Fix www.directlx.dev accessibility with nginx firewall and DNS config

This commit resolves connectivity issues for www.directlx.dev by: 1. Add nginx firewall configuration (host_vars/nginx.yml) - Allow ports 80/tcp (HTTP) and 443/tcp (HTTPS) - Enables NPM to proxy traffic to nginx backend 2. Add www.directlx.dev DNS record via Pi-hole - Configure playbooks/configure-directlx-dev-dns.yml - Route www.directlx.dev → NPM (192.168.200.71) - NPM then proxies to nginx (192.168.200.65) Problem: After firewall changes, nginx server only allowed SSH (port 22), blocking HTTP/HTTPS from NPM. Additionally, Pi-hole had no DNS record for www.directlx.dev subdomain. Solution: Applied firewall rules and DNS configuration to complete the proxy chain: Browser → Pi-hole DNS → NPM → nginx. Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-14 09:14:59 -05:00 · 2026-02-14 09:14:59 -05:00 · 9be34947b2
parent 015c708644
commit 9be34947b2
2 changed files with 45 additions and 0 deletions
--- a/host_vars/nginx.yml
+++ b/host_vars/nginx.yml
@ -0,0 +1,7 @@
+---
+# Nginx web server specific variables
+
+common_firewall_allowed_ports:
+  - "22/tcp"   # SSH
+  - "80/tcp"   # HTTP
+  - "443/tcp"  # HTTPS
--- a/playbooks/configure-directlx-dev-dns.yml
+++ b/playbooks/configure-directlx-dev-dns.yml
@ -0,0 +1,38 @@
+---
+- name: Configure Pi-hole DNS for directlx.dev services (via NPM)
+  hosts: pihole
+  vars:
+    dns_domain: directlx.dev
+    # All services routed through NPM (192.168.200.71)
+    dns_records:
+      - { ip: "192.168.200.71", hostname: "www" }
+      - { ip: "192.168.200.71", hostname: "mgmt" }
+      - { ip: "192.168.200.71", hostname: "hiveops" }
+      - { ip: "192.168.200.71", hostname: "browser" }
+      - { ip: "192.168.200.71", hostname: "smartjournal" }
+      - { ip: "192.168.200.71", hostname: "incidents" }
+      - { ip: "192.168.200.71", hostname: "remote" }
+
+  tasks:
+    - name: Copy DNS update script
+      ansible.builtin.template:
+        src: ../templates/pihole-hosts.py.j2
+        dest: /tmp/update_pihole_hosts_directlx.py
+        mode: '0755'
+
+    - name: Update Pi-hole DNS hosts for directlx.dev
+      ansible.builtin.command: python3 /tmp/update_pihole_hosts_directlx.py
+      register: update_result
+      changed_when: "'updated' in update_result.stdout.lower()"
+      notify: Restart pihole-FTL
+
+    - name: Cleanup script
+      ansible.builtin.file:
+        path: /tmp/update_pihole_hosts_directlx.py
+        state: absent
+
+  handlers:
+    - name: Restart pihole-FTL
+      ansible.builtin.systemd:
+        name: pihole-FTL
+        state: restarted