Files
.github
docs
examples
group_vars
inventory
roles
matrix-aux
matrix-base
matrix-bot-matrix-reminder-bot
matrix-bridge-appservice-discord
matrix-bridge-appservice-irc
matrix-bridge-appservice-slack
matrix-bridge-appservice-webhooks
matrix-bridge-mautrix-facebook
matrix-bridge-mautrix-hangouts
matrix-bridge-mautrix-signal
matrix-bridge-mautrix-telegram
matrix-bridge-mautrix-whatsapp
matrix-bridge-mx-puppet-discord
matrix-bridge-mx-puppet-instagram
matrix-bridge-mx-puppet-skype
matrix-bridge-mx-puppet-slack
matrix-bridge-mx-puppet-steam
matrix-bridge-mx-puppet-twitter
matrix-bridge-sms
matrix-client-element
matrix-common-after
matrix-corporal
matrix-coturn
matrix-dimension
matrix-dynamic-dns
matrix-email2matrix
matrix-jitsi
matrix-ma1sd
matrix-mailer
matrix-nginx-proxy
defaults
tasks
templates
cron.d
nginx
conf.d
matrix-client-element.conf.j2
matrix-dimension.conf.j2
matrix-domain.conf.j2
matrix-jitsi.conf.j2
matrix-riot-web.conf.j2
matrix-synapse.conf.j2
nginx-http.conf.j2
matrix-synapse-metrics-htpasswd.j2
nginx.conf.j2
systemd
usr-local-bin
vars
matrix-postgres
matrix-registration
matrix-synapse
matrix-synapse-admin
.editorconfig
.gitignore
CHANGELOG.md
LICENSE
README.md
ansible.cfg
setup.yml
matrix-docker-ansible-deploy/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-dimension.conf.j2
Slavi Pantaleev f7ae050eaf Remove useless quotes around ssl_ciphers value
Not sure if it breaks with them or not, but no other directive
uses quotes and the nginx docs show examples without quotes,
so we're being consistent with all of that.
2021-01-08 21:22:44 +02:00

78 lines
2.5 KiB
Django/Jinja

#jinja2: lstrip_blocks: "True"
{% macro render_vhost_directives() %}
gzip on;
gzip_types text/plain application/json application/javascript text/css image/x-icon font/ttf image/gif;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Content-Type-Options nosniff;
{% for configuration_block in matrix_nginx_proxy_proxy_dimension_additional_server_configuration_blocks %}
{{- configuration_block }}
{% endfor %}
location / {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-dimension:8184";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:8184;
{% endif %}
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
}
{% endmacro %}
server {
listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }};
server_name {{ matrix_nginx_proxy_proxy_dimension_hostname }};
server_tokens off;
root /dev/null;
{% if matrix_nginx_proxy_https_enabled %}
location /.well-known/acme-challenge {
{% if matrix_nginx_proxy_enabled %}
{# Use the embedded DNS resolver in Docker containers to discover the service #}
resolver 127.0.0.11 valid=5s;
set $backend "matrix-certbot:8080";
proxy_pass http://$backend;
{% else %}
{# Generic configuration for use outside of our container setup #}
proxy_pass http://127.0.0.1:{{ matrix_ssl_lets_encrypt_certbot_standalone_http_port }};
{% endif %}
}
location / {
return 301 https://$http_host$request_uri;
}
{% else %}
{{ render_vhost_directives() }}
{% endif %}
}
{% if matrix_nginx_proxy_https_enabled %}
server {
listen {{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
listen [::]:{{ 8443 if matrix_nginx_proxy_enabled else 443 }} ssl http2;
server_name {{ matrix_nginx_proxy_proxy_dimension_hostname }};
server_tokens off;
root /dev/null;
ssl_certificate {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_dimension_hostname }}/fullchain.pem;
ssl_certificate_key {{ matrix_ssl_config_dir_path }}/live/{{ matrix_nginx_proxy_proxy_dimension_hostname }}/privkey.pem;
ssl_protocols {{ matrix_nginx_proxy_ssl_protocols }};
{% if matrix_nginx_proxy_ssl_ciphers != '' %}
ssl_ciphers {{ matrix_nginx_proxy_ssl_ciphers }};
{% endif %}
ssl_prefer_server_ciphers {{ matrix_nginx_proxy_ssl_prefer_server_ciphers }};
{{ render_vhost_directives() }}
}
{% endif %}