ansible/roles/loadbalancer/templates/nginx.conf.j2

include /etc/nginx/modules-enabled/*.conf;

events {}

stream {
# TCP Load Balancing for the K3s API
  upstream k3s_servers {
    {% for ip in k3s_server_ips %}
    server {{ ip }}:{{k3s.loadbalancer.default_port}};
    {% endfor %}
  }

  server {
    listen {{k3s.loadbalancer.default_port}};
    proxy_pass k3s_servers;
  }

  upstream dns_servers {
    {% for ip in k3s_server_ips %}
    server {{ ip }}:53;
    {% endfor %}
  }

  server {
    listen 53 udp;
    proxy_pass dns_servers;
  }
}

http {
  upstream k3s_servers_http {
    least_conn;
    {% for ip in k3s_server_ips %}
    server {{ ip }}:80;
    {% endfor %}
  }

  upstream k3s_servers_https {
    least_conn;
    {% for ip in k3s_server_ips %}
    server {{ ip }}:443;
    {% endfor %}
  }

  server {
    listen 80;

    location / {
      proxy_pass http://k3s_servers_http;
      proxy_set_header Host $http_host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto http;
    }
  }

  server {
    listen 443 ssl;

    server_name staging.k3s.seyshiro.de *.staging.k3s.seyshiro.de;

    ssl_certificate /etc/nginx/ssl/staging_tls.crt;
    ssl_certificate_key /etc/nginx/ssl/staging_tls.key;

    location / {
      proxy_pass https://k3s_servers_https;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
    }
  }

  server {
    listen 443 ssl;

    server_name k3s.seyshiro.de *.k3s.seyshiro.de;

    ssl_certificate /etc/nginx/ssl/production_tls.crt;
    ssl_certificate_key /etc/nginx/ssl/production_tls.key;

    location / {
      proxy_pass https://k3s_servers_https;
      proxy_set_header Host $host;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto https;
    }
  }
}
Finished lb and db Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-19 23:10:00 +02:00			`include /etc/nginx/modules-enabled/*.conf;`

			`events {}`

			`stream {`
prod and staging for tls in loadbalancer Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-10-04 00:00:02 +02:00			`# TCP Load Balancing for the K3s API`
Finished lb and db Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-19 23:10:00 +02:00			`upstream k3s_servers {`
			`{% for ip in k3s_server_ips %}`
Added k3s agents Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-20 16:57:59 +02:00			`server {{ ip }}:{{k3s.loadbalancer.default_port}};`
Finished lb and db Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-19 23:10:00 +02:00			`{% endfor %}`
			`}`

			`server {`
Added k3s agents Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-20 16:57:59 +02:00			`listen {{k3s.loadbalancer.default_port}};`
Finished lb and db Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-19 23:10:00 +02:00			`proxy_pass k3s_servers;`
			`}`
prod and staging for tls in loadbalancer Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-10-04 00:00:02 +02:00
			`upstream dns_servers {`
			`{% for ip in k3s_server_ips %}`
			`server {{ ip }}:53;`
			`{% endfor %}`
			`}`

			`server {`
			`listen 53 udp;`
			`proxy_pass dns_servers;`
			`}`
Finished lb and db Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-19 23:10:00 +02:00			`}`
Added http lb for lb Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-30 07:51:33 +02:00
			`http {`
adjust name for upstream in lb Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-30 10:46:19 +02:00			`upstream k3s_servers_http {`
			`least_conn;`
			`{% for ip in k3s_server_ips %}`
Added https lb for lb Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-30 20:06:27 +02:00			`server {{ ip }}:80;`
			`{% endfor %}`
			`}`

			`upstream k3s_servers_https {`
			`least_conn;`
			`{% for ip in k3s_server_ips %}`
			`server {{ ip }}:443;`
adjust name for upstream in lb Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-30 10:46:19 +02:00			`{% endfor %}`
Added http lb for lb Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-30 07:51:33 +02:00			`}`

			`server {`
Added https lb for lb Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-30 20:06:27 +02:00			`listen 80;`

Added http lb for lb Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-30 07:51:33 +02:00			`location / {`
adjust name for upstream in lb Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-30 10:46:19 +02:00			`proxy_pass http://k3s_servers_http;`
Fixed host forwarding for subdomain reverse proxy Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-30 10:53:18 +02:00			`proxy_set_header Host $http_host;`
Added https lb for lb Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-30 20:06:27 +02:00			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto http;`
			`}`
			`}`

			`server {`
prod and staging for tls in loadbalancer Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-10-04 00:00:02 +02:00			`listen 443 ssl;`
Added https lb for lb Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-30 20:06:27 +02:00
prod and staging for tls in loadbalancer Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-10-04 00:00:02 +02:00			`server_name staging.k3s.seyshiro.de *.staging.k3s.seyshiro.de;`
Added script etc for ssl on lb Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-10-03 17:38:08 +02:00
			`ssl_certificate /etc/nginx/ssl/staging_tls.crt;`
			`ssl_certificate_key /etc/nginx/ssl/staging_tls.key;`

			`location / {`
			`proxy_pass https://k3s_servers_https;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto https;`
			`}`
			`}`

			`server {`
prod and staging for tls in loadbalancer Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-10-04 00:00:02 +02:00			`listen 443 ssl;`
Added script etc for ssl on lb Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-10-03 17:38:08 +02:00
prod and staging for tls in loadbalancer Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-10-04 00:00:02 +02:00			`server_name k3s.seyshiro.de *.k3s.seyshiro.de;`
Added script etc for ssl on lb Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-10-03 17:38:08 +02:00
			`ssl_certificate /etc/nginx/ssl/production_tls.crt;`
			`ssl_certificate_key /etc/nginx/ssl/production_tls.key;`

Added https lb for lb Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-30 20:06:27 +02:00			`location / {`
			`proxy_pass https://k3s_servers_https;`
			`proxy_set_header Host $host;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto https;`
adjust name for upstream in lb Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-30 10:46:19 +02:00			`}`
Added http lb for lb Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-09-30 07:51:33 +02:00			`}`
			`}`
prod and staging for tls in loadbalancer Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev> 2024-10-04 00:00:02 +02:00