51 lines
1.4 KiB
Django/Jinja
51 lines
1.4 KiB
Django/Jinja
# ----------------------------------------------------- #
|
|
# GENERATED BY ANSIBLE #
|
|
# ----------------------------------------------------- #
|
|
|
|
server {
|
|
listen {{ item.value.port }};
|
|
server_name {{ item.key }};
|
|
|
|
access_log /var/log/nginx/{{ item.key }}_access.log;
|
|
error_log /var/log/nginx/{{ item.key }}_error.log;
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
alias /var/www/acme/.well-known/acme-challenge/;
|
|
}
|
|
|
|
{% if 'ssl' in item.value and 'force' in item.value.ssl %}
|
|
location / {
|
|
rewrite ^ https://$server_name$request_uri? permanent;
|
|
}
|
|
{% else %}
|
|
location / {
|
|
proxy_pass http://localhost:{{ gitea_port }};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
}
|
|
{% endif %}
|
|
}
|
|
{% if 'ssl' in item.value %}
|
|
|
|
server {
|
|
listen {{ item.value.ssl.port }} ssl;
|
|
server_name {{ item.key }};
|
|
|
|
access_log /var/log/nginx/{{ item.key }}_access.log;
|
|
error_log /var/log/nginx/{{ item.key }}_error.log;
|
|
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Strict-Transport-Security max-age=63072000;
|
|
|
|
ssl_certificate {{ item.value.ssl.cert }};
|
|
ssl_certificate_key {{ item.value.ssl.key }};
|
|
|
|
location / {
|
|
proxy_pass http://localhost:{{ gitea_port }};
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
}
|
|
}
|
|
{% endif %}
|