iac/ansible-role-nginx-config-svc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Optimize template

Browse Source
This commit is contained in:
nemunaire 2023-03-14 17:06:52 +01:00
parent 9da17568e9
commit d67ccd82fa
1 changed files with 20 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
templates/nginx.conf.j2
View File

@ -2,10 +2,10 @@
{{ before_server }} {{ before_server }}
{% endif %} {% endif %}
server { server {
{% if nginx_listen80 is defined -%} {% if nginx_listen80 is defined %}
{{ nginx_listen80 }} {{ nginx_listen80 }}
{% else %} {% else %}
listen 80; listen 80;
listen [::]:80; listen [::]:80;
{% endif %} {% endif %}
{% if proxy_protocol is defined %} {% if proxy_protocol is defined %}
@ -28,26 +28,26 @@ server {
# enforce https # enforce https
return 301 https://$server_name:443$request_uri; return 301 https://$server_name:443$request_uri;
} }
{% if unsecure_server is defined %} {% if unsecure_server is defined -%}
{{ unsecure_server }} {{ unsecure_server | indent(4) }}
{% endif %} {%- endif %}
location /.well-known/acme-challenge { location /.well-known/acme-challenge {
{% if nginx_acme_challenge is defined %} {% if nginx_acme_challenge is defined %}
{{ nginx_acme_challenge }} {{ nginx_acme_challenge }}
{% else %} {%- else %}
root /var/www/acme; root /var/www/acme;
{% endif %} {% endif %}
} }
} }
server { server {
{% if nginx_listen443 is defined -%} {% if nginx_listen443 is defined %}
{{ nginx_listen443 }} {{ nginx_listen443 }}
{% else %} {% else %}
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
{% endif %} {% endif %}
server_name {% if redirect_to_first is not defined or not redirect_to_first %}{{ domains | join(' ') }}{% else %}{{ domains[0] }}{% endif %}; server_name {% if redirect_to_first is not defined or not redirect_to_first %}{{ domains | join(' ') }}{% else %}{{ domains[0] }}{% endif %};
{% if proxy_protocol is defined %} {% if proxy_protocol is defined %}
listen 442 ssl http2 proxy_protocol; listen 442 ssl http2 proxy_protocol;
@ -63,30 +63,30 @@ server {
port_in_redirect off; port_in_redirect off;
{% endif %} {% endif %}
{% if ssl_certificate is defined %} {% if ssl_certificate is defined -%}
{{ ssl_certificate }} {{ ssl_certificate | indent(4) }}
{% else %} {% else -%}
ssl_certificate /etc/ssl/csr/{{ instance_name }}-fullchain.crt; ssl_certificate /etc/ssl/csr/{{ instance_name }}-fullchain.crt;
ssl_certificate_key /etc/ssl/private/{{ instance_name }}.pem; ssl_certificate_key /etc/ssl/private/{{ instance_name }}.pem;
{% endif %} {% endif %}
add_header X-XSS-Protection "0"; add_header X-XSS-Protection "0";
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;" always;
{% if headers is defined %}{{ headers }}{% endif %} {%+ if headers is defined %}{{ headers }}{% endif %}
{% if server %} {% if server -%}
{{ server | indent(4) }} {{ server | indent(4) }}
{% endif %} {%- endif %}
} }
{% if redirect_to_first is defined and redirect_to_first and domains|length > 1 %} {% if redirect_to_first is defined and redirect_to_first and domains|length > 1 %}
server { server {
{% if nginx_listen443 is defined -%} {% if nginx_listen443 is defined -%}
{{ nginx_listen443 }} {{ nginx_listen443 }}
{% else %} {% else %}
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
{% endif %} {% endif %}
server_name {{ domains[1:] | join(' ') }}; server_name {{ domains[1:] | join(' ') }};
{% if proxy_protocol is defined %} {% if proxy_protocol is defined %}
listen 442 ssl http2 proxy_protocol; listen 442 ssl http2 proxy_protocol;
@ -105,7 +105,7 @@ server {
{% if ssl_certificate is defined %} {% if ssl_certificate is defined %}
{{ ssl_certificate }} {{ ssl_certificate }}
{% else %} {% else %}
ssl_certificate /etc/ssl/csr/{{ instance_name }}-fullchain.crt; ssl_certificate /etc/ssl/csr/{{ instance_name }}-fullchain.crt;
ssl_certificate_key /etc/ssl/private/{{ instance_name }}.pem; ssl_certificate_key /etc/ssl/private/{{ instance_name }}.pem;
{% endif %} {% endif %}