diff options
| author | Johannes Stoelp <johannes.stoelp@gmail.com> | 2024-02-13 00:40:05 +0100 |
|---|---|---|
| committer | Johannes Stoelp <johannes.stoelp@gmail.com> | 2024-02-13 00:40:05 +0100 |
| commit | 0c03b0cf62c8672b6a00446f5959c9c0d9cb4cb6 (patch) | |
| tree | 364e8a3846052326f1ef02d5c440d7ad7f472380 | |
| parent | eff60765ee91a900f665b84ae882a6e9158c1192 (diff) | |
| download | ansible-memzero-0c03b0cf62c8672b6a00446f5959c9c0d9cb4cb6.tar.gz ansible-memzero-0c03b0cf62c8672b6a00446f5959c9c0d9cb4cb6.zip | |
nginx: add notes proxy
| -rw-r--r-- | roles/webserver/files/user_conf.d/memzero.conf | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/roles/webserver/files/user_conf.d/memzero.conf b/roles/webserver/files/user_conf.d/memzero.conf index 1847b18..2038aad 100644 --- a/roles/webserver/files/user_conf.d/memzero.conf +++ b/roles/webserver/files/user_conf.d/memzero.conf @@ -89,6 +89,32 @@ server { } server { + # Listen to port 443 on both IPv4 and IPv6. + listen 443 ssl; + listen [::]:443 ssl; + + # Domain names this server should respond to. + server_name notes.memzero.de; + + # Load the certificate files. + ssl_certificate /etc/letsencrypt/live/memzero/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/memzero/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/memzero/chain.pem; + + # Load the Diffie-Hellman parameter. + ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem; + + location / { + proxy_set_header Host johannst.github.io; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass https://johannst.github.io/notes/; + } +} + +server { # Drop any request that does not match any of the other server names. listen 443 ssl default_server; ssl_reject_handshake on; |