CCCHH/ansible-infra
CCCHH/ansible-infra
4
2
Fork 1
Code Issues 4 Pull requests 1 Wiki Activity Actions

reorganize (config) files and templates into one "resources" dir

Browse source 
This groups the files and templates for each host together and therefore
makes it easier to see all the (config) files for a host.

Also clean up incorrect, unused docker_compose config for mumble and
clean up unused engelsystem configs.
This commit is contained in:
June 2024-12-05 22:18:27 +01:00
commit 07dbbf055c
Signed by: june
SSH key fingerprint: SHA256:o9EAq4Y9N9K0pBQeBTqhSDrND5E7oB+60ZNx0U1yPe0
83 changed files with 62 additions and 121 deletions
Download patch file Download diff file Expand all files Collapse all files

14
resources/z9/light/nginx/http_handler.conf Normal file
View file

@ -0,0 +1,14 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
location /.well-known/acme-challenge/ {
autoindex on;
root /webroot-for-acme-challenge;
}
location / {
return 301 https://$host$request_uri;
}
}

65
resources/z9/light/nginx/light.conf Normal file
View file

@ -0,0 +1,65 @@
# partly generated 2022-01-08, Mozilla Guideline v5.6, nginx 1.17.7, OpenSSL 1.1.1k, intermediate configuration
# https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1k&guideline=5.6
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name light-werkstatt.ccchh.net;
ssl_certificate /etc/letsencrypt/live/light.ccchh.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/light.ccchh.net/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/light.ccchh.net/chain.pem;
# replace with the IP address of your resolver
resolver 10.31.208.1;
location / {
proxy_pass http://127.0.0.1:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name light.z9.ccchh.net ;
ssl_certificate /etc/letsencrypt/live/light.ccchh.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/light.ccchh.net/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/light.ccchh.net/chain.pem;
location / {
return 307 https://light.ccchh.net$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name light.ccchh.net;
ssl_certificate /etc/letsencrypt/live/light.ccchh.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/light.ccchh.net/privkey.pem;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/letsencrypt/live/light.ccchh.net/chain.pem;
# replace with the IP address of your resolver
resolver 10.31.208.1;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# This is https in any case.
proxy_set_header X-Forwarded-Proto https;
}
}