228 lines
8.6 KiB
YAML
228 lines
8.6 KiB
YAML
---
|
|
- name: Install redirect template for Snort
|
|
ansible.builtin.template:
|
|
src: templates/snort_redirect.conf.j2
|
|
dest: /etc/nginx/snort_redirect.conf
|
|
tags: nginx
|
|
|
|
- name: strfry | Configure nginx
|
|
ansible.builtin.import_role:
|
|
name: nginx_core.nginx_config
|
|
become: true
|
|
vars:
|
|
nginx_config_http_template_enable: true
|
|
nginx_config_http_template:
|
|
- template_file: http/default.conf.j2
|
|
deployment_location: "/etc/nginx/conf.d/strfry_{{ nginx_strfry_domain }}.conf"
|
|
backup: false
|
|
config:
|
|
upstreams:
|
|
- name: strfry
|
|
servers:
|
|
- address: "127.0.0.1:{{ strfry_relay.port|default(7777) }}"
|
|
#- address: unix:/var/lib/strfry/strfry.sock
|
|
servers:
|
|
- core:
|
|
listen:
|
|
- address: "{{ default_interface_ipv4_address|default(ansible_default_ipv4.address) }}:{{ nginx_strfry_https_port|default(443) }} ssl"
|
|
# - address: "[2607:f130:0:105:216:3cff:fefb:92c2]:443 ssl"
|
|
include:
|
|
- "/etc/nginx/acme_{{ nginx_strfry_domain }}.conf"
|
|
#- /etc/nginx/snort_redirect.conf # breaks amethyst relay profile
|
|
client_max_body_size: 0 # Stream request body to backend
|
|
log:
|
|
access:
|
|
- off
|
|
locations:
|
|
- location: /
|
|
proxy:
|
|
pass: http://strfry
|
|
http_version: '1.1'
|
|
set_header:
|
|
- field: Host
|
|
value: $http_host
|
|
- field: Connection
|
|
value: $connection_upgrade
|
|
- field: Upgrade
|
|
value: $http_upgrade
|
|
- field: X-Forwarded-For
|
|
value: $proxy_add_x_forwarded_for
|
|
connect_timeout: 3m
|
|
send_timeout: 3m
|
|
read_timeout: 3m
|
|
- location: /static
|
|
core:
|
|
alias: /var/www/static
|
|
- location: /.well-known/nostr.json
|
|
core:
|
|
alias: /var/www/static/nostr.json
|
|
headers:
|
|
add_headers:
|
|
- name: Access-Control-Allow-Origin
|
|
value: '*'
|
|
- location: /favicon.ico
|
|
core:
|
|
alias: /var/www/static/favicon96.png
|
|
# https://matrix-org.github.io/synapse/latest/delegate.html
|
|
- location: '= /.well-known/matrix/server'
|
|
rewrite: # https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#rewrite
|
|
return:
|
|
code: 200
|
|
text: >
|
|
'{"m.server":"matrix.bitcoiner.social:443"}'
|
|
- location: '~ ^(/_matrix|/_synapse/client)'
|
|
rewrite:
|
|
return:
|
|
url: "https://matrix.bitcoiner.social$request_uri"
|
|
code: 301
|
|
- location: = /blee
|
|
rewrite:
|
|
return:
|
|
url: https://snort.bitcoiner.social/p/npub1dxs2pygtfxsah77yuncsmu3ttqr274qr5g5zva3c7t5s3jtgy2xszsn4st
|
|
code: 301
|
|
|
|
# nostr.bitcoiner.social
|
|
- template_file: http/default.conf.j2
|
|
deployment_location: "/etc/nginx/conf.d/nostr.bitcoiner.social.conf"
|
|
backup: false
|
|
config:
|
|
servers:
|
|
- core:
|
|
listen:
|
|
- address: "{{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}:443 ssl"
|
|
include:
|
|
- "/etc/nginx/acme_nostr.bitcoiner.social.conf"
|
|
log:
|
|
access:
|
|
- off
|
|
locations:
|
|
- location: /
|
|
proxy:
|
|
pass: http://strfry
|
|
http_version: '1.1'
|
|
set_header:
|
|
- field: Host
|
|
value: $http_host
|
|
- field: Connection
|
|
value: $connection_upgrade
|
|
- field: Upgrade
|
|
value: $http_upgrade
|
|
- field: X-Forwarded-For
|
|
value: $proxy_add_x_forwarded_for
|
|
connect_timeout: 3m
|
|
send_timeout: 3m
|
|
read_timeout: 3m
|
|
# headers:
|
|
# add_headers:
|
|
# - name: Access-Control-Allow-Origin
|
|
# value: '*'
|
|
# limit_req: # https://www.nginx.com/blog/rate-limiting-nginx/
|
|
# limit_reqs: # see files/limits.conf
|
|
# - zone: nostr
|
|
# burst: 5
|
|
# delay: false
|
|
|
|
# bitcoinr6de5lkvx4tpwdmzrdfdpla5sya2afwpcabjup2xpi5dulbad.onion
|
|
- template_file: http/default.conf.j2
|
|
deployment_location: "/etc/nginx/conf.d/tor_{{ nginx_strfry_domain }}.conf"
|
|
backup: false
|
|
config:
|
|
servers:
|
|
- core:
|
|
listen:
|
|
- address: "127.0.0.1:9080"
|
|
log:
|
|
access:
|
|
- off
|
|
locations:
|
|
- location: /
|
|
proxy:
|
|
pass: http://strfry
|
|
http_version: '1.1'
|
|
set_header:
|
|
- field: Host
|
|
value: $http_host
|
|
- field: Connection
|
|
value: $connection_upgrade
|
|
- field: Upgrade
|
|
value: $http_upgrade
|
|
- field: X-Forwarded-For
|
|
value: $proxy_add_x_forwarded_for
|
|
connect_timeout: 3m
|
|
send_timeout: 3m
|
|
read_timeout: 3m
|
|
- template_file: http/default.conf.j2
|
|
deployment_location: "/etc/nginx/conf.d/http_{{ nginx_strfry_domain }}.conf"
|
|
backup: false
|
|
config:
|
|
servers:
|
|
- core:
|
|
server_name: "{{ nginx_strfry_domain }}"
|
|
listen:
|
|
- address: "{{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}:80"
|
|
log:
|
|
access:
|
|
- off
|
|
locations:
|
|
- location: /
|
|
rewrite:
|
|
return:
|
|
url: https://$server_name$request_uri
|
|
code: 301
|
|
- template_file: http/default.conf.j2
|
|
deployment_location: "/etc/nginx/conf.d/cast.bitcoiner.social.conf"
|
|
backup: false
|
|
config:
|
|
servers:
|
|
- core:
|
|
listen:
|
|
- address: "{{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}:443 ssl"
|
|
include:
|
|
- "/etc/nginx/acme_cast.bitcoiner.social.conf"
|
|
log:
|
|
access:
|
|
- off
|
|
locations:
|
|
- location: /
|
|
rewrite:
|
|
return:
|
|
url: "https://modusb.com$request_uri"
|
|
code: 301
|
|
- location: = /@lacosanostr/feed.xml
|
|
rewrite:
|
|
return:
|
|
url: https://modusb.com/LCN.rss
|
|
code: 301
|
|
- template_file: http/default.conf.j2
|
|
deployment_location: "/etc/nginx/conf.d/news.bitcoiner.social.conf"
|
|
backup: false
|
|
config:
|
|
servers:
|
|
- core:
|
|
listen:
|
|
- address: "{{ default_interface_ipv4_address|default(ansible_default_ipv4.address) }}:443 ssl"
|
|
include:
|
|
- "/etc/nginx/acme_news.bitcoiner.social.conf"
|
|
log:
|
|
access:
|
|
- off
|
|
locations:
|
|
- location: /
|
|
proxy:
|
|
pass: http://127.0.0.1:3000
|
|
http_version: '1.1'
|
|
set_header:
|
|
- field: Host
|
|
value: $http_host
|
|
- core:
|
|
listen:
|
|
- address: "{{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}:80"
|
|
log:
|
|
access:
|
|
- off
|
|
locations:
|
|
- location: /
|
|
rewrite:
|
|
return:
|
|
url: https://$server_name$request_uri
|
|
code: 301 |