nginx/templates/http_server.j2

{{ ansible_managed | comment }}
server {
    listen 80;
    listen [::]:80;

    server_name {{ item.key }};
    # Redirect to https
    location / {
        return 302 https://$host$request_uri;
    }

    # ACME directory, to limit interaction with certbot
    location /.well-known/acme-challenge/ {
        root /var/www/well-known/acme-challenge/;
    }

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # FLoC you google
    add_header Permissions-Policy interest-cohort=();

    {% if in_memoriam is defined -%}
    # "A man is not dead while his name is still spoken." -- Going Postal
    add_header X-Clacks-Overhead "GNU {{ ', '.join(in_memoriam) }}";
    {%- endif %}
}

server {
    # listen port + ssl
    {# <- TODO: Allow other ports -> -#}
    listen 127.0.0.1:8443 ssl http2;
    # listen [::]:443 ssl http2;
    ssl_certificate /etc/nginx/certs/{{ item.key }}.crt;
    ssl_certificate_key /etc/nginx/certs/{{ item.key }}.key;
    {# <- TODO: Allow other ports -> #}

    server_name {{ item.key }};

    {# <- TODO: move this to defaut root snippets ? -> -#}
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # FLoC you google
    add_header Permissions-Policy interest-cohort=();

    {% if in_memoriam is defined -%}
    # "A man is not dead while his name is still spoken." -- Going Postal
    add_header X-Clacks-Overhead "GNU {{ ', '.join(in_memoriam) }}";
    {% endif -%}
    {#  <- TODO: move this to defaut root snippets ?-> -#}

    {% filter indent(width=4) -%}
    {%- for config in (item.value.root_snippets | default([])) -%}
    {{ config }}
    
    {%- endfor -%}
    {%- endfilter %}

    # Logs
    access_log /var/log/nginx/{{ item.key }}.log;
    error_log /var/log/nginx/{{ item.key }}_error.log;

    {% for location in (item.value.locations | default({}) | dict2items) -%}
    location {{ location.key }} {
        {% filter indent(width=8) -%}
        {%- for config in (location.value.config | default([])) -%}
        {{ config }}

        {%- endfor -%}
        {%- for template in (location.value.templates | default([])) -%}
        {% include template %}

        {%- endfor -%}
        {%- endfilter %}

    }

    {% endfor %}

}
start writting config files 2022-06-19 22:40:12 +02:00			`{{ ansible_managed \| comment }}`
			`server {`
			`listen 80;`
			`listen [::]:80;`

			`server_name {{ item.key }};`
			`# Redirect to https`
			`location / {`
			`return 302 https://$host$request_uri;`
			`}`

add 'well-known/acme-challenge' file 2022-08-03 23:06:41 +02:00			`# ACME directory, to limit interaction with certbot`
			`location /.well-known/acme-challenge/ {`
			`root /var/www/well-known/acme-challenge/;`
			`}`

start writting config files 2022-06-19 22:40:12 +02:00			`include /etc/nginx/mime.types;`
			`default_type application/octet-stream;`

			`# FLoC you google`
			`add_header Permissions-Policy interest-cohort=();`

			`{% if in_memoriam is defined -%}`
			`# "A man is not dead while his name is still spoken." -- Going Postal`
			`add_header X-Clacks-Overhead "GNU {{ ', '.join(in_memoriam) }}";`
			`{%- endif %}`
			`}`

			`server {`
			`# listen port + ssl`
			`{# <- TODO: Allow other ports -> -#}`
fix some stuff, comment other stuff 2022-06-20 23:06:14 +02:00			`listen 127.0.0.1:8443 ssl http2;`
			`# listen [::]:443 ssl http2;`
start writting config files 2022-06-19 22:40:12 +02:00			`ssl_certificate /etc/nginx/certs/{{ item.key }}.crt;`
			`ssl_certificate_key /etc/nginx/certs/{{ item.key }}.key;`
			`{# <- TODO: Allow other ports -> #}`

			`server_name {{ item.key }};`

add root snippets support 2022-08-03 22:37:58 +02:00			`{# <- TODO: move this to defaut root snippets ? -> -#}`
start writting config files 2022-06-19 22:40:12 +02:00			`include /etc/nginx/mime.types;`
			`default_type application/octet-stream;`

			`# FLoC you google`
			`add_header Permissions-Policy interest-cohort=();`

			`{% if in_memoriam is defined -%}`
			`# "A man is not dead while his name is still spoken." -- Going Postal`
			`add_header X-Clacks-Overhead "GNU {{ ', '.join(in_memoriam) }}";`
			`{% endif -%}`
add root snippets support 2022-08-03 22:37:58 +02:00			`{# <- TODO: move this to defaut root snippets ?-> -#}`

			`{% filter indent(width=4) -%}`
			`{%- for config in (item.value.root_snippets \| default([])) -%}`
			`{{ config }}`

			`{%- endfor -%}`
some updates 2022-08-07 18:43:35 +02:00			`{%- endfilter %}`
start writting config files 2022-06-19 22:40:12 +02:00
			`# Logs`
			`access_log /var/log/nginx/{{ item.key }}.log;`
			`error_log /var/log/nginx/{{ item.key }}_error.log;`

add support for reverse proxy ssl 2022-07-17 18:54:55 +02:00			`{% for location in (item.value.locations \| default({}) \| dict2items) -%}`
start writting config files 2022-06-19 22:40:12 +02:00			`location {{ location.key }} {`
			`{% filter indent(width=8) -%}`
implement inline config 2022-07-17 20:13:18 +02:00			`{%- for config in (location.value.config \| default([])) -%}`
			`{{ config }}`

			`{%- endfor -%}`
			`{%- for template in (location.value.templates \| default([])) -%}`
			`{% include template %}`

			`{%- endfor -%}`
start writting config files 2022-06-19 22:40:12 +02:00			`{%- endfilter %}`
implement inline config 2022-07-17 20:13:18 +02:00
start writting config files 2022-06-19 22:40:12 +02:00			`}`
implement inline config 2022-07-17 20:13:18 +02:00
			`{% endfor %}`
start writting config files 2022-06-19 22:40:12 +02:00
			`}`