ansible-debops-infrastructure

Unnamed repository; edit this file 'description' to name the repository.
git clone git://git.erethon.com/ansible-debops-infrastructure
Log | Files | Refs

commit 6855f778b5c58b173f0d58dfb2ed097f24b6bd9e
parent 13823340316b8b476eb161804996cb5f201ba978
Author: Dionysis Grigoropoulos <dgrig@erethon.com>
Date:   Wed, 23 May 2018 23:01:49 +0300

prosody: Don't use haproxy, instead dnat 5222 port

Diffstat:
ansible/inventory/group_vars/xmpp/ferm.yml | 2+-
ansible/inventory/host_vars/spinny/ferm.yml | 19+++++++++++++++++++
ansible/roles/haproxy/templates/haproxy.cfg.j2 | 9---------
3 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/ansible/inventory/group_vars/xmpp/ferm.yml b/ansible/inventory/group_vars/xmpp/ferm.yml @@ -6,6 +6,6 @@ ferm__group_rules: name: 'prosody' table: 'filter' chain: 'INPUT' - dport: [ 5222, 5269 ] + dport: [ 5269 ] protocol: 'tcp' domain: 'ip' diff --git a/ansible/inventory/host_vars/spinny/ferm.yml b/ansible/inventory/host_vars/spinny/ferm.yml @@ -49,3 +49,22 @@ ferm__host_rules: MASQUERADE; } } + + - type: 'accept' + filename: 'prosody_forward' + name: 'prosody_forward' + table: 'filter' + chain: 'FORWARD' + domain: 'ip' + state: 'NEW' + dport: [ 5222 ] + + - type: 'custom' + filename: 'prosody_nat' + name: 'prosody_nat' + rules: | + domain ip table nat chain PREROUTING { + protocol tcp dport 5222 { + DNAT to {{ prosody__private_ip }}:5222; + } + } diff --git a/ansible/roles/haproxy/templates/haproxy.cfg.j2 b/ansible/roles/haproxy/templates/haproxy.cfg.j2 @@ -28,15 +28,6 @@ defaults errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http -frontend prosody - bind {{ prosody__public_ip }}:5222 - mode tcp - default_backend prosody_backend - -backend prosody_backend - mode tcp - server prosody {{ prosody__private_ip }}:5222 - frontend prosody_muc bind {{ prosody__public_ip }}:5269 mode tcp