p5t2vspoqqw
před 6 roky
3 změnil soubory, kde provedl 26 přidání a 13 odebrání
-
+8 -0docs/configuring-playbook-ngnix.md
-
+5 -2roles/matrix-nginx-proxy/defaults/main.yml
-
+13 -11roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2
+ 8
- 0
docs/configuring-playbook-ngnix.md
Zobrazit soubor
| @@ -11,3 +11,11 @@ This will serve a statuspage to the hosting machine only. Useful for monitoring | |||||
| ```yaml | ```yaml | ||||
| matrix_nginx_proxy_nginx_status_enabled: true | matrix_nginx_proxy_nginx_status_enabled: true | ||||
| ``` | ``` | ||||
| In default ```matrix_nginx_proxy_nginx_status_enabled``` will add the local ip adress. If you wish to listen to other ip-adresses provide a list: | |||||
| ```yaml | |||||
| matrix_nginx_proxy_nginx_status_allowed_addresses: | |||||
| - 8.8.8.8 | |||||
| - 1.1.1.1 | |||||
| ``` | |||||
+ 5
- 2
roles/matrix-nginx-proxy/defaults/main.yml
Zobrazit soubor
| @@ -1,7 +1,5 @@ | |||||
| matrix_nginx_proxy_enabled: true | matrix_nginx_proxy_enabled: true | ||||
| matrix_nginx_proxy_nginx_status_enabled: false | |||||
| # We use an official nginx image, which we fix-up to run unprivileged. | # We use an official nginx image, which we fix-up to run unprivileged. | ||||
| # An alternative would be an `nginxinc/nginx-unprivileged` image, but | # An alternative would be an `nginxinc/nginx-unprivileged` image, but | ||||
| # those as more frequently out of date. | # those as more frequently out of date. | ||||
| @@ -142,3 +140,8 @@ matrix_ssl_lets_encrypt_support_email: ~ | |||||
| matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" | matrix_ssl_base_path: "{{ matrix_base_data_path }}/ssl" | ||||
| matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" | matrix_ssl_config_dir_path: "{{ matrix_ssl_base_path }}/config" | ||||
| matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" | matrix_ssl_log_dir_path: "{{ matrix_ssl_base_path }}/log" | ||||
| # ngnix status page configurations. | |||||
| matrix_nginx_proxy_nginx_status_enabled: false | |||||
| matrix_nginx_proxy_nginx_status_allowed_addresses: ['{{ ansible_default_ipv4.address }}'] | |||||
+ 13
- 11
roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-domain.conf.j2
Zobrazit soubor
| @@ -4,25 +4,27 @@ server { | |||||
| server_tokens off; | server_tokens off; | ||||
| {% if matrix_nginx_proxy_nginx_status_enabled %} | |||||
| location /nginx_status { | |||||
| stub_status on; | |||||
| access_log off; | |||||
| allow {{ ansible_default_ipv4.address }}; | |||||
| deny all; | |||||
| } | |||||
| {% endif %} | |||||
| {% if matrix_nginx_proxy_nginx_status_enabled %} | |||||
| location /nginx_status { | |||||
| stub_status on; | |||||
| access_log off; | |||||
| {% for address in matrix_nginx_proxy_nginx_status_allowed_addresses %} | |||||
| allow {{ address }}; | |||||
| {% endfor %} | |||||
| deny all; | |||||
| } | |||||
| {% endif %} | |||||
| location /.well-known/acme-challenge { | location /.well-known/acme-challenge { | ||||
| {% if matrix_nginx_proxy_enabled %} | |||||
| {% if matrix_nginx_proxy_enabled %} | |||||
| {# Use the embedded DNS resolver in Docker containers to discover the service #} | {# Use the embedded DNS resolver in Docker containers to discover the service #} | ||||
| resolver 127.0.0.11 valid=5s; | resolver 127.0.0.11 valid=5s; | ||||
| set $backend "matrix-certbot:8080"; | set $backend "matrix-certbot:8080"; | ||||
| proxy_pass http://$backend; | proxy_pass http://$backend; | ||||
| {% else %} | |||||
| {% else %} | |||||
| {# Generic configuration for use outside of our container setup #} | {# Generic configuration for use outside of our container setup #} | ||||
| proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; | proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }}; | ||||
| {% endif %} | |||||
| {% endif %} | |||||
| } | } | ||||
| location / { | location / { | ||||