server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name node-exporter.services.l3d.space;

  include snippets/tls_parameters_{{ site.name }}.snippet.conf;
  include snippets/tls_certificate_{{ site.name }}.snippet.conf;
  include snippets/logging_{{ site.name }}.snippet.conf;


  location / {
    charset utf-8;
    proxy_pass http://localhost:9100;
    client_max_body_size 256M;
    proxy_read_timeout 3600;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    allow 127.0.0.1;  #  allow requests from localhost
    allow ::1;  #  allow requests from localhost
    allow {{ prometheus_v4 }};  # allow prometheus IPv4
    allow {{ prometheus_v6 }};  # allow prometheus IPv6
    deny all;   # deny all other hosts
  }
  location /nginx_status {
    stub_status;
    allow 127.0.0.1;  # allow requests from localhost
    allow ::1;  # allow requests from localhost
{% for ipv4 in ansible_all_ipv4_addresses %}
    allow {{ ipv4 }};  # allow local ipv4 address
{% endfor %}
{% for ipv6 in ansible_all_ipv6_addresses %}
    allow {{ ipv6 }};  # allow local ipv6 address
{% endfor %}
    deny all;   # deny all other hosts
 }
}