63 lines
1.6 KiB
Django/Jinja
63 lines
1.6 KiB
Django/Jinja
{{ ansible_header | comment }}
|
|
|
|
{% for site in nginx.reverseproxy_sites %}
|
|
# Redirect http://{{ site.from }} to https://{{ site.from }}
|
|
server {
|
|
listen 80;
|
|
listen [::]:80;
|
|
|
|
server_name {{ site.from }};
|
|
|
|
location / {
|
|
return 302 https://$host$request_uri;
|
|
}
|
|
}
|
|
|
|
# Reverse proxify https://{{ site.from }} to http://{{ site.to }}
|
|
server {
|
|
listen 443;
|
|
listen [::]:443;
|
|
|
|
server_name {{ site.from }};
|
|
|
|
ssl on;
|
|
ssl_certificate {{ nginx.ssl.cert }};
|
|
ssl_certificate_key {{ nginx.ssl.cert_key }};
|
|
|
|
# SSL ciphers updated by Debian
|
|
include "/etc/letsencrypt/options-ssl-nginx.conf";
|
|
|
|
# Enable OCSP Stapling, point to certificate chain
|
|
ssl_stapling on;
|
|
ssl_stapling_verify on;
|
|
ssl_trusted_certificate {{ nginx.ssl.trusted_cert }};
|
|
|
|
# Log into separate log files
|
|
access_log /var/log/nginx/{{ site.from }}.log;
|
|
error_log /var/log/nginx/{{ site.from }}_error.log;
|
|
|
|
# Keep the TCP connection open a bit for faster browsing
|
|
keepalive_timeout 70;
|
|
|
|
# Custom error page
|
|
error_page 500 502 503 504 /50x.html;
|
|
location = /50x.html {
|
|
root /var/www/html;
|
|
}
|
|
|
|
set_real_ip_from 10.231.136.0/24;
|
|
set_real_ip_from 2a0c:700:0:2::/64;
|
|
real_ip_header P-Real-Ip;
|
|
|
|
location / {
|
|
proxy_set_header Host {{ site.from }};
|
|
proxy_set_header P-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
proxy_redirect off;
|
|
proxy_pass http://{{ site.to }};
|
|
}
|
|
}
|
|
|
|
{% endfor %}
|