diff options
| author | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-01-03 01:56:01 -0500 |
|---|---|---|
| committer | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-01-03 01:56:01 -0500 |
| commit | 562df598d0303b17e0b040411507f52f3b40d967 (patch) | |
| tree | 40fea767bfd592b372bafe4e7ec96ee0729b94b3 /roles/webservers/files/nijika | |
| parent | edf638080a2e9e584cf7a3042350d5eea1a3f65d (diff) | |
| download | oldinfra-562df598d0303b17e0b040411507f52f3b40d967.tar.gz oldinfra-562df598d0303b17e0b040411507f52f3b40d967.zip | |
fix empty acl error and begin work on webserver deployments with nginx
Diffstat (limited to 'roles/webservers/files/nijika')
| -rw-r--r-- | roles/webservers/files/nijika/headscale.simponic.xyz | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/roles/webservers/files/nijika/headscale.simponic.xyz b/roles/webservers/files/nijika/headscale.simponic.xyz new file mode 100644 index 0000000..442a2ac --- /dev/null +++ b/roles/webservers/files/nijika/headscale.simponic.xyz @@ -0,0 +1,48 @@ +server { + server_name headscale.simponic.xyz; + + location /web { + proxy_pass https://127.0.0.1:9443; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $server_name; + proxy_redirect http:// https://; + proxy_buffering off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; + } + + location / { + proxy_pass https://127.0.0.1:27896; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $server_name; + proxy_redirect http:// https://; + proxy_buffering off; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; + add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; + } + + listen 443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/headscale.simponic.xyz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/headscale.simponic.xyz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + keepalive_timeout 70; +} + +server { + if ($host = headscale.simponic.xyz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + server_name headscale.simponic.xyz; + listen 80; + return 404; # managed by Certbot +} |