server { listen {{ lookup('dig', inventory_hostname, 'qtype=A') }}:9281 ssl; listen [{{ lookup('dig', inventory_hostname, 'qtype=AAAA') }}]:9281 ssl; server_name {{ inventory_hostname_short }}.{{ http_domain_external }} {{ inventory_hostname_short }}.{{ http_domain_internal }}; ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem; include /etc/nginx/snippets/letsencrypt-acme-challenge.conf; location / { proxy_pass http://127.0.0.1:9281; allow 127.0.0.0/8; allow ::1/128; {% for group in ['ffmwu-monitoring', 'ffmwu-gateways'] %} {% for host in groups[group] %} allow {{ lookup('dig', host, 'qtype=A') }}; allow {{ lookup('dig', host, 'qtype=AAAA') }}; {% endfor %} {% endfor %} deny all; } }