Add openvpn setup
This commit is contained in:
parent
f22e5301aa
commit
49ee39baba
26 changed files with 1684 additions and 4 deletions
53
templates/nginx/default.j2
Normal file
53
templates/nginx/default.j2
Normal file
|
|
@ -0,0 +1,53 @@
|
|||
##
|
||||
# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||
#
|
||||
# You should look at the following URL's in order to grasp a solid understanding
|
||||
# of Nginx configuration files in order to fully unleash the power of Nginx.
|
||||
# https://www.nginx.com/resources/wiki/start/
|
||||
# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
|
||||
# https://wiki.debian.org/Nginx/DirectoryStructure
|
||||
#
|
||||
# In most cases, administrators will remove this file from sites-enabled/ and
|
||||
# leave it as reference inside of sites-available where it will continue to be
|
||||
# updated by the nginx packaging team.
|
||||
#
|
||||
# This file will automatically load configuration files provided by other
|
||||
# applications, such as Drupal or Wordpress. These applications will be made
|
||||
# available underneath a path with that package name, such as /drupal8.
|
||||
#
|
||||
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
|
||||
##
|
||||
|
||||
# Default server configuration
|
||||
#
|
||||
server {
|
||||
# HTTP configuration
|
||||
listen {{ http_port }} default_server;
|
||||
|
||||
# SSL configuration
|
||||
listen {{ https_port }} ssl;
|
||||
server_name {{ domain_name }} www.{{ domain_name }};
|
||||
|
||||
include snippets/certificates.conf;
|
||||
include snippets/ssl-params.conf;
|
||||
|
||||
root /var/www/html;
|
||||
|
||||
index index.html index.htm index.nginx-debian.html;
|
||||
|
||||
error_log /var/log/nginx/error.log;
|
||||
access_log /var/log/nginx/access.log;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location = /robots.txt {
|
||||
add_header Content-Type text/plain;
|
||||
return 200 "User-agent: *\nDisallow: /\n";
|
||||
}
|
||||
|
||||
if ($scheme != "https") {
|
||||
return 301 https://$host$request_uri;
|
||||
}
|
||||
}
|
||||
29
templates/nginx/gitlab.j2
Normal file
29
templates/nginx/gitlab.j2
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||
|
||||
server {
|
||||
listen {{ https_port }} ssl;
|
||||
server_name {{ gitlab_domain }};
|
||||
|
||||
include snippets/certificates.conf;
|
||||
include snippets/ssl-params.conf;
|
||||
|
||||
access_log /var/log/nginx/gitlab.log;
|
||||
error_log /var/log/nginx/gitlab.log;
|
||||
|
||||
location / {
|
||||
gzip off;
|
||||
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_redirect off;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||||
|
||||
proxy_pass https://{{ gitlab_ip }};
|
||||
}
|
||||
}
|
||||
29
templates/nginx/sentry.j2
Normal file
29
templates/nginx/sentry.j2
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||
|
||||
server {
|
||||
listen {{ https_port }} ssl;
|
||||
server_name {{ sentry_domain }};
|
||||
|
||||
include snippets/certificates.conf;
|
||||
include snippets/ssl-params.conf;
|
||||
|
||||
access_log /var/log/nginx/sentry.log;
|
||||
error_log /var/log/nginx/sentry.log;
|
||||
|
||||
location / {
|
||||
gzip off;
|
||||
|
||||
proxy_read_timeout 90;
|
||||
proxy_connect_timeout 90;
|
||||
proxy_redirect off;
|
||||
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Ssl on;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Frame-Options SAMEORIGIN;
|
||||
|
||||
proxy_pass https://{{ sentry_ip }};
|
||||
}
|
||||
}
|
||||
32
templates/nginx/vpn.j2
Normal file
32
templates/nginx/vpn.j2
Normal file
|
|
@ -0,0 +1,32 @@
|
|||
# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
|
||||
|
||||
server {
|
||||
listen {{ vpn_listen_address }}:{{ https_port }} ssl;
|
||||
ssl_certificate /etc/ssl/localcerts/nginx.pem;
|
||||
ssl_certificate_key /etc/ssl/localcerts/nginx.key;
|
||||
ssl_protocols TLSv1.2;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
|
||||
access_log /var/log/nginx/vpn.log;
|
||||
error_log /var/log/nginx/vpn_error.log;
|
||||
|
||||
location /radicale/ {
|
||||
proxy_pass https://127.0.0.1:{{ radicale_port }}/;
|
||||
|
||||
proxy_set_header X-Script-Name /radicale;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Remote-User $remote_user;
|
||||
proxy_pass_header Authorization;
|
||||
|
||||
auth_basic "Radicale - Password Required";
|
||||
auth_basic_user_file /etc/nginx/radicale/htpasswd;
|
||||
|
||||
proxy_ssl_certificate /etc/ssl/localcerts/radicale/client_cert.pem;
|
||||
proxy_ssl_certificate_key /etc/ssl/localcerts/radicale/client_key.pem;
|
||||
proxy_ssl_trusted_certificate /etc/ssl/localcerts/radicale/server_cert.pem;
|
||||
}
|
||||
|
||||
location /transmission/ {
|
||||
proxy_pass http://127.0.0.1:{{ transmission_port }}/transmission/;
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue