101 lines
2.9 KiB
YAML
101 lines
2.9 KiB
YAML
## Nginx ansible configuration
|
|
#
|
|
# Structure:
|
|
# cert_domains: List of domains to request and maintain certificates for. These are single-domain certificates, acquired and renewed individually
|
|
# wildcard_domains: List of domains to request and maintain wildcard certificates (*.<domain here>) for.
|
|
# sites_available: List of site definition objects (see below)
|
|
# streams_available: List of TCP stream definition objects (see below)
|
|
# custom_sites: List of files to copy directly into the server's sites_enabled directory. These files should be matched by the glob 'playbooks/roles/nginx/files/custom_sites/*.conf'
|
|
|
|
## sites_available
|
|
# fqdn: The fully-qualified domain name of the site. Must be unique among sites, and is used as both the filename and the nginx server name.
|
|
# enabled: Boolean, indicates whether the site should be active. Set this to no rather than removing site configurations outright.
|
|
# cert_domain: Optional certificate domain basename to use, if not the FQDN. Required for when the site uses a wildcard cert
|
|
# upstream: The URI of the usptream to proxy to
|
|
# restricted: Boolean indicating whether this site has IP restrictions. Defaults to false.
|
|
# allowed_ips: List of IP addresses and CIDR blocks to allow access from when restricted is true. Defaults to 10.242.0.0/16.
|
|
# max_upload: The maximum request body size. Defaults to unset, for Nginx's default.
|
|
|
|
cert_domains:
|
|
- files.ezri.dev
|
|
- git.ezri.dev
|
|
- idm.ezri.dev
|
|
- jellyfin.ezri.dev
|
|
- mail.ezri.dev
|
|
- navidrome.ezri.dev
|
|
- vtt.ezri.dev
|
|
- ezri.dev
|
|
|
|
custom_sites:
|
|
- well-known.conf
|
|
|
|
sites_available:
|
|
- fqdn: files.ezri.dev
|
|
enabled: yes
|
|
upstream: http://10.242.202.90:9001
|
|
max_upload: 0
|
|
|
|
- fqdn: git.ezri.dev
|
|
enabled: yes
|
|
upstream: http://10.242.202.90:30008
|
|
|
|
- fqdn: jellyfin.ezri.dev
|
|
enabled: yes
|
|
upstream: http://10.242.202.90:30013
|
|
restricted: yes
|
|
allowed_ips:
|
|
- 10.242.0.0/23
|
|
- 10.242.3.0/24
|
|
- 10.242.4.0/24
|
|
|
|
- fqdn: navidrome.ezri.dev
|
|
enabled: yes
|
|
upstream: http://10.242.202.90:30043
|
|
restricted: yes
|
|
allowed_ips:
|
|
- 10.242.0.0/23
|
|
- 10.242.3.0/24
|
|
- 10.242.4.0/24
|
|
|
|
- fqdn: mail.ezri.dev
|
|
enabled: yes
|
|
upstream: http://10.242.203.13:8000
|
|
restricted: yes
|
|
allowed_ips:
|
|
- 10.242.0.0/23
|
|
- 10.242.3.0/24
|
|
|
|
- fqdn: vtt.ezri.dev
|
|
enabled: yes
|
|
upstream: http://10.242.203.13:3000
|
|
max_upload: 512M
|
|
|
|
- fqdn: idm.ezri.dev
|
|
enabled: yes
|
|
upstream: https://10.242.203.13:8443
|
|
|
|
streams_available:
|
|
- fqdn: git.ezri.dev
|
|
enabled: yes
|
|
listen_port: 22
|
|
ssl: no
|
|
upstream: 10.242.202.90:30009
|
|
|
|
- fqdn: idm.ezri.dev
|
|
enabled: yes
|
|
listen_port: 636
|
|
ssl: yes
|
|
cert_domain: idm.ezri.dev
|
|
upstream: 10.242.203.13:3636
|
|
upstream_ssl: yes
|
|
restricted: yes
|
|
allowed_ips:
|
|
- 10.242.200.0/24
|
|
- 10.242.202.90
|
|
- 10.242.203.90
|
|
- 10.242.0.1
|
|
- 10.242.203.1
|
|
- 10.242.203.13
|
|
- 10.242.3.0/24
|
|
- 10.242.0.0/24
|