78 lines
2.6 KiB
YAML
78 lines
2.6 KiB
YAML
## Nginx ansible configuration
|
|
#
|
|
# Structure:
|
|
# cert_domains: List of domains to request and maintain certificates for. These are single-domain certificates, acquired and renewed individually
|
|
# wildcard_domains: List of domains to request and maintain wildcard certificates (*.<domain here>) for.
|
|
# sites_available: List of site definition objects (see below)
|
|
# streams_available: List of TCP stream definition objects (see below)
|
|
# custom_sites: List of files to copy directly into the server's sites_enabled directory. These files should be matched by the glob 'playbooks/roles/nginx/files/custom_sites/*.conf'
|
|
|
|
## sites_available
|
|
# fqdn: The fully-qualified domain name of the site. Must be unique among sites, and is used as both the filename and the nginx server name.
|
|
# enabled: Boolean, indicates whether the site should be active. Set this to no rather than removing site configurations outright.
|
|
# cert_domain: Optional certificate domain basename to use, if not the FQDN. Required for when the site uses a wildcard cert
|
|
# upstream: The URI of the usptream to proxy to
|
|
# restricted: Boolean indicating whether this site has IP restrictions. Defaults to false.
|
|
# allowed_ips: List of IP addresses and CIDR blocks to allow access from when restricted is true. Defaults to 10.242.0.0/16.
|
|
# max_upload: The maximum request body size. Defaults to unset, for Nginx's default.
|
|
|
|
cert_domains:
|
|
- vw.ezri.dev
|
|
|
|
wildcard_domains:
|
|
- internal.ezri.dev
|
|
|
|
sites_available:
|
|
- fqdn: lidarr.internal.ezri.dev
|
|
enabled: yes
|
|
cert_domain: internal.ezri.dev
|
|
upstream: http://10.242.201.3:8686
|
|
restricted: yes
|
|
allowed_ips:
|
|
- 10.242.0.0/23
|
|
- 10.242.3.0/24
|
|
|
|
- fqdn: radarr.internal.ezri.dev
|
|
enabled: yes
|
|
cert_domain: internal.ezri.dev
|
|
upstream: http://10.242.201.3:7878
|
|
restricted: yes
|
|
allowed_ips:
|
|
- 10.242.0.0/23
|
|
- 10.242.3.0/24
|
|
|
|
- fqdn: sonarr.internal.ezri.dev
|
|
enabled: yes
|
|
cert_domain: internal.ezri.dev
|
|
upstream: http://10.242.201.3:8989
|
|
restricted: yes
|
|
allowed_ips:
|
|
- 10.242.0.0/23
|
|
- 10.242.3.0/24
|
|
|
|
- fqdn: prowlarr.internal.ezri.dev
|
|
enabled: yes
|
|
cert_domain: internal.ezri.dev
|
|
upstream: http://10.242.201.3:9696
|
|
restricted: yes
|
|
allowed_ips:
|
|
- 10.242.0.0/23
|
|
- 10.242.3.0/24
|
|
|
|
- fqdn: qbittorrent.internal.ezri.dev
|
|
enabled: yes
|
|
cert_domain: internal.ezri.dev
|
|
upstream: http://10.242.201.2:8080
|
|
restricted: yes
|
|
allowed_ips:
|
|
- 10.242.0.0/23
|
|
- 10.242.3.0/24
|
|
|
|
- fqdn: vw.ezri.dev
|
|
enabled: yes
|
|
upstream: http://10.242.202.90:30032
|
|
restricted: yes
|
|
allowed_ips:
|
|
- 10.242.0.0/23
|
|
- 10.242.3.0/24
|