bitlair/ansible
6
0
Fork 1
Code Issues Pull requests Releases Activity
ansible/roles/monitoring/templates/nginx-site.conf

48 lines
1.1 KiB
Text
Raw Blame History

server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2;
server_name {{ monitoring_domain }};
{% if monitoring_bootstrap_cert %}
include "snippets/snakeoil.conf";
{% else %}
ssl_certificate "/var/lib/dehydrated/certs/{{ monitoring_domain }}/fullchain.pem";
ssl_certificate_key "/var/lib/dehydrated/certs/{{ monitoring_domain }}/privkey.pem";
{% endif %}
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-Robots-Tag noindex;
location / {
proxy_pass http://localhost:9000/;
include proxy_params;
}
location /prometheus/ {
proxy_pass http://localhost:9090/prometheus/;
include proxy_params;
{% for range in trusted_ranges %}
allow "{{ range.cidr }}";
{% endfor %}
allow "127.0.0.1";
allow "::1";
deny all;
}
include "snippets/acme.conf";
}
server {
listen 80 default_server;
listen [::]:80;
server_name {{ monitoring_domain }};
location / {
rewrite ^/(.*) https://$server_name$request_uri? redirect;
}
include "snippets/acme.conf";
}
Reference in a new issue View git blame Copy permalink