51 lines
1.2 KiB
Django/Jinja
51 lines
1.2 KiB
Django/Jinja
server {
|
|
listen 80 default_server;
|
|
listen [::]:80 default_server;
|
|
server_name _;
|
|
|
|
charset utf-8;
|
|
server_tokens off;
|
|
|
|
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
|
|
|
|
root /var/www/html;
|
|
location / {
|
|
index index.html;
|
|
autoindex on;
|
|
autoindex_exact_size off;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl default_server;
|
|
listen [::]:443 ssl default_server;
|
|
server_name _;
|
|
|
|
charset utf-8;
|
|
server_tokens off;
|
|
|
|
ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
|
|
ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
|
|
|
|
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
|
|
|
|
root /var/www/html;
|
|
location / {
|
|
index index.html;
|
|
autoindex on;
|
|
autoindex_exact_size off;
|
|
}
|
|
|
|
location ^~ /metrics {
|
|
set $metric_addr 127.0.0.1;
|
|
proxy_pass http://$metric_addr:9100/metrics;
|
|
|
|
allow 127.0.0.0/8;
|
|
allow ::1/128;
|
|
{% for host in groups['ffmwu-monitoring'] %}
|
|
allow {{ lookup('dig', host, 'qtype=A') }};
|
|
allow {{ lookup('dig', host, 'qtype=AAAA') }};
|
|
deny all;
|
|
{% endfor %}
|
|
}
|
|
}
|