diff options
-rw-r--r-- | chaos-at-home/ch-equinox-ws.yml | 23 | ||||
-rw-r--r-- | chaos-at-home/ch-http-proxy.yml | 41 | ||||
-rw-r--r-- | inventory/host_vars/ch-epimetheus.yml | 14 | ||||
-rw-r--r-- | inventory/host_vars/ch-equinox-t450s.yml | 1 | ||||
-rw-r--r-- | inventory/host_vars/ch-equinox-ws.yml | 1 | ||||
-rw-r--r-- | inventory/host_vars/ch-jump.yml | 3 | ||||
-rw-r--r-- | inventory/host_vars/sgg-icecast.yml | 2 | ||||
-rw-r--r-- | inventory/host_vars/sk-cloudio/vars.yml | 2 | ||||
-rw-r--r-- | inventory/host_vars/sk-tomnext-nc.yml | 2 | ||||
-rw-r--r-- | roles/apps/jitsi/meet/tasks/main.yml | 7 | ||||
-rw-r--r-- | roles/apps/keycloak/tasks/main.yml | 7 | ||||
-rw-r--r-- | roles/apps/nextcloud/tasks/main.yml | 17 | ||||
-rw-r--r-- | roles/apps/onlyoffice/tasks/main.yml | 7 | ||||
-rw-r--r-- | roles/elevate/liquidtruth/tasks/main.yml | 4 | ||||
-rw-r--r-- | roles/monitoring/grafana/tasks/main.yml | 7 | ||||
-rw-r--r-- | roles/nginx/vhost/defaults/main.yml | 24 | ||||
-rw-r--r-- | roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2 | 44 | ||||
-rw-r--r-- | roles/nginx/vhost/templates/generic-proxy-no-buffering.conf.j2 | 32 | ||||
-rw-r--r-- | spreadspace/sgg-icecast.yml | 5 |
19 files changed, 156 insertions, 87 deletions
diff --git a/chaos-at-home/ch-equinox-ws.yml b/chaos-at-home/ch-equinox-ws.yml index f5cbd4cf..3cabbaeb 100644 --- a/chaos-at-home/ch-equinox-ws.yml +++ b/chaos-at-home/ch-equinox-ws.yml @@ -34,3 +34,26 @@ fstype: nfs4 opts: nodev,x-systemd.automount,nofail state: mounted + + - name: create pulse daemon config directory + file: + path: /etc/pulse/daemon.conf.d + state: directory + + - name: force pulseaudio sample rates to 48kHz (workadournd for Motu M4) + copy: + content: | + resample-method = speex-float-10 + avoid-resampling = false + + default-sample-format = float32le + default-sample-rate = 48000 + alternate-sample-rate = 48000 + dest: /etc/pulse/daemon.conf.d/motu-m4.conf + + - name: disable USB Powermanagement for Motu M4 + copy: + content: | + ## workaround for spurious audio issues with Motu M4 + ATTRS{idVendor}=="07fd", ATTRS{idProduct}=="0008", ATTR{power/control}="on", ATTR{power/persist}="0" + dest: /etc/udev/rules.d/90-motu-m4-power.rules diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml index 9b731bfb..507e8906 100644 --- a/chaos-at-home/ch-http-proxy.yml +++ b/chaos-at-home/ch-http-proxy.yml @@ -111,10 +111,12 @@ acme: yes hostnames: - passwd.chaos-at-home.org - proxy_pass: "https://{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-auth-legacy']) | ipaddr('address') }}/" - proxy_ssl: - verify: "on" - trusted_certificate: /etc/ssl/whawty-auth-ca/ca.pem + locations: + '/': + proxy_pass: "https://{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-auth-legacy']) | ipaddr('address') }}/" + proxy_ssl: + verify: "on" + trusted_certificate: /etc/ssl/whawty-auth-ca/ca.pem acmetool_cert_config: request: challenge: @@ -176,13 +178,16 @@ acme: yes hostnames: - webmail.chaos-at-home.org - client_max_body_size: "200M" - proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/" - proxy_ssl: - verify: "on" - trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem - protocols: TLSv1 - ciphers: "DEFAULT@SECLEVEL=1" + locations: + '/': + proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/" + proxy_ssl: + verify: "on" + trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem + protocols: TLSv1 + ciphers: "DEFAULT@SECLEVEL=1" + extra_directives: |- + client_max_body_size 200M; acmetool_cert_config: request: challenge: @@ -198,12 +203,14 @@ acme: yes hostnames: - webdav.chaos-at-home.org - proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/" - proxy_ssl: - verify: "on" - trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem - protocols: TLSv1 - ciphers: "DEFAULT@SECLEVEL=1" + locations: + '/': + proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/" + proxy_ssl: + verify: "on" + trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem + protocols: TLSv1 + ciphers: "DEFAULT@SECLEVEL=1" acmetool_cert_config: request: challenge: diff --git a/inventory/host_vars/ch-epimetheus.yml b/inventory/host_vars/ch-epimetheus.yml index 6ade6af4..147c22ff 100644 --- a/inventory/host_vars/ch-epimetheus.yml +++ b/inventory/host_vars/ch-epimetheus.yml @@ -22,18 +22,18 @@ apt_repo_components: luks_volumes: - # crypto-sata0: - # passphrase: "{{ vault_luks_volumes['crypto-sata0'].passphrase }}" - # device: /dev/disk/by-id/ata-WDC_WD30EFRX-68AX9N0_WD-WMC1T1674991 + crypto-sata0: + passphrase: "{{ vault_luks_volumes['crypto-sata0'].passphrase }}" + device: /dev/disk/by-id/ata-WDC_WD30EFRX-68EUZN0_WD-WCC4N6ZP3KFJ crypto-sata1: passphrase: "{{ vault_luks_volumes['crypto-sata1'].passphrase }}" - device: /dev/disk/by-id/ata-WDC_WD30EFRX-68AX9N0_WD-WMC1T1357355 + device: /dev/disk/by-id/ata-ST4000VN008-2DR166_ZGY976JP crypto-sata2: passphrase: "{{ vault_luks_volumes['crypto-sata2'].passphrase }}" device: /dev/disk/by-id/ata-WDC_WD30EFRX-68AX9N0_WD-WMC1T1522231 crypto-sata3: passphrase: "{{ vault_luks_volumes['crypto-sata3'].passphrase }}" - device: /dev/disk/by-id/ata-WDC_WD30EFRX-68AX9N0_WD-WMC1T1696205 + device: /dev/disk/by-id/ata-ST4000VN008-2DR166_ZGY9802C zfs_arc_size: @@ -43,8 +43,7 @@ zfs_arc_size: zfs_pools: backup: mountpoint: /srv/backup -# create_vdevs: raidz /dev/mapper/crypto-sata0 /dev/mapper/crypto-sata1 /dev/mapper/crypto-sata2 /dev/mapper/crypto-sata3 - create_vdevs: raidz /dev/mapper/crypto-sata1 /dev/mapper/crypto-sata2 /dev/mapper/crypto-sata3 + create_vdevs: raidz /dev/mapper/crypto-sata0 /dev/mapper/crypto-sata1 /dev/mapper/crypto-sata2 /dev/mapper/crypto-sata3 zfs_sanoid_templates: @@ -88,7 +87,6 @@ zfs_syncoid_sources: recursive: yes skip_parent: yes exclude: - - '^storage/backups' - '^storage/vm' 'ch-equinox-t450s': ssh_hostname: 192.168.28.103 diff --git a/inventory/host_vars/ch-equinox-t450s.yml b/inventory/host_vars/ch-equinox-t450s.yml index 28ac168c..14773889 100644 --- a/inventory/host_vars/ch-equinox-t450s.yml +++ b/inventory/host_vars/ch-equinox-t450s.yml @@ -76,6 +76,7 @@ ws_base_extra_packages: - avr-libc - avrdude - binutils-avr + - binwalk - bison - build-essential - cheese diff --git a/inventory/host_vars/ch-equinox-ws.yml b/inventory/host_vars/ch-equinox-ws.yml index ffb12845..8f4b709e 100644 --- a/inventory/host_vars/ch-equinox-ws.yml +++ b/inventory/host_vars/ch-equinox-ws.yml @@ -76,6 +76,7 @@ ws_base_extra_packages: - avr-libc - avrdude - binutils-avr + - binwalk - bison - build-essential - cheese diff --git a/inventory/host_vars/ch-jump.yml b/inventory/host_vars/ch-jump.yml index 5c041670..3152435e 100644 --- a/inventory/host_vars/ch-jump.yml +++ b/inventory/host_vars/ch-jump.yml @@ -43,3 +43,6 @@ sshd_jump_users: authorized_keys: "{{ users.equinox.ssh }}" spel: authorized_keys: "{{ users.spel.ssh }}" + fim: + authorized_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzW8lF2i036gsT2BHaOzpHLZUZkit5FsoYHWaiuc9xmruuhzHDzADV17RBMckaIkXRmPnC4I3AZdfFO+RO/7bBdDMAOTw9eyKAcqVWEaR3JDc8C+TFSj8HKRi52jrRXsGD1epJFmhwOFV4VdMXKGlnLrEpTBKn+ZPf6x6bm5pDSfVR3U9nTuXNT/vs+FkrJPvkUZ3iA1cAnK8cRd7Dkasrob9YiskwhWDLSS0bmvTUZatQUqrfUmVcXQqyCkqvHhbOVdYx+gWsjpKHuykSyQEqLTBRzb9UmvzCRjN7sq+QoMRv/CoT1cQjAsgHk4D2tadXuNvRqTgLqrifwK4F3XnCfR+29twm4wSKY+6NKjHjECvJ63JcBFu3jHLXN3ph4va9Tfegkt07W7pdnfrqYxp7veCTyufuByMmReo8s1dwNb2nuBS0HN7Unv2x42ClAzox60QJFgf4sOFCVvJPzhr4mO3ZXahuR75VPYHmsp3TGJZ8RekNyZspD9KWw3FuRiNsYHP/QEFI0gg7X0w7rRQ2CaALA6NGmko0nyTo8CiRkMWVY8rhwJiQ1Eb+mQRW0Y35yqegw3oG/OHEEYIoKD8/Or4KqmrBzGRmFogDjEGmB91iO8XxwfrR+RD3kY34xSr7FXVIYFMK1b3Y4GJ80z6CzU7C2M80wxRww8hqRO1AIw== fim@digl012 diff --git a/inventory/host_vars/sgg-icecast.yml b/inventory/host_vars/sgg-icecast.yml index 2c279e30..cab24c65 100644 --- a/inventory/host_vars/sgg-icecast.yml +++ b/inventory/host_vars/sgg-icecast.yml @@ -52,7 +52,7 @@ kubelet_storage: size: 2G fs: ext4 -kubernetes_version: 1.21.0 +kubernetes_version: 1.21.1 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 42 kubernetes_standalone_cni_variant: with-portmap diff --git a/inventory/host_vars/sk-cloudio/vars.yml b/inventory/host_vars/sk-cloudio/vars.yml index 64e651f3..d492fbdb 100644 --- a/inventory/host_vars/sk-cloudio/vars.yml +++ b/inventory/host_vars/sk-cloudio/vars.yml @@ -64,7 +64,7 @@ kubelet_storage: properties: quota: 20G -kubernetes_version: 1.20.5 +kubernetes_version: 1.21.1 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 100 kubernetes_standalone_pod_cidr: 192.168.255.0/24 diff --git a/inventory/host_vars/sk-tomnext-nc.yml b/inventory/host_vars/sk-tomnext-nc.yml index 5f89a32c..57c79ba2 100644 --- a/inventory/host_vars/sk-tomnext-nc.yml +++ b/inventory/host_vars/sk-tomnext-nc.yml @@ -94,7 +94,7 @@ kubelet_storage: properties: quota: 15G -kubernetes_version: 1.20.5 +kubernetes_version: 1.21.1 kubernetes_container_runtime: docker kubernetes_standalone_max_pods: 15 kubernetes_standalone_pod_cidr: 192.168.255.0/24 diff --git a/roles/apps/jitsi/meet/tasks/main.yml b/roles/apps/jitsi/meet/tasks/main.yml index f85fd572..8fcef577 100644 --- a/roles/apps/jitsi/meet/tasks/main.yml +++ b/roles/apps/jitsi/meet/tasks/main.yml @@ -40,7 +40,10 @@ acme: true hostnames: - "{{ jitsi_meet_hostname }}" - client_max_body_size: "0" - proxy_pass: "http://127.0.0.1:{{ jitsi_meet_http_port }}" + locations: + '/': + proxy_pass: "http://127.0.0.1:{{ jitsi_meet_http_port }}" + extra_directives: |- + client_max_body_size 0; include_role: name: nginx/vhost diff --git a/roles/apps/keycloak/tasks/main.yml b/roles/apps/keycloak/tasks/main.yml index b5a756d0..3df78018 100644 --- a/roles/apps/keycloak/tasks/main.yml +++ b/roles/apps/keycloak/tasks/main.yml @@ -99,7 +99,10 @@ acme: true hostnames: - "{{ item.value.hostname }}" - client_max_body_size: "0" - proxy_pass: "http://127.0.0.1:{{ item.value.port }}/auth/" + locations: + '/': + proxy_pass: "http://127.0.0.1:{{ item.value.port }}/auth/" + extra_directives: |- + client_max_body_size 0; include_role: name: nginx/vhost diff --git a/roles/apps/nextcloud/tasks/main.yml b/roles/apps/nextcloud/tasks/main.yml index 474d0d88..8d930b9a 100644 --- a/roles/apps/nextcloud/tasks/main.yml +++ b/roles/apps/nextcloud/tasks/main.yml @@ -162,13 +162,16 @@ template: generic-proxy-no-buffering-with-acme acme: true hostnames: "{{ item.value.hostnames }}" - client_max_body_size: "0" - proxy_pass: "http://127.0.0.1:{{ item.value.port }}" - proxy_redirect: - - redirect: "http://$host/" - replacement: "https://$host/" - - redirect: "http://$host:8080/" - replacement: "https://$host/" + locations: + '/': + proxy_pass: "http://127.0.0.1:{{ item.value.port }}" + proxy_redirect: + - redirect: "http://$host/" + replacement: "https://$host/" + - redirect: "http://$host:8080/" + replacement: "https://$host/" + extra_directives: |- + client_max_body_size 0; include_role: name: nginx/vhost diff --git a/roles/apps/onlyoffice/tasks/main.yml b/roles/apps/onlyoffice/tasks/main.yml index da253a77..bde60e5b 100644 --- a/roles/apps/onlyoffice/tasks/main.yml +++ b/roles/apps/onlyoffice/tasks/main.yml @@ -143,7 +143,10 @@ acme: true hostnames: - "{{ item.value.hostname }}" - client_max_body_size: "0" - proxy_pass: "http://127.0.0.1:{{ item.value.port }}" + locations: + '/': + proxy_pass: "http://127.0.0.1:{{ item.value.port }}" + extra_directives: |- + client_max_body_size 0; include_role: name: nginx/vhost diff --git a/roles/elevate/liquidtruth/tasks/main.yml b/roles/elevate/liquidtruth/tasks/main.yml index 6bb00821..2c61f372 100644 --- a/roles/elevate/liquidtruth/tasks/main.yml +++ b/roles/elevate/liquidtruth/tasks/main.yml @@ -20,7 +20,9 @@ template: generic-proxy-no-buffering-with-acme acme: true hostnames: "{{ liquidtruth_hostnames }}" - proxy_pass: "http://127.0.0.1:8080" + locations: + '/': + proxy_pass: "http://127.0.0.1:8080" - name: create app user user: diff --git a/roles/monitoring/grafana/tasks/main.yml b/roles/monitoring/grafana/tasks/main.yml index 87f16bd0..2e7594ec 100644 --- a/roles/monitoring/grafana/tasks/main.yml +++ b/roles/monitoring/grafana/tasks/main.yml @@ -65,7 +65,10 @@ template: generic-proxy-no-buffering hostnames: - "_" - client_max_body_size: "0" - proxy_pass: "http://127.0.0.1:{{ grafana_config_server.http_port | default(3000) }}" + locations: + '/': + proxy_pass: "http://127.0.0.1:{{ grafana_config_server.http_port | default(3000) }}" + extra_directives: |- + client_max_body_size 0; include_role: name: nginx/vhost diff --git a/roles/nginx/vhost/defaults/main.yml b/roles/nginx/vhost/defaults/main.yml index b5de1fad..233015be 100644 --- a/roles/nginx/vhost/defaults/main.yml +++ b/roles/nginx/vhost/defaults/main.yml @@ -7,15 +7,21 @@ # hostnames: # - example.com # - www.example.com -# proxy_pass: http://127.0.0.1:8080 -# proxy_redirect: -# - redirect: "http://$host/" -# replacement: "https://$host/" -# - redirect: "http://$host:8080/" -# replacement: "https://$host/" -# proxy_ssl: -# verify: on -# trusted_certificate: /path/to/ca.pem +# extra_directives: |- +# add_header X-Example-Header "foo"; +# locations: +# '/': +# proxy_pass: http://127.0.0.1:8080 +# proxy_redirect: +# - redirect: "http://$host/" +# replacement: "https://$host/" +# - redirect: "http://$host:8080/" +# replacement: "https://$host/" +# extra_directives: |- +# add_header X-Example-Header "foo"; +# proxy_ssl: +# verify: on +# trusted_certificate: /path/to/ca.pem # nginx_vhost: # name: other-example diff --git a/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2 b/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2 index f74f920b..fe6cb70b 100644 --- a/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2 +++ b/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2 @@ -1,6 +1,6 @@ server { - listen 80; - listen [::]:80; + listen 80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; + listen [::]:80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; server_name {{ nginx_vhost.hostnames | join(' ') }}; include snippets/acmetool.conf; @@ -11,8 +11,8 @@ server { } server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; + listen [::]:443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; server_name {{ nginx_vhost.hostnames | join(' ') }}; include snippets/acmetool.conf; @@ -21,12 +21,13 @@ server { ssl_certificate_key /var/lib/acme/live/{{ nginx_vhost.hostnames[0] }}/privkey; include snippets/hsts.conf; - location / { - include snippets/proxy-nobuff.conf; -{% if 'client_max_body_size' in nginx_vhost %} - client_max_body_size {{ nginx_vhost.client_max_body_size }}; -{% endif %} +{% if 'extra_directives' in nginx_vhost %} + {{ nginx_vhost.extra_directives | indent(4) }} +{% endif %} +{% for path, location in nginx_vhost.locations.items() %} + location {{ path }} { + include snippets/proxy-nobuff.conf; proxy_set_header Host $host; include snippets/proxy-forward-headers.conf; @@ -34,16 +35,21 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; - proxy_pass {{ nginx_vhost.proxy_pass }}; -{% if 'proxy_redirect' in nginx_vhost %} -{% for entry in nginx_vhost.proxy_redirect %} + proxy_pass {{ location.proxy_pass }}; +{% if 'proxy_redirect' in location %} +{% for entry in location.proxy_redirect %} proxy_redirect {{ entry.redirect }} {{ entry.replacement }}; -{% endfor %} -{% endif %} -{% if 'proxy_ssl' in nginx_vhost %} -{% for prop in (nginx_vhost.proxy_ssl | list | sort) %} - proxy_ssl_{{ prop }} {{ nginx_vhost.proxy_ssl[prop] }}; -{% endfor %} -{% endif %} +{% endfor %} +{% endif %} +{% if 'proxy_ssl' in location %} +{% for prop in (location.proxy_ssl | list | sort) %} + proxy_ssl_{{ prop }} {{ location.proxy_ssl[prop] }}; +{% endfor %} +{% endif %} +{% if 'extra_directives' in location %} + + {{ location.extra_directives | indent(8) }} +{% endif %} } +{% endfor %} } diff --git a/roles/nginx/vhost/templates/generic-proxy-no-buffering.conf.j2 b/roles/nginx/vhost/templates/generic-proxy-no-buffering.conf.j2 index 10697441..2a74697e 100644 --- a/roles/nginx/vhost/templates/generic-proxy-no-buffering.conf.j2 +++ b/roles/nginx/vhost/templates/generic-proxy-no-buffering.conf.j2 @@ -1,14 +1,15 @@ server { - listen 80; - listen [::]:80; + listen 80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; + listen [::]:80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; server_name {{ nginx_vhost.hostnames | join(' ') }}; - location / { - include snippets/proxy-nobuff.conf; -{% if 'client_max_body_size' in nginx_vhost %} - client_max_body_size {{ nginx_vhost.client_max_body_size }}; -{% endif %} +{% if 'extra_directives' in nginx_vhost %} + {{ nginx_vhost.extra_directives | indent(4) }} +{% endif %} +{% for path, location in nginx_vhost.locations.items() %} + location {{ path }} { + include snippets/proxy-nobuff.conf; proxy_set_header Host $host; include snippets/proxy-forward-headers.conf; @@ -16,16 +17,21 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; - proxy_pass {{ nginx_vhost.proxy_pass }}; -{% if 'proxy_redirect' in nginx_vhost %} -{% for entry in nginx_vhost.proxy_redirect %} + proxy_pass {{ location.proxy_pass }}; +{% if 'proxy_redirect' in location %} +{% for entry in location.proxy_redirect %} proxy_redirect {{ entry.redirect }} {{ entry.replacement }}; {% endfor %} {% endif %} -{% if 'proxy_ssl' in nginx_vhost %} -{% for prop in (nginx_vhost.proxy_ssl | list | sort) %} - proxy_ssl_{{ prop }} {{ nginx_vhost.proxy_ssl[prop] }}; +{% if 'proxy_ssl' in location %} +{% for prop in (location.proxy_ssl | list | sort) %} + proxy_ssl_{{ prop }} {{ location.proxy_ssl[prop] }}; {% endfor %} +{% endif %} +{% if 'extra_directives' in location %} + + {{ location.extra_directives | indent(8) }} {% endif %} } +{% endfor %} } diff --git a/spreadspace/sgg-icecast.yml b/spreadspace/sgg-icecast.yml index 9594da27..c7ade2af 100644 --- a/spreadspace/sgg-icecast.yml +++ b/spreadspace/sgg-icecast.yml @@ -46,13 +46,14 @@ - name: configure default vhost live.radiogloria.at vars: nginx_vhost: - default: yes name: radio-stream template: generic-proxy-no-buffering-with-acme acme: yes hostnames: - live.radiogloria.at - proxy_pass: http://127.0.0.1:8080 + locations: + '/': + proxy_pass: http://127.0.0.1:8080 include_role: name: nginx/vhost |