ansible/roles/nginx-reverse-proxy/templates/nginx-sites-available.j2
2019-02-05 08:35:45 +01:00

46 lines
1.5 KiB
Django/Jinja

server {
server_name {{ item.from }};
include "snippets/proxy-common.conf";
location / {
return 302 https://$host$request_uri;
}
# On redirige tout ce qui concerne le challenge letsencrypt vers le meme dossier
# pour pouvoir utiliser le plugin webroot de letsencrypt
location /.well-known/acme-challenge {
alias /usr/share/nginx/html/.well-known/acme-challenge;
}
}
server {
include "snippets/proxy-common-ssl.conf";
server_name {{ item.from }};
# Separate log files
access_log /var/log/nginx/{{ item.name }}.access.log;
error_log /var/log/nginx/{{ item.name }}.error.log;
# Use LetsEncrypt SSL
ssl_certificate /etc/letsencrypt/live/auro.re/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/auro.re/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/auro.re/chain.pem;
location / {
proxy_redirect off;
proxy_pass http://{{ item.to }};
proxy_set_header Host {{ item.from }};
proxy_set_header P-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
# "A man is not dead while his name is still spoken." -- Going Postal
add_header X-Clacks-Overhead "GNU Terry Pratchett";
}
# On redirige tout ce qui concerne le challenge letsencrypt vers le meme dossier
# pour pouvoir utiliser le plugin webroot de letsencrypt
location /.well-known/acme-challenge {
alias /usr/share/nginx/html/.well-known/acme-challenge;
}
}