ansible/roles/nginx/templates/nginx/sites-available/service.j2

{{ ansible_managed | comment }}

# Automatic Connection header for WebSocket support
# See http://nginx.org/en/docs/http/websocket.html
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

{% for upstream in nginx.upstreams -%}
upstream {{ upstream.name }} {
    # Path of the server
    server {{ upstream.server }};
}
{% endfor -%}

{% if nginx.default_ssl_server -%}
# Redirect all services to the main site
server {
    listen 443 default_server ssl;
    listen [::]:443 default_server ssl;
    include "/etc/nginx/snippets/options-ssl.{{ nginx.default_ssl_domain }}.conf";

    server_name _;
    charset utf-8;

    # Hide Nginx version
    server_tokens off;

{% for realip in nginx.real_ip_from %}
    set_real_ip_from {{ realip }};
{% endfor %}
    real_ip_header P-Real-Ip;

    location / {
        return 302 https://{{ nginx.default_ssl_server }}$request_uri;
    }
}
{% endif -%}

{% if nginx.default_server -%}
# Redirect all services to the main site
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name _;
    charset utf-8;

    # Hide Nginx version
    server_tokens off;

{% for realip in nginx.real_ip_from %}
    set_real_ip_from {{ realip }};
{% endfor %}
    real_ip_header P-Real-Ip;

    location / {
        return 302 http://{{ nginx.default_server }}$request_uri;
    }
}
{% endif -%}

{% for server in nginx.servers %}
{% if server.ssl is defined and server.ssl -%}
# Redirect HTTP to HTTPS
server {
    listen 80{% if server.default is defined and server.default %} default_server{% endif %};
    listen [::]:80{% if server.default is defined and server.default %} default_server{% endif %};

    server_name {{ server.server_name|join(" ") }};
    charset utf-8;

    # Hide Nginx version
    server_tokens off;

{% for realip in nginx.real_ip_from %}
    set_real_ip_from {{ realip }};
{% endfor %}
    real_ip_header P-Real-Ip;

    location / {
        return 302 https://$host$request_uri;
    }
}
{% endif -%}

server {
    {% if server.ssl is defined and server.ssl -%}
    listen 443{% if server.default is defined and server.default %} default_server{% endif %} ssl;
    listen [::]:443{% if server.default is defined and server.default %} default_server{% endif %} ssl;
    include "/etc/nginx/snippets/options-ssl.{{ server.ssl }}.conf";
    {% else -%}
    listen 80;
    listen [::]:80;
    {% endif -%}

    server_name {{ server.server_name|join(" ") }};
    charset utf-8;

    # Hide Nginx version
    server_tokens off;

{% for realip in nginx.real_ip_from %}
    set_real_ip_from {{ realip }};
{% endfor %}
    real_ip_header P-Real-Ip;

    {% if server.root is defined %}root {{ server.root }};{% endif %}
    {% if server.index is defined %}index {{ server.index|join(" ") }};{% endif %}

    {% if server.access_log is defined %}access_log {{ server.access_log }};{% endif %}
    {% if server.error_log is defined %}error_log {{ server.error_log }};{% endif %}

{% if server.additional_params is defined %}
{% for param in server.additional_params %}
    {{ param }};
{% endfor %}
{% endif %}

{% if server.locations is defined %}
{% for location in server.locations %}
    location {{ location.filter }} {
{% for param in location.params %}
        {{ param }};
{% endfor %}
    }

{% endfor %}
{% endif %}
}
{% endfor %}
[nginx/certbot] Clone roles from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-24 11:41:57 +01:00			`{{ ansible_managed \| comment }}`
Clone nginx role from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-01 17:07:23 +01:00
			`# Automatic Connection header for WebSocket support`
			`# See http://nginx.org/en/docs/http/websocket.html`
			`map $http_upgrade $connection_upgrade {`
			`default upgrade;`
			`'' close;`
			`}`

			`{% for upstream in nginx.upstreams -%}`
			`upstream {{ upstream.name }} {`
			`# Path of the server`
			`server {{ upstream.server }};`
			`}`
			`{% endfor -%}`

			`{% if nginx.default_ssl_server -%}`
			`# Redirect all services to the main site`
			`server {`
			`listen 443 default_server ssl;`
			`listen [::]:443 default_server ssl;`
[nginx/certbot] Clone roles from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-24 11:41:57 +01:00			`include "/etc/nginx/snippets/options-ssl.{{ nginx.default_ssl_domain }}.conf";`
Clone nginx role from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-01 17:07:23 +01:00
			`server_name _;`
			`charset utf-8;`

			`# Hide Nginx version`
			`server_tokens off;`

[nginx/certbot] Clone roles from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-24 11:41:57 +01:00			`{% for realip in nginx.real_ip_from %}`
			`set_real_ip_from {{ realip }};`
			`{% endfor %}`
			`real_ip_header P-Real-Ip;`

Clone nginx role from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-01 17:07:23 +01:00			`location / {`
			`return 302 https://{{ nginx.default_ssl_server }}$request_uri;`
			`}`
			`}`
			`{% endif -%}`

			`{% if nginx.default_server -%}`
			`# Redirect all services to the main site`
			`server {`
			`listen 80 default_server;`
			`listen [::]:80 default_server;`

			`server_name _;`
			`charset utf-8;`

			`# Hide Nginx version`
			`server_tokens off;`

[nginx/certbot] Clone roles from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-24 11:41:57 +01:00			`{% for realip in nginx.real_ip_from %}`
			`set_real_ip_from {{ realip }};`
			`{% endfor %}`
			`real_ip_header P-Real-Ip;`

Clone nginx role from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-01 17:07:23 +01:00			`location / {`
			`return 302 http://{{ nginx.default_server }}$request_uri;`
			`}`
			`}`
			`{% endif -%}`

			`{% for server in nginx.servers %}`
			`{% if server.ssl is defined and server.ssl -%}`
			`# Redirect HTTP to HTTPS`
			`server {`
[nginx/certbot] Clone roles from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-24 11:41:57 +01:00			`listen 80{% if server.default is defined and server.default %} default_server{% endif %};`
			`listen [::]:80{% if server.default is defined and server.default %} default_server{% endif %};`
Clone nginx role from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-01 17:07:23 +01:00
			`server_name {{ server.server_name\|join(" ") }};`
			`charset utf-8;`

			`# Hide Nginx version`
			`server_tokens off;`

[nginx/certbot] Clone roles from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-24 11:41:57 +01:00			`{% for realip in nginx.real_ip_from %}`
			`set_real_ip_from {{ realip }};`
			`{% endfor %}`
			`real_ip_header P-Real-Ip;`

Clone nginx role from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-01 17:07:23 +01:00			`location / {`
			`return 302 https://$host$request_uri;`
			`}`
			`}`
			`{% endif -%}`

			`server {`
			`{% if server.ssl is defined and server.ssl -%}`
[nginx/certbot] Clone roles from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-24 11:41:57 +01:00			`listen 443{% if server.default is defined and server.default %} default_server{% endif %} ssl;`
			`listen [::]:443{% if server.default is defined and server.default %} default_server{% endif %} ssl;`
			`include "/etc/nginx/snippets/options-ssl.{{ server.ssl }}.conf";`
Clone nginx role from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-01 17:07:23 +01:00			`{% else -%}`
			`listen 80;`
			`listen [::]:80;`
			`{% endif -%}`

			`server_name {{ server.server_name\|join(" ") }};`
			`charset utf-8;`

			`# Hide Nginx version`
			`server_tokens off;`

[nginx/certbot] Clone roles from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-24 11:41:57 +01:00			`{% for realip in nginx.real_ip_from %}`
			`set_real_ip_from {{ realip }};`
			`{% endfor %}`
			`real_ip_header P-Real-Ip;`
Clone nginx role from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-01 17:07:23 +01:00
[nginx/certbot] Clone roles from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-24 11:41:57 +01:00			`{% if server.root is defined %}root {{ server.root }};{% endif %}`
			`{% if server.index is defined %}index {{ server.index\|join(" ") }};{% endif %}`
Clone nginx role from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-01 17:07:23 +01:00
[nginx/certbot] Clone roles from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-24 11:41:57 +01:00			`{% if server.access_log is defined %}access_log {{ server.access_log }};{% endif %}`
			`{% if server.error_log is defined %}error_log {{ server.error_log }};{% endif %}`

			`{% if server.additional_params is defined %}`
			`{% for param in server.additional_params %}`
			`{{ param }};`
			`{% endfor %}`
			`{% endif %}`
Clone nginx role from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-01 17:07:23 +01:00
[nginx/certbot] Clone roles from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-24 11:41:57 +01:00			`{% if server.locations is defined %}`
			`{% for location in server.locations %}`
Clone nginx role from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-01 17:07:23 +01:00			`location {{ location.filter }} {`
[nginx/certbot] Clone roles from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-24 11:41:57 +01:00			`{% for param in location.params %}`
Clone nginx role from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-01 17:07:23 +01:00			`{{ param }};`
[nginx/certbot] Clone roles from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-24 11:41:57 +01:00			`{% endfor %}`
Clone nginx role from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-01 17:07:23 +01:00			`}`
[nginx/certbot] Clone roles from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-24 11:41:57 +01:00
			`{% endfor %}`
			`{% endif %}`
Clone nginx role from Crans Signed-off-by: Yohann D'ANELLO <ynerant@crans.org> 2021-02-01 17:07:23 +01:00			`}`
			`{% endfor %}`