65 lines
2.1 KiB
YAML
65 lines
2.1 KiB
YAML
---
|
|
proxy_package_list : ['nginx','git']
|
|
proxy_site_conf_dir : /etc/nginx/conf.d
|
|
proxy_site_file : "{{ proxy_site_conf_dir }}/zen_proxy.conf"
|
|
proxy_site_version : 1.93
|
|
proxy_site_revision : 23620-2
|
|
|
|
|
|
# undefined default: round robin
|
|
# options: least_conn|ip_hash
|
|
proxy_load_balance_type: ip_hash
|
|
|
|
|
|
proxy_site_log_path : /proxy_logs
|
|
proxy_site_access_log : "{{ proxy_site_log_path }}/zen_proxy.log"
|
|
proxy_site_dontlog_ips :
|
|
- "10.1.1.*"
|
|
- "10.10.10.*"
|
|
- "63.143.42.253"
|
|
- "104.131.107.63"
|
|
- "122.248.234.23"
|
|
- "128.199.195.156"
|
|
- "138.197.150.151"
|
|
- "139.59.173.249"
|
|
- "146.185.143.14"
|
|
- "159.203.30.41"
|
|
- "159.89.8.111"
|
|
- "165.227.83.148"
|
|
- "178.62.52.237"
|
|
- "18.221.56.27"
|
|
- "188.226.183.141"
|
|
- "34.233.66.117"
|
|
- "46.101.250.135"
|
|
- "46.137.190.132"
|
|
- "54.64.67.106"
|
|
- "54.67.10.127"
|
|
- "54.79.28.129"
|
|
- "54.94.142.218"
|
|
|
|
|
|
proxy_site_ssl_directory : /etc/nginx/ssl
|
|
proxy_site_ssl_certificate : "{{ proxy_site_ssl_directory }}/thezengarden.net/fullchain25.pem"
|
|
proxy_site_ssl_certificate_key : "{{ proxy_site_ssl_directory }}/thezengarden.net/privkey25.pem"
|
|
proxy_site_ssl_certificate_ch : "{{ proxy_site_ssl_directory }}/chris-hammer.com/fullchain14.pem"
|
|
proxy_site_ssl_certificate_key_ch : "{{ proxy_site_ssl_directory }}/chris-hammer.com/privkey14.pem"
|
|
proxy_site_ssl_certificate_cht : "{{ proxy_site_ssl_directory }}/christian-hammer.com/fullchain23.pem"
|
|
proxy_site_ssl_certificate_key_cht : "{{ proxy_site_ssl_directory }}/christian-hammer.com/privkey23.pem"
|
|
proxy_site_ssl_protocols : TLSv1.2
|
|
proxy_site_ssl_ciphers : ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
|
|
|
|
|
|
# many websites are run from an apache host
|
|
# ...lets define it here to make things easier
|
|
proxy_default_host : zg-lxwb02.thezengarden.net
|
|
|
|
|
|
# some of our sites require uploads, and those uploads
|
|
# can be rather large; lets set a default max upload size:
|
|
proxy_default_max_upload: 512M
|
|
|
|
|
|
# git repo vars for ssl certs
|
|
ssl_repo : git@gitlab.thezengarden.net:zen/le-ssl-certs.git
|
|
ssl_repo_branch : master
|