Moving KiwiIRC websocket behind Nginx instead of dedicated external port
This commit is contained in:
@@ -13,6 +13,15 @@
|
|||||||
- "/etc/inspircd"
|
- "/etc/inspircd"
|
||||||
- "/etc/inspircd/data/"
|
- "/etc/inspircd/data/"
|
||||||
|
|
||||||
|
- name: Socket directory permissions
|
||||||
|
become: yes
|
||||||
|
file:
|
||||||
|
state: directory
|
||||||
|
path: /run/inspircd
|
||||||
|
owner: inspircd
|
||||||
|
group: ircd
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
- name: Generate dhparam
|
- name: Generate dhparam
|
||||||
become: yes
|
become: yes
|
||||||
command:
|
command:
|
||||||
|
|||||||
@@ -1,33 +1,30 @@
|
|||||||
---
|
---
|
||||||
|
|
||||||
- name: KiwiIRC Packages
|
- name: KiwiIRC Packages
|
||||||
become: yes
|
become: yes
|
||||||
package:
|
package:
|
||||||
name:
|
name:
|
||||||
- kiwiirc-server-bin
|
- kiwiirc-server-bin
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
# Need to capture AniNIX skinning of client as well as client build process.
|
|
||||||
|
|
||||||
- name: Update permissions
|
- name: Update permissions
|
||||||
become: yes
|
become: yes
|
||||||
file:
|
file:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
recurse: yes
|
recurse: yes
|
||||||
owner: ircd
|
owner: ircd
|
||||||
group: http
|
group: http
|
||||||
loop:
|
loop:
|
||||||
- /etc/kiwiirc
|
- /etc/kiwiirc
|
||||||
- /usr/share/kiwiirc
|
- /usr/share/kiwiirc
|
||||||
|
|
||||||
- name: Populate config
|
- name: Populate config
|
||||||
become: yes
|
become: yes
|
||||||
#register: config
|
template:
|
||||||
template:
|
src: "kiwiirc/{{ item }}.j2"
|
||||||
src: "kiwiirc/{{ item }}.j2"
|
dest: "/etc/kiwiirc/{{ item }}"
|
||||||
dest: "/etc/kiwiirc/{{ item }}"
|
owner: ircd
|
||||||
owner: ircd
|
group: http
|
||||||
group: http
|
mode: 0640
|
||||||
mode: 0640
|
loop:
|
||||||
loop:
|
- "client.json"
|
||||||
- "client.json"
|
|
||||||
|
|||||||
@@ -83,34 +83,14 @@
|
|||||||
|
|
||||||
# Websockets
|
# Websockets
|
||||||
<connect
|
<connect
|
||||||
name="websockets"
|
|
||||||
parent="main"
|
|
||||||
allow="*"
|
|
||||||
port="7778">
|
|
||||||
<bind address=""
|
|
||||||
port="7778"
|
|
||||||
hook="websocket"
|
|
||||||
proxyranges="{{ main_subnet }}/{{ netmask }}"
|
|
||||||
nativeping="yes"
|
|
||||||
defaultmode="text"
|
|
||||||
sslprofile="websockets">
|
|
||||||
<sslprofile
|
|
||||||
name="websockets"
|
name="websockets"
|
||||||
provider="openssl"
|
allow="/run/inspircd/websocket.sock">
|
||||||
cafile="/etc/letsencrypt/live/{{ ssl['identity'] }}/chain.pem"
|
<bind
|
||||||
certfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/fullchain.pem"
|
path="/run/inspircd/websocket.sock"
|
||||||
keyfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/privkey.pem"
|
type="clients"
|
||||||
ciphers="{{ ssl['ciphersuite'] }}"
|
hook="websocket"
|
||||||
hash="sha256"
|
permissions="0777"
|
||||||
renegotiation="no"
|
replace="yes">
|
||||||
requestclientcert="no"
|
|
||||||
sslv3="no"
|
|
||||||
tlsv1="no"
|
|
||||||
tlsv11="no"
|
|
||||||
tlsv12="yes"
|
|
||||||
tlsv13="yes">
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Performance
|
# Performance
|
||||||
<performance
|
<performance
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
{
|
{
|
||||||
"windowTitle": "{{ external_domain }}/IRC | Web IRC client",
|
"windowTitle": "{{ organization['displayname'] }}/IRC | Web IRC client",
|
||||||
"startupScreen": "welcome",
|
"startupScreen": "welcome",
|
||||||
"kiwiServer": "https://irc.{{ external_domain }}/webirc/websocket/",
|
"kiwiServer": "https://irc.{{ external_domain }}/webirc/websocket/",
|
||||||
"restricted": true,
|
"restricted": true,
|
||||||
@@ -18,11 +18,12 @@
|
|||||||
{ "name": "Elite", "url": "static/themes/elite" }
|
{ "name": "Elite", "url": "static/themes/elite" }
|
||||||
],
|
],
|
||||||
"startupOptions" : {
|
"startupOptions" : {
|
||||||
"infoContent": "<h3>{{ external_domain }}/IRC</h3>Log in with your AniNIX account.",
|
"infoContent": "<img src='https://{{ external_domain }}/assets/img/AniNIX.png' style='width:100%;height:auto;' /><h3>{{ organization['displayname'] }}/IRC</h3>Log in with your AniNIX account.",
|
||||||
"channel": "#lobby",
|
"channel": "#lobby",
|
||||||
"nick": "kiwi-n?",
|
"nick": "Guest?",
|
||||||
"server": "irc.{{ external_domain }}",
|
"server": "irc.{{ external_domain }}",
|
||||||
"port": 7778,
|
"direct_path": "/websocket/",
|
||||||
|
"port": 443,
|
||||||
"direct": true,
|
"direct": true,
|
||||||
"tls": true
|
"tls": true
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -3,7 +3,6 @@ server {
|
|||||||
server_name irc.aninix.net;
|
server_name irc.aninix.net;
|
||||||
|
|
||||||
include conf/sec.conf;
|
include conf/sec.conf;
|
||||||
include conf/local.conf;
|
|
||||||
include conf/default.csp.conf;
|
include conf/default.csp.conf;
|
||||||
include conf/letsencrypt.conf;
|
include conf/letsencrypt.conf;
|
||||||
|
|
||||||
@@ -13,4 +12,22 @@ server {
|
|||||||
autoindex on;
|
autoindex on;
|
||||||
autoindex_format html;
|
autoindex_format html;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
location /websocket/ {
|
||||||
|
proxy_pass http://unix:/run/inspircd/websocket.sock;
|
||||||
|
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
|
||||||
|
proxy_set_header X-Original-Host $host;
|
||||||
|
proxy_set_header X-Original-Protocol $scheme;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user