servers/roles/reverse-proxy/templates/nginx.conf.j2

server {
    server_name {{ ([dns_name] + tls_domains|default([])) | join(" ") }};

    listen [::]:443 ssl ipv6only=off;
    ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;

    error_page 500 501 502 503 504 505 506 507 508 510 511 /error/;

    location / {
        proxy_pass {{ proxy_pass }};
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;

        proxy_connect_timeout 30s;
        proxy_max_temp_file_size 0;

        # TODO maybe
        #proxy_ssl_verify on;
        #proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
    }

    location /error/ {
        root /srv/http;
        try_files $uri $uri/index.html =503;
    }
}
Add reverse-proxy role 2024-11-15 14:44:29 +00:00			`server {`
			`server_name {{ ([dns_name] + tls_domains\|default([])) \| join(" ") }};`

			`listen [::]:443 ssl ipv6only=off;`
			`ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;`
			`ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;`

			`error_page 500 501 502 503 504 505 506 507 508 510 511 /error/;`

			`location / {`
			`proxy_pass {{ proxy_pass }};`
			`proxy_set_header Host $http_host;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Real-IP $remote_addr;`

			`proxy_connect_timeout 30s;`
			`proxy_max_temp_file_size 0;`

			`# TODO maybe`
			`#proxy_ssl_verify on;`
			`#proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;`
			`}`

			`location /error/ {`
			`root /srv/http;`
			`try_files $uri $uri/index.html =503;`
			`}`
			`}`