June
abc738c9c2
All checks were successful
/ Ansible Lint (push) Successful in 1m33s
Because of how Ansible local relative search paths work, the global "files" and "templates" directories need to be next to the playbooks. However its not intuitive to look into the playbooks directory to find the files and templates for a host. Therefore flatten the playbooks directory to get rid of this confusing structure. Also see: https://docs.ansible.com/ansible/latest/playbook_guide/playbook_pathing.html#resolving-local-relative-paths
128 lines
4.8 KiB
Nginx Configuration File
128 lines
4.8 KiB
Nginx Configuration File
# This config is based on the standard `nginx.conf` shipping with the stable
|
|
# nginx package from the NGINX mirrors as of 2023-01.
|
|
|
|
user nginx;
|
|
worker_processes auto;
|
|
|
|
error_log /var/log/nginx/error.log notice;
|
|
pid /var/run/nginx.pid;
|
|
|
|
|
|
events {
|
|
worker_connections 1024;
|
|
}
|
|
|
|
# Listen on port 443 as a reverse proxy and use PROXY Protocol for the
|
|
# upstreams.
|
|
stream {
|
|
resolver 212.12.50.158 192.76.134.90;
|
|
|
|
map $ssl_preread_server_name $address {
|
|
ccchoir.de ccchoir-intern.hamburg.ccc.de:8443;
|
|
www.ccchoir.de ccchoir-intern.hamburg.ccc.de:8443;
|
|
cloud.hamburg.ccc.de cloud-intern.hamburg.ccc.de:8443;
|
|
pad.hamburg.ccc.de pad-intern.hamburg.ccc.de:8443;
|
|
pretalx.hamburg.ccc.de pretalx-intern.hamburg.ccc.de:8443;
|
|
id.hamburg.ccc.de 172.31.17.144:8443;
|
|
invite.hamburg.ccc.de 172.31.17.144:8443;
|
|
keycloak-admin.hamburg.ccc.de 172.31.17.144:8444;
|
|
grafana.hamburg.ccc.de 172.31.17.145:8443;
|
|
wiki.ccchh.net 172.31.17.146:8443;
|
|
wiki.hamburg.ccc.de 172.31.17.146:8443;
|
|
onlyoffice.hamburg.ccc.de 172.31.17.147:8443;
|
|
hackertours.hamburg.ccc.de 172.31.17.151:8443;
|
|
staging.hackertours.hamburg.ccc.de 172.31.17.151:8443;
|
|
netbox.hamburg.ccc.de 172.31.17.149:8443;
|
|
matrix.hamburg.ccc.de 172.31.17.150:8443;
|
|
element.hamburg.ccc.de 172.31.17.151:8443;
|
|
branding-resources.hamburg.ccc.de 172.31.17.151:8443;
|
|
www.hamburg.ccc.de 172.31.17.151:8443;
|
|
hamburg.ccc.de 172.31.17.151:8443;
|
|
staging.hamburg.ccc.de 172.31.17.151:8443;
|
|
spaceapi.hamburg.ccc.de 172.31.17.151:8443;
|
|
tickets.hamburg.ccc.de 172.31.17.148:8443;
|
|
zammad.hamburg.ccc.de 172.31.17.152:8443;
|
|
c3cat.de 172.31.17.151:8443;
|
|
www.c3cat.de 172.31.17.151:8443;
|
|
staging.c3cat.de 172.31.17.151:8443;
|
|
git.hamburg.ccc.de 172.31.17.154:8443;
|
|
eh03.easterhegg.eu 172.31.17.151:8443;
|
|
eh05.easterhegg.eu 172.31.17.151:8443;
|
|
eh07.easterhegg.eu 172.31.17.151:8443;
|
|
eh09.easterhegg.eu 172.31.17.151:8443;
|
|
eh11.easterhegg.eu 172.31.17.151:8443;
|
|
eh20.easterhegg.eu 172.31.17.151:8443;
|
|
www.eh20.easterhegg.eu 172.31.17.151:8443;
|
|
eh22.easterhegg.eu 172.31.17.159:8443;
|
|
easterheggxxxx.hamburg.ccc.de 172.31.17.151:8443;
|
|
eh2003.hamburg.ccc.de 172.31.17.151:8443;
|
|
www.eh2003.hamburg.ccc.de 172.31.17.151:8443;
|
|
easterhegg2003.hamburg.ccc.de 172.31.17.151:8443;
|
|
www.easterhegg2003.hamburg.ccc.de 172.31.17.151:8443;
|
|
eh2005.hamburg.ccc.de 172.31.17.151:8443;
|
|
www.eh2005.hamburg.ccc.de 172.31.17.151:8443;
|
|
easterhegg2005.hamburg.ccc.de 172.31.17.151:8443;
|
|
www.easterhegg2005.hamburg.ccc.de 172.31.17.151:8443;
|
|
eh2007.hamburg.ccc.de 172.31.17.151:8443;
|
|
www.eh2007.hamburg.ccc.de 172.31.17.151:8443;
|
|
eh07.hamburg.ccc.de 172.31.17.151:8443;
|
|
www.eh07.hamburg.ccc.de 172.31.17.151:8443;
|
|
easterhegg2007.hamburg.ccc.de 172.31.17.151:8443;
|
|
www.easterhegg2007.hamburg.ccc.de 172.31.17.151:8443;
|
|
eh2009.hamburg.ccc.de 172.31.17.151:8443;
|
|
www.eh2009.hamburg.ccc.de 172.31.17.151:8443;
|
|
eh09.hamburg.ccc.de 172.31.17.151:8443;
|
|
www.eh09.hamburg.ccc.de 172.31.17.151:8443;
|
|
easterhegg2009.hamburg.ccc.de 172.31.17.151:8443;
|
|
www.easterhegg2009.hamburg.ccc.de 172.31.17.151:8443;
|
|
eh2011.hamburg.ccc.de 172.31.17.151:8443;
|
|
www.eh2011.hamburg.ccc.de 172.31.17.151:8443;
|
|
eh11.hamburg.ccc.de 172.31.17.151:8443;
|
|
www.eh11.hamburg.ccc.de 172.31.17.151:8443;
|
|
easterhegg2011.hamburg.ccc.de 172.31.17.151:8443;
|
|
www.easterhegg2011.hamburg.ccc.de 172.31.17.151:8443;
|
|
eh20.hamburg.ccc.de 172.31.17.151:8443;
|
|
hacker.tours 172.31.17.151:8443;
|
|
staging.hacker.tours 172.31.17.151:8443;
|
|
woodpecker.hamburg.ccc.de 172.31.17.160:8443;
|
|
design.hamburg.ccc.de 172.31.17.162:8443;
|
|
hydra.hamburg.ccc.de 172.31.17.163:8443;
|
|
}
|
|
|
|
server {
|
|
listen 0.0.0.0:443;
|
|
listen [::]:443;
|
|
proxy_pass $address;
|
|
ssl_preread on;
|
|
proxy_protocol on;
|
|
}
|
|
|
|
server {
|
|
listen 0.0.0.0:8448;
|
|
listen [::]:8448;
|
|
proxy_pass 172.31.17.150:8448;
|
|
ssl_preread on;
|
|
proxy_protocol on;
|
|
}
|
|
}
|
|
|
|
# Still have the default http block, so the `acme_challenge.conf` works.
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
access_log /var/log/nginx/access.log main;
|
|
|
|
sendfile on;
|
|
#tcp_nopush on;
|
|
|
|
keepalive_timeout 65;
|
|
|
|
#gzip on;
|
|
|
|
include /etc/nginx/conf.d/*.conf;
|
|
}
|