Commit 59de4310 authored by Paul's avatar Paul
Browse files

cleanup nginx configs

parent 9ea44364
Pipeline #5104 passed with stage
in 2 minutes and 6 seconds
nginx:
enabled_sites:
- default
- ffhl-status
- firmware
- git.luebeck.freifunk.net
- grafana
- hopglass-map
- luebeck.freifunk.net
- wiki
- ffdyndns
- backbone
proxy_cache_path /var/cache/nginx levels=1:2 inactive=10m max_size=1g keys_zone=grafana:1m;
server {
listen 80;
listen [::]:80;
listen localhost:443 ssl http2;
listen [::]:443 ssl http2;
server_name monitor.luebeck.freifunk.net monitor.ffhl.de monitor.ffhl;
include snippets/acme.conf;
include snippets/tls.conf;
ssl_certificate /var/lib/acme/live/luebeck.freifunk.net/fullchain;
ssl_certificate_key /var/lib/acme/live/luebeck.freifunk.net/privkey;
if ($ssl_protocol = "") {
return 301 https://$host$request_uri;
}
location /render/ {
more_clear_headers 'Pragma';
more_clear_headers 'Cache-Control';
more_clear_headers 'Expires';
more_clear_headers 'last-modified';
add_header X-Cache-Status $upstream_cache_status;
expires 10m;
proxy_cache_key "$host$request_uri";
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
proxy_cache grafana;
proxy_cache_min_uses 5;
proxy_hide_header Cache-Control;
proxy_hide_header Expires;
proxy_hide_header X-Accel-Expires;
proxy_cache_methods GET POST;
proxy_pass http://monitoring.net.ffhl.de:3000;
}
location / {
proxy_connect_timeout 5;
proxy_send_timeout 5;
proxy_read_timeout 5;
send_timeout 5;
proxy_pass http://monitoring.net.ffhl.de:3000;
}
}
server {
server_name monitor.luebeck.freifunk.net monitor.ffhl.de monitor.ffhl;
listen 80;
listen [::]:80;
listen localhost:443 ssl http2;
listen [::]:443 ssl http2;
include snippets/acme.conf;
include snippets/tls.conf;
include snippets/https-redirect.conf;
ssl_certificate /var/lib/acme/live/luebeck.freifunk.net/fullchain;
ssl_certificate_key /var/lib/acme/live/luebeck.freifunk.net/privkey;
return 302 https://monitoring.freifunknord.de$request_uri;
}
server {
server_name services.ffhl.de services.luebeck.freifunk.net;
listen 80;
listen [::]:80;
listen localhost:443 ssl http2;
listen [::]:443 ssl http2;
server_name services.ffhl.de services.luebeck.freifunk.net;
include tls.conf;
include snippets/tls.conf;
include snippets/acme.conf;
include snippets/https-redirect.conf;
ssl_certificate /var/lib/acme/live/luebeck.freifunk.net/fullchain;
ssl_certificate_key /var/lib/acme/live/luebeck.freifunk.net/privkey;
if ($ssl_protocol = "") {
return 301 https://$host$request_uri;
}
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass https://yunohost.luebeck.freifunk.net;
}
ssl_certificate_key /var/lib/acme/live/luebeck.freifunk.net/privkey;
return 302 https://luebeck.freifunk.net;
#location / {
# proxy_set_header HOST $host;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_pass https://yunohost.luebeck.freifunk.net;
#}
}
......@@ -6,10 +6,16 @@
install_recommends: no
update_cache: yes
name:
- openssl
- nginx-full
- libnginx-mod-http-fancyindex
- libnginx-mod-http-headers-more-filter
- name: generate dhparams (can take a while)
command:
cmd: openssl dhparam -out /etc/nginx/dhparam.pem 4096
creates: /etc/nginx/dhparam.pem
- name: copy snippets
copy:
src: nginx/snippets
......@@ -19,23 +25,30 @@
copy:
src: "{{ item }}"
dest: /etc/nginx/sites-available/
with_fileglob: 'nginx/sites-available/*'
with_fileglob: 'nginx/sites/*'
- name: enable sites
block:
- name: remove all enabled sites
file: state=absent path="/etc/nginx/sites-enabled/"
file:
state: absent
path: "/etc/nginx/sites-enabled/"
- name: create enabled-sites directory
file: state=directory path="/etc/nginx/sites-enabled"
file:
state: directory
path: "/etc/nginx/sites-enabled"
- name: enable selected sites
file:
state: link
src: "../sites-available/{{ item }}"
dest: "/etc/nginx/sites-enabled/{{ item }}"
with_items: "{{ nginx.enabled_sites }}"
src: "../sites-available/{{ item | basename }}"
dest: "/etc/nginx/sites-enabled/{{ item | basename }}"
with_fileglob: 'nginx/sites/*'
- name: check nginx config
command:
cmd: nginx -t
- name: restart nginx
systemd:
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment