From 08e92ca3b8ee6c38c3e19126378e51b46cf63b16 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <me@liz.coffee>
Date: Mon, 11 Aug 2025 18:39:55 -0700
Subject: Oauth proxy and monitoring init

---
 .../outbound/templates/proxy/nginx/conf.d/coffee.conf | 19 +++++++++++++++++++
 .../templates/proxy/nginx/conf.d/fwdauth.conf         | 19 +++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 playbooks/roles/outbound/templates/proxy/nginx/conf.d/coffee.conf
 create mode 100644 playbooks/roles/outbound/templates/proxy/nginx/conf.d/fwdauth.conf

(limited to 'playbooks/roles/outbound/templates/proxy/nginx/conf.d')

diff --git a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/coffee.conf b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/coffee.conf
new file mode 100644
index 0000000..5fa47be
--- /dev/null
+++ b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/coffee.conf
@@ -0,0 +1,19 @@
+server {
+    listen 80;
+    server_name liz.coffee;
+
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+    set_real_ip_from {{ docker_network }};
+
+    location / {
+        proxy_pass https://{{ loadbalancer_ip }};
+        proxy_ssl_verify off;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}
diff --git a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/fwdauth.conf b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/fwdauth.conf
new file mode 100644
index 0000000..a2696bf
--- /dev/null
+++ b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/fwdauth.conf
@@ -0,0 +1,19 @@
+server {
+    listen 80;
+    server_name fwdauth.liz.coffee;
+
+    real_ip_header X-Forwarded-For;
+    real_ip_recursive on;
+    set_real_ip_from {{ docker_network }};
+
+    location / {
+        proxy_pass https://{{ loadbalancer_ip }};
+        proxy_ssl_verify off;
+        proxy_http_version 1.1;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+    }
+}
-- 
cgit v1.2.3-70-g09d2