From b761fd1fb21391ca2bd839d1712f4fb160024754 Mon Sep 17 00:00:00 2001
From: Nico Boehr <nico@nicoboehr.de>
Date: Sun, 3 Nov 2024 20:45:10 +0100
Subject: [PATCH] add support for listening on port 8080

---
 host_vars/revproxy.as208772.net/revproxy     |  8 +++++
 roles/revproxy/templates/default.conf        |  4 ++-
 roles/revproxy/templates/vhost-location.conf | 15 ++++++++
 roles/revproxy/templates/vhost.conf          | 36 +++++++-------------
 4 files changed, 39 insertions(+), 24 deletions(-)
 create mode 100644 roles/revproxy/templates/vhost-location.conf

diff --git a/host_vars/revproxy.as208772.net/revproxy b/host_vars/revproxy.as208772.net/revproxy
index 1c3fb33..776f220 100644
--- a/host_vars/revproxy.as208772.net/revproxy
+++ b/host_vars/revproxy.as208772.net/revproxy
@@ -1,6 +1,9 @@
 ---
 letsencrypt_account_email: "hostmaster@freifunk-stuttgart.de"
 letsencrypt_acme_directory: "https://acme-v02.api.letsencrypt.org/directory"
+revproxy_http_ports:
+  - 80
+  - 8080
 vhosts:
   - domain: grafana.freifunk-stuttgart.de
     backend: "http://10.0.3.237/"
@@ -86,3 +89,8 @@ vhosts:
     backend: "http://10.0.3.164/"
     type: proxy
     max_body_size: 2G
+  - domain: unifi.freifunk-stuttgart.de
+    backend: "http://10.0.3.222:8080/"
+    type: proxy
+    force_https: False
+    http_port: 8080
diff --git a/roles/revproxy/templates/default.conf b/roles/revproxy/templates/default.conf
index 43b087f..580ae09 100644
--- a/roles/revproxy/templates/default.conf
+++ b/roles/revproxy/templates/default.conf
@@ -1,5 +1,7 @@
 server {
-    listen [::]:80 ipv6only=off;
+    {% for port in revproxy_http_ports|default([80]) %}
+	    listen [::]:{{port}} ipv6only=off;
+    {% endfor %}
     listen [::]:443 ssl default_server ipv6only=off;
     server_name _;
 
diff --git a/roles/revproxy/templates/vhost-location.conf b/roles/revproxy/templates/vhost-location.conf
new file mode 100644
index 0000000..fb03d07
--- /dev/null
+++ b/roles/revproxy/templates/vhost-location.conf
@@ -0,0 +1,15 @@
+location / {
+	{% if vhost.maintenance is defined and vhost.maintenance.enabled -%}
+	if ($maintenance_{{ vhost.domain | sha1 }}) {
+		return 503 "{{ vhost.maintenance.message }}";
+		add_header Content-Type text/plain always;
+	}
+	{% endif %}
+	{% if vhost.type == "proxy" %}
+		{% include 'vhost-proxy.conf' %}
+	{% elif vhost.type == "redirect" %}
+		{% include 'vhost-redirect.conf' %}
+	{% elif vhost.type == "static" %}
+		{% include 'vhost-static.conf' %}
+	{% endif %}
+}
diff --git a/roles/revproxy/templates/vhost.conf b/roles/revproxy/templates/vhost.conf
index f2bacab..718fb07 100644
--- a/roles/revproxy/templates/vhost.conf
+++ b/roles/revproxy/templates/vhost.conf
@@ -21,34 +21,24 @@ server {
 
 	{% include 'vhost-serve-letsencrypt.conf' %}
 
-	location / {
-		{% if vhost.maintenance is defined and vhost.maintenance.enabled -%}
-		if ($maintenance_{{ vhost.domain | sha1 }}) {
-			return 503 "{{ vhost.maintenance.message }}";
-			add_header Content-Type text/plain always;
-		}
-		{% endif %}
-		{% if vhost.type == "proxy" %}
-			{% include 'vhost-proxy.conf' %}
-		{% elif vhost.type == "redirect" %}
-			{% include 'vhost-redirect.conf' %}
-		{% elif vhost.type == "static" %}
-			{% include 'vhost-static.conf' %}
-		{% endif %}
-	}
+	{% include 'vhost-location.conf' %}
 }
 
 server {
-	listen [::]:80;
+	listen [::]:{{ vhost.http_port|default(80) }};
 
 	server_name {{ vhost.domain}};
-	location / {
-		{% if vhost.type in ["proxy", "static"] %}
-		return 301 https://{{ vhost.domain }}$request_uri;
-		{% elif vhost.type == "redirect" %}
-		return 301 {{ vhost.redirect }}$request_uri;
-		{% endif %}
-	}
+	{% if vhost.force_https|default(True) %}
+		location / {
+			{% if vhost.type in ["proxy", "static"] %}
+			return 301 https://{{ vhost.domain }}$request_uri;
+			{% elif vhost.type == "redirect" %}
+			return 301 {{ vhost.redirect }}$request_uri;
+			{% endif %}
+		}
+	{% else %}
+		{% include 'vhost-location.conf' %}
+	{% endif %}
 
 	{% include 'vhost-serve-letsencrypt.conf' %}
 }
-- 
GitLab