diff --git a/README.md b/README.md index 4838446..69dc54a 100644 --- a/README.md +++ b/README.md @@ -18,8 +18,11 @@ Role Variables | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ | | cryptpad_install_user | The user who is going to manage/run the Docker Compose services | {{ ansible_user }} | | cryptpad_install_path | The location where the service should be deployed | /home/{{ cryptpad_install_user }} | +| cryptpad_multitenant_label | A label (unique accross all instances on this host) identifying the tenant | | | cryptpad_virtual_host | The virtual host that is e.g. used by Traefik, usually part of the public url | localhost | | cryptpad_safe_virtual_host | See above, and: this additonal domain is used together with `cryptpad_virtual_host` for additional security and must not be the same! More docs are in the `config.js` template | | +| cryptpad_http_address | The address under which this instance can be found | 127.0.0.1 | +| cryptpad_exposed_port | The port under which this instance connects to the host | 3000 | | cryptpad_http_unsafe_origin_url | The URL of the public entrypoint URL, e.g. `https://pad.example.tld` | https:// + $cryptpad_virtual_host | | cryptpad_http_safe_origin_url | The URL of the safe public URL, e.g. `https://pad-sandbox.example.tld` | | | cryptpad_admin_email | An email address that will be published on the `/contact.html` page | | diff --git a/defaults/main.yml b/defaults/main.yml index dcb67b3..9a51d83 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -2,7 +2,11 @@ # defaults file for jotbe.cryptpad-docker cryptpad_install_user: '{{ ansible_user }}' # This user must be present on the host cryptpad_install_path: '/home/{{ cryptpad_install_user }}' +cryptpad_multitenant_label: cryptpad_http_address: 127.0.0.1 +cryptpad_exposed_port: 3000 cryptpad_http_unsafe_origin_url: https://{{ cryptpad_virtual_host }} cryptpad_http_safe_origin_url: https://{{ cryptpad_safe_virtual_host }} -cryptpad_block_daily_check: no \ No newline at end of file +cryptpad_block_daily_check: no +# Internal variables +cryptpad_multitenant_postfix: "{{ '_' + cryptpad_multitenant_label if (cryptpad_multitenant_label) else '' }}" diff --git a/templates/docker-compose.cryptpad.yml.j2 b/templates/docker-compose.cryptpad.yml.j2 index 40bcc05..585a190 100644 --- a/templates/docker-compose.cryptpad.yml.j2 +++ b/templates/docker-compose.cryptpad.yml.j2 @@ -3,25 +3,25 @@ services: cryptpad: image: "cryptpad/cryptpad:${VERSION}" - hostname: cryptpad - + container_name: cryptpad{{ cryptpad_multitenant_postfix }} + hostname: cryptpad{{ cryptpad_multitenant_postfix }} labels: - "traefik.enable=true" - - "traefik.port=3000" + - "traefik.port={{ cryptpad_exposed_port }}" - "traefik.docker.network=traefik_public" - - "traefik.http.routers.cryptpad.rule=Host(`{{ cryptpad_virtual_host }}`) || Host(`{{ cryptpad_safe_virtual_host }}`)" - - "traefik.http.routers.cryptpad.entrypoints=websecure" - - "traefik.http.routers.cryptpad.tls=true" - - "traefik.http.routers.cryptpad.tls.certresolver=defaultresolver" - - "traefik.http.middlewares.cryptpad-headers.headers.SSLRedirect=true" - - "traefik.http.middlewares.cryptpad-headers.headers.browserXSSFilter=true" - - "traefik.http.middlewares.cryptpad-headers.headers.contentTypeNosniff=true" - - "traefik.http.middlewares.cryptpad-headers.headers.forceSTSHeader=true" - - "traefik.http.middlewares.cryptpad-headers.headers.STSSeconds=315360000" - - "traefik.http.middlewares.cryptpad-headers.headers.STSIncludeSubdomains=true" - - "traefik.http.middlewares.cryptpad-headers.headers.STSPreload=true" - - "traefik.http.middlewares.cryptpad-headers.headers.featurePolicy=geolocation 'none'; payment 'none'" - - "traefik.http.routers.cryptpad.middlewares=cryptpad-headers" + - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.rule=Host(`{{ cryptpad_virtual_host }}`) || Host(`{{ cryptpad_safe_virtual_host }}`)" + - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.entrypoints=websecure" + - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.tls=true" + - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.tls.certresolver=defaultresolver" + - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.SSLRedirect=true" + - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.browserXSSFilter=true" + - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.contentTypeNosniff=true" + - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.forceSTSHeader=true" + - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.STSSeconds=315360000" + - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.STSIncludeSubdomains=true" + - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.STSPreload=true" + - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.featurePolicy=geolocation 'none'; payment 'none'" + - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.middlewares=cryptpad{{ cryptpad_multitenant_postfix }}-headers" - "traefik.frontend.passHostHeader=true" environment: - USE_SSL=${USE_SSL}