Files @ 1b05bae8e440
Branch filter:

Location: majic-ansible-roles/roles/wsgi_website/templates/nginx_site.j2

1b05bae8e440 1.5 KiB text/plain Show Annotation Show as Raw Download as Raw
branko
MAR-56: Added LDIF templates to docs for relevant roles. Added warning about freshclam/clamav service restart during initial install (need to be restarted). Switched some TLS truststore vars to use concerete values. Introduced option for specifying additional Nginx config options. Added docs for some params. Assmeble Duplicity include pattern when needed. Don't set passwords for existing system users. Fix permissions for database users to be more restrictive. Fixed a couple of default param definitions (mainly tls cert/key stuff). Updated URL for downloading Prosody LDAP plugin. Updated testsite configs.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
{% if enforce_https -%}
server {
    # HTTP (plaintext) configuration.
    listen 80;
    server_name {{ fqdn }};

    # Redirect plaintext connections to HTTPS
    return 301 https://$host$request_uri;
}

{% endif -%}
server {
    # Base settings.
    root {{ home }}/htdocs/;
    server_name {{ fqdn }};
{% if not enforce_https %}

    # HTTP (plaintext) configuration.
    listen 80;

{% endif %}
    # HTTPS (TLS) configuration.
    listen 443 ssl;
    listen [::]:443 ssl;
    ssl_certificate_key /etc/ssl/private/{{ fqdn }}_https.key;
    ssl_certificate /etc/ssl/certs/{{ fqdn }}_https.pem;

    {% for config in additional_nginx_config -%}
    # {{ config.comment }}
    {{ config.value }}
    {% endfor -%}

    {% if rewrites -%}
    # Site rewrites.
    {% for rewrite in rewrites -%}
    rewrite {{ rewrite }};
    {% endfor -%}
    {% endif %}

    {% if static_locations -%}
    # Static locations
    {% for location in static_locations -%}
    location {{ location }} {
        try_files $uri $uri/ =404;
    }
    {% endfor -%}
    {% endif %}

    # Pass remaining requests to the WSGI server.
    location / {
        try_files $uri @proxy_to_app;
    }

    location @proxy_to_app {
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;

        proxy_pass http://unix:/run/wsgi/{{ fqdn }}.sock;
    }

    access_log /var/log/nginx/{{ fqdn }}-access.log;
    error_log /var/log/nginx/{{ fqdn }}-error.log;
}
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.