diff options
Diffstat (limited to 'roles/webserver')
-rw-r--r-- | roles/webserver/tasks/main.yml | 20 |
1 files changed, 5 insertions, 15 deletions
diff --git a/roles/webserver/tasks/main.yml b/roles/webserver/tasks/main.yml index e2624c4..7838896 100644 --- a/roles/webserver/tasks/main.yml +++ b/roles/webserver/tasks/main.yml @@ -29,22 +29,12 @@ # Use 'z' to shared-ly relable selinux contexts. - "{{ DATA_ROOT }}/nginx/www:/www:ro,z" -# All services run in rootless-podman and nginx is the only entry point from -# the outside acting as webserver and reverse proxy. -# Since we dont want to lower the *unprivileged* port start (1024) we install -# two forwarding routes from -# 80 -> 8080 -# 443 -> 8443 - name: Forward port 80/443 to 8080/8443 - ansible.builtin.iptables: - table: nat - chain: PREROUTING - protocol: tcp - match: tcp - destination_port: "{{ item.from }}" - jump: REDIRECT - to_ports: "{{ item.to }}" - comment: "Redirect web traffic {{ item.from }} -> {{ item.to }}" + ansible.posix.firewalld: + rich_rule: "rule family=ipv4 forward-port port={{ item.from }} protocol=tcp to-port={{ item.to }}" + permanent: yes + immediate: yes + state: enabled become: true loop: - { from: 80 , to: 8080 } |