WIP: generiek nginx role

2024-07-14 21:43:53 +02:00 · 2024-07-14 21:43:53 +02:00 · 8df1cba71c
commit 8df1cba71c
parent ea3b17ef2d
14 changed files with 278 additions and 15 deletions
--- a/roles/nginx/templates/default.j2
+++ b/roles/nginx/templates/default.j2
@ -0,0 +1,37 @@
+# {{ ansible_managed }}
+
+server {
+    listen 80 default_server;
+    listen [::]:80
+
+    server_name {{ inventory_hostname }};
+
+    # Accept ACME-Challenges over http
+    location ^~ /.well-known/acme-challenge/ {
+        alias {{ nginx_wk_acme }}/;
+    }
+
+    # Block .ht files
+    location ~ /\.ht {
+        deny all;
+    }
+
+    # Redirect everything to https by default
+    location / {
+        return 301 https://$host$request_uri;
+    }
+
+    location /server_status {
+        # Enable Nginx stats
+        stub_status on;
+        # Only allow access from localhost
+        allow 127.0.0.1;
+        # Other request should be denied
+        deny all;
+    }
+}
+
+{% for line in nginx_default_extra | default([]) %}
+{{ line }}
+{% endfor %}
+