From 0c03b0cf62c8672b6a00446f5959c9c0d9cb4cb6 Mon Sep 17 00:00:00 2001
From: Johannes Stoelp <johannes.stoelp@gmail.com>
Date: Tue, 13 Feb 2024 00:40:05 +0100
Subject: nginx: add notes proxy

---
 roles/webserver/files/user_conf.d/memzero.conf | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'roles/webserver')

diff --git a/roles/webserver/files/user_conf.d/memzero.conf b/roles/webserver/files/user_conf.d/memzero.conf
index 1847b18..2038aad 100644
--- a/roles/webserver/files/user_conf.d/memzero.conf
+++ b/roles/webserver/files/user_conf.d/memzero.conf
@@ -88,6 +88,32 @@ server {
     }
 }
 
+server {
+    # Listen to port 443 on both IPv4 and IPv6.
+    listen 443 ssl;
+    listen [::]:443 ssl;
+
+    # Domain names this server should respond to.
+    server_name notes.memzero.de;
+
+    # Load the certificate files.
+    ssl_certificate         /etc/letsencrypt/live/memzero/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/memzero/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/memzero/chain.pem;
+
+    # Load the Diffie-Hellman parameter.
+    ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
+
+    location / {
+        proxy_set_header Host johannst.github.io;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        proxy_pass https://johannst.github.io/notes/;
+    }
+}
+
 server {
     # Drop any request that does not match any of the other server names.
     listen               443 ssl default_server;
-- 
cgit v1.2.3