make nginx vhost templates more generic

author: Christian Pointner <equinox@spreadspace.org> 2021-05-13 04:20:44 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2021-05-13 04:20:44 +0200
commit: 0410643732195626e8be8bc1b2c6fbc23b3b3cc3 (patch)
tree: 571a4fcdcdac29801091a1dd0d50b4248a178cf0 /chaos-at-home
parent: install binwalk to ch-equinox-* (diff)
1 files changed, 24 insertions, 17 deletions
diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml
index 9b731bfb..507e8906 100644
--- a/chaos-at-home/ch-http-proxy.yml
+++ b/chaos-at-home/ch-http-proxy.yml
@@ -111,10 +111,12 @@
         acme: yes
         hostnames:
         - passwd.chaos-at-home.org
-        proxy_pass: "https://{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-auth-legacy']) | ipaddr('address') }}/"
-        proxy_ssl:
-          verify: "on"
-          trusted_certificate: /etc/ssl/whawty-auth-ca/ca.pem
+        locations:
+          '/':
+            proxy_pass: "https://{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-auth-legacy']) | ipaddr('address') }}/"
+            proxy_ssl:
+              verify: "on"
+              trusted_certificate: /etc/ssl/whawty-auth-ca/ca.pem
       acmetool_cert_config:
         request:
           challenge:
@@ -176,13 +178,16 @@
         acme: yes
         hostnames:
         - webmail.chaos-at-home.org
-        client_max_body_size: "200M"
-        proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/"
-        proxy_ssl:
-          verify: "on"
-          trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem
-          protocols: TLSv1
-          ciphers: "DEFAULT@SECLEVEL=1"
+        locations:
+          '/':
+            proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/"
+            proxy_ssl:
+              verify: "on"
+              trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem
+              protocols: TLSv1
+              ciphers: "DEFAULT@SECLEVEL=1"
+            extra_directives: |-
+              client_max_body_size 200M;
       acmetool_cert_config:
         request:
           challenge:
@@ -198,12 +203,14 @@
         acme: yes
         hostnames:
         - webdav.chaos-at-home.org
-        proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/"
-        proxy_ssl:
-          verify: "on"
-          trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem
-          protocols: TLSv1
-          ciphers: "DEFAULT@SECLEVEL=1"
+        locations:
+          '/':
+            proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/"
+            proxy_ssl:
+              verify: "on"
+              trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem
+              protocols: TLSv1
+              ciphers: "DEFAULT@SECLEVEL=1"
       acmetool_cert_config:
         request:
           challenge:
author	Christian Pointner <equinox@spreadspace.org>	2021-05-13 04:20:44 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2021-05-13 04:20:44 +0200
commit	0410643732195626e8be8bc1b2c6fbc23b3b3cc3 (patch)
tree	571a4fcdcdac29801091a1dd0d50b4248a178cf0 /chaos-at-home
parent	install binwalk to ch-equinox-* (diff)