start writting config files
parent
130e101cc6
commit
2667d5affc
@ -0,0 +1,61 @@
|
|||||||
|
{{ ansible_managed | comment }}
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
|
||||||
|
server_name {{ item.key }};
|
||||||
|
# Redirect to https
|
||||||
|
location / {
|
||||||
|
return 302 https://$host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
# FLoC you google
|
||||||
|
add_header Permissions-Policy interest-cohort=();
|
||||||
|
|
||||||
|
{% if in_memoriam is defined -%}
|
||||||
|
# "A man is not dead while his name is still spoken." -- Going Postal
|
||||||
|
add_header X-Clacks-Overhead "GNU {{ ', '.join(in_memoriam) }}";
|
||||||
|
{%- endif %}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
# listen port + ssl
|
||||||
|
{# <- TODO: Allow other ports -> -#}
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
ssl_certificate /etc/nginx/certs/{{ item.key }}.crt;
|
||||||
|
ssl_certificate_key /etc/nginx/certs/{{ item.key }}.key;
|
||||||
|
{# <- TODO: Allow other ports -> #}
|
||||||
|
|
||||||
|
server_name {{ item.key }};
|
||||||
|
|
||||||
|
{# <- TODO: move this to defaut root snippets -> -#}
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
# FLoC you google
|
||||||
|
add_header Permissions-Policy interest-cohort=();
|
||||||
|
|
||||||
|
{% if in_memoriam is defined -%}
|
||||||
|
# "A man is not dead while his name is still spoken." -- Going Postal
|
||||||
|
add_header X-Clacks-Overhead "GNU {{ ', '.join(in_memoriam) }}";
|
||||||
|
{% endif -%}
|
||||||
|
{# <- TODO: move this to defaut root snippets -> -#}
|
||||||
|
|
||||||
|
# Logs
|
||||||
|
access_log /var/log/nginx/{{ item.key }}.log;
|
||||||
|
error_log /var/log/nginx/{{ item.key }}_error.log;
|
||||||
|
|
||||||
|
{% for location in (item.value.locations | default([]) | dict2items) -%}
|
||||||
|
location {{ location.key }} {
|
||||||
|
{% filter indent(width=8) -%}
|
||||||
|
{% include location.value.template -%}
|
||||||
|
{%- endfilter %}
|
||||||
|
}
|
||||||
|
{%- endfor %}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,17 @@
|
|||||||
|
proxy_pass {{ location.value.to }};
|
||||||
|
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
|
# Pass the real client IP
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
|
||||||
|
# Tell proxified server that we are HTTPS, fix Wordpress
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
|
||||||
|
# WebSocket support
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection $connection_upgrade;
|
||||||
|
|
Loading…
Reference in New Issue