add missing navi files

Author: Anandkumar Patel

ansible/group_vars/alpha-navi-proxy.yml

@@ -0,0 +1,20 @@
+---
+name: nginx
+
+docker_image: "{{ name }}"
+docker_image_version: "1.10"
+
+docker_restart_command: kill -s SIGHUP
+
+docker_container_run_opts: >
+  -d
+  -h {{ name }}
+  -p 0.0.0.0:443:443
+  -p 0.0.0.0:80:80
+  -v /etc/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+  -v /etc/nginx/sites-available/:/etc/nginx/sites-enabled/:ro
+  -v /etc/nginx/ssl/dhparam.pem:/etc/nginx/ssl/dhparam.pem:ro
+  -v /etc/ssl/certs/{{ domain }}:/etc/ssl/certs/{{ domain }}:ro
+  -v /etc/ssl/certs/{{ user_content_domain }}:/etc/ssl/certs/{{ user_content_domain }}:ro
+  -v /etc/ssl/private:/etc/ssl/private:ro
+  -v /var/log/nginx:/var/log/nginx

ansible/navi-proxy.yml

@@ -0,0 +1,8 @@
+---
+- hosts: userland
+  vars_files:
+    - group_vars/alpha-navi-proxy.yml
+  roles:
+    - role: datadog
+      has_dd_integration: yes
+    - role: container_restart

ansible/roles/nginx-proxied-service/templates/01-navi.conf

@@ -0,0 +1,69 @@
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  '' close;
+}
+
+upstream {{ name }} {
+  {% for port in proxy_target_ports.stdout_lines -%}
+  server {{ target_ip_address }}:{{ port }};
+  {% endfor %}
+}
+
+server {
+  listen 80;
+  server_name {{ user_content_domain }};
+  access_log /var/log/nginx/{{ name }}.access.log;
+
+  location / {
+    proxy_pass http://{{ name }};
+    proxy_http_version 1.1;
+    proxy_set_header upgrade $http_upgrade;
+    proxy_set_header connection $connection_upgrade;
+
+    proxy_set_header Host $http_host;
+    proxy_set_header x-forwarded-host $http_host;
+    proxy_set_header x-real-ip $remote_addr;
+    proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
+    proxy_set_header x-forwarded-protocol $scheme;
+    proxy_set_header x-forwarded-proto $scheme;
+  }
+}
+
+server {
+  listen 443 ssl;
+  server_name {{ user_content_domain }};
+  access_log /var/log/nginx/{{ name }}.ssl.access.log;
+
+  ssl on;
+  ssl_certificate /etc/ssl/certs/{{ user_content_domain }}/{{ user_content_domain }}.chained.crt;
+  ssl_certificate_key /etc/ssl/private/{{ user_content_domain }}.key;
+  ssl_trusted_certificate /etc/ssl/certs/{{ user_content_domain }}/ca.pem;
+
+  ssl_session_cache shared:SSL:10m;
+  ssl_session_timeout 10m;
+
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
+  ssl_prefer_server_ciphers on;
+  ssl_dhparam /etc/nginx/ssl/dhparam.pem;
+
+  ssl_stapling on;
+  ssl_stapling_verify on;
+  resolver 8.8.8.8 8.8.4.4 valid=300s;
+  resolver_timeout 5s;
+
+  location / {
+    proxy_pass http://{{ name }};
+    proxy_http_version 1.1;
+    proxy_set_header upgrade $http_upgrade;
+    proxy_set_header connection $connection_upgrade;
+
+
+    proxy_set_header Host $http_host;
+    proxy_set_header x-forwarded-host $http_host;
+    proxy_set_header x-real-ip $remote_addr;
+    proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
+    proxy_set_header x-forwarded-protocol $scheme;
+    proxy_set_header x-forwarded-proto $scheme;
+  }
+}

ansible/roles/nginx-proxied-service/templates/proxy-nginx.conf

@@ -0,0 +1,29 @@
+user www-data;
+worker_processes 4;
+pid /run/nginx.pid;
+
+events {
+  worker_connections 5000;
+}
+
+http {
+  ##
+  # Basic Settings
+  ##
+  tcp_nodelay on;
+  keepalive_timeout 65;
+  server_tokens off;
+
+  ##
+  # Logging Settings
+  ##
+
+  access_log /var/log/nginx/access.log;
+  error_log /var/log/nginx/error.log;
+
+  ##
+  # Virtual Host Configs
+  ##
+
+  include /etc/nginx/sites-enabled/*;
+}