-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
03d4793
commit 752f7cd
Showing
9 changed files
with
173 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,4 +3,5 @@ | |
no_log: true | ||
roles: | ||
- shadowsocks | ||
- shadowsocks-gateway | ||
- prometheus |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# http://nginx.org/en/linux_packages.html#Debian | ||
|
||
- name: Check if nginx is installed | ||
shell: nginx -v | ||
register: nginx_installed | ||
ignore_errors: yes | ||
|
||
- name: Install the prerequisites | ||
with_items: | ||
- curl | ||
- gnupg2 | ||
- ca-certificates | ||
- lsb-release | ||
- debian-archive-keyring | ||
package: | ||
name: "{{ item }}" | ||
state: present | ||
when: nginx_installed.failed | ||
|
||
- name: Import an official nginx signing key so apt could verify the packages authenticity | ||
command: bash -c "curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg > /dev/null" | ||
when: nginx_installed.failed | ||
|
||
- name: Set up the apt repository for stable nginx packages | ||
command: bash -c "echo 'deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx' | tee /etc/apt/sources.list.d/nginx.list" | ||
when: nginx_installed.failed | ||
|
||
- name: Install nginx | ||
package: | ||
name: nginx | ||
state: present | ||
when: nginx_installed.failed | ||
|
||
- name: Stop nginx | ||
systemd: | ||
name: nginx.service | ||
state: stopped | ||
enabled: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
dependencies: | ||
- role: nginx | ||
- role: shadowsocks |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
- name: Install libnginx-mod-stream | ||
package: | ||
name: libnginx-mod-stream | ||
state: present | ||
|
||
- name: Create user | ||
user: name={{ shadowsocks_gateway_user }} | ||
|
||
- name: Render nginx config | ||
template: | ||
src: nginx.conf.j2 | ||
dest: "/home/{{ shadowsocks_gateway_user }}/nginx.conf" | ||
group: "{{ shadowsocks_gateway_user }}" | ||
owner: "{{ shadowsocks_gateway_user }}" | ||
mode: "600" | ||
register: config | ||
|
||
- name: Remove unexpected files in home | ||
include_tasks: tasks/remove-unexpected-files.yml | ||
vars: | ||
directory: "/home/{{ shadowsocks_gateway_user }}" | ||
files: | ||
- nginx.conf | ||
|
||
- name: Render systemd service config | ||
template: | ||
src: shadowsocks-gateway.service.j2 | ||
dest: /etc/systemd/system/shadowsocks-gateway.service | ||
register: systemd | ||
|
||
- name: Reload daemon | ||
systemd: | ||
daemon_reload: yes | ||
when: systemd.changed | ||
|
||
- name: Restart systemd app service | ||
systemd: | ||
name: shadowsocks-gateway.service | ||
state: restarted | ||
enabled: yes | ||
when: systemd.changed or config.changed |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
load_module /usr/lib/nginx/modules/ngx_stream_module.so; | ||
daemon off; | ||
worker_processes auto; | ||
|
||
events { | ||
worker_connections 1024; | ||
} | ||
|
||
http { | ||
server { | ||
listen 80 default_server; | ||
server_name _; | ||
return 301 https://{{ shadowsocks_gateway_fallback_proxy_target }}; | ||
} | ||
} | ||
|
||
stream { | ||
map $ssl_preread_protocol $backend { | ||
default shadowsocks_backend; | ||
"TLSv1.0" https_backend; | ||
"TLSv1.2" https_backend; | ||
"TLSv1.3" https_backend; | ||
} | ||
|
||
upstream https_backend { | ||
server {{ shadowsocks_gateway_fallback_proxy_target }}; | ||
} | ||
|
||
upstream shadowsocks_backend { | ||
server localhost:{{ shadowsocks_port }}; | ||
} | ||
|
||
server { | ||
listen {{ server.port }}; | ||
proxy_timeout 5s; | ||
ssl_preread on; | ||
|
||
proxy_pass $backend; | ||
} | ||
} |
11 changes: 11 additions & 0 deletions
11
roles/shadowsocks-gateway/templates/shadowsocks-gateway.service.j2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
[Unit] | ||
Description=shadowsocks-gateway | ||
After=shadowsocks.service | ||
|
||
[Service] | ||
User=root | ||
ExecStart=nginx -c /home/{{ shadowsocks_gateway_user }}/nginx.conf | ||
Restart=always | ||
|
||
[Install] | ||
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
# linux user to run shadowsocks-gateway as | ||
shadowsocks_gateway_user: shadowsocks-gateway | ||
# where regular https requests (non-shadowsocks requests) proxy to | ||
shadowsocks_gateway_fallback_proxy_target: !vault | | ||
$ANSIBLE_VAULT;1.1;AES256 | ||
37333637313939636530653837626436396562306537353834326662383835353162393962336439 | ||
6430373734363064656263373964363839643862326433660a383630663561313838666335343462 | ||
65376263643234313439393933393262393932323664653030616432303439363164666539636362 | ||
6139373831393530360a663130336433373266333635303637393735313932336131326162373734 | ||
3066 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters