nginx: log subrequests

playbook.yml

@@ -3,6 +3,7 @@
   roles:
     - docker
     - nginx
+    - portainer
     - jellyfin
     - openldap
     - postgres

roles/authelia/templates/configuration.yml.j2

@@ -29,6 +29,9 @@ access_control:
   rules:
     - domain: "*.{{ base_domain }}"
       policy: bypass
+    - domain: portainer.{{ base_domain }}
+      policy: one_factor
+session:
   name: authelia_session
   secret: somerandomsecret
   expiration: 1h

roles/nginx/templates/nginx.conf.j2

@@ -13,6 +13,8 @@ events {
 http {
     include       /etc/nginx/mime.types;
     default_type  application/octet-stream;
+    
+    log_subrequest on;
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '

roles/portainer/tasks/main.yml

@@ -0,0 +1,19 @@
+- name: run container
+  docker_container:
+    name: 'portainer'
+    image: portainer/portainer-ce
+    networks:
+      - name: nginx-internal
+      - name: bridge
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+    ports:
+      - "8000:8000"
+      - "9000:9000"
+    state: started
+- name: copy nginx conf
+  template:
+    src: portainer.conf.j2
+    dest: "{{ data_folder }}/nginx/conf.d/{{ role_name }}.{{ base_domain }}.conf"
+    mode: "755"
+  notify: reload nginx

roles/portainer/templates/portainer.conf.j2

@@ -0,0 +1,20 @@
+server {
+    listen 80;
+    server_name portainer.{{ base_domain }};
+    return 301 https://$host$request_uri;
+}
+
+server {
+    server_name portainer.{{ base_domain }};
+    listen 443 ssl http2;
+
+    include /etc/nginx/snippets/authelia-endpoint.conf;
+
+    location / {
+        include /etc/nginx/snippets/proxy.conf;
+        include /etc/nginx/snippets/authelia-auth.conf;
+
+        set $upstream http://portainer:9000; # This example assumes a Docker deployment
+        proxy_pass $upstream;
+    }
+}