2020-11-03 23:19:19 +01:00
|
|
|
# {{ ansible_managed }}
|
2020-05-09 12:52:17 +02:00
|
|
|
|
|
|
|
|
# Automatic Connection header for WebSocket support
|
|
|
|
|
# See http://nginx.org/en/docs/http/websocket.html
|
|
|
|
|
map $http_upgrade $connection_upgrade {
|
|
|
|
|
default upgrade;
|
|
|
|
|
'' close;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{% for site in nginx.reverseproxy_sites %}
|
|
|
|
|
# Redirect http://{{ site.from }} to https://{{ site.from }}
|
|
|
|
|
server {
|
|
|
|
|
listen 80;
|
|
|
|
|
listen [::]:80;
|
|
|
|
|
|
|
|
|
|
server_name {{ site.from }};
|
|
|
|
|
|
|
|
|
|
location / {
|
|
|
|
|
return 302 https://$host$request_uri;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# Reverse proxify https://{{ site.from }} to http://{{ site.to }}
|
|
|
|
|
server {
|
|
|
|
|
listen 443 ssl http2;
|
|
|
|
|
listen [::]:443 ssl http2;
|
|
|
|
|
|
|
|
|
|
server_name {{ site.from }};
|
|
|
|
|
|
|
|
|
|
# SSL common conf
|
|
|
|
|
include "/etc/nginx/snippets/options-ssl.conf";
|
|
|
|
|
|
|
|
|
|
# Log into separate log files
|
|
|
|
|
access_log /var/log/nginx/{{ site.from }}.log;
|
|
|
|
|
error_log /var/log/nginx/{{ site.from }}_error.log;
|
|
|
|
|
|
|
|
|
|
# Keep the TCP connection open a bit for faster browsing
|
|
|
|
|
keepalive_timeout 70;
|
|
|
|
|
|
|
|
|
|
# Custom error page
|
|
|
|
|
error_page 500 502 503 504 /50x.html;
|
|
|
|
|
location = /50x.html {
|
|
|
|
|
root /var/www/html;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
set_real_ip_from 10.231.136.0/24;
|
|
|
|
|
set_real_ip_from 2a0c:700:0:2::/64;
|
|
|
|
|
real_ip_header P-Real-Ip;
|
|
|
|
|
|
2021-01-24 21:20:53 +01:00
|
|
|
{% if site.custom_args is defined -%}
|
|
|
|
|
{% for arg in site.custom_args %}
|
|
|
|
|
{{ arg }};
|
|
|
|
|
{% endfor %}
|
|
|
|
|
{% endif %}
|
|
|
|
|
|
2020-05-09 12:52:17 +02:00
|
|
|
location / {
|
|
|
|
|
proxy_pass http://{{ site.to }};
|
|
|
|
|
include "/etc/nginx/snippets/options-proxypass.conf";
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
{% endfor %}
|
