1 files changed, 24 insertions, 17 deletions

diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml
index 9b731bfb..507e8906 100644
--- a/chaos-at-home/ch-http-proxy.yml
+++ b/chaos-at-home/ch-http-proxy.yml
@@ -111,10 +111,12 @@
         acme: yes
         hostnames:
         - passwd.chaos-at-home.org
-        proxy_pass: "https://{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-auth-legacy']) | ipaddr('address') }}/"
-        proxy_ssl:
-          verify: "on"
-          trusted_certificate: /etc/ssl/whawty-auth-ca/ca.pem
+        locations:
+          '/':
+            proxy_pass: "https://{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-auth-legacy']) | ipaddr('address') }}/"
+            proxy_ssl:
+              verify: "on"
+              trusted_certificate: /etc/ssl/whawty-auth-ca/ca.pem
       acmetool_cert_config:
         request:
           challenge:
@@ -176,13 +178,16 @@
         acme: yes
         hostnames:
         - webmail.chaos-at-home.org
-        client_max_body_size: "200M"
-        proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/"
-        proxy_ssl:
-          verify: "on"
-          trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem
-          protocols: TLSv1
-          ciphers: "DEFAULT@SECLEVEL=1"
+        locations:
+          '/':
+            proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/"
+            proxy_ssl:
+              verify: "on"
+              trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem
+              protocols: TLSv1
+              ciphers: "DEFAULT@SECLEVEL=1"
+            extra_directives: |-
+              client_max_body_size 200M;
       acmetool_cert_config:
         request:
           challenge:
@@ -198,12 +203,14 @@
         acme: yes
         hostnames:
         - webdav.chaos-at-home.org
-        proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/"
-        proxy_ssl:
-          verify: "on"
-          trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem
-          protocols: TLSv1
-          ciphers: "DEFAULT@SECLEVEL=1"
+        locations:
+          '/':
+            proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/"
+            proxy_ssl:
+              verify: "on"
+              trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem
+              protocols: TLSv1
+              ciphers: "DEFAULT@SECLEVEL=1"
       acmetool_cert_config:
         request:
           challenge: