forked from ISTI-ansible-roles/ansible-roles
161 lines
5.1 KiB
Django/Jinja
161 lines
5.1 KiB
Django/Jinja
server {
|
|
listen {{ item.http_port }};
|
|
server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
|
|
{% if letsencrypt_acme_install %}
|
|
include /etc/nginx/snippets/letsencrypt-proxy.conf;
|
|
{% endif %}
|
|
{% if item.access_log is defined %}
|
|
access_log {{ item.access_log }};
|
|
{% else %}
|
|
access_log /var/log/nginx/{{ item.server_name }}_access.log;
|
|
{% endif %}
|
|
{% if item.error_log is defined %}
|
|
error_log {{ item.error_log }};
|
|
{% else %}
|
|
error_log /var/log/nginx/{{ item.server_name }}_error.log;
|
|
{% endif %}
|
|
server_tokens {{ item.server_tokens | default('off') }};
|
|
{% if item.ssl_enabled and item.ssl_only %}
|
|
location / {
|
|
return 301 https://{{ ansible_fqdn }}$request_uri;
|
|
}
|
|
{% else %}
|
|
# This is the default for nginx on Ubuntu 14.04
|
|
root {{ item.root | default('/usr/share/nginx/html/') }};
|
|
index {{ item.index | default('index.html index.htm') }};
|
|
error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }};
|
|
location = /50x.html {
|
|
root /usr/share/nginx/html;
|
|
}
|
|
{% endif %}
|
|
location = /favicon.ico {
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
location = /robots.txt {
|
|
allow all;
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
{% if haproxy_ips is defined %}
|
|
# We are behind haproxy
|
|
{% for ip in haproxy_ips %}
|
|
set_real_ip_from {{ ip }};
|
|
{% endfor %}
|
|
real_ip_header X-Forwarded-For;
|
|
{% endif %}
|
|
{% if item.max_body is defined %}
|
|
client_max_body_size {{ item.max_body }};
|
|
{% else %}
|
|
client_max_body_size {{ nginx_client_max_body_size }};
|
|
{% endif %}
|
|
{% if item.body_timeout is defined %}
|
|
client_body_timeout {{ item.body_timeout }};
|
|
{% else %}
|
|
client_body_timeout {{ nginx_client_body_timeout }};
|
|
{% endif %}
|
|
server_tokens {{ item.server_tokens | default('off') }};
|
|
|
|
{% if item.websockets is defined and item.websockets %}
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
{% endif %}
|
|
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
|
|
# Proxy stuff
|
|
include /etc/nginx/snippets/nginx-proxy-params.conf;
|
|
{% if item.proxy_additional_options is defined %}
|
|
{% for popt in item.proxy_additional_options %}
|
|
{{ popt }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if item.proxies is defined %}
|
|
{% for proxy in item.proxies %}
|
|
location {{ proxy.location }} {
|
|
proxy_pass {{ proxy.target }};
|
|
}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if item.extra_parameters is defined %}
|
|
{{ item.extra_parameters }}
|
|
{% endif %}
|
|
|
|
}
|
|
|
|
{% if item.ssl_enabled and item.ssl_only %}
|
|
server {
|
|
listen {{ https_port }} ssl;
|
|
server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
|
|
{% if item.access_log is defined %}
|
|
access_log {{ item.access_log }};
|
|
{% else %}
|
|
access_log /var/log/nginx/{{ item.server_name }}_ssl_access.log;
|
|
{% endif %}
|
|
{% if item.error_log is defined %}
|
|
error_log {{ item.error_log }};
|
|
{% else %}
|
|
error_log /var/log/nginx/{{ item.server_name }}_ssl_error.log;
|
|
{% endif %}
|
|
root {{ item.root | default('/usr/share/nginx/html/') }};
|
|
index {{ item.index | default('index.html index.htm') }};
|
|
error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }};
|
|
location = /50x.html {
|
|
root /usr/share/nginx/html;
|
|
}
|
|
{% endif %}
|
|
location = /favicon.ico {
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
location = /robots.txt {
|
|
allow all;
|
|
log_not_found off;
|
|
access_log off;
|
|
}
|
|
{% if haproxy_ips is defined %}
|
|
# We are behind haproxy
|
|
{% for ip in haproxy_ips %}
|
|
set_real_ip_from {{ ip }};
|
|
{% endfor %}
|
|
real_ip_header X-Forwarded-For;
|
|
{% endif %}
|
|
{% if item.max_body is defined %}
|
|
client_max_body_size {{ item.max_body }};
|
|
{% else %}
|
|
client_max_body_size {{ nginx_client_max_body_size }};
|
|
{% endif %}
|
|
{% if item.body_timeout is defined %}
|
|
client_body_timeout {{ item.body_timeout }};
|
|
{% else %}
|
|
client_body_timeout {{ nginx_client_body_timeout }};
|
|
{% endif %}
|
|
server_tokens {{ item.server_tokens | default('off') }};
|
|
|
|
include /etc/nginx/snippets/nginx-server-ssl.conf;
|
|
|
|
{% if item.websockets is defined and item.websockets %}
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
{% endif %}
|
|
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
|
|
# Proxy stuff
|
|
include /etc/nginx/snippets/nginx-proxy-params.conf;
|
|
{% if item.proxy_additional_options is defined %}
|
|
{% for popt in item.proxy_additional_options %}
|
|
{{ popt }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if item.proxies is defined %}
|
|
{% for proxy in item.proxies %}
|
|
location {{ proxy.location }} {
|
|
proxy_pass {{ proxy.target }};
|
|
}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if item.extra_parameters is defined %}
|
|
{{ item.extra_parameters }}
|
|
}
|
|
|
|
{% endif %}
|