From ad71dbbefdc7a51e37756f43f267e0c7b61e9e2e Mon Sep 17 00:00:00 2001 From: Alex Hewson Date: Sun, 7 Apr 2019 15:34:27 +0100 Subject: [PATCH 1/3] Add a simple /healthz path to the frontend without basic auth enforced. This can be used for remotely monitoring the uptime of a Streisand box. --- playbooks/roles/streisand-gateway/templates/vhost.j2 | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/playbooks/roles/streisand-gateway/templates/vhost.j2 b/playbooks/roles/streisand-gateway/templates/vhost.j2 index 8950c189e..ef5332cc0 100644 --- a/playbooks/roles/streisand-gateway/templates/vhost.j2 +++ b/playbooks/roles/streisand-gateway/templates/vhost.j2 @@ -48,4 +48,11 @@ server { autoindex off; } + # Simple healthcheck path with no auth + location /healthz { + auth_basic off; + default_type text/plain; + return 200 "ok"; + } + } From 61a77a0ce306f940bb674a50b9483c114e09d273 Mon Sep 17 00:00:00 2001 From: Alex Hewson Date: Sun, 5 Apr 2020 17:28:55 +0100 Subject: [PATCH 2/3] Optionally serve a minimal /robots.txt from gateway; the 200 response can also be useful for health checks --- global_vars/default-site.yml | 3 +++ playbooks/customize.yml | 8 ++++++++ .../roles/streisand-gateway/templates/vhost.j2 | 15 ++++++++------- 3 files changed, 19 insertions(+), 7 deletions(-) diff --git a/global_vars/default-site.yml b/global_vars/default-site.yml index d119dbce4..0a329c70d 100644 --- a/global_vars/default-site.yml +++ b/global_vars/default-site.yml @@ -25,3 +25,6 @@ streisand_tinyproxy_enabled: yes streisand_tor_enabled: no streisand_wireguard_enabled: yes streisand_cloudflared_enabled: yes + +# Simple /robots.txt; can also be used for health checks +streisand_gateway_robots_txt_enabled: no diff --git a/playbooks/customize.yml b/playbooks/customize.yml index 87d03c0fc..fd12e1ed9 100644 --- a/playbooks/customize.yml +++ b/playbooks/customize.yml @@ -60,6 +60,10 @@ prompt: "Enable DNS-over-HTTPS (cloudflared)? Press enter for default " default: "yes" private: no + - name: streisand_gateway_robots_txt_enabled + prompt: "Enable a minimal /robots.txt in the UI; also useful for remote health checks " + default: "no" + private: no tasks: - lineinfile: @@ -118,3 +122,7 @@ path: "{{ streisand_site_vars }}" regexp: "^streisand_cloudflared_enabled: (?:yes|no)$" line: "streisand_cloudflared_enabled: {{ streisand_cloudflared_enabled }}" + - lineinfile: + path: "{{ streisand_site_vars }}" + regexp: "^streisand_gateway_robots_txt_enabled: (?:yes|no)$" + line: "streisand_gateway_robots_txt_enabled: {{ streisand_gateway_robots_txt_enabled }}" diff --git a/playbooks/roles/streisand-gateway/templates/vhost.j2 b/playbooks/roles/streisand-gateway/templates/vhost.j2 index c92e42841..243fad061 100644 --- a/playbooks/roles/streisand-gateway/templates/vhost.j2 +++ b/playbooks/roles/streisand-gateway/templates/vhost.j2 @@ -80,16 +80,17 @@ server { root {{ streisand_gateway_location }}; index index.html index.htm; - + location / { - autoindex off; + autoindex off; } - # Simple healthcheck path with no auth - location /healthz { +{% if streisand_gateway_robots_txt_enabled %} + # Simple /robots.txt; can also be used for health checks + location = /robots.txt { auth_basic off; - default_type text/plain; - return 200 "ok"; + add_header Content-Type text/plain; + return 200 "User-agent: *\nDisallow: /\n"; } - +{% endif %} } From ecf48dd49e02ec0ba7faa8f4468463d09485a599 Mon Sep 17 00:00:00 2001 From: Alex Hewson Date: Sun, 5 Apr 2020 19:36:23 +0100 Subject: [PATCH 3/3] Set cloudflared_enabled back to false --- global_vars/default-site.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/global_vars/default-site.yml b/global_vars/default-site.yml index 0a329c70d..10ab7ab4a 100644 --- a/global_vars/default-site.yml +++ b/global_vars/default-site.yml @@ -24,7 +24,7 @@ streisand_stunnel_enabled: yes streisand_tinyproxy_enabled: yes streisand_tor_enabled: no streisand_wireguard_enabled: yes -streisand_cloudflared_enabled: yes +streisand_cloudflared_enabled: no # Simple /robots.txt; can also be used for health checks streisand_gateway_robots_txt_enabled: no