ansible-infra/resources/chaosknoten/public-reverse-proxy/nginx/nginx.conf
June d0a28589c6
All checks were successful
/ Ansible Lint (push) Successful in 1m39s
reorganize (config) files and templates into one "resources" dir
This groups the files and templates for each host together and therefore
makes it easier to see all the (config) files for a host.

Also clean up incorrect, unused docker_compose config for mumble and
clean up unused engelsystem configs.
2024-12-05 22:18:27 +01:00

128 lines
4.8 KiB
Nginx Configuration File

# This config is based on the standard `nginx.conf` shipping with the stable
# nginx package from the NGINX mirrors as of 2023-01.
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
# Listen on port 443 as a reverse proxy and use PROXY Protocol for the
# upstreams.
stream {
resolver 212.12.50.158 192.76.134.90;
map $ssl_preread_server_name $address {
ccchoir.de ccchoir-intern.hamburg.ccc.de:8443;
www.ccchoir.de ccchoir-intern.hamburg.ccc.de:8443;
cloud.hamburg.ccc.de cloud-intern.hamburg.ccc.de:8443;
pad.hamburg.ccc.de pad-intern.hamburg.ccc.de:8443;
pretalx.hamburg.ccc.de pretalx-intern.hamburg.ccc.de:8443;
id.hamburg.ccc.de 172.31.17.144:8443;
invite.hamburg.ccc.de 172.31.17.144:8443;
keycloak-admin.hamburg.ccc.de 172.31.17.144:8444;
grafana.hamburg.ccc.de 172.31.17.145:8443;
wiki.ccchh.net 172.31.17.146:8443;
wiki.hamburg.ccc.de 172.31.17.146:8443;
onlyoffice.hamburg.ccc.de 172.31.17.147:8443;
hackertours.hamburg.ccc.de 172.31.17.151:8443;
staging.hackertours.hamburg.ccc.de 172.31.17.151:8443;
netbox.hamburg.ccc.de 172.31.17.149:8443;
matrix.hamburg.ccc.de 172.31.17.150:8443;
element.hamburg.ccc.de 172.31.17.151:8443;
branding-resources.hamburg.ccc.de 172.31.17.151:8443;
www.hamburg.ccc.de 172.31.17.151:8443;
hamburg.ccc.de 172.31.17.151:8443;
staging.hamburg.ccc.de 172.31.17.151:8443;
spaceapi.hamburg.ccc.de 172.31.17.151:8443;
tickets.hamburg.ccc.de 172.31.17.148:8443;
zammad.hamburg.ccc.de 172.31.17.152:8443;
c3cat.de 172.31.17.151:8443;
www.c3cat.de 172.31.17.151:8443;
staging.c3cat.de 172.31.17.151:8443;
git.hamburg.ccc.de 172.31.17.154:8443;
eh03.easterhegg.eu 172.31.17.151:8443;
eh05.easterhegg.eu 172.31.17.151:8443;
eh07.easterhegg.eu 172.31.17.151:8443;
eh09.easterhegg.eu 172.31.17.151:8443;
eh11.easterhegg.eu 172.31.17.151:8443;
eh20.easterhegg.eu 172.31.17.151:8443;
www.eh20.easterhegg.eu 172.31.17.151:8443;
eh22.easterhegg.eu 172.31.17.159:8443;
easterheggxxxx.hamburg.ccc.de 172.31.17.151:8443;
eh2003.hamburg.ccc.de 172.31.17.151:8443;
www.eh2003.hamburg.ccc.de 172.31.17.151:8443;
easterhegg2003.hamburg.ccc.de 172.31.17.151:8443;
www.easterhegg2003.hamburg.ccc.de 172.31.17.151:8443;
eh2005.hamburg.ccc.de 172.31.17.151:8443;
www.eh2005.hamburg.ccc.de 172.31.17.151:8443;
easterhegg2005.hamburg.ccc.de 172.31.17.151:8443;
www.easterhegg2005.hamburg.ccc.de 172.31.17.151:8443;
eh2007.hamburg.ccc.de 172.31.17.151:8443;
www.eh2007.hamburg.ccc.de 172.31.17.151:8443;
eh07.hamburg.ccc.de 172.31.17.151:8443;
www.eh07.hamburg.ccc.de 172.31.17.151:8443;
easterhegg2007.hamburg.ccc.de 172.31.17.151:8443;
www.easterhegg2007.hamburg.ccc.de 172.31.17.151:8443;
eh2009.hamburg.ccc.de 172.31.17.151:8443;
www.eh2009.hamburg.ccc.de 172.31.17.151:8443;
eh09.hamburg.ccc.de 172.31.17.151:8443;
www.eh09.hamburg.ccc.de 172.31.17.151:8443;
easterhegg2009.hamburg.ccc.de 172.31.17.151:8443;
www.easterhegg2009.hamburg.ccc.de 172.31.17.151:8443;
eh2011.hamburg.ccc.de 172.31.17.151:8443;
www.eh2011.hamburg.ccc.de 172.31.17.151:8443;
eh11.hamburg.ccc.de 172.31.17.151:8443;
www.eh11.hamburg.ccc.de 172.31.17.151:8443;
easterhegg2011.hamburg.ccc.de 172.31.17.151:8443;
www.easterhegg2011.hamburg.ccc.de 172.31.17.151:8443;
eh20.hamburg.ccc.de 172.31.17.151:8443;
hacker.tours 172.31.17.151:8443;
staging.hacker.tours 172.31.17.151:8443;
woodpecker.hamburg.ccc.de 172.31.17.160:8443;
design.hamburg.ccc.de 172.31.17.162:8443;
hydra.hamburg.ccc.de 172.31.17.163:8443;
}
server {
listen 0.0.0.0:443;
listen [::]:443;
proxy_pass $address;
ssl_preread on;
proxy_protocol on;
}
server {
listen 0.0.0.0:8448;
listen [::]:8448;
proxy_pass 172.31.17.150:8448;
ssl_preread on;
proxy_protocol on;
}
}
# Still have the default http block, so the `acme_challenge.conf` works.
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}