sophia/ansible-infra
0
0
Fork 0
forked from CCCHH/ansible-infra
Code Pull requests Activity
ansible-infra/playbooks/files/chaosknoten/configs/public-reverse-proxy/nginx/nginx.conf

71 lines
1.9 KiB
Nginx Configuration File
Raw Blame History

# This config is based on the standard `nginx.conf` shipping with the stable
# nginx package from the NGINX mirrors as of 2023-01.
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
# Listen on port 443 as a reverse proxy and use PROXY Protocol for the
# upstreams.
stream {
resolver 212.12.50.158 192.76.134.90;
map $ssl_preread_server_name $address {
cloud.hamburg.ccc.de cloud-intern.hamburg.ccc.de:8443;
pad.hamburg.ccc.de pad-intern.hamburg.ccc.de:8443;
id.hamburg.ccc.de 172.31.17.144:8443;
keycloak-admin.hamburg.ccc.de 172.31.17.144:8444;
aes.ccchh.net 172.31.17.145:8443;
wiki.ccchh.net 172.31.17.146:8443;
onlyoffice.hamburg.ccc.de 172.31.17.147:8443;
netbox.hamburg.ccc.de 172.31.17.149:8443;
matrix.hamburg.ccc.de 172.31.17.150:8443;
element.hamburg.ccc.de 172.31.17.151:8443;
branding-resources.hamburg.ccc.de 172.31.17.151:8443;
next.hamburg.ccc.de 172.31.17.151:8443;
}
server {
listen 0.0.0.0:443;
listen [::]:443;
proxy_pass $address;
ssl_preread on;
proxy_protocol on;
}
server {
listen 0.0.0.0:8448;
listen [::]:8448;
proxy_pass 172.31.17.150:8448;
ssl_preread on;
proxy_protocol on;
}
}
# Still have the default http block, so the `acme_challenge.conf` works.
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
View git blame Copy permalink