ansible-ffibk/roles/service-nginx-meshviewer/templates/meshviewer_vhost.conf.j2
Julian Labus 876c93737d
Role service-nginx-meshviewer: add additional domains
Our meshes structure only supports two domains (internal/external).
This adds a list called `meshviewer_additional_domains` which will be
prefixed with `map.` and redirected to the main Meshviewer domain.
2019-07-16 16:15:32 +02:00

113 lines
3.3 KiB
Django/Jinja

proxy_cache_path /var/www/cache levels=1:2 keys_zone=osm_tiles:32m max_size=5G;
proxy_temp_path /var/www/cache/tmp;
upstream openstreetmap {
server a.tile.openstreetmap.org;
server b.tile.openstreetmap.org;
server c.tile.openstreetmap.org;
}
server {
listen 80;
listen [::]:80;
server_name {{ http_meshviewer_external }} {{ http_meshviewer_internal }};
include /etc/nginx/snippets/redirect-to-ssl.conf;
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ http_meshviewer_external }} {{ http_meshviewer_internal }};
ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
include /etc/nginx/snippets/gzip.conf;
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
root {{ meshviewer_path }};
index index.html index.htm;
location /data {
alias /var/lib/yanic/data;
}
location /tiles {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X_FORWARDED_PROTO http;
proxy_set_header Host $http_host;
proxy_cache osm_tiles;
proxy_cache_valid 200 302 7d;
proxy_cache_valid 404 1m;
proxy_redirect off;
if (!-f $request_filename) {
rewrite ^/tiles(/.*)$ $1 break;
proxy_pass http://openstreetmap;
break;
}
}
location / {
try_files $uri $uri/ =404;
}
}
{% for mesh in meshes %}
{% if mesh.http_domain_internal is defined %}
server {
listen 80;
listen [::]:80;
{% if mesh.http_domain_external is defined %}
server_name {{ http_meshviewer_prefix }}.{{ mesh.http_domain_external }} {{ http_meshviewer_prefix }}.{{ mesh.http_domain_internal }};
{% else %}
server_name {{ http_meshviewer_prefix }}.{{ mesh.http_domain_internal }};
{% endif %}
return 301 https://{{ http_meshviewer_external }}$request_uri;
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
{% if mesh.http_domain_external is defined %}
server_name {{ http_meshviewer_prefix }}.{{ mesh.http_domain_external }} {{ http_meshviewer_prefix }}.{{ mesh.http_domain_internal }};
{% else %}
server_name {{ http_meshviewer_prefix }}.{{ mesh.http_domain_internal }};
{% endif %}
return 301 https://{{ http_meshviewer_external }}$request_uri;
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
}
{% if not loop.last %}
{% endif %}
{% endif %}
{% endfor %}
{% if meshviewer_additional_domains is defined %}
{% for domain in meshviewer_additional_domains %}
server {
listen 80;
listen [::]:80;
server_name {{ http_meshviewer_prefix }}.{{ domain }};
return 301 https://{{ http_meshviewer_external }}$request_uri;
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ http_meshviewer_prefix }}.{{ domain }};
return 301 https://{{ http_meshviewer_external }}$request_uri;
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
}
{% if not loop.last %}
{% endif %}
{% endfor %}
{% endif %}