diff options
Diffstat (limited to 'chaos-at-home/ch-http-proxy.yml')
-rw-r--r-- | chaos-at-home/ch-http-proxy.yml | 41 |
1 files changed, 24 insertions, 17 deletions
diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml index 9b731bfb..507e8906 100644 --- a/chaos-at-home/ch-http-proxy.yml +++ b/chaos-at-home/ch-http-proxy.yml @@ -111,10 +111,12 @@ acme: yes hostnames: - passwd.chaos-at-home.org - proxy_pass: "https://{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-auth-legacy']) | ipaddr('address') }}/" - proxy_ssl: - verify: "on" - trusted_certificate: /etc/ssl/whawty-auth-ca/ca.pem + locations: + '/': + proxy_pass: "https://{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-auth-legacy']) | ipaddr('address') }}/" + proxy_ssl: + verify: "on" + trusted_certificate: /etc/ssl/whawty-auth-ca/ca.pem acmetool_cert_config: request: challenge: @@ -176,13 +178,16 @@ acme: yes hostnames: - webmail.chaos-at-home.org - client_max_body_size: "200M" - proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/" - proxy_ssl: - verify: "on" - trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem - protocols: TLSv1 - ciphers: "DEFAULT@SECLEVEL=1" + locations: + '/': + proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/" + proxy_ssl: + verify: "on" + trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem + protocols: TLSv1 + ciphers: "DEFAULT@SECLEVEL=1" + extra_directives: |- + client_max_body_size 200M; acmetool_cert_config: request: challenge: @@ -198,12 +203,14 @@ acme: yes hostnames: - webdav.chaos-at-home.org - proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/" - proxy_ssl: - verify: "on" - trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem - protocols: TLSv1 - ciphers: "DEFAULT@SECLEVEL=1" + locations: + '/': + proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/" + proxy_ssl: + verify: "on" + trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem + protocols: TLSv1 + ciphers: "DEFAULT@SECLEVEL=1" acmetool_cert_config: request: challenge: |