joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Update authentik Caddy template to use HTTP backend

Browse Source 
- Change reverse_proxy from https:// to http:// backend
- Use authentik_http_port instead of authentik_https_port
- Remove unnecessary TLS transport configuration
- Remove health check for non-existent endpoint

This aligns the Ansible template with the working configuration
where authentik only serves HTTP internally and Caddy handles SSL.
This commit is contained in:
Joakim
2025-12-04 19:45:04 +01:00
parent b3c3fe5c56
commit 0507e3291d
11 changed files with 11 additions and 256 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
roles/valkey/tasks/main.yml
View File

@@ -56,23 +56,6 @@
backup: yes
notify: restart valkey
- name: Create systemd override directory for Valkey security
file:
path: /etc/systemd/system/valkey.service.d
state: directory
mode: '0755'
when: valkey_systemd_security
- name: Deploy Valkey systemd security override
template:
src: systemd-override.conf.j2
dest: /etc/systemd/system/valkey.service.d/override.conf
mode: '0644'
when: valkey_systemd_security
notify:
- reload systemd
- restart valkey
- name: Enable and start Valkey service
systemd:
name: valkey
@@ -107,7 +90,7 @@
when: valkey_service_state == "started" and valkey_unix_socket_enabled
- name: Wait for Valkey to be ready (Unix Socket) - Try with auth if needed
command: redis-cli -s {{ valkey_unix_socket_path }} -a {{ valkey_requirepass }} ping
command: redis-cli -s {{ valkey_unix_socket_path }} -a {{ valkey_password }} ping
register: valkey_socket_ping_auth
until: valkey_socket_ping_auth.stdout == "PONG"
retries: 5
@@ -120,14 +103,14 @@
("NOAUTH" in (valkey_socket_ping_noauth.stdout + valkey_socket_ping_noauth.stderr) or valkey_socket_ping_noauth.rc != 0)
- name: Test Valkey connectivity (TCP)
command: redis-cli -h {{ valkey_bind }} -p {{ valkey_port }} -a {{ valkey_requirepass }} ping
command: redis-cli -h {{ valkey_bind }} -p {{ valkey_port }} -a {{ valkey_password }} ping
register: valkey_ping_result_tcp
changed_when: false
failed_when: valkey_ping_result_tcp.stdout != "PONG"
when: valkey_service_state == "started" and not valkey_unix_socket_enabled
- name: Test Valkey connectivity (Unix Socket)
command: redis-cli -s {{ valkey_unix_socket_path }} -a {{ valkey_requirepass }} ping
command: redis-cli -s {{ valkey_unix_socket_path }} -a {{ valkey_password }} ping
register: valkey_ping_result_socket
changed_when: false
failed_when: valkey_ping_result_socket.stdout != "PONG"