From 8b2f8441ccb110427078e47c76a8098f2677a54d Mon Sep 17 00:00:00 2001 From: Trygve Laugstøl Date: Thu, 30 Aug 2018 10:15:35 +0200 Subject: o Adding rosin and numquam. o Adding unattended-upgrades. --- .../templates/etc/nginx/sites-enabled/rosin.j2 | 52 ++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 ansible/roles/rosin/templates/etc/nginx/sites-enabled/rosin.j2 (limited to 'ansible/roles/rosin/templates/etc/nginx/sites-enabled') diff --git a/ansible/roles/rosin/templates/etc/nginx/sites-enabled/rosin.j2 b/ansible/roles/rosin/templates/etc/nginx/sites-enabled/rosin.j2 new file mode 100644 index 0000000..a67899c --- /dev/null +++ b/ansible/roles/rosin/templates/etc/nginx/sites-enabled/rosin.j2 @@ -0,0 +1,52 @@ +# Managed by Ansible + +server { + server_name numquam.trygvis.io; + +# listen 443 default_server ssl; +# include /etc/letsencrypt/options-ssl-nginx.conf; +# ssl_certificate /etc/letsencrypt/live/numquam.trygvis.io/fullchain.pem; # managed by Certbot +# ssl_certificate_key /etc/letsencrypt/live/numquam.trygvis.io/privkey.pem; # managed by Certbot +# ssl_trusted_certificate /etc/letsencrypt/live/numquam.trygvis.io/fullchain.pem; + + listen 80 default_server; + + location / { + # Pløens gate 4 + allow 77.40.158.96/27; + allow 2001:840:4b0b::/48; + + # Cloudflare + allow 2400:cb00::/32; + allow 2405:8100::/32; + allow 2405:b500::/32; + allow 2606:4700::/32; + allow 2803:f800::/32; + allow 2c0f:f248::/32; + allow 2a06:98c0::/29; + allow 103.21.244.0/22; + allow 103.22.200.0/22; + allow 103.31.4.0/22; + allow 104.16.0.0/12; + allow 108.162.192.0/18; + allow 131.0.72.0/22; + allow 141.101.64.0/18; + allow 162.158.0.0/15; + allow 172.64.0.0/13; + allow 173.245.48.0/20; + allow 188.114.96.0/20; + allow 190.93.240.0/20; + allow 197.234.240.0/22; + allow 198.41.128.0/17; + + deny all; + try_files $uri @proxy; + } + + location @proxy { + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass http://127.0.0.1:{{ rosin.http_port }}; + } +} -- cgit v1.2.3