ansible-infra/resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
June d0a28589c6
All checks were successful
/ Ansible Lint (push) Successful in 1m39s
reorganize (config) files and templates into one "resources" dir
This groups the files and templates for each host together and therefore
makes it easier to see all the (config) files for a host.

Also clean up incorrect, unused docker_compose config for mumble and
clean up unused engelsystem configs.
2024-12-05 22:18:27 +01:00

94 lines
4 KiB
Text

# Keep this sorted alphabetically, please!
map $host $upstream_acme_challenge_host {
branding-resources.hamburg.ccc.de 172.31.17.151:31820;
c3cat.de 172.31.17.151:31820;
www.c3cat.de 172.31.17.151:31820;
staging.c3cat.de 172.31.17.151:31820;
ccchoir.de ccchoir-intern.hamburg.ccc.de:31820;
www.ccchoir.de ccchoir-intern.hamburg.ccc.de:31820;
cloud.hamburg.ccc.de 172.31.17.143:31820;
element.hamburg.ccc.de 172.31.17.151:31820;
git.hamburg.ccc.de 172.31.17.154:31820;
grafana.hamburg.ccc.de 172.31.17.145:31820;
hackertours.hamburg.ccc.de 172.31.17.151:31820;
staging.hackertours.hamburg.ccc.de 172.31.17.151:31820;
hamburg.ccc.de 172.31.17.151:31820;
id.hamburg.ccc.de 172.31.17.144:31820;
invite.hamburg.ccc.de 172.31.17.144:31820;
keycloak-admin.hamburg.ccc.de 172.31.17.144:31820;
matrix.hamburg.ccc.de 172.31.17.150:31820;
netbox.hamburg.ccc.de 172.31.17.149:31820;
onlyoffice.hamburg.ccc.de 172.31.17.147:31820;
pad.hamburg.ccc.de 172.31.17.141:31820;
pretalx.hamburg.ccc.de 172.31.17.157:31820;
spaceapi.hamburg.ccc.de 172.31.17.151:31820;
staging.hamburg.ccc.de 172.31.17.151:31820;
wiki.ccchh.net 172.31.17.146:31820;
wiki.hamburg.ccc.de 172.31.17.146:31820;
www.hamburg.ccc.de 172.31.17.151:31820;
tickets.hamburg.ccc.de 172.31.17.148:31820;
zammad.hamburg.ccc.de 172.31.17.152:31820;
eh03.easterhegg.eu 172.31.17.151:31820;
eh05.easterhegg.eu 172.31.17.151:31820;
eh07.easterhegg.eu 172.31.17.151:31820;
eh09.easterhegg.eu 172.31.17.151:31820;
eh11.easterhegg.eu 172.31.17.151:31820;
eh20.easterhegg.eu 172.31.17.151:31820;
www.eh20.easterhegg.eu 172.31.17.151:31820;
eh22.easterhegg.eu 172.31.17.159:31820;
easterheggxxxx.hamburg.ccc.de 172.31.17.151:31820;
eh2003.hamburg.ccc.de 172.31.17.151:31820;
www.eh2003.hamburg.ccc.de 172.31.17.151:31820;
easterhegg2003.hamburg.ccc.de 172.31.17.151:31820;
www.easterhegg2003.hamburg.ccc.de 172.31.17.151:31820;
eh2005.hamburg.ccc.de 172.31.17.151:31820;
www.eh2005.hamburg.ccc.de 172.31.17.151:31820;
easterhegg2005.hamburg.ccc.de 172.31.17.151:31820;
www.easterhegg2005.hamburg.ccc.de 172.31.17.151:31820;
eh2007.hamburg.ccc.de 172.31.17.151:31820;
www.eh2007.hamburg.ccc.de 172.31.17.151:31820;
eh07.hamburg.ccc.de 172.31.17.151:31820;
www.eh07.hamburg.ccc.de 172.31.17.151:31820;
easterhegg2007.hamburg.ccc.de 172.31.17.151:31820;
www.easterhegg2007.hamburg.ccc.de 172.31.17.151:31820;
eh2009.hamburg.ccc.de 172.31.17.151:31820;
www.eh2009.hamburg.ccc.de 172.31.17.151:31820;
eh09.hamburg.ccc.de 172.31.17.151:31820;
www.eh09.hamburg.ccc.de 172.31.17.151:31820;
easterhegg2009.hamburg.ccc.de 172.31.17.151:31820;
www.easterhegg2009.hamburg.ccc.de 172.31.17.151:31820;
eh2011.hamburg.ccc.de 172.31.17.151:31820;
www.eh2011.hamburg.ccc.de 172.31.17.151:31820;
eh11.hamburg.ccc.de 172.31.17.151:31820;
www.eh11.hamburg.ccc.de 172.31.17.151:31820;
easterhegg2011.hamburg.ccc.de 172.31.17.151:31820;
www.easterhegg2011.hamburg.ccc.de 172.31.17.151:31820;
eh20.hamburg.ccc.de 172.31.17.151:31820;
hacker.tours 172.31.17.151:31820;
staging.hacker.tours 172.31.17.151:31820;
woodpecker.hamburg.ccc.de 172.31.17.160:31820;
design.hamburg.ccc.de 172.31.17.162:31820;
hydra.hamburg.ccc.de 172.31.17.163:31820;
default "";
}
server {
listen 80 default_server;
resolver 212.12.50.158 192.76.134.90;
location /.well-known/acme-challenge/ {
proxy_pass http://$upstream_acme_challenge_host;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# This is http in any case.
proxy_set_header X-Forwarded-Proto http;
}
# Better safe than sorry.
# Don't do a permanent redirect to avoid acme challenge pain (even tho 443
# still should work).
location / {
return 307 https://$host$request_uri;
}
}