aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Stoelp <johannes.stoelp@gmail.com>2024-02-13 00:40:05 +0100
committerJohannes Stoelp <johannes.stoelp@gmail.com>2024-02-13 00:40:05 +0100
commit0c03b0cf62c8672b6a00446f5959c9c0d9cb4cb6 (patch)
tree364e8a3846052326f1ef02d5c440d7ad7f472380
parenteff60765ee91a900f665b84ae882a6e9158c1192 (diff)
downloadansible-memzero-0c03b0cf62c8672b6a00446f5959c9c0d9cb4cb6.tar.gz
ansible-memzero-0c03b0cf62c8672b6a00446f5959c9c0d9cb4cb6.zip
nginx: add notes proxy
-rw-r--r--roles/webserver/files/user_conf.d/memzero.conf26
1 files changed, 26 insertions, 0 deletions
diff --git a/roles/webserver/files/user_conf.d/memzero.conf b/roles/webserver/files/user_conf.d/memzero.conf
index 1847b18..2038aad 100644
--- a/roles/webserver/files/user_conf.d/memzero.conf
+++ b/roles/webserver/files/user_conf.d/memzero.conf
@@ -89,6 +89,32 @@ server {
}
server {
+ # Listen to port 443 on both IPv4 and IPv6.
+ listen 443 ssl;
+ listen [::]:443 ssl;
+
+ # Domain names this server should respond to.
+ server_name notes.memzero.de;
+
+ # Load the certificate files.
+ ssl_certificate /etc/letsencrypt/live/memzero/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/memzero/privkey.pem;
+ ssl_trusted_certificate /etc/letsencrypt/live/memzero/chain.pem;
+
+ # Load the Diffie-Hellman parameter.
+ ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
+
+ location / {
+ proxy_set_header Host johannst.github.io;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Proto $scheme;
+
+ proxy_pass https://johannst.github.io/notes/;
+ }
+}
+
+server {
# Drop any request that does not match any of the other server names.
listen 443 ssl default_server;
ssl_reject_handshake on;