freifunk
/
ansible-ffibk
9
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ansible-ffibk/roles/service-prometheus/templates/node_exporter_vhost.conf.j2

28 lines
1.1 KiB
Django/Jinja
Raw Blame History

server {
listen {{ lookup('dig', inventory_hostname, 'qtype=A') }}:9100 ssl;
listen [{{ lookup('dig', inventory_hostname, 'qtype=AAAA') }}]:9100 ssl;
server_name {{ inventory_hostname_short }}.{{ http_domain_external }} {{ inventory_hostname_short }}.{{ http_domain_internal }};
{% if acme_server == 'zuckerwatte' %}
ssl_certificate /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/{{ inventory_hostname_short }}.{{ http_domain_external }}/privkey.pem;
{% else %}
ssl_certificate /etc/nginx/ssl/{{ http_domain_external }}/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/{{ http_domain_external }}/privkey.pem;
{% endif %}
include /etc/nginx/snippets/letsencrypt-acme-challenge.conf;
location / {
proxy_pass http://127.0.0.1:9100;
allow 127.0.0.0/8;
allow ::1/128;
{% for host in groups['monitoring'] %}
allow {{ lookup('dig', host, 'qtype=A') }};
allow {{ lookup('dig', host, 'qtype=AAAA') }};
deny all;
{% endfor %}
}
}
Reference in New Issue View Git Blame Copy Permalink