Compare commits
2 commits
af0dda2f9d
...
e932842b8d
| Author | SHA1 | Date | |
|---|---|---|---|
| e932842b8d | |||
| 9a2ec6caab |
6 changed files with 21 additions and 16 deletions
|
|
@ -1,5 +1,5 @@
|
|||
paddone:
|
||||
hosts: paddone.cose.belle
|
||||
hosts: 192.168.199.102
|
||||
|
||||
cicles:
|
||||
hosts: 192.168.199.105
|
||||
|
|
@ -11,7 +11,7 @@ frontend:
|
|||
hosts: 172.172.0.3
|
||||
|
||||
test:
|
||||
hosts: jolly.roger
|
||||
hosts: 45.156.24.144
|
||||
vars:
|
||||
ansible_user: debian
|
||||
|
||||
|
|
|
|||
|
|
@ -17,6 +17,6 @@
|
|||
|
||||
- name: Generate certificate if needed
|
||||
become: yes
|
||||
command: certbot-auto --nginx --non-interactive --agree-tos
|
||||
command: /snap/bin/certbot --nginx --non-interactive --agree-tos
|
||||
--domains {{ servers | items2dict(key_name='server_name', value_name='server_name') | join(',') }}
|
||||
--email {{certbot_email}}
|
||||
|
|
|
|||
|
|
@ -4,6 +4,19 @@
|
|||
apt:
|
||||
name: nginx
|
||||
|
||||
- name: Default Configuration
|
||||
become: yes
|
||||
template:
|
||||
src: default.j2
|
||||
dest: /etc/nginx/sites-available/default
|
||||
|
||||
- name: Link Default NGINX Configuration
|
||||
become: yes
|
||||
file:
|
||||
src: "/etc/nginx/sites-available/default"
|
||||
dest: "/etc/nginx/sites-enabled/default"
|
||||
state: link
|
||||
|
||||
- name: Configure Reverse Proxies
|
||||
become: yes
|
||||
template:
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
|
||||
# cache
|
||||
# proxy_cache_path /tmp levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;
|
||||
keepalive 30;
|
||||
proxy_cache_path /tmp levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=10g use_temp_path=off;
|
||||
|
||||
# redirect all http traffic to https
|
||||
server {
|
||||
|
|
|
|||
|
|
@ -1,4 +1,3 @@
|
|||
# nginx ssl file
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
|
|
@ -12,12 +11,10 @@ server {
|
|||
proxy_pass {{item.proxy_pass}};
|
||||
proxy_http_version 1.1;
|
||||
|
||||
# hide client ip to backend
|
||||
proxy_set_header X-Real-IP 42.42.42.42;
|
||||
|
||||
# set host
|
||||
# set host
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-For 42.42.42.42;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Port $server_port;
|
||||
|
|
@ -27,7 +24,7 @@ server {
|
|||
proxy_set_header Connection "upgrade";
|
||||
|
||||
# cache
|
||||
# proxy_cache {{item.server_name}}
|
||||
proxy_cache STATIC;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,8 +7,4 @@ servers:
|
|||
proxy_pass: http://192.168.199.105:8080
|
||||
custom_config: |
|
||||
sendfile on;
|
||||
client_max_body_size 80m;
|
||||
|
||||
- gancio:
|
||||
server_name: sblinda.cisti.org
|
||||
proxy_pass: http://192.168.199.104:8000
|
||||
client_max_body_size 500m;
|
||||
|
|
|
|||
Loading…
Reference in a new issue