WIP: generiek nginx role
This commit is contained in:
parent
ea3b17ef2d
commit
8df1cba71c
GPG key ID:
D8674D8FC4F69BD2
14 changed files with 278 additions and 15 deletions
37
roles/nginx/templates/default.j2
Normal file
37
roles/nginx/templates/default.j2
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
server {
|
||||
listen 80 default_server;
|
||||
listen [::]:80
|
||||
|
||||
server_name {{ inventory_hostname }};
|
||||
|
||||
# Accept ACME-Challenges over http
|
||||
location ^~ /.well-known/acme-challenge/ {
|
||||
alias {{ nginx_wk_acme }}/;
|
||||
}
|
||||
|
||||
# Block .ht files
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
|
||||
# Redirect everything to https by default
|
||||
location / {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
|
||||
location /server_status {
|
||||
# Enable Nginx stats
|
||||
stub_status on;
|
||||
# Only allow access from localhost
|
||||
allow 127.0.0.1;
|
||||
# Other request should be denied
|
||||
deny all;
|
||||
}
|
||||
}
|
||||
|
||||
{% for line in nginx_default_extra | default([]) %}
|
||||
{{ line }}
|
||||
{% endfor %}
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue