ansible_roles/zen_rev_proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
zen_rev_proxy/templates/proxy_site.j2
Chris Hammer 12c0ea232c 0.1.32-DEV-20200820-091636 
--------------------------
    * ADD:
      - added support for ip address to ignore logging from
2020-08-20 09:17:04 -04:00

79 lines
2.7 KiB
Django/Jinja
Raw Blame History

#####################################################
# The Zen Garden Network #
# #
# Configuration : {{ proxy_site_conf_dir }}/{{ item.key }}.conf #
# Version : {{ proxy_site_version }}-{{ proxy_site_revision }} #
# #
# Chris H. <chris@thezengarden.net> #
#####################################################
### Configuration for: {{ item.key }}
################################################
server {
listen 443 ssl;
server_name {{ item.key }} {% if proxy_sites[item.key]['aliases'] is defined %}{{ proxy_sites[item.key]['aliases'] }}{% endif %};
ssl_certificate {{ proxy_sites[item.key]['ssl_cert'] | default(proxy_site_ssl_certificate) }};
ssl_certificate_key {{ proxy_sites[item.key]['ssl_key'] | default(proxy_site_ssl_certificate_key) }};
ssl_session_cache shared:SSL:10m;
ssl_protocols {{ proxy_site_ssl_protocols }};
ssl_ciphers {{ proxy_site_ssl_ciphers }};
ssl_prefer_server_ciphers on;
{% if proxy_site_dontlog_ips is defined %}
map $remote_addr $log_ip {
{% for item in proxy_site_dontlog_ips %}
"~{{ item }}" 1;
{% endfor %}
default 0;
}
access_log {{ proxy_site_log_path }}/{{ item.key }}.log if $log_ip;
{% else %}
access_log {{ proxy_site_log_path }}/{{ item.key }}.log;
{% endif %}
{% if proxy_sites[item.key]['max_upload'] is defined %}
client_max_body_size {{ proxy_sites[item.key]['max_upload'] }};
{% endif %}
{% if proxy_sites[item.key]['status_page'] is defined %}
location /nginx_status {
stub_status;
}
{% endif %}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass {{ proxy_sites[item.key]['proto'] }}://{{ proxy_sites[item.key]['dest'] }}:{{ proxy_sites[item.key]['port'] }};
# re-write redirects to http as to https
proxy_redirect http:// https://;
}
{% if item.key == "seafile.thezengarden.net" %}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass {{ proxy_sites[item.key]['proto'] }}://{{ proxy_sites[item.key]['dest'] }}:{{ proxy_sites[item.key]['seafhttp_port'] }};
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
proxy_request_buffering off;
}
{% endif %}
}
Reference in New Issue View Git Blame Copy Permalink