74 lines
1.8 KiB
Django/Jinja
74 lines
1.8 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
limit_req_zone $binary_remote_addr zone=req_gitea_login:10m rate=10r/m;
|
|
|
|
upstream gitea_backend {
|
|
{% if gitea_config.server.protocol is defined and
|
|
gitea_config.server.protocol == 'unix' %}
|
|
server unix:{{ gitea_config.server.http_addr }};
|
|
{% else %}
|
|
server 127.0.0.1:{{ gitea_port }};
|
|
{% endif %}
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
{% if ansible_all_ipv6_addresses | length %}
|
|
listen [::]:80;
|
|
{% endif %}
|
|
server_name {{ gitea_domain }};
|
|
|
|
access_log /var/log/nginx/gitea.access.log main;
|
|
error_log /var/log/nginx/gitea.error.log warn;
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
root /var/www/html;
|
|
try_files $uri =404;
|
|
}
|
|
|
|
{% if gitea_ssl_enabled is defined and
|
|
gitea_ssl_enabled %}
|
|
location / {
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
{% endif %}
|
|
}
|
|
|
|
{% if gitea_ssl_enabled is defined and
|
|
gitea_ssl_enabled %}
|
|
server {
|
|
listen 443 ssl;
|
|
{% if ansible_all_ipv6_addresses | length %}
|
|
listen [::]:443 ssl;
|
|
{% endif %}
|
|
|
|
http2 on;
|
|
|
|
server_name {{ gitea_domain }};
|
|
|
|
access_log /var/log/nginx/gitea.access.log main;
|
|
error_log /var/log/nginx/gitea.error.log warn;
|
|
|
|
{% if gitea_ssl_certificate is defined %}
|
|
ssl_certificate {{ gitea_ssl_certificate }};
|
|
{% endif %}
|
|
{% if gitea_ssl_certificate_key is defined %}
|
|
ssl_certificate_key {{ gitea_ssl_certificate_key }};
|
|
{% endif %}
|
|
{% if gitea_ssl_dhparam is defined %}
|
|
ssl_dhparam {{ gitea_ssl_dhparam }};
|
|
{% endif %}
|
|
|
|
location ~ /user\/login {
|
|
limit_req zone=req_gitea_login burst=10;
|
|
proxy_pass http://gitea_backend;
|
|
}
|
|
|
|
location / {
|
|
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
|
|
limit_req zone=req_bad_actors burst=10 nodelay;
|
|
proxy_pass http://gitea_backend;
|
|
}
|
|
}
|
|
{% endif %}
|