ansible-infra/files/chaosknoten/configs/public-reverse-proxy/nginx/nginx.conf
June abc738c9c2
All checks were successful
/ Ansible Lint (push) Successful in 1m33s
flatten the "playbooks" directory for better structure
Because of how Ansible local relative search paths work, the global
"files" and "templates" directories need to be next to the playbooks.
However its not intuitive to look into the playbooks directory to find
the files and templates for a host.
Therefore flatten the playbooks directory to get rid of this confusing
structure.

Also see:
https://docs.ansible.com/ansible/latest/playbook_guide/playbook_pathing.html#resolving-local-relative-paths
2024-12-02 00:48:19 +01:00

128 lines
4.8 KiB
Nginx Configuration File

# This config is based on the standard `nginx.conf` shipping with the stable
# nginx package from the NGINX mirrors as of 2023-01.
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
# Listen on port 443 as a reverse proxy and use PROXY Protocol for the
# upstreams.
stream {
resolver 212.12.50.158 192.76.134.90;
map $ssl_preread_server_name $address {
ccchoir.de ccchoir-intern.hamburg.ccc.de:8443;
www.ccchoir.de ccchoir-intern.hamburg.ccc.de:8443;
cloud.hamburg.ccc.de cloud-intern.hamburg.ccc.de:8443;
pad.hamburg.ccc.de pad-intern.hamburg.ccc.de:8443;
pretalx.hamburg.ccc.de pretalx-intern.hamburg.ccc.de:8443;
id.hamburg.ccc.de 172.31.17.144:8443;
invite.hamburg.ccc.de 172.31.17.144:8443;
keycloak-admin.hamburg.ccc.de 172.31.17.144:8444;
grafana.hamburg.ccc.de 172.31.17.145:8443;
wiki.ccchh.net 172.31.17.146:8443;
wiki.hamburg.ccc.de 172.31.17.146:8443;
onlyoffice.hamburg.ccc.de 172.31.17.147:8443;
hackertours.hamburg.ccc.de 172.31.17.151:8443;
staging.hackertours.hamburg.ccc.de 172.31.17.151:8443;
netbox.hamburg.ccc.de 172.31.17.149:8443;
matrix.hamburg.ccc.de 172.31.17.150:8443;
element.hamburg.ccc.de 172.31.17.151:8443;
branding-resources.hamburg.ccc.de 172.31.17.151:8443;
www.hamburg.ccc.de 172.31.17.151:8443;
hamburg.ccc.de 172.31.17.151:8443;
staging.hamburg.ccc.de 172.31.17.151:8443;
spaceapi.hamburg.ccc.de 172.31.17.151:8443;
tickets.hamburg.ccc.de 172.31.17.148:8443;
zammad.hamburg.ccc.de 172.31.17.152:8443;
c3cat.de 172.31.17.151:8443;
www.c3cat.de 172.31.17.151:8443;
staging.c3cat.de 172.31.17.151:8443;
git.hamburg.ccc.de 172.31.17.154:8443;
eh03.easterhegg.eu 172.31.17.151:8443;
eh05.easterhegg.eu 172.31.17.151:8443;
eh07.easterhegg.eu 172.31.17.151:8443;
eh09.easterhegg.eu 172.31.17.151:8443;
eh11.easterhegg.eu 172.31.17.151:8443;
eh20.easterhegg.eu 172.31.17.151:8443;
www.eh20.easterhegg.eu 172.31.17.151:8443;
eh22.easterhegg.eu 172.31.17.159:8443;
easterheggxxxx.hamburg.ccc.de 172.31.17.151:8443;
eh2003.hamburg.ccc.de 172.31.17.151:8443;
www.eh2003.hamburg.ccc.de 172.31.17.151:8443;
easterhegg2003.hamburg.ccc.de 172.31.17.151:8443;
www.easterhegg2003.hamburg.ccc.de 172.31.17.151:8443;
eh2005.hamburg.ccc.de 172.31.17.151:8443;
www.eh2005.hamburg.ccc.de 172.31.17.151:8443;
easterhegg2005.hamburg.ccc.de 172.31.17.151:8443;
www.easterhegg2005.hamburg.ccc.de 172.31.17.151:8443;
eh2007.hamburg.ccc.de 172.31.17.151:8443;
www.eh2007.hamburg.ccc.de 172.31.17.151:8443;
eh07.hamburg.ccc.de 172.31.17.151:8443;
www.eh07.hamburg.ccc.de 172.31.17.151:8443;
easterhegg2007.hamburg.ccc.de 172.31.17.151:8443;
www.easterhegg2007.hamburg.ccc.de 172.31.17.151:8443;
eh2009.hamburg.ccc.de 172.31.17.151:8443;
www.eh2009.hamburg.ccc.de 172.31.17.151:8443;
eh09.hamburg.ccc.de 172.31.17.151:8443;
www.eh09.hamburg.ccc.de 172.31.17.151:8443;
easterhegg2009.hamburg.ccc.de 172.31.17.151:8443;
www.easterhegg2009.hamburg.ccc.de 172.31.17.151:8443;
eh2011.hamburg.ccc.de 172.31.17.151:8443;
www.eh2011.hamburg.ccc.de 172.31.17.151:8443;
eh11.hamburg.ccc.de 172.31.17.151:8443;
www.eh11.hamburg.ccc.de 172.31.17.151:8443;
easterhegg2011.hamburg.ccc.de 172.31.17.151:8443;
www.easterhegg2011.hamburg.ccc.de 172.31.17.151:8443;
eh20.hamburg.ccc.de 172.31.17.151:8443;
hacker.tours 172.31.17.151:8443;
staging.hacker.tours 172.31.17.151:8443;
woodpecker.hamburg.ccc.de 172.31.17.160:8443;
design.hamburg.ccc.de 172.31.17.162:8443;
hydra.hamburg.ccc.de 172.31.17.163:8443;
}
server {
listen 0.0.0.0:443;
listen [::]:443;
proxy_pass $address;
ssl_preread on;
proxy_protocol on;
}
server {
listen 0.0.0.0:8448;
listen [::]:8448;
proxy_pass 172.31.17.150:8448;
ssl_preread on;
proxy_protocol on;
}
}
# Still have the default http block, so the `acme_challenge.conf` works.
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}