LILiK
/
lilik_playbook
5
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Playbooks to a new Lilik
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
446 Commits
12 Branches
967 KiB
Tree: cec0b7cf50
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cec0b7cf50'
${ noResults }
lilik_playbook/doc/source/reverse_proxy.rst

56 lines
2.5 KiB
Raw Normal View History

update documentation
8 years ago
 
  1. .. highlight:: yaml

  2. 

  3. reverse_proxy

  4. =============

  5. 

  6. This role provides the mean of exposing a machine to the web (http and https), it is currently bound to the *reverse_proxy* host but it will be extended to be available to other as well.

  7. 

  8. Usage

  9. -----

  10. 

  11. To expose the web services to the internet (http and https) for the resource pippo (a machine or a group) add the role **reverse_proxy** to the playbook.

  12. 

  13. This will first connect to the `pippo` hosts, execute the `role1` and then connect to the `reverse_proxy` host to add the proxy rules for `pippo`.

  14. 

  15. .. code-block:: yaml

  16. 

  17.     - hosts: pippo

  18.       roles:

  19.         - role: role1

  20.         - role: reverse_proxy

  21. 

  22. By default the domain exposed is created from the resource name, i.e. `pippo.lilik.it` but this can be changed by setting the `hostname` variable for the role `reverse_proxy`.

  23. 

  24. .. code-block:: yaml

  25. 

  26.     - hosts: pippo

  27.       roles:

  28.         - role: role1

  29.         - role: reverse_proxy

  30.           hostname: pluto

  31. 

  32. Rationale behind this role

  33. --------------------------

  34. 

  35. We have choosen to use **nginx** as our reverse proxy and because of the number of targets this can't be accomplished using a unique configuration file for nginx as it would need to know every rule every time it's configuration changes.

  36. 

  37. Nginx provides the featuer to load configuration files from multiple directories and then merge the into one so we have choose to use three different directories.

  38. 

  39. .. code-block:: bash

  40. 

  41.     nginx.conf

  42.     map.conf.d/

  43.     upstream.conf.d/

  44.     http.conf.d/

  45. 

  46. `nginx.conf` is the nginx configuration file, there we specify to include the the three directories in specific directives.

  47. 

  48. `http.conf.d` contains the files for the *http* reverse proxy directive.

  49. 

  50. `upstream.conf.d` contains the files where we specify a map from an id to the pool of the machines associated.

  51. 

  52. `map.conf.d` contains the files where we specify the list of domains and their mappings to a resource id.

  53. 

  54. We have choosen to separate this relation domain <-> machine by using an id because it will be used to make fun things such as high-availability or mapping more domains to the same resource id (but in different files) without the assle of checking if the nginx configuration will be broken by our automation.

  55. 

  56. As an example take the mapping from `ca.lilik.it` to the machine `10.150.42.x`, we can have another mapping from `certificationauthority.lilik.it` to the same machine without the hassle of checking if a upstream rule is used by some mappings when we want to deprecate `certificationauthority.lilik.it`