jotbe/ansible-role-cryptpad-docker
1
0
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

Adjusted variables and docker-compose file to account for multitenancy setups.

Browse source
This commit is contained in:
Joschka Seydell 2020-11-30 13:37:10 -08:00
parent a3b1affa4c
commit 35e06f3884
3 changed files with 24 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -18,8 +18,11 @@ Role Variables
| --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ | | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------ |
| cryptpad_install_user | The user who is going to manage/run the Docker Compose services | {{ ansible_user }} | | cryptpad_install_user | The user who is going to manage/run the Docker Compose services | {{ ansible_user }} |
| cryptpad_install_path | The location where the service should be deployed | /home/{{ cryptpad_install_user }} | | cryptpad_install_path | The location where the service should be deployed | /home/{{ cryptpad_install_user }} |
| cryptpad_multitenant_label | A label (unique accross all instances on this host) identifying the tenant | |
| cryptpad_virtual_host | The virtual host that is e.g. used by Traefik, usually part of the public url | localhost | | cryptpad_virtual_host | The virtual host that is e.g. used by Traefik, usually part of the public url | localhost |
| cryptpad_safe_virtual_host | See above, and: this additonal domain is used together with `cryptpad_virtual_host` for additional security and must not be the same! More docs are in the `config.js` template | | | cryptpad_safe_virtual_host | See above, and: this additonal domain is used together with `cryptpad_virtual_host` for additional security and must not be the same! More docs are in the `config.js` template | |
| cryptpad_http_address | The address under which this instance can be found | 127.0.0.1 |
| cryptpad_exposed_port | The port under which this instance connects to the host | 3000 |
| cryptpad_http_unsafe_origin_url | The URL of the public entrypoint URL, e.g. `https://pad.example.tld` | https:// + $cryptpad_virtual_host | | cryptpad_http_unsafe_origin_url | The URL of the public entrypoint URL, e.g. `https://pad.example.tld` | https:// + $cryptpad_virtual_host |
| cryptpad_http_safe_origin_url | The URL of the safe public URL, e.g. `https://pad-sandbox.example.tld` | | | cryptpad_http_safe_origin_url | The URL of the safe public URL, e.g. `https://pad-sandbox.example.tld` | |
| cryptpad_admin_email | An email address that will be published on the `/contact.html` page | | | cryptpad_admin_email | An email address that will be published on the `/contact.html` page | |

4
defaults/main.yml
View file

@ -2,7 +2,11 @@
# defaults file for jotbe.cryptpad-docker # defaults file for jotbe.cryptpad-docker
cryptpad_install_user: '{{ ansible_user }}' # This user must be present on the host cryptpad_install_user: '{{ ansible_user }}' # This user must be present on the host
cryptpad_install_path: '/home/{{ cryptpad_install_user }}' cryptpad_install_path: '/home/{{ cryptpad_install_user }}'
cryptpad_multitenant_label:
cryptpad_http_address: 127.0.0.1 cryptpad_http_address: 127.0.0.1
cryptpad_exposed_port: 3000
cryptpad_http_unsafe_origin_url: https://{{ cryptpad_virtual_host }} cryptpad_http_unsafe_origin_url: https://{{ cryptpad_virtual_host }}
cryptpad_http_safe_origin_url: https://{{ cryptpad_safe_virtual_host }} cryptpad_http_safe_origin_url: https://{{ cryptpad_safe_virtual_host }}
cryptpad_block_daily_check: no cryptpad_block_daily_check: no
# Internal variables
cryptpad_multitenant_postfix: "{{ '_' + cryptpad_multitenant_label if (cryptpad_multitenant_label) else '' }}"

32
templates/docker-compose.cryptpad.yml.j2
View file

@ -3,25 +3,25 @@ services:
cryptpad: cryptpad:
image: "cryptpad/cryptpad:${VERSION}" image: "cryptpad/cryptpad:${VERSION}"
hostname: cryptpad container_name: cryptpad{{ cryptpad_multitenant_postfix }}
hostname: cryptpad{{ cryptpad_multitenant_postfix }}
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.port=3000" - "traefik.port={{ cryptpad_exposed_port }}"
- "traefik.docker.network=traefik_public" - "traefik.docker.network=traefik_public"
- "traefik.http.routers.cryptpad.rule=Host(`{{ cryptpad_virtual_host }}`) || Host(`{{ cryptpad_safe_virtual_host }}`)" - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.rule=Host(`{{ cryptpad_virtual_host }}`) || Host(`{{ cryptpad_safe_virtual_host }}`)"
- "traefik.http.routers.cryptpad.entrypoints=websecure" - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.entrypoints=websecure"
- "traefik.http.routers.cryptpad.tls=true" - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.tls=true"
- "traefik.http.routers.cryptpad.tls.certresolver=defaultresolver" - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.tls.certresolver=defaultresolver"
- "traefik.http.middlewares.cryptpad-headers.headers.SSLRedirect=true" - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.SSLRedirect=true"
- "traefik.http.middlewares.cryptpad-headers.headers.browserXSSFilter=true" - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.browserXSSFilter=true"
- "traefik.http.middlewares.cryptpad-headers.headers.contentTypeNosniff=true" - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.contentTypeNosniff=true"
- "traefik.http.middlewares.cryptpad-headers.headers.forceSTSHeader=true" - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.forceSTSHeader=true"
- "traefik.http.middlewares.cryptpad-headers.headers.STSSeconds=315360000" - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.STSSeconds=315360000"
- "traefik.http.middlewares.cryptpad-headers.headers.STSIncludeSubdomains=true" - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.STSIncludeSubdomains=true"
- "traefik.http.middlewares.cryptpad-headers.headers.STSPreload=true" - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.STSPreload=true"
- "traefik.http.middlewares.cryptpad-headers.headers.featurePolicy=geolocation 'none'; payment 'none'" - "traefik.http.middlewares.cryptpad{{ cryptpad_multitenant_postfix }}-headers.headers.featurePolicy=geolocation 'none'; payment 'none'"
- "traefik.http.routers.cryptpad.middlewares=cryptpad-headers" - "traefik.http.routers.cryptpad{{ cryptpad_multitenant_postfix }}.middlewares=cryptpad{{ cryptpad_multitenant_postfix }}-headers"
- "traefik.frontend.passHostHeader=true" - "traefik.frontend.passHostHeader=true"
environment: environment:
- USE_SSL=${USE_SSL} - USE_SSL=${USE_SSL}