Compare commits
No commits in common. "e932842b8d0a07715d4572945ccec166d9626e41" and "af0dda2f9d96327fdf1e2dfeb6742013ef3f4df2" have entirely different histories.
e932842b8d
...
af0dda2f9d
6 changed files with 16 additions and 21 deletions
|
|
@ -1,5 +1,5 @@
|
||||||
paddone:
|
paddone:
|
||||||
hosts: 192.168.199.102
|
hosts: paddone.cose.belle
|
||||||
|
|
||||||
cicles:
|
cicles:
|
||||||
hosts: 192.168.199.105
|
hosts: 192.168.199.105
|
||||||
|
|
@ -11,7 +11,7 @@ frontend:
|
||||||
hosts: 172.172.0.3
|
hosts: 172.172.0.3
|
||||||
|
|
||||||
test:
|
test:
|
||||||
hosts: 45.156.24.144
|
hosts: jolly.roger
|
||||||
vars:
|
vars:
|
||||||
ansible_user: debian
|
ansible_user: debian
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,6 @@
|
||||||
|
|
||||||
- name: Generate certificate if needed
|
- name: Generate certificate if needed
|
||||||
become: yes
|
become: yes
|
||||||
command: /snap/bin/certbot --nginx --non-interactive --agree-tos
|
command: certbot-auto --nginx --non-interactive --agree-tos
|
||||||
--domains {{ servers | items2dict(key_name='server_name', value_name='server_name') | join(',') }}
|
--domains {{ servers | items2dict(key_name='server_name', value_name='server_name') | join(',') }}
|
||||||
--email {{certbot_email}}
|
--email {{certbot_email}}
|
||||||
|
|
|
||||||
|
|
@ -4,19 +4,6 @@
|
||||||
apt:
|
apt:
|
||||||
name: nginx
|
name: nginx
|
||||||
|
|
||||||
- name: Default Configuration
|
|
||||||
become: yes
|
|
||||||
template:
|
|
||||||
src: default.j2
|
|
||||||
dest: /etc/nginx/sites-available/default
|
|
||||||
|
|
||||||
- name: Link Default NGINX Configuration
|
|
||||||
become: yes
|
|
||||||
file:
|
|
||||||
src: "/etc/nginx/sites-available/default"
|
|
||||||
dest: "/etc/nginx/sites-enabled/default"
|
|
||||||
state: link
|
|
||||||
|
|
||||||
- name: Configure Reverse Proxies
|
- name: Configure Reverse Proxies
|
||||||
become: yes
|
become: yes
|
||||||
template:
|
template:
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,7 @@
|
||||||
|
|
||||||
# cache
|
# cache
|
||||||
proxy_cache_path /tmp levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=10g use_temp_path=off;
|
# proxy_cache_path /tmp levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g;
|
||||||
|
keepalive 30;
|
||||||
|
|
||||||
# redirect all http traffic to https
|
# redirect all http traffic to https
|
||||||
server {
|
server {
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
# nginx ssl file
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
|
|
@ -11,10 +12,12 @@ server {
|
||||||
proxy_pass {{item.proxy_pass}};
|
proxy_pass {{item.proxy_pass}};
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
|
|
||||||
|
# hide client ip to backend
|
||||||
|
proxy_set_header X-Real-IP 42.42.42.42;
|
||||||
|
|
||||||
# set host
|
# set host
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For 42.42.42.42;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_set_header X-Forwarded-Host $host;
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
proxy_set_header X-Forwarded-Port $server_port;
|
proxy_set_header X-Forwarded-Port $server_port;
|
||||||
|
|
@ -24,7 +27,7 @@ server {
|
||||||
proxy_set_header Connection "upgrade";
|
proxy_set_header Connection "upgrade";
|
||||||
|
|
||||||
# cache
|
# cache
|
||||||
proxy_cache STATIC;
|
# proxy_cache {{item.server_name}}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -7,4 +7,8 @@ servers:
|
||||||
proxy_pass: http://192.168.199.105:8080
|
proxy_pass: http://192.168.199.105:8080
|
||||||
custom_config: |
|
custom_config: |
|
||||||
sendfile on;
|
sendfile on;
|
||||||
client_max_body_size 500m;
|
client_max_body_size 80m;
|
||||||
|
|
||||||
|
- gancio:
|
||||||
|
server_name: sblinda.cisti.org
|
||||||
|
proxy_pass: http://192.168.199.104:8000
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue