server { listen 80 default_server; listen [::]:80 default_server; server_name _; charset utf-8; server_tokens off; include /etc/nginx/snippets/letsencrypt-acme-challenge.conf; root /var/www/html; location / { index index.html; autoindex on; autoindex_exact_size off; } } server { listen 443 ssl default_server; listen [::]:443 ssl default_server; server_name _; charset utf-8; server_tokens off; ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem; include /etc/nginx/snippets/letsencrypt-acme-challenge.conf; root /var/www/html; location / { index index.html; autoindex on; autoindex_exact_size off; } location ^~ /metrics { set $metric_addr 127.0.0.1; proxy_pass http://$metric_addr:9100/metrics; allow 127.0.0.0/8; allow ::1/128; {% for host in groups['ffmwu-monitoring'] %} allow {{ lookup('dig', host, 'qtype=A') }}; allow {{ lookup('dig', host, 'qtype=AAAA') }}; deny all; {% endfor %} } }