Setup Caddy
|
||||||
|
hosts: all
|
||||||
|
become: true
|
||||||
|
vars:
|
||||||
|
caddy_portal_domains:
|
||||||
|
- portal.onwalk.net
|
||||||
|
- www.onwalk.net
|
||||||
|
- cn-portal.onwalk.net
|
||||||
|
caddy_portal_proxy: 127.0.0.1:3000
|
||||||
|
caddy_download_domain: dl.onwalk.net
|
||||||
|
caddy_download_root: /var/www/media
|
||||||
|
roles:
|
||||||
|
- roles/vhosts/caddy
|
||||||
Loading…
Reference in New Issue
Block a user