CCCHH/ansible-infra
CCCHH/ansible-infra
18
0
Fork 0
Code Issues 5 Pull requests Wiki Activity

Proxy AES in Club to new location for cached DNS records

Browse source 
Do that so that cached DNS records don't make problems. (We had a TTL of
1 week for some reason, so people having that in their cache might still
resolve to the Club. This shouldn't be a problem anymore at
~14.08.2023.)
This commit is contained in:
June 2023-08-11 00:55:47 +02:00 committed by julian
parent dc89d33e33
commit d256082221
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
playbooks/files/z9/configs/public-reverse-proxy/nginx/nginx.conf
View file

@ -15,14 +15,24 @@ events {
# Listen on port 443 as a reverse proxy and use PROXY Protocol for the # Listen on port 443 as a reverse proxy and use PROXY Protocol for the
# upstreams. # upstreams.
stream { stream {
map $ssl_preread_server_name $first_jump {
aes.ccchh.net 212.12.48.125:443;
default 127.0.0.1:9443;
}
map $ssl_preread_server_name $address { map $ssl_preread_server_name $address {
wiki.ccchh.net 10.31.206.13:8443; wiki.ccchh.net 10.31.206.13:8443;
aes.ccchh.net 10.31.206.14:8443;
default 127.0.0.1:8443; default 127.0.0.1:8443;
} }
server { server {
listen 0.0.0.0:443; listen 0.0.0.0:443;
proxy_pass $first_jump;
ssl_preread on;
}
server {
listen 0.0.0.0:9443;
proxy_pass $address; proxy_pass $address;
ssl_preread on; ssl_preread on;
proxy_protocol on; proxy_protocol on;