From 372f264bcbc7de743c6cda57126395f7df906b47 Mon Sep 17 00:00:00 2001 From: June Date: Sun, 11 Jan 2026 01:29:15 +0100 Subject: [PATCH] ccchoir(host): move to new network and hostname --- inventories/chaosknoten/hosts.yaml | 4 ++-- resources/chaosknoten/ccchoir/nginx/ccchoir.de.conf | 8 ++++---- .../public-reverse-proxy/nginx/acme_challenge.conf | 4 ++-- .../chaosknoten/public-reverse-proxy/nginx/nginx.conf | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/inventories/chaosknoten/hosts.yaml b/inventories/chaosknoten/hosts.yaml index f72e4ac..4b8e388 100644 --- a/inventories/chaosknoten/hosts.yaml +++ b/inventories/chaosknoten/hosts.yaml @@ -1,9 +1,9 @@ all: hosts: ccchoir: - ansible_host: ccchoir-intern.hamburg.ccc.de + ansible_host: ccchoir.hosts.hamburg.ccc.de ansible_user: chaos - ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de + ansible_ssh_common_args: -J ssh://chaos@router.hamburg.ccc.de chaosknoten: ansible_host: chaosknoten.hamburg.ccc.de cloud: diff --git a/resources/chaosknoten/ccchoir/nginx/ccchoir.de.conf b/resources/chaosknoten/ccchoir/nginx/ccchoir.de.conf index ff37e48..a8d71a9 100644 --- a/resources/chaosknoten/ccchoir/nginx/ccchoir.de.conf +++ b/resources/chaosknoten/ccchoir/nginx/ccchoir.de.conf @@ -2,12 +2,12 @@ # https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6 server { # Listen on a custom port for the proxy protocol. - listen 8443 ssl http2 proxy_protocol; + listen [::]:8443 ssl http2 proxy_protocol; # Make use of the ngx_http_realip_module to set the $remote_addr and # $remote_port to the client address and client port, when using proxy # protocol. # First set our proxy protocol proxy as trusted. - set_real_ip_from 172.31.17.140; + set_real_ip_from 2a00:14b0:4200:3000:125::1; # Then tell the realip_module to get the addreses from the proxy protocol # header. real_ip_header proxy_protocol; @@ -43,12 +43,12 @@ server { server { # Listen on a custom port for the proxy protocol. - listen 8443 ssl http2 proxy_protocol; + listen [::]:8443 ssl http2 proxy_protocol; # Make use of the ngx_http_realip_module to set the $remote_addr and # $remote_port to the client address and client port, when using proxy # protocol. # First set our proxy protocol proxy as trusted. - set_real_ip_from 172.31.17.140; + set_real_ip_from 2a00:14b0:4200:3000:125::1; # Then tell the realip_module to get the addreses from the proxy protocol # header. real_ip_header proxy_protocol; diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf index 7af3beb..0c62760 100644 --- a/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf +++ b/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf @@ -4,8 +4,8 @@ map $host $upstream_acme_challenge_host { c3cat.de 172.31.17.151:31820; www.c3cat.de 172.31.17.151:31820; staging.c3cat.de 172.31.17.151:31820; - ccchoir.de ccchoir-intern.hamburg.ccc.de:31820; - www.ccchoir.de ccchoir-intern.hamburg.ccc.de:31820; + ccchoir.de ccchoir.hosts.hamburg.ccc.de:31820; + www.ccchoir.de ccchoir.hosts.hamburg.ccc.de:31820; cloud.hamburg.ccc.de cloud.hosts.hamburg.ccc.de:31820; element.hamburg.ccc.de 172.31.17.151:31820; git.hamburg.ccc.de 172.31.17.154:31820; diff --git a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf index 42120db..b3f3636 100644 --- a/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf +++ b/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf @@ -18,8 +18,8 @@ stream { resolver 212.12.50.158 192.76.134.90; map $ssl_preread_server_name $address { - ccchoir.de ccchoir-intern.hamburg.ccc.de:8443; - www.ccchoir.de ccchoir-intern.hamburg.ccc.de:8443; + ccchoir.de ccchoir.hosts.hamburg.ccc.de:8443; + www.ccchoir.de ccchoir.hosts.hamburg.ccc.de:8443; cloud.hamburg.ccc.de cloud.hosts.hamburg.ccc.de:8443; pad.hamburg.ccc.de pad.hosts.hamburg.ccc.de:8443; pretalx.hamburg.ccc.de pretalx-intern.hamburg.ccc.de:8443;