roles: move external addresses to front in vhosts so they get used for redirects
This commit is contained in:
parent
e79761e8d8
commit
55771b4ded
3 changed files with 10 additions and 11 deletions
|
@ -1,7 +1,7 @@
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
server_name {{ grafana_url_internal }} {{ grafana_url_external }};
|
server_name {{ grafana_url_external }} {{ grafana_url_internal }};
|
||||||
|
|
||||||
include /etc/nginx/snippets/redirect-to-ssl.conf;
|
include /etc/nginx/snippets/redirect-to-ssl.conf;
|
||||||
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
|
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
|
||||||
|
@ -10,7 +10,7 @@ server {
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl;
|
||||||
server_name {{ grafana_url_internal }} {{ grafana_url_external }};
|
server_name {{ grafana_url_external }} {{ grafana_url_internal }};
|
||||||
|
|
||||||
ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
|
ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
|
ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
|
||||||
|
@ -18,7 +18,6 @@ server {
|
||||||
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
|
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
set $grafana_addr 127.0.0.1 ;
|
proxy_pass http://127.0.0.1:3000;
|
||||||
proxy_pass http://$grafana_addr:3000;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
server_name firmware.{{ http_domain_internal }} firmware.{{ http_domain_external }};
|
server_name firmware.{{ http_domain_external }} firmware.{{ http_domain_internal }};
|
||||||
|
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
|
@ -18,7 +18,7 @@ server {
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl;
|
||||||
server_name firmware.{{ http_domain_internal }} firmware.{{ http_domain_external }};
|
server_name firmware.{{ http_domain_external }} firmware.{{ http_domain_internal }};
|
||||||
|
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
|
@ -39,7 +39,7 @@ server {
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
server_name firmware.{{ mesh.http_domain_internal }} firmware.{{ mesh.http_domain_external }};
|
server_name firmware.{{ mesh.http_domain_external }} firmware.{{ mesh.http_domain_internal }};
|
||||||
|
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
|
@ -56,7 +56,7 @@ server {
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl;
|
||||||
server_name firmware.{{ mesh.http_domain_internal }} firmware.{{ mesh.http_domain_external }};
|
server_name firmware.{{ mesh.http_domain_external }} firmware.{{ mesh.http_domain_internal }};
|
||||||
|
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
|
|
|
@ -10,7 +10,7 @@ upstream openstreetmap {
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
server_name {{ http_meshviewer_internal }} {{ http_meshviewer_external }};
|
server_name {{ http_meshviewer_external }} {{ http_meshviewer_internal }};
|
||||||
|
|
||||||
include /etc/nginx/snippets/redirect-to-ssl.conf;
|
include /etc/nginx/snippets/redirect-to-ssl.conf;
|
||||||
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
|
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
|
||||||
|
@ -19,7 +19,7 @@ server {
|
||||||
server {
|
server {
|
||||||
listen 443 ssl;
|
listen 443 ssl;
|
||||||
listen [::]:443 ssl;
|
listen [::]:443 ssl;
|
||||||
server_name {{ http_meshviewer_internal }} {{ http_meshviewer_external }};
|
server_name {{ http_meshviewer_external }} {{ http_meshviewer_internal }};
|
||||||
|
|
||||||
ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
|
ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
|
ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
|
||||||
|
@ -58,7 +58,7 @@ server {
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
server_name {{ http_meshviewer_prefix }}.{{ mesh.http_domain_internal }} {{ http_meshviewer_prefix }}.{{ mesh.http_domain_external }};
|
server_name {{ http_meshviewer_prefix }}.{{ mesh.http_domain_external }} {{ http_meshviewer_prefix }}.{{ mesh.http_domain_internal }};
|
||||||
return 301 https://{{ http_meshviewer_external }}$request_uri;
|
return 301 https://{{ http_meshviewer_external }}$request_uri;
|
||||||
|
|
||||||
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
|
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
|
||||||
|
|
Loading…
Reference in a new issue