mirror of
https://github.com/DO1JLR/ansible_playbook_servers.git
synced 2024-09-14 19:53:56 +02:00
38 lines
1.1 KiB
Text
38 lines
1.1 KiB
Text
|
server {
|
||
|
listen 443 ssl http2;
|
||
|
listen [::]:443 ssl http2;
|
||
|
|
||
|
server_name node-exporter.services.l3d.ch;
|
||
|
|
||
|
include snippets/tls_parameters_{{ site.name }}.snippet.conf;
|
||
|
include snippets/tls_certificate_{{ site.name }}.snippet.conf;
|
||
|
include snippets/logging_{{ site.name }}.snippet.conf;
|
||
|
|
||
|
|
||
|
location / {
|
||
|
charset utf-8;
|
||
|
proxy_pass http://localhost:9100;
|
||
|
client_max_body_size 256M;
|
||
|
proxy_read_timeout 3600;
|
||
|
proxy_set_header Host $host;
|
||
|
proxy_set_header X-Real-IP $remote_addr;
|
||
|
allow 127.0.0.1; # allow requests from localhost
|
||
|
allow ::1; # allow requests from localhost
|
||
|
allow {{ prometheus_v4 }}; # allow prometheus IPv4
|
||
|
allow {{ prometheus_v6 }}; # allow prometheus IPv6
|
||
|
deny all; # deny all other hosts
|
||
|
}
|
||
|
location /nginx_status {
|
||
|
stub_status;
|
||
|
allow 127.0.0.1; # allow requests from localhost
|
||
|
allow ::1; # allow requests from localhost
|
||
|
{% for ipv4 in ansible_all_ipv4_addresses %}
|
||
|
allow {{ ipv4 }}; # allow local ipv4 address
|
||
|
{% endfor %}
|
||
|
{% for ipv6 in ansible_all_ipv6_addresses %}
|
||
|
allow {{ ipv6 }}; # allow local ipv6 address
|
||
|
{% endfor %}
|
||
|
deny all; # deny all other hosts
|
||
|
}
|
||
|
}
|