twirre/ansible-domo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0d967909e791464ec5cd834df6f4687e52f15c94
ansible-domo/roles/nginx/templates/site.conf.j2
Twirre Meulenbelt 0d967909e7 feat: full untested ansible setup
2026-04-22 12:22:58 +02:00

77 lines
2.4 KiB
Django/Jinja
Raw Blame History

server {
listen 80{% if item.default_server | default(false) %} default_server{% endif %};
listen [::]:80{% if item.default_server | default(false) %} default_server{% endif %};
server_name {{ item.server_names | join(' ') }};
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
}
{% if item.acme_only | default(false) %}
location / {
return 404;
}
{% else %}
location / {
return 301 https://$host$request_uri;
}
{% endif %}
}
{% if not (item.acme_only | default(false)) %}
server {
listen 443 ssl http2{% if item.default_server | default(false) %} default_server{% endif %};
listen [::]:443 ssl http2{% if item.default_server | default(false) %} default_server{% endif %};
server_name {{ item.server_names | join(' ') }};
{% if item.acme_managed | default(true) %}
{% set certificate_name = item.certificate_name | default(item.server_names[0]) %}
{% set nginx_site_has_live_cert = nginx_acme_certificates_available[item.name] | default(false) %}
{% if nginx_site_has_live_cert %}
ssl_certificate /etc/letsencrypt/live/{{ certificate_name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ certificate_name }}/privkey.pem;
{% else %}
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
{% endif %}
{% endif %}
client_max_body_size 50m;
{% if item.static_root is defined %}
root {{ item.static_root }};
index index.html;
location / {
try_files $uri $uri/ =404;
}
{% else %}
{% for location in item.static_locations | default([]) %}
{% if location.path.endswith('/') %}
location = {{ location.path[:-1] }} {
return 301 {{ location.path }};
}
{% endif %}
location ^~ {{ location.path }} {
alias {{ location.alias }};
{% if location.autoindex | default(false) %}
autoindex on;
{% endif %}
}
{% endfor %}
location / {
proxy_pass http://{{ item.upstream_host }}:{{ item.upstream_port }};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
{% if item.websocket | default(false) %}
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
{% endif %}
}
{% endif %}
}
{% endif %}
Reference in New Issue View Git Blame Copy Permalink