67 lines
1.8 KiB
Text
Executable file
67 lines
1.8 KiB
Text
Executable file
{%- set auth = "blocked" -%}
|
|
{%- if pillar['nginx'][server]['https'] is defined -%}
|
|
{%- if pillar['nginx'][server]['auth'] is defined-%}
|
|
{%- set auth = pillar['nginx'][server]['auth'] -%}
|
|
{%- endif -%}
|
|
{%- endif -%}
|
|
|
|
server {
|
|
listen 443;
|
|
server_name {{server}}.actcur.com;
|
|
|
|
resolver {{resolver}};
|
|
set $backend "https://{{server}}.actcur.com";
|
|
set $certbot "https://salt.actcur.com";
|
|
|
|
ssl on;
|
|
ssl_certificate /etc/nginx/certs/{{server}}.actcur.com/fullchain.pem;
|
|
ssl_certificate_key /etc/nginx/certs/{{server}}.actcur.com/privkey.pem;
|
|
ssl_session_cache shared:SSL:10m;
|
|
client_max_body_size 1024m;
|
|
{% include 'roles/maintain/nginx-proxy/auth.conf' %}
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
proxy_pass $certbot;
|
|
proxy_set_header Host $host;
|
|
}
|
|
|
|
{%- if auth != "blocked" %}
|
|
|
|
location / {
|
|
proxy_pass $backend;
|
|
proxy_set_header Host $host;
|
|
|
|
# re-write redirects to http as to https, example: /home
|
|
proxy_redirect http:// https://;
|
|
}
|
|
{%- endif %}
|
|
}
|
|
|
|
{%- if pillar['nginx'][server]['http'] is defined-%}
|
|
{%- if pillar['nginx'][server]['https']['auth'] is defined-%}
|
|
{%- set auth = pillar['nginx'][server]['https']['auth'] -%}
|
|
{%- else -%}
|
|
{%- set auth = "blocked" -%}
|
|
{%- endif -%}
|
|
server {
|
|
listen 80;
|
|
server_name {{server}}.actcur.com;
|
|
|
|
resolver {{resolver}};
|
|
set $backend "http://{{server}}.actcur.com";
|
|
set $certbot "http://salt.actcur.com";
|
|
client_max_body_size 1024m;
|
|
location /.well-known/acme-challenge/ {
|
|
proxy_pass $certbot;
|
|
proxy_set_header Host $host;
|
|
}
|
|
|
|
location / {
|
|
proxy_pass $backend;
|
|
proxy_set_header Host $host;
|
|
|
|
# re-write redirects to https as to http, example: /home
|
|
proxy_redirect https:// http://;
|
|
}
|
|
}
|
|
{%- endif -%}
|