mirror of
https://github.com/DO1JLR/ansible_playbook_servers.git
synced 2024-09-14 19:53:56 +02:00
38 lines
1.1 KiB
Text
38 lines
1.1 KiB
Text
server {
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
|
|
server_name node-exporter.web01.l3d.space;
|
|
|
|
include snippets/tls_parameters_{{ site.name }}.snippet.conf;
|
|
include snippets/tls_certificate_{{ site.name }}.snippet.conf;
|
|
include snippets/logging_{{ site.name }}.snippet.conf;
|
|
|
|
|
|
location / {
|
|
charset utf-8;
|
|
proxy_pass http://localhost:9100;
|
|
client_max_body_size 256M;
|
|
proxy_read_timeout 3600;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
allow 127.0.0.1; # allow requests from localhost
|
|
allow ::1; # allow requests from localhost
|
|
{% for address in prometheus_addr %}
|
|
allow {{ address }}; # allow prometheus Address
|
|
{% endfor %}
|
|
deny all; # deny all other hosts
|
|
}
|
|
location /nginx_status {
|
|
stub_status;
|
|
allow 127.0.0.1; # allow requests from localhost
|
|
allow ::1; # allow requests from localhost
|
|
{% for ipv4 in ansible_all_ipv4_addresses %}
|
|
allow {{ ipv4 }}; # allow local ipv4 address
|
|
{% endfor %}
|
|
{% for ipv6 in ansible_all_ipv6_addresses %}
|
|
allow {{ ipv6 }}; # allow local ipv6 address
|
|
{% endfor %}
|
|
deny all; # deny all other hosts
|
|
}
|
|
}
|