evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 33 Wiki Activity
ansible-roles/webapps/mattermost/templates/vhost.conf.j2
Mathieu Gauthier-Pilote be33260c47
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4834|36|4798|40|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/mattermost/1//ansiblelint">Evolix » ansible-roles » mattermost #1</a>
Details
gitea/ansible-roles/pipeline/head This commit looks good
Details
Now installs a LE SSL cert via certbot by default + configurable base path for user's home
2023-04-27 14:49:12 -04:00

74 lines
2.2 KiB
Django/Jinja
Raw Blame History

upstream backend_{{ service }} {
server 127.0.0.1:{{ mm_port }};
keepalive 32;
}
server {
listen 80;
listen [::]:80;
server_name {{ domains | first }};
# For certbot
include /etc/nginx/snippets/letsencrypt.conf;
{% if ssl.stat.exists %}
location / { return 301 https://$host$request_uri; }
{% endif %}
}
{% if ssl.stat.exists %}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ domains | first }};
access_log /var/log/nginx/{{ service }}.access.log;
error_log /var/log/nginx/{{ service }}.error.log;
include /etc/nginx/snippets/letsencrypt.conf;
include /etc/nginx/ssl/{{ domains | first }}.conf;
location ~ /api/v[0-9]+/(users/)?websocket$ {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 50M;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
client_body_timeout 60;
send_timeout 300;
lingering_timeout 5;
proxy_connect_timeout 90;
proxy_send_timeout 300;
proxy_read_timeout 90s;
proxy_pass http://backend_{{ service }};
}
location / {
client_max_body_size 50M;
proxy_set_header Connection "";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Frame-Options SAMEORIGIN;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 600s;
#proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
#proxy_cache mattermost_cache;
#proxy_cache_revalidate on;
#proxy_cache_min_uses 2;
#proxy_cache_use_stale timeout;
#proxy_cache_lock on;
proxy_http_version 1.1;
proxy_pass http://backend_{{ service }};
}
}
{% endif %}
Reference in a new issue View git blame Copy permalink