My previous post described a simple SWAG role with Ansible. While I have a static site to the main page, I also have a number of applications, which I use internally (like Photoprism and Paperless). I prefer to access these via names (like photos.laurivan.com and docs.laurivan.com respectively), rather than ip_address:port.

I've used the available resources and sample config files in SWAG to write my own reverse proxy configs for these applications, and that was all good until I noticed that I have quite a few apps - and config files created over time. I could just leave them like they are and back them up, but I love a bit of over-engineering and configuration as code. I've decided to create a complement to the SWAG ansible role to allow me to build reverse proxy configurations and just deploy them. Hence, my new swag_reverse_proxy role.

Usage

The role is a template-based role, which makes it quite flexible in the sense that you can create your templates with whatever variables you'd like.

You can start from a base configuration found online or from a template provided with SWAG. I've used a mix. For example my UniFi controller configuration is based on a gist and uses the SWAG's include /config/nginx/ssl.conf; line. It looks like this:

server {
  listen 80;
  listen [::]:80;
  server_name {{ site_name }};

  return 301 https://$server_name$request_uri;
}
server {
  listen 443 ssl;
  listen [::]:443 ssl;

  include /config/nginx/ssl.conf;

  server_name {{ site_name }};

  location / {
    proxy_set_header    Host $http_host;
    proxy_set_header    X-Forwarded-Host $host;
    proxy_set_header    X-Forwarded-Server $host;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header    X-Real-IP $remote_addr;
    proxy_set_header    X-Scheme $scheme;
    proxy_set_header    Referer "";
    proxy_set_header    Upgrade $http_upgrade;
    proxy_set_header    Connection "upgrade";
    proxy_pass          {{ site_internal_url }};
  }
}

The role configuration is also simple:

swag_sites_config:
  - src:
      protocol: https
      host: services
      port: '8443'
    template_name: unifi.config.j2
    alias: unifi-controller
    domain: 'laurivan.com'

Now, when I hit https://unifi-controller.laurivan.com, I get the web interface of the UniFi controller.

What now?

The description above gives you a glimpse of the role's capabilities. It has more stuff (like figuring out the IP address from the site's name). I strongly suggest you read its documentation to see how you can work with it. There you'll find the most up-to-date information.

HTH,