servers/roles/reverse-proxy/templates/nginx.conf.j2

31 lines
926 B
Django/Jinja

server {
server_name {{ ([dns_name] + tls_domains|default([])) | join(" ") }};
listen [::]:443 ssl ipv6only=off;
ssl_certificate /etc/letsencrypt/live/{{ dns_name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ dns_name }}/privkey.pem;
error_page 500 501 502 503 504 505 506 507 508 510 511 /error/;
location / {
proxy_pass {{ proxy_pass }};
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_connect_timeout 30s;
proxy_read_timeout 800s;
proxy_max_temp_file_size 0;
client_max_body_size 200M;
# TODO maybe
#proxy_ssl_verify on;
#proxy_ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
}
location /error/ {
root /srv/http;
try_files $uri $uri/index.html =503;
}
}