sysadminix/aerbim-ht-monitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c6bc5d19f298180d1f3ae9c4e2bf42b9fb76ca8b
aerbim-ht-monitor/ansible/playbooks/angie/aerbim.conf
Timofey 1783e34421 add default ansible config
2025-07-24 14:53:32 +03:00

140 lines
3.5 KiB
Plaintext
Raw Blame History

resolver 8.8.8.8;
{% if enable_https %}
acme_client {{ app }} https://acme-v02.api.letsencrypt.org/directory;
{% endif %}
upstream app-backend {
server 127.0.0.1:8000;
}
upstream app-frontend {
server 127.0.0.1:3000;
}
server {
{% if enable_https %}
listen 443 ssl;
http2 on;
acme {{ app }};
ssl_certificate $acme_cert_{{ app }};
ssl_certificate_key $acme_cert_key_{{ app }};
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_stapling on;
{% else %}
listen 80;
{% endif %}
server_name {{ domain }};
gzip on;
gzip_comp_level 6;
gzip_types image/svg+xml text/plain text/html text/xml text/css text/javascript application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript application/x-font-ttf application/vnd.ms-fontobject font/opentype font/ttf font/eot font/otf;
gzip_disable "MSIE [1-6]\. ";
add_header Strict-Transport-Security "max-age=31536000;includeSubDomains" always;#Secure header
if ($host = www.{{domain}}) {
return 301 https://{{domain}}$request_uri;
}
if ($host != {{domain}}) {
return 410;
}
#access_log /var/log/angie/host.access.log main;
location /status/ {
api /status/;
allow 127.0.0.1;
deny all;
}
location /static {
alias /home/{{ user }}/static;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;#Secure header
expires 1y;
add_header Cache-Control "public ";
etag on;
}
location /media {
alias /home/{{ user }}/media;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;#Secure header
expires 1w;
add_header Cache-Control "public ";
etag on;
}
location /api/v1 {
proxy_pass http://app-backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location /admin {
proxy_pass http://app-backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
location / {
proxy_pass http://app-frontend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
}
#error_page 404 /404.html;
client_max_body_size 50M;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/angie/html;
}
}
{% if enable_https %}
server {
listen 80;
listen [::]:80;
server_name {{ domain }};
if ($host != {{domain}}) {
return 410;
}
return 301 https://{{ domain }}$request_uri;
}
{% endif %}
Reference in New Issue View Git Blame Copy Permalink