2016-09-30 10:59:00 +02:00
|
|
|
server {
|
|
|
|
listen [::]:80;
|
|
|
|
listen 80;
|
|
|
|
server_name {{ ansible_fqdn }};
|
2018-02-08 11:10:38 +01:00
|
|
|
|
2016-09-30 10:59:00 +02:00
|
|
|
return 301 https://{{ ansible_fqdn }}$request_uri;
|
|
|
|
}
|
|
|
|
server {
|
2017-08-04 18:58:24 +02:00
|
|
|
listen 443 ssl;
|
2016-09-30 10:59:00 +02:00
|
|
|
# listen [::]:80 default_server ipv6only=on; ## listen for ipv6
|
|
|
|
|
|
|
|
ssl_certificate /etc/ssl/certs/{{ ansible_fqdn }}.crt;
|
|
|
|
ssl_certificate_key /etc/ssl/private/{{ ansible_fqdn }}.key;
|
|
|
|
|
|
|
|
server_name {{ ansible_fqdn }};
|
|
|
|
index index.htm index.html index.php;
|
|
|
|
|
|
|
|
access_log /var/log/nginx/access.log;
|
|
|
|
error_log /var/log/nginx/error.log;
|
2017-07-05 18:22:00 +02:00
|
|
|
error_page 403 {{ nginx_default_redirect_url }};
|
2016-09-30 10:59:00 +02:00
|
|
|
|
|
|
|
root /var/www;
|
|
|
|
|
|
|
|
# Auth.
|
2018-02-08 11:10:30 +01:00
|
|
|
satisfy any;
|
2017-10-07 13:48:04 +02:00
|
|
|
include /etc/nginx/snippets/ipaddr_whitelist;
|
2018-02-08 11:10:30 +01:00
|
|
|
deny all;
|
|
|
|
|
2016-09-30 10:59:00 +02:00
|
|
|
auth_basic "Reserved {{ ansible_fqdn }}";
|
|
|
|
auth_basic_user_file /etc/nginx/snippets/private_htpasswd;
|
|
|
|
|
|
|
|
location / {
|
|
|
|
index index.html index.htm;
|
|
|
|
}
|
|
|
|
|
|
|
|
location /munin/ {
|
|
|
|
alias /var/cache/munin/www/;
|
2019-04-16 10:47:26 +02:00
|
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
2016-09-30 10:59:00 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
location ^~ /munin-cgi/munin-cgi-graph/ {
|
|
|
|
fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*);
|
|
|
|
fastcgi_param PATH_INFO $fastcgi_path_info;
|
|
|
|
fastcgi_pass unix:/var/run/munin/spawn-fcgi-munin-graph.sock;
|
|
|
|
include fastcgi_params;
|
|
|
|
}
|
|
|
|
|
2020-12-23 15:53:36 +01:00
|
|
|
location /server-status-{{ nginx_serverstatus_suffix | mandatory }} {
|
2016-09-30 10:59:00 +02:00
|
|
|
stub_status on;
|
|
|
|
access_log off;
|
|
|
|
}
|
|
|
|
}
|
2021-02-04 11:30:32 +01:00
|
|
|
|
|
|
|
server {
|
|
|
|
listen 80;
|
|
|
|
server_name munin;
|
|
|
|
|
|
|
|
location /server-status-{{ nginx_serverstatus_suffix | mandatory }} {
|
|
|
|
stub_status on;
|
|
|
|
access_log off;
|
|
|
|
}
|
|
|
|
}
|