ansible-ffibk/roles/service-dhcpd/templates/kea_exporter_vhost.conf.j2

23 lines
864 B
Text
Raw Normal View History

2019-05-31 13:45:16 +02:00
server {
listen {{ lookup('dig', inventory_hostname, 'qtype=A') }}:9547 ssl;
listen [{{ lookup('dig', inventory_hostname, 'qtype=AAAA') }}]:9547 ssl;
server_name {{ inventory_hostname_short }}.{{ http_domain_external }} {{ inventory_hostname_short }}.{{ http_domain_internal }};
ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
location / {
proxy_pass http://127.0.0.1:9547;
allow 127.0.0.0/8;
allow ::1/128;
{% for host in groups['monitoring'] %}
allow {{ lookup('dig', host, 'qtype=A') }};
allow {{ lookup('dig', host, 'qtype=AAAA') }};
deny all;
{% endfor %}
}
}