slfhst/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2807c9d0fadf813686458a602eb31fbb8cda2330
ansible/roles/nginx/templates/header.conf.j2
VC 14cc54f4ed
All checks were successful
ansible-lint / lint-everything (push) Successful in 1m24s
Details
♻: manage san for certificate/domain/sni routing
2025-04-11 17:11:15 +02:00

24 lines
863 B
Django/Jinja
Raw Blame History

listen *:443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/x509/{{ item.host }}/fullchain.cer;
ssl_certificate_key /etc/x509/{{ item.host }}/{{ item.host }}.key;
server_name {{ item.host }}{{ ' ' ~ item.san | join(' ') if item.san is defined }};
access_log /var/log/nginx/{{ item.host }}.access.log combined;
access_log syslog:server=unix:/dev/log combined;
error_log /var/log/nginx/{{ item.host }}.error.log;
error_log syslog:server=unix:/dev/log;
{% if item.allowlistv4 is defined %}
{% for host in groups['lbservers'] %}
allow {{ hostvars[host].proxmox_net0.ip | ansible.utils.ipaddr('address') }};
{% endfor %}
{% endif %}
{% if item.allowlistv6 is defined %}
{% for addrv6 in item.allowlistv6 %}
allow {{ addrv6 }};
{% endfor %}
{% endif %}
{% if item.allowlistv4 is defined or item.allowlistv6 is defined %}
deny all;
{% endif %}
Reference in New Issue View Git Blame Copy Permalink