diff options
author | Christian Pointner <equinox@spreadspace.org> | 2019-10-16 01:32:03 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2019-10-16 01:32:03 +0200 |
commit | 9e8ef5133562bf4ced6eac9ad1621adb3b3c5c16 (patch) | |
tree | 5f4008367035b232405c4133107a10147b6d1f61 /roles/nginx | |
parent | sk-cloudia: add role collabora/code (diff) |
refactor nginx vhosts for nextcloud and collabora/code
Diffstat (limited to 'roles/nginx')
3 files changed, 10 insertions, 6 deletions
diff --git a/roles/nginx/base/defaults/main.yml b/roles/nginx/base/defaults/main.yml index 50920f20..f460fa91 100644 --- a/roles/nginx/base/defaults/main.yml +++ b/roles/nginx/base/defaults/main.yml @@ -8,3 +8,4 @@ nginx_snippets: - ssl - hsts - proxy-nobuff + - proxy-forward-headers diff --git a/roles/nginx/base/files/snippets/proxy-forward-headers.conf b/roles/nginx/base/files/snippets/proxy-forward-headers.conf new file mode 100644 index 00000000..01ec0d7e --- /dev/null +++ b/roles/nginx/base/files/snippets/proxy-forward-headers.conf @@ -0,0 +1,5 @@ +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-Forwarded-Ssl on; +proxy_set_header X-Forwarded-Port $server_port; diff --git a/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2 b/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2 index 0d3e1db2..1003ab88 100644 --- a/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2 +++ b/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2 @@ -28,11 +28,7 @@ server { {% endif %} proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Ssl on; - proxy_set_header X-Forwarded-Port $server_port; + include snippets/proxy-forward-headers.conf; # for websockets proxy_set_header Upgrade $http_upgrade; @@ -40,7 +36,9 @@ server { proxy_pass {{ nginx_vhost.proxy_pass }}; {% if 'proxy_redirect' in nginx_vhost %} - proxy_redirect {{ nginx_vhost.proxy_redirect.redirect }} {{ nginx_vhost.proxy_redirect.replacement }}; +{% for entry in nginx_vhost.proxy_redirect %} + proxy_redirect {{ entry.redirect }} {{ entry.replacement }}; +{% endfor %} {% endif %} } } |