From 58c53f131ced9c7fa89e042732d5c671662f7c58 Mon Sep 17 00:00:00 2001 From: Johannes Stoelp Date: Wed, 14 Dec 2022 23:08:17 +0100 Subject: nginx: add proxy for cgit --- roles/webserver/files/user_conf.d/memzero.conf | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/roles/webserver/files/user_conf.d/memzero.conf b/roles/webserver/files/user_conf.d/memzero.conf index 3a9013f..1847b18 100644 --- a/roles/webserver/files/user_conf.d/memzero.conf +++ b/roles/webserver/files/user_conf.d/memzero.conf @@ -62,6 +62,32 @@ server { } } +server { + # Listen to port 443 on both IPv4 and IPv6. + listen 443 ssl; + listen [::]:443 ssl; + + # Domain names this server should respond to. + server_name git.memzero.de; + + # Load the certificate files. + ssl_certificate /etc/letsencrypt/live/memzero/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/memzero/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/memzero/chain.pem; + + # Load the Diffie-Hellman parameter. + ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem; + + location / { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_pass http://cgito; + } +} + server { # Drop any request that does not match any of the other server names. listen 443 ssl default_server; -- cgit v1.2.3