ansible/roles/gitea/templates/nginx.conf.j2

74 lines
1.8 KiB
Plaintext
Raw Permalink Normal View History

# {{ ansible_managed }}
limit_req_zone $binary_remote_addr zone=req_gitea_login:10m rate=10r/m;
upstream gitea_backend {
{% if gitea_config.server.protocol is defined and
gitea_config.server.protocol == 'unix' %}
server unix:{{ gitea_config.server.http_addr }};
{% else %}
server 127.0.0.1:{{ gitea_port }};
{% endif %}
}
2019-11-25 00:50:21 +00:00
server {
listen 80;
{% if ansible_all_ipv6_addresses | length %}
listen [::]:80;
{% endif %}
server_name {{ gitea_domain }};
access_log /var/log/nginx/gitea.access.log main;
error_log /var/log/nginx/gitea.error.log warn;
2019-11-25 00:50:21 +00:00
location /.well-known/acme-challenge/ {
2020-08-22 14:59:26 +00:00
root /var/www/html;
2019-11-25 00:50:21 +00:00
try_files $uri =404;
}
2019-12-01 19:44:49 +00:00
{% if gitea_ssl_enabled is defined and
gitea_ssl_enabled %}
2019-11-25 00:50:21 +00:00
location / {
return 301 https://$server_name$request_uri;
}
{% endif %}
}
2019-12-01 19:44:49 +00:00
{% if gitea_ssl_enabled is defined and
gitea_ssl_enabled %}
2019-11-25 00:50:21 +00:00
server {
2024-04-14 22:30:59 +00:00
listen 443 ssl;
2019-11-25 00:50:21 +00:00
{% if ansible_all_ipv6_addresses | length %}
2024-04-14 22:30:59 +00:00
listen [::]:443 ssl;
2019-11-25 00:50:21 +00:00
{% endif %}
2024-04-14 22:30:59 +00:00
http2 on;
2019-11-25 00:50:21 +00:00
server_name {{ gitea_domain }};
access_log /var/log/nginx/gitea.access.log main;
error_log /var/log/nginx/gitea.error.log warn;
2019-11-25 00:50:21 +00:00
{% if gitea_ssl_certificate is defined %}
ssl_certificate {{ gitea_ssl_certificate }};
{% endif %}
{% if gitea_ssl_certificate_key is defined %}
ssl_certificate_key {{ gitea_ssl_certificate_key }};
{% endif %}
{% if gitea_ssl_dhparam is defined %}
ssl_dhparam {{ gitea_ssl_dhparam }};
{% endif %}
location ~ /user\/login {
limit_req zone=req_gitea_login burst=10;
proxy_pass http://gitea_backend;
}
2019-11-25 00:50:21 +00:00
location / {
2024-04-14 22:30:59 +00:00
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
limit_req zone=req_bad_actors burst=10 nodelay;
proxy_pass http://gitea_backend;
2019-11-25 00:50:21 +00:00
}
}
{% endif %}