From eeae791f723117cb1f3005dcab4e6dd9521ba704 Mon Sep 17 00:00:00 2001 From: Menno van Leeuwen Date: Wed, 26 Mar 2025 15:54:34 +0100 Subject: [PATCH] feat: update Caddyfile and Docker Compose for EchoIP service with improved IP header handling and database management --- .../tasks/servers/services/caddy/Caddyfile.j2 | 5 +- .../services/echoip/docker-compose.yml.j2 | 21 ++++++- .../tasks/servers/services/echoip/echoip.yml | 63 +++++++++++++++++++ 3 files changed, 86 insertions(+), 3 deletions(-) diff --git a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 index da43820..ec6ce26 100644 --- a/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 +++ b/config/ansible/tasks/servers/services/caddy/Caddyfile.j2 @@ -65,9 +65,10 @@ fladder.mvl.sh { ip.mvl.sh { reverse_proxy echoip:8080 { - header_up X-Real-IP {remote} - header_up X-Forwarded-For {remote} + header_up X-Real-IP {http.request.remote.host} + header_up X-Forwarded-For {http.request.remote.host} header_up X-Forwarded-Proto {scheme} + header_up X-Forwarded-Host {host} } tls {{ caddy_email }} } diff --git a/config/ansible/tasks/servers/services/echoip/docker-compose.yml.j2 b/config/ansible/tasks/servers/services/echoip/docker-compose.yml.j2 index ce03f59..0f76b3f 100644 --- a/config/ansible/tasks/servers/services/echoip/docker-compose.yml.j2 +++ b/config/ansible/tasks/servers/services/echoip/docker-compose.yml.j2 @@ -3,4 +3,23 @@ services: container_name: 'echoip' image: 'mpolden/echoip:latest' restart: unless-stopped - network_mode: 'host' + ports: + - "8080:8080" + extra_hosts: + - "host.docker.internal:host-gateway" + networks: + - caddy_network + volumes: + - {{echoip_data_dir}}/GeoLite2-ASN.mmdb:/opt/echoip/GeoLite2-ASN.mmdb:ro + - {{echoip_data_dir}}/GeoLite2-City.mmdb:/opt/echoip/GeoLite2-City.mmdb:ro + - {{echoip_data_dir}}/GeoLite2-Country.mmdb:/opt/echoip/GeoLite2-Country.mmdb:ro + command: > + -p -r -H "X-Forwarded-For" -l ":8080" + -a /opt/echoip/GeoLite2-ASN.mmdb + -c /opt/echoip/GeoLite2-City.mmdb + -f /opt/echoip/GeoLite2-Country.mmdb + +networks: + caddy_network: + external: true + name: caddy_default diff --git a/config/ansible/tasks/servers/services/echoip/echoip.yml b/config/ansible/tasks/servers/services/echoip/echoip.yml index 8676715..6b5b1a7 100644 --- a/config/ansible/tasks/servers/services/echoip/echoip.yml +++ b/config/ansible/tasks/servers/services/echoip/echoip.yml @@ -4,6 +4,9 @@ - name: Set EchoIP directories ansible.builtin.set_fact: echoip_service_dir: "{{ ansible_env.HOME }}/services/echoip" + echoip_data_dir: "/mnt/object_storage/services/echoip" + maxmind_account_id: {{ lookup('community.general.onepassword', 'finpwvqp6evflzjcsnwge74n34', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='account_id') }} + maxmind_license_key: {{ lookup('community.general.onepassword', 'finpwvqp6evflzjcsnwge74n34', vault='j7nmhqlsjmp2r6umly5t75hzb4', field='license_key') }} - name: Create EchoIP directory ansible.builtin.file: @@ -11,6 +14,66 @@ state: directory mode: "0755" + - name: Create EchoIP data directory + ansible.builtin.file: + path: "{{ echoip_data_dir }}" + state: directory + mode: "0755" + + - name: Download GeoLite2 ASN database + ansible.builtin.get_url: + url: "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key={{ maxmind_license_key }}&suffix=tar.gz" + dest: "{{ echoip_data_dir }}/GeoLite2-ASN.tar.gz" + mode: "0644" + + - name: Extract GeoLite2 ASN database + ansible.builtin.unarchive: + src: "{{ echoip_data_dir }}/GeoLite2-ASN.tar.gz" + dest: "{{ echoip_data_dir }}" + remote_src: true + register: asn_extracted + + - name: Move ASN database to correct location + ansible.builtin.command: + cmd: "mv {{ echoip_data_dir }}/GeoLite2-ASN_*/GeoLite2-ASN.mmdb {{ echoip_data_dir }}/GeoLite2-ASN.mmdb" + when: asn_extracted.changed + + - name: Download GeoLite2 City database + ansible.builtin.get_url: + url: "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key={{ maxmind_license_key }}&suffix=tar.gz" + dest: "{{ echoip_data_dir }}/GeoLite2-City.tar.gz" + mode: "0644" + + - name: Extract GeoLite2 City database + ansible.builtin.unarchive: + src: "{{ echoip_data_dir }}/GeoLite2-City.tar.gz" + dest: "{{ echoip_data_dir }}" + remote_src: true + register: city_extracted + + - name: Move City database to correct location + ansible.builtin.command: + cmd: "mv {{ echoip_data_dir }}/GeoLite2-City_*/GeoLite2-City.mmdb {{ echoip_data_dir }}/GeoLite2-City.mmdb" + when: city_extracted.changed + + - name: Download GeoLite2 Country database + ansible.builtin.get_url: + url: "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key={{ maxmind_license_key }}&suffix=tar.gz" + dest: "{{ echoip_data_dir }}/GeoLite2-Country.tar.gz" + mode: "0644" + + - name: Extract GeoLite2 Country database + ansible.builtin.unarchive: + src: "{{ echoip_data_dir }}/GeoLite2-Country.tar.gz" + dest: "{{ echoip_data_dir }}" + remote_src: true + register: country_extracted + + - name: Move Country database to correct location + ansible.builtin.command: + cmd: "mv {{ echoip_data_dir }}/GeoLite2-Country_*/GeoLite2-Country.mmdb {{ echoip_data_dir }}/GeoLite2-Country.mmdb" + when: country_extracted.changed + - name: Deploy EchoIP docker-compose.yml ansible.builtin.template: src: docker-compose.yml.j2