homelab-ansible/playbooks/roles/nginx/templates/stream.j2

# This file is managed by Ansible. Do not make configuration changes directly.

server {

	{% if item.ssl|default(false) %}
	# Listen using SSL
	listen {{ item.listen_port }} ssl;
	ssl_certificate /etc/letsencrypt/live/{{ item.cert_domain }}/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/{{ item.cert_domain }}/privkey.pem;
	{% else %}
	# Listen without SSL
	listen {{ item.listen_port }};
	{% endif %}
	# Proxy the connection to upstream
	proxy_pass {{ item.upstream }};
	{% if item.upstream_ssl|default(false) %}
	# The upstream uses SSL, so enable support for that
	proxy_ssl on;
	{% endif %}

	{% if item.restricted|default(false) %}
	# This stream has restricted access:
	{% for ip in (item.allowed_ips|default(["10.242.0.0/16"])) %}
	allow {{ ip }};
	{% endfor %}
	deny all;
	{% endif %}
	
}