Jimstr/bitcoiner.social
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d867522fbe
bitcoiner.social/ansible/playbooks/host_tasks/garchomp.bitcoiner.social/strfry/nginx_conf.yml

228 lines
8.6 KiB
YAML
Raw Blame History

---
- name: Install redirect template for Snort
ansible.builtin.template:
src: templates/snort_redirect.conf.j2
dest: /etc/nginx/snort_redirect.conf
tags: nginx
- name: strfry | Configure nginx
ansible.builtin.import_role:
name: nginx_core.nginx_config
become: true
vars:
nginx_config_http_template_enable: true
nginx_config_http_template:
- template_file: http/default.conf.j2
deployment_location: "/etc/nginx/conf.d/strfry_{{ nginx_strfry_domain }}.conf"
backup: false
config:
upstreams:
- name: strfry
servers:
- address: "127.0.0.1:{{ strfry_relay.port|default(7777) }}"
#- address: unix:/var/lib/strfry/strfry.sock
servers:
- core:
listen:
- address: "{{ default_interface_ipv4_address|default(ansible_default_ipv4.address) }}:{{ nginx_strfry_https_port|default(443) }} ssl"
# - address: "[2607:f130:0:105:216:3cff:fefb:92c2]:443 ssl"
include:
- "/etc/nginx/acme_{{ nginx_strfry_domain }}.conf"
#- /etc/nginx/snort_redirect.conf # breaks amethyst relay profile
client_max_body_size: 0 # Stream request body to backend
log:
access:
- off
locations:
- location: /
proxy:
pass: http://strfry
http_version: '1.1'
set_header:
- field: Host
value: $http_host
- field: Connection
value: $connection_upgrade
- field: Upgrade
value: $http_upgrade
- field: X-Forwarded-For
value: $proxy_add_x_forwarded_for
connect_timeout: 3m
send_timeout: 3m
read_timeout: 3m
- location: /static
core:
alias: /var/www/static
- location: /.well-known/nostr.json
core:
alias: /var/www/static/nostr.json
headers:
add_headers:
- name: Access-Control-Allow-Origin
value: '*'
- location: /favicon.ico
core:
alias: /var/www/static/favicon96.png
# https://matrix-org.github.io/synapse/latest/delegate.html
- location: '= /.well-known/matrix/server'
rewrite: # https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#rewrite
return:
code: 200
text: >
'{"m.server":"matrix.bitcoiner.social:443"}'
- location: '~ ^(/_matrix|/_synapse/client)'
rewrite:
return:
url: "https://matrix.bitcoiner.social$request_uri"
code: 301
- location: = /blee
rewrite:
return:
url: https://snort.bitcoiner.social/p/npub1dxs2pygtfxsah77yuncsmu3ttqr274qr5g5zva3c7t5s3jtgy2xszsn4st
code: 301
# nostr.bitcoiner.social
- template_file: http/default.conf.j2
deployment_location: "/etc/nginx/conf.d/nostr.bitcoiner.social.conf"
backup: false
config:
servers:
- core:
listen:
- address: "{{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}:443 ssl"
include:
- "/etc/nginx/acme_nostr.bitcoiner.social.conf"
log:
access:
- off
locations:
- location: /
proxy:
pass: http://strfry
http_version: '1.1'
set_header:
- field: Host
value: $http_host
- field: Connection
value: $connection_upgrade
- field: Upgrade
value: $http_upgrade
- field: X-Forwarded-For
value: $proxy_add_x_forwarded_for
connect_timeout: 3m
send_timeout: 3m
read_timeout: 3m
# headers:
# add_headers:
# - name: Access-Control-Allow-Origin
# value: '*'
# limit_req: # https://www.nginx.com/blog/rate-limiting-nginx/
# limit_reqs: # see files/limits.conf
# - zone: nostr
# burst: 5
# delay: false
# bitcoinr6de5lkvx4tpwdmzrdfdpla5sya2afwpcabjup2xpi5dulbad.onion
- template_file: http/default.conf.j2
deployment_location: "/etc/nginx/conf.d/tor_{{ nginx_strfry_domain }}.conf"
backup: false
config:
servers:
- core:
listen:
- address: "127.0.0.1:9080"
log:
access:
- off
locations:
- location: /
proxy:
pass: http://strfry
http_version: '1.1'
set_header:
- field: Host
value: $http_host
- field: Connection
value: $connection_upgrade
- field: Upgrade
value: $http_upgrade
- field: X-Forwarded-For
value: $proxy_add_x_forwarded_for
connect_timeout: 3m
send_timeout: 3m
read_timeout: 3m
- template_file: http/default.conf.j2
deployment_location: "/etc/nginx/conf.d/http_{{ nginx_strfry_domain }}.conf"
backup: false
config:
servers:
- core:
server_name: "{{ nginx_strfry_domain }}"
listen:
- address: "{{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}:80"
log:
access:
- off
locations:
- location: /
rewrite:
return:
url: https://$server_name$request_uri
code: 301
- template_file: http/default.conf.j2
deployment_location: "/etc/nginx/conf.d/cast.bitcoiner.social.conf"
backup: false
config:
servers:
- core:
listen:
- address: "{{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}:443 ssl"
include:
- "/etc/nginx/acme_cast.bitcoiner.social.conf"
log:
access:
- off
locations:
- location: /
rewrite:
return:
url: "https://modusb.com$request_uri"
code: 301
- location: = /@lacosanostr/feed.xml
rewrite:
return:
url: https://modusb.com/LCN.rss
code: 301
- template_file: http/default.conf.j2
deployment_location: "/etc/nginx/conf.d/news.bitcoiner.social.conf"
backup: false
config:
servers:
- core:
listen:
- address: "{{ default_interface_ipv4_address|default(ansible_default_ipv4.address) }}:443 ssl"
include:
- "/etc/nginx/acme_news.bitcoiner.social.conf"
log:
access:
- off
locations:
- location: /
proxy:
pass: http://127.0.0.1:3000
http_version: '1.1'
set_header:
- field: Host
value: $http_host
- core:
listen:
- address: "{{ ansible_default_ipv4.address|default(ansible_all_ipv4_addresses[0]) }}:80"
log:
access:
- off
locations:
- location: /
rewrite:
return:
url: https://$server_name$request_uri
code: 301
Reference in New Issue View Git Blame Copy Permalink