ansible_roles/zen_rev_proxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
zen_rev_proxy/templates/proxy_site.j2
Chris Hammer 3f43c1575f 0.1.17-DEV-20200321-000226 
--------------------------
    * MODIFY:
      - update certs for lets encrypt renewal

    * ADD:
      - add bitwarden site
      - add unifi site
      - added support for web sockets globally
2020-03-21 00:04:17 -04:00

62 lines
2.3 KiB
Django/Jinja
Raw Blame History

#####################################################
# The Zen Garden Network #
# #
# Configuration : {{ proxy_site_conf_dir }}/{{ item.key }}.conf #
# Version : {{ proxy_site_version }}-{{ proxy_site_revision }} #
# #
# Chris H. <chris@thezengarden.net> #
#####################################################
### Configuration for: {{ item.key }}
################################################
server {
listen 443 ssl;
server_name {{ item.key }} {% if proxy_sites[item.key]['aliases'] is defined %}{{ proxy_sites[item.key]['aliases'] }}{% endif %};
ssl_certificate {{ proxy_sites[item.key]['ssl_cert'] | default(proxy_site_ssl_certificate) }};
ssl_certificate_key {{ proxy_sites[item.key]['ssl_key'] | default(proxy_site_ssl_certificate_key) }};
ssl_session_cache shared:SSL:10m;
ssl_protocols {{ proxy_site_ssl_protocols }};
ssl_ciphers {{ proxy_site_ssl_ciphers }};
ssl_prefer_server_ciphers on;
access_log {{ proxy_site_log_path }}/{{ item.key }}.log;
{% if proxy_sites[item.key]['max_upload'] is defined %}
client_max_body_size {{ proxy_sites[item.key]['max_upload'] }};
{% endif %}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass {{ proxy_sites[item.key]['proto'] }}://{{ proxy_sites[item.key]['dest'] }}:{{ proxy_sites[item.key]['port'] }};
# re-write redirects to http as to https
proxy_redirect http:// https://;
}
{% if item.key == "seafile.thezengarden.net" %}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass {{ proxy_sites[item.key]['proto'] }}://{{ proxy_sites[item.key]['dest'] }}:{{ proxy_sites[item.key]['seafhttp_port'] }};
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
proxy_request_buffering off;
}
{% endif %}
}
Reference in New Issue View Git Blame Copy Permalink