Add nginx site for k3s reverse proxies

author: Patrick Spek <p.spek@tyil.nl> 2022-09-24 08:49:12 +0200
committer: Patrick Spek <p.spek@tyil.nl> 2022-09-24 08:49:12 +0200
commit: 0886cc26aa5e3aa8d02271a4c02b317db1183516 (patch)
tree: a4f16c03b8d47a8fcd86a8546aafc4160e0605d5 /playbooks.d/webserver-nginx
parent: 0c9bd065726c97be3d41b5ec0976298e44083704 (diff)
1 files changed, 30 insertions, 0 deletions
diff --git a/playbooks.d/webserver-nginx/share/sites.d/revproxy/k3s b/playbooks.d/webserver-nginx/share/sites.d/revproxy/k3s
new file mode 100644
index 0000000..7b33139
--- /dev/null
+++ b/playbooks.d/webserver-nginx/share/sites.d/revproxy/k3s
@@ -0,0 +1,30 @@
+server {
+        listen 80 default_server;
+        listen [::]:80 default_server;
+
+        include /etc/nginx/snippets.d/certbot.conf;
+
+        location / {
+                return 301 https://$host$request_uri;
+        }
+}
+
+server {
+        listen 443 ssl http2 default_server;
+        listen [::]:443 ssl http2 default_server;
+
+        ssl_certificate /etc/letsencrypt/live/$ssl_server_name/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/$ssl_server_name/privkey.pem;
+
+        include /etc/nginx/snippets.d/certbot.conf;
+
+        location / {
+                proxy_http_version 1.1;
+                proxy_set_header Connection      $http_connection;
+                proxy_set_header Host            $host;
+                proxy_set_header Upgrade         $http_upgrade;
+                proxy_set_header X-Forwarded-For $remote_addr;
+
+                proxy_pass http://10.57.100.7:8080;
+        }
+}
author	Patrick Spek <p.spek@tyil.nl>	2022-09-24 08:49:12 +0200
committer	Patrick Spek <p.spek@tyil.nl>	2022-09-24 08:49:12 +0200
commit	0886cc26aa5e3aa8d02271a4c02b317db1183516 (patch)
tree	a4f16c03b8d47a8fcd86a8546aafc4160e0605d5 /playbooks.d/webserver-nginx
parent	0c9bd065726c97be3d41b5ec0976298e44083704 (diff)