aboutsummaryrefslogtreecommitdiff
path: root/roles/webserver/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/webserver/tasks/main.yml')
-rw-r--r--roles/webserver/tasks/main.yml20
1 files changed, 5 insertions, 15 deletions
diff --git a/roles/webserver/tasks/main.yml b/roles/webserver/tasks/main.yml
index e2624c4..7838896 100644
--- a/roles/webserver/tasks/main.yml
+++ b/roles/webserver/tasks/main.yml
@@ -29,22 +29,12 @@
# Use 'z' to shared-ly relable selinux contexts.
- "{{ DATA_ROOT }}/nginx/www:/www:ro,z"
-# All services run in rootless-podman and nginx is the only entry point from
-# the outside acting as webserver and reverse proxy.
-# Since we dont want to lower the *unprivileged* port start (1024) we install
-# two forwarding routes from
-# 80 -> 8080
-# 443 -> 8443
- name: Forward port 80/443 to 8080/8443
- ansible.builtin.iptables:
- table: nat
- chain: PREROUTING
- protocol: tcp
- match: tcp
- destination_port: "{{ item.from }}"
- jump: REDIRECT
- to_ports: "{{ item.to }}"
- comment: "Redirect web traffic {{ item.from }} -> {{ item.to }}"
+ ansible.posix.firewalld:
+ rich_rule: "rule family=ipv4 forward-port port={{ item.from }} protocol=tcp to-port={{ item.to }}"
+ permanent: yes
+ immediate: yes
+ state: enabled
become: true
loop:
- { from: 80 , to: 8080 }
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 01:17:00 +0000