add default ansible config

ansible/playbooks/angie/aerbim.conf

@@ -0,0 +1,139 @@
+
+resolver 8.8.8.8;
+
+{% if enable_https %}
+acme_client {{ app }} https://acme-v02.api.letsencrypt.org/directory;
+{% endif %}
+
+upstream app-backend {
+  server 127.0.0.1:8000;
+}
+upstream app-frontend {
+  server 127.0.0.1:3000;
+}
+
+server {
+    {% if enable_https %}
+    listen       443 ssl;
+    http2 on;
+
+    acme {{ app }};
+    ssl_certificate      $acme_cert_{{ app }};
+    ssl_certificate_key  $acme_cert_key_{{ app }};
+
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 5m;
+    ssl_stapling on;
+    {% else %}
+    listen 80;
+    {% endif %}
+    server_name  {{ domain }};
+
+    gzip on;
+    gzip_comp_level 6;
+    gzip_types image/svg+xml text/plain text/html text/xml text/css text/javascript application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript application/x-font-ttf application/vnd.ms-fontobject font/opentype font/ttf font/eot font/otf;
+    gzip_disable "MSIE [1-6]\. ";
+
+    add_header Strict-Transport-Security "max-age=31536000;includeSubDomains" always;#Secure header
+
+    if ($host = www.{{domain}}) {
+        return 301 https://{{domain}}$request_uri;
+    }
+    if ($host != {{domain}}) {
+        return 410;
+    }
+
+    #access_log  /var/log/angie/host.access.log  main;
+
+    location /status/ {
+        api     /status/;
+        allow   127.0.0.1;
+        deny    all;
+    }
+
+    location /static {
+      alias /home/{{ user }}/static;
+
+      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;#Secure header
+      expires 1y;
+      add_header Cache-Control "public ";
+      etag on;
+    }
+
+    location /media {
+      alias /home/{{ user }}/media;
+
+      add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;#Secure header
+      expires 1w;
+      add_header Cache-Control "public ";
+      etag on;
+    }
+
+    location /api/v1 {
+        proxy_pass http://app-backend;
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        proxy_redirect off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $server_name;
+    }
+
+    location /admin {
+        proxy_pass http://app-backend;
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        proxy_redirect off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $server_name;
+    }
+
+    location / {
+        proxy_pass http://app-frontend;
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        proxy_redirect off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Host $server_name;
+    }
+
+
+    #error_page  404              /404.html;
+
+    client_max_body_size 50M;
+
+    error_page   500 502 503 504  /50x.html;
+    location = /50x.html {
+        root   /usr/share/angie/html;
+    }
+
+}
+
+{% if enable_https %}
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name {{ domain }};
+
+    if ($host != {{domain}}) {
+        return 410;
+    }
+    return 301 https://{{ domain }}$request_uri;
+}
+{% endif %}
+