From 562df598d0303b17e0b040411507f52f3b40d967 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <elizabeth.hunt@simponic.xyz>
Date: Wed, 3 Jan 2024 01:56:01 -0500
Subject: fix empty acl error and begin work on webserver deployments with
 nginx

---
 .../webservers/files/nijika/headscale.simponic.xyz | 48 ++++++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 roles/webservers/files/nijika/headscale.simponic.xyz

(limited to 'roles/webservers/files')

diff --git a/roles/webservers/files/nijika/headscale.simponic.xyz b/roles/webservers/files/nijika/headscale.simponic.xyz
new file mode 100644
index 0000000..442a2ac
--- /dev/null
+++ b/roles/webservers/files/nijika/headscale.simponic.xyz
@@ -0,0 +1,48 @@
+server {
+    server_name headscale.simponic.xyz;
+
+    location /web {
+        proxy_pass https://127.0.0.1:9443;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+        proxy_set_header Host $server_name;
+        proxy_redirect http:// https://;
+        proxy_buffering off;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+        add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
+    }
+
+    location / {
+        proxy_pass https://127.0.0.1:27896;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+        proxy_set_header Host $server_name;
+        proxy_redirect http:// https://;
+        proxy_buffering off;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
+        add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
+    }
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/headscale.simponic.xyz/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/headscale.simponic.xyz/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+    keepalive_timeout 70;
+}
+
+server {
+    if ($host = headscale.simponic.xyz) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+    server_name headscale.simponic.xyz;
+    listen 80;
+    return 404; # managed by Certbot
+}
-- 
cgit v1.2.3-70-g09d2