From 426cebd2ae9f3650452322d093eaef8b2713f6a9 Mon Sep 17 00:00:00 2001
From: saibotk <git@saibotk.de>
Date: Fri, 14 Aug 2020 05:25:34 +0200
Subject: [PATCH] static_websites: Add optional www. alias & missing hidden
 service header

This patch adds the possibility to automatically create a www. alias for a website and also sets the alt-svc header with an information about a possible hidden service location.
---
 roles/static_websites/README.md                    | 2 ++
 roles/static_websites/defaults/main.yml            | 1 +
 roles/static_websites/templates/docker-compose.yml | 6 ++++--
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/roles/static_websites/README.md b/roles/static_websites/README.md
index ed8e865..6889d45 100644
--- a/roles/static_websites/README.md
+++ b/roles/static_websites/README.md
@@ -30,6 +30,8 @@ static_websites:
   example:
     image: docker.io/acme/example-site    # docker image, can include a tag
     domain: example.com                   # domain that is published by traefik
+    certresolver: letsencrypt_cf          # specify traefik cert resolver (optional)
+    www: true                             # Add www. as alias (optional)
     hsts:                                 # HSTS advanced settings (optinal)
       preloaded: true                     # enable preloaded header
       subdomains: true                    # enable all subdomains header
diff --git a/roles/static_websites/defaults/main.yml b/roles/static_websites/defaults/main.yml
index 99c9f2a..2a96c8c 100644
--- a/roles/static_websites/defaults/main.yml
+++ b/roles/static_websites/defaults/main.yml
@@ -30,6 +30,7 @@ static_websites_default_traefik_certresolver: letsencrypt_http
 #    image - docker image, can include a tag
 #    domain - domain that is published by traefik
 #    certresolver - specify traefik cert resolver (optional)
+#    www - should we add www. as alias (optional)
 #    hsts: - HSTS advanced settings (optional)
 #      preloaded - enable preloaded header
 #      subdomains - enable all subdomains header
diff --git a/roles/static_websites/templates/docker-compose.yml b/roles/static_websites/templates/docker-compose.yml
index c86a60d..a0afbeb 100644
--- a/roles/static_websites/templates/docker-compose.yml
+++ b/roles/static_websites/templates/docker-compose.yml
@@ -39,7 +39,7 @@ services:
     security_opt:
       - no-new-privileges
     labels:
-      - "traefik.http.routers.static_websites_{{ key }}.rule=Host(`{{ value.domain }}`) && PathPrefix(`/`)"
+      - "traefik.http.routers.static_websites_{{ key }}.rule=Host(`{{ value.domain }}`{% if value.www is defined and value.www %},`www.{{ value.domain }}`{% endif %}) && PathPrefix(`/`)"
       - "traefik.http.routers.static_websites_{{ key }}.entrypoints=websecure"
       - "traefik.http.routers.static_websites_{{ key }}.tls=true"
       - "traefik.http.routers.static_websites_{{ key }}.tls.certresolver={{ value.certresolver | default(static_websites_default_traefik_certresolver) }}"
@@ -55,7 +55,9 @@ services:
       - "traefik.http.middlewares.static_websites_{{ key }}.headers.stsPreload={{ value.hsts.preloaded | default(false) }}"
       - "traefik.http.middlewares.static_websites_{{ key }}.headers.stsIncludeSubdomains={{ value.hsts.subdomains | default(false) }}"
 {% endif %}
-
+{% if proxy_hiddenservice is defined and proxy_hiddenservice.content is defined %}
+      - "traefik.http.middlewares.static_websites_{{ key }}.headers.customresponseheaders.alt-svc=h2={{ proxy_hiddenservice['content'] | b64decode | trim }}:443; ma=2592000"
+{% endif %}
 {% if proxy_network is defined %}
       - "traefik.docker.network={{ proxy_network }}"
 {% endif %}