diff --git a/host_vars/services.l3d.space/vars.yml b/host_vars/services.l3d.space/vars.yml index bd7cf1c..01ff621 100644 --- a/host_vars/services.l3d.space/vars.yml +++ b/host_vars/services.l3d.space/vars.yml @@ -4,6 +4,8 @@ acme_domain_unwant_list: [] nginx_sites: - name: 'etebase.l3d.ch' + - name: 'grafana.l3d.ch' + - name: 'www.grafana.l3d.ch' acme_notification_email: "{{ _acme_notification_email }}" diff --git a/templates/files/nginx/sites/grafana.l3d.ch_tls.conf b/templates/files/nginx/sites/grafana.l3d.ch_tls.conf new file mode 100644 index 0000000..d76bb40 --- /dev/null +++ b/templates/files/nginx/sites/grafana.l3d.ch_tls.conf @@ -0,0 +1,20 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name grafana.l3d.ch; + + include snippets/tls_parameters_{{ site.name }}.snippet.conf; + include snippets/tls_certificate_{{ site.name }}.snippet.conf; + include snippets/logging_{{ site.name }}.snippet.conf; + + location / { + auth_basic "Monitoring oder so"; + auth_basic_user_file /etc/nginx/auth/grafana.l3d.space.htpasswd; + proxy_pass http://localhost:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } +} diff --git a/templates/files/nginx/sites/www.grafana.l3d.ch_tls.conf b/templates/files/nginx/sites/www.grafana.l3d.ch_tls.conf new file mode 100644 index 0000000..bf7a7fc --- /dev/null +++ b/templates/files/nginx/sites/www.grafana.l3d.ch_tls.conf @@ -0,0 +1,14 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name www.grafana.l3d.ch; + + include snippets/tls_parameters_{{ site.name }}.snippet.conf; + include snippets/tls_certificate_{{ site.name }}.snippet.conf; + include snippets/logging_{{ site.name }}.snippet.conf; + + location / { + return 308 https://grafana.l3d.ch/; + } +}