+ Reverse proxy with nginx for internally hosted services

playbooks/alpha/nginx/disable-default.yml

@@ -0,0 +1,10 @@
+---
+- hosts: alpha
+  tasks:
+    - name: Disable Default Nginx Site
+      become: yes
+      file:
+        path: /etc/nginx/sites-enabled/default
+        state: absent
+
+

playbooks/alpha/nginx/main.yml

@@ -0,0 +1,46 @@
+# This playbook just installs nginx so that it is ready to configure
+# we don't bother with extra user accounts like with Beta because we
+# are only concerned with using nginx to serve fully containerized
+# applications. Not static files
+---
+- hosts: alpha
+  become: yes
+  tasks:
+    - name: Install Nginx
+      apt:
+        name: nginx
+        update_cache: yes
+        state: present
+
+    - name: Update Snap
+      community.general.snap:
+        name: core
+        state: present
+
+    - name: Install Certbot
+      community.general.snap:
+        name: certbot
+        classic: yes
+
+    - name: Push Searx Config
+      copy:
+        src: search.project-athens.xyz
+        dest: /etc/nginx/sites-available
+
+    - name: Enable Site in Nginx
+      file: 
+        src: /etc/nginx/sites-available/search.project-athens.xyz
+        dest: /etc/nginx/sites-enabled/search.project-athens.xyz
+        state: link
+
+    - name: Restart Nginx
+      service:
+        name: nginx
+        state: restarted
+
+    - name: Install Certificates for all sites on this host
+      command: >
+        certbot -n --nginx -m "{{CERT_EMAIL}}" --agree-tos
+        --domains "{{item}}"
+      loop:
+        - search.project-athens.xyz

playbooks/alpha/nginx/search.project-athens.xyz

@@ -0,0 +1,11 @@
+# This file contains a base configuration file for the projectathens
+# It is to be overwritten by certbot later on so adjusting this config
+# should not happen on the target server
+
+server  {
+	server_name search.project-athens.xyz;
+	location / {
+		proxy_pass http://127.0.0.1:8080;
+	}
+}
+