ansible/roles/ingress/templates/vhosts.conf.j2

74 lines
2.0 KiB
Django/Jinja

{% for server in ingress_servers %}
server {
{% if loop.index == 1 %}
listen {{ ingress_listen_args }} default_server;
{% else %}
listen {{ ingress_listen_args }};
{% endif %}
server_name {{ server.name }};
{% if ingress_directives is defined %}
{% for directive in ingress_directives %}
{{ directive }};
{% endfor %}
{% endif %}
{% if ingress_listen_tls %}
# TLS configuration
ssl_certificate /etc/letsencrypt/live/{{ ingress_servers[0].name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ ingress_servers[0].name }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ ingress_servers[0].name }}/chain.pem;
ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols {{ ingress_tls_protocols }};
ssl_ciphers {{ ingress_tls_ciphers }};
ssl_prefer_server_ciphers {{ ingress_tls_prefer_server_ciphers }};
{% endif %}
{% if server.directives is defined %}
# Extra directives
{% for directive in server.directives %}
{{ directive }};
{% endfor %}
{% endif %}
{% if server.locations is defined %}
# Extra manually-defined locations
{% for location in server.locations %}
location {{ location.location }} {
{{ location.contents }}
}
{% endfor %}
{% endif %}
{% if server.proxy_pass is defined %}
# Singular proxy_pass
location / {
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass {{ server.proxy_pass }};
}
{% elif server.proxies is defined %}
# Proxy locations
{% for proxy in server.proxies %}
location {{ proxy.location }} {
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass {{ proxy.pass }};
}
{% endfor %}
{% endif %}
resolver {{ ingress_resolver }};
}
{% endfor %}