ansible-role-nginx/templates/basic-proxy.conf.j2

53 lines
2.1 KiB
Plaintext
Raw Normal View History

2024-08-21 01:45:03 +00:00
# template: basic-proxy generated via ansible by {{ local_user }} at {{ ansible_date_time.time }} {{ ansible_date_time.date }}
{% if item.ssl is defined %}
server {
if ($host = {{ item.url }}) {
return 301 https://$host$request_uri;
}
listen {% if item.listen is defined %}{{ item.listen }}:{% endif %}80;
server_name {{ item.url }};
return 404;
}
{% endif %}
server {
listen {% if item.listen is defined %}{{ item.listen }}:{% endif %}{% if item.ssl is defined %}443 ssl http2{% else %}80{% endif %};
server_name {{ item.url }};
access_log /var/log/nginx/http-access-{{ item.name }}.log;
{% if item.ssl is defined %}
{% if item.ssl_barrow is defined %}
ssl_certificate /etc/letsencrypt/live/{{ item.ssl_barrow }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ item.ssl_barrow }}/privkey.pem;
{% else %}
ssl_certificate /etc/letsencrypt/live/{{ item.url }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ item.url }}/privkey.pem;
{% endif %}
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
{% endif %}
{% if item.configs is defined %}
{% for config in item.configs %}
{{ config }};
{% endfor -%}
{% endif -%}
location / {
proxy_pass {{ item.upstream }};
proxy_pass_header Server;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
proxy_read_timeout {{ item.read_timeout | d(nginx_proxy_read_timeout) }};
proxy_send_timeout {{ item.send_timeout | d(nginx_proxy_send_timeout) }};
proxy_connect_timeout {{ item.connection_timeout | d(nginx_proxy_connection_timeout) }};
}
}