server { listen [::]:80; listen 80; server_name {{ ansible_fqdn }}; return 301 https://{{ ansible_fqdn }}$request_uri; } server { listen 443 ssl; # listen [::]:80 default_server ipv6only=on; ## listen for ipv6 ssl_certificate /etc/ssl/certs/{{ ansible_fqdn }}.crt; ssl_certificate_key /etc/ssl/private/{{ ansible_fqdn }}.key; server_name {{ ansible_fqdn }}; index index.htm index.html index.php; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; error_page 403 {{ nginx_default_redirect_url }}; root /var/www; # Auth. include /etc/nginx/snippets/ipaddr_whitelist; auth_basic "Reserved {{ ansible_fqdn }}"; auth_basic_user_file /etc/nginx/snippets/private_htpasswd; satisfy any; location / { index index.html index.htm; } location /munin/ { alias /var/cache/munin/www/; } location ^~ /munin-cgi/munin-cgi-graph/ { fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*); fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_pass unix:/var/run/munin/spawn-fcgi-munin-graph.sock; include fastcgi_params; } } server { listen 80; server_name munin; location /nginx_status { stub_status on; access_log off; } }