evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity
ansible-roles/webapps/mastodon/templates/vhost.j2
Mathieu Gauthier-Pilote 1c1bc2fe9f
All checks were successful
gitea/ansible-roles/pipeline/head This commit looks good
Details
Install LE cert. when there is none
2023-01-12 16:27:00 -05:00

97 lines
2.7 KiB
Django/Jinja
Raw Blame History

map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
server_name {{ domains |first }};
include /etc/nginx/snippets/letsencrypt.conf;
{% if ssl.stat.exists %}
location / { return 301 https://$host$request_uri; }
{% endif %}
}
{% if ssl.stat.exists %}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ domains |first }};
include /etc/nginx/snippets/letsencrypt.conf;
ssl_certificate /etc/letsencrypt/live/{{ domains |first }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ domains |first }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ domains |first }}/chain.pem;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
keepalive_timeout 70;
sendfile on;
client_max_body_size 0;
root /home/{{ service }}/mastodon/public;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
#add_header Strict-Transport-Security "max-age=31536000";
#add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://{{ domains |first }}; upgrade-insecure-requests";
location / {
try_files $uri @proxy;
}
location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
add_header Cache-Control "public, max-age=31536000, immutable";
try_files $uri @proxy;
}
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://127.0.0.1:{{puma_port|default('3000')}};
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
location /api/v1/streaming {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass http://127.0.0.1:{{ node_port | default('4000')}};
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
error_page 500 501 502 503 504 /500.html;
}
{% endif %}
Reference in a new issue View git blame Copy permalink