ansible-ffibk/roles/pdns-admin/templates/pdns_admin.conf.j2

server {
    listen 80;
    listen [::]:80;
    server_name {{ http_dns_prefix }}.{{ http_domain_external }} {{ http_dns_prefix }}.{{ http_domain_internal }};
    return 301 https://$http_host$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name {{ http_dns_prefix }}.{{ http_domain_external }} {{ http_dns_prefix }}.{{ http_domain_internal }};
    index index.html index.htm;

    ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
    ssl_prefer_server_ciphers       on;

    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;

    client_max_body_size            10m;
    client_body_buffer_size         128k;
    proxy_redirect                  off;
    proxy_connect_timeout           90;
    proxy_send_timeout              90;
    proxy_read_timeout              90;
    proxy_buffers                   32 4k;
    proxy_buffer_size               8k;
    proxy_set_header                Host $http_host;
    proxy_set_header                X-Scheme $scheme;
    proxy_set_header                X-Real-IP $remote_addr;
    proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_headers_hash_bucket_size  64;

    location ~ ^/static/  {
        include     mime.types;
        root        {{ pdns_admin_path }}/app;
        location    ~* \.(jpg|jpeg|png|gif)$ { expires 365d; }
        location    ~* ^.+.(css|js)$ { expires 7d; }
    }

    location ~ ^/upload/  {
        include     mime.types;
        root        {{ pdns_admin_path }};
        location    ~* \.(jpg|jpeg|png|gif)$ { expires 365d; }
        location    ~* ^.+.(css|js)$ { expires 7d; }
    }

    location / {
        proxy_pass              http://unix:{{ pdns_admin_path }}/powerdns-admin.sock;
        proxy_read_timeout      120;
        proxy_connect_timeout   120;
        proxy_redirect          http:// $scheme://;
   }
}
Migrate internal DNS master to PowerDNS * Add playbook dns to manage internal dns master servers * Add role to manage PowerDNS Admin Web Frontend for PowerDNS * Move dns zone related data from mesh list to a simpler dict with a simple zone list * Update role service-bind-slave * Update Readme.md * Add requirements.yml * Update .gitignore 2019-03-20 19:43:11 +01:00			`server {`
			`listen 80;`
			`listen [::]:80;`
Role pdns-admin: make dns prefix configurable; add lets encrypt snippet to nginx template 2019-03-22 20:33:32 +01:00			`server_name {{ http_dns_prefix }}.{{ http_domain_external }} {{ http_dns_prefix }}.{{ http_domain_internal }};`
Migrate internal DNS master to PowerDNS * Add playbook dns to manage internal dns master servers * Add role to manage PowerDNS Admin Web Frontend for PowerDNS * Move dns zone related data from mesh list to a simpler dict with a simple zone list * Update role service-bind-slave * Update Readme.md * Add requirements.yml * Update .gitignore 2019-03-20 19:43:11 +01:00			`return 301 https://$http_host$request_uri;`
			`}`

			`server {`
			`listen 443 ssl http2;`
			`listen [::]:443 ssl http2;`
Role pdns-admin: make dns prefix configurable; add lets encrypt snippet to nginx template 2019-03-22 20:33:32 +01:00			`server_name {{ http_dns_prefix }}.{{ http_domain_external }} {{ http_dns_prefix }}.{{ http_domain_internal }};`
Migrate internal DNS master to PowerDNS * Add playbook dns to manage internal dns master servers * Add role to manage PowerDNS Admin Web Frontend for PowerDNS * Move dns zone related data from mesh list to a simpler dict with a simple zone list * Update role service-bind-slave * Update Readme.md * Add requirements.yml * Update .gitignore 2019-03-20 19:43:11 +01:00			`index index.html index.htm;`

			`ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;`
			`ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;`
			`ssl_prefer_server_ciphers on;`

Role pdns-admin: make dns prefix configurable; add lets encrypt snippet to nginx template 2019-03-22 20:33:32 +01:00			`include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;`

Migrate internal DNS master to PowerDNS * Add playbook dns to manage internal dns master servers * Add role to manage PowerDNS Admin Web Frontend for PowerDNS * Move dns zone related data from mesh list to a simpler dict with a simple zone list * Update role service-bind-slave * Update Readme.md * Add requirements.yml * Update .gitignore 2019-03-20 19:43:11 +01:00			`client_max_body_size 10m;`
			`client_body_buffer_size 128k;`
			`proxy_redirect off;`
			`proxy_connect_timeout 90;`
			`proxy_send_timeout 90;`
			`proxy_read_timeout 90;`
			`proxy_buffers 32 4k;`
			`proxy_buffer_size 8k;`
			`proxy_set_header Host $http_host;`
			`proxy_set_header X-Scheme $scheme;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_headers_hash_bucket_size 64;`

			`location ~ ^/static/ {`
			`include mime.types;`
			`root {{ pdns_admin_path }}/app;`
			`location ~* \.(jpg\|jpeg\|png\|gif)$ { expires 365d; }`
			`location ~* ^.+.(css\|js)$ { expires 7d; }`
			`}`

			`location ~ ^/upload/ {`
			`include mime.types;`
			`root {{ pdns_admin_path }};`
			`location ~* \.(jpg\|jpeg\|png\|gif)$ { expires 365d; }`
			`location ~* ^.+.(css\|js)$ { expires 7d; }`
			`}`

			`location / {`
			`proxy_pass http://unix:{{ pdns_admin_path }}/powerdns-admin.sock;`
			`proxy_read_timeout 120;`
			`proxy_connect_timeout 120;`
			`proxy_redirect http:// $scheme://;`
			`}`
			`}`