diff --git a/deploy/config/wstunnel.nginx b/deploy/config/wstunnel.nginx new file mode 100644 index 0000000..81ee87a --- /dev/null +++ b/deploy/config/wstunnel.nginx @@ -0,0 +1,79 @@ +# You may add here your +# server { +# ... +# } +# statements for each of your virtual hosts to this file + +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# http://wiki.nginx.org/Pitfalls +# http://wiki.nginx.org/QuickStart +# http://wiki.nginx.org/Configuration +# +# Generally, you will want to move this file somewhere, and start with a clean +# file but keep this around for reference. Or just disable in sites-enabled. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + +server { + listen *:443 ssl; + listen [::]:443 ssl; + server_name erebe.eu; + server_name 195.154.67.145; + + + location / { + proxy_read_timeout 1800s; + proxy_pass http://127.0.0.1:{{ listen_port }}; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + +} + + +# another virtual host using mix of IP-, name-, and port-based configuration +# +#server { +# listen 8000; +# listen somename:8080; +# server_name somename alias another.alias; +# root html; +# index index.html index.htm; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} + + +# HTTPS server +# +#server { +# listen 443; +# server_name localhost; +# +# root html; +# index index.html index.htm; +# +# ssl on; +# ssl_certificate cert.pem; +# ssl_certificate_key cert.key; +# +# ssl_session_timeout 5m; +# +# ssl_protocols SSLv3 TLSv1; +# ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; +# ssl_prefer_server_ciphers on; +# +# location / { +# try_files $uri $uri/ =404; +# } +#} diff --git a/deploy/config/wstunnel.service b/deploy/config/wstunnel.service new file mode 100644 index 0000000..0ca3202 --- /dev/null +++ b/deploy/config/wstunnel.service @@ -0,0 +1,13 @@ +[Unit] +Description=wstunnel server +Wants=network.target +After=network.target + +[Service] +Type=simple +User=wstunnel +ExecStart=/usr/local/bin/wstunnel --server ws://127.0.0.1:{{ listen_port }} -r 127.0.0.1:22 +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/deploy/server.yml b/deploy/server.yml new file mode 100755 index 0000000..f02248b --- /dev/null +++ b/deploy/server.yml @@ -0,0 +1,60 @@ +- hosts: server + remote_user: root + + vars: + # Username + user: wstunnel + listen_port: 9999 + + tasks: + - name: Create user {{ user }} + user: name={{ user }} + comment="{{ user }} user" + shell=/bin/false + createhome=no + + - name: Install wstunnel app + copy: src=config/wstunnel + dest=/usr/local/bin/ + owner=wstunnel + group=wstunnel + mode=u+rwx + + ################################ + # NGINX + ################################ + - name: Add nginx config + template: src=config/wstunnel.nginx + dest=/etc/nginx/sites-available/ + notify: reload nginx + + - name: Symlink nginx config + file: src=/etc/nginx/sites-available/wstunnel.nginx + dest=/etc/nginx/sites-enabled/default + state=link + + - name: Nginx started + service: name=nginx state=started enabled=true + + + ################################ + # SYSTEMD + ################################ + - name: Copy systemd service + template: src=config/wstunnel.service + dest=/usr/lib/systemd/system/ + notify: reload wstunnel + + - name: reload systemd + command: systemctl daemon-reload + + - name: wstunnel started + service: name=wstunnel state=started enabled=true + + + handlers: + - name: reload nginx + service: name=nginx state=reloaded enabled=true + + - name: reload wstunnel + service: name=wstunnel state=restarted enabled=true