ansible-ffibk/roles/service-nginx-meshviewer/templates/meshviewer_vhost.conf.j2

proxy_cache_path  /var/www/cache levels=1:2 keys_zone=osm_tiles:32m max_size=5G;
proxy_temp_path   /var/www/cache/tmp;

upstream openstreetmap {
    server  a.tile.openstreetmap.org;
    server  b.tile.openstreetmap.org;
    server  c.tile.openstreetmap.org;
}

server {
    listen 80;
    listen [::]:80;
    server_name {{ http_meshviewer_external }} {{ http_meshviewer_internal }};

    include /etc/nginx/snippets/redirect-to-ssl.conf;
    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name {{ http_meshviewer_external }} {{ http_meshviewer_internal }};

    ssl_certificate     /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;

    include /etc/nginx/snippets/gzip.conf;
    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;

    root {{ meshviewer_path }};
    index index.html index.htm;

    location /data {
        alias /var/lib/yanic/data;
    }

    location /tiles {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X_FORWARDED_PROTO http;
        proxy_set_header Host $http_host;
        proxy_cache osm_tiles;
        proxy_cache_valid  200 302  7d;
        proxy_cache_valid  404      1m;
        proxy_redirect off;
            if (!-f $request_filename) {
            rewrite ^/tiles(/.*)$ $1 break;
            proxy_pass http://openstreetmap;
            break;
        }
    }

    location / {
        try_files $uri $uri/ =404;
    }
}

{% for mesh in meshes %}
server {
    listen 80;
    listen [::]:80;
    server_name {{ http_meshviewer_prefix }}.{{ mesh.http_domain_external }} {{ http_meshviewer_prefix }}.{{ mesh.http_domain_internal }};
    return 301 https://{{ http_meshviewer_external }}$request_uri;

    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name {{ http_meshviewer_prefix }}.{{ mesh.http_domain_internal }} {{ http_meshviewer_prefix }}.{{ mesh.http_domain_external }};
    return 301 https://{{ http_meshviewer_external }}$request_uri;

    include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
}
{% if not loop.last %}

{% endif %}
{% endfor %}
add role nginx-meshviewer 2018-09-11 14:30:00 +02:00			`proxy_cache_path /var/www/cache levels=1:2 keys_zone=osm_tiles:32m max_size=5G;`
			`proxy_temp_path /var/www/cache/tmp;`

			`upstream openstreetmap {`
			`server a.tile.openstreetmap.org;`
			`server b.tile.openstreetmap.org;`
			`server c.tile.openstreetmap.org;`
			`}`

			`server {`
			`listen 80;`
			`listen [::]:80;`
roles: move external addresses to front in vhosts so they get used for redirects 2018-09-24 15:14:09 +02:00			`server_name {{ http_meshviewer_external }} {{ http_meshviewer_internal }};`
add role nginx-meshviewer 2018-09-11 14:30:00 +02:00
			`include /etc/nginx/snippets/redirect-to-ssl.conf;`
			`include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;`
			`}`

			`server {`
Role service-nginx-meshviewer: enable HTTP/2 2018-11-28 10:59:53 +01:00			`listen 443 ssl http2;`
			`listen [::]:443 ssl http2;`
roles: move external addresses to front in vhosts so they get used for redirects 2018-09-24 15:14:09 +02:00			`server_name {{ http_meshviewer_external }} {{ http_meshviewer_internal }};`
add role nginx-meshviewer 2018-09-11 14:30:00 +02:00
			`ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;`
			`ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;`

			`include /etc/nginx/snippets/gzip.conf;`
			`include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;`

			`root {{ meshviewer_path }};`
			`index index.html index.htm;`

			`location /data {`
			`alias /var/lib/yanic/data;`
			`}`

			`location /tiles {`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X_FORWARDED_PROTO http;`
			`proxy_set_header Host $http_host;`
			`proxy_cache osm_tiles;`
			`proxy_cache_valid 200 302 7d;`
			`proxy_cache_valid 404 1m;`
			`proxy_redirect off;`
			`if (!-f $request_filename) {`
			`rewrite ^/tiles(/.*)$ $1 break;`
			`proxy_pass http://openstreetmap;`
			`break;`
			`}`
			`}`

			`location / {`
			`try_files $uri $uri/ =404;`
			`}`
			`}`

			`{% for mesh in meshes %}`
			`server {`
			`listen 80;`
			`listen [::]:80;`
roles: move external addresses to front in vhosts so they get used for redirects 2018-09-24 15:14:09 +02:00			`server_name {{ http_meshviewer_prefix }}.{{ mesh.http_domain_external }} {{ http_meshviewer_prefix }}.{{ mesh.http_domain_internal }};`
add role nginx-meshviewer 2018-09-11 14:30:00 +02:00			`return 301 https://{{ http_meshviewer_external }}$request_uri;`

			`include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;`
			`}`

			`server {`
			`listen 443 ssl;`
			`listen [::]:443 ssl;`
			`server_name {{ http_meshviewer_prefix }}.{{ mesh.http_domain_internal }} {{ http_meshviewer_prefix }}.{{ mesh.http_domain_external }};`
			`return 301 https://{{ http_meshviewer_external }}$request_uri;`

			`include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;`
			`}`
			`{% if not loop.last %}`

			`{% endif %}`
			`{% endfor %}`