jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-08-04 07:37:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2021-12-01 19:13

Browse Source
This commit is contained in:
Daniel Berteaud
2021-12-01 19:13:34 +01:00
commit 4c4556c660
2153 changed files with 60999 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
roles/unmaintained/bitwarden_rs/templates/nginx.conf.j2 Normal file
View File

@@ -0,0 +1,69 @@
server {
listen 443 ssl http2;
server_name {{ bitwarden_public_url | urlsplit('hostname') }};
include /etc/nginx/ansible_conf.d/acme.inc;
{% if bitwarden_cert_path is defined and bitwarden_key_path is defined %}
ssl_certificate {{ bitwarden_cert_path }};
ssl_certificate_key {{ bitwarden_key_path }};
{% elif bitwarden_letsencrypt_cert is defined and bitwarden_letsencrypt_cert == True %}
ssl_certificate /var/lib/dehydrated/certificates/certs/{{ bitwarden_public_url | urlsplit('hostname') }}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certificates/certs/{{ bitwarden_public_url | urlsplit('hostname') }}/privkey.pem;
{% elif bitwarden_letsencrypt_cert is string %}
ssl_certificate /var/lib/dehydrated/certificates/certs/{{ bitwarden_letsencrypt_cert }}/fullchain.pem;
ssl_certificate_key /var/lib/dehydrated/certificates/certs/{{ bitwarden_letsencrypt_cert }}/privkey.pem;
{% endif %}
root {{ bitwarden_root_dir }}/web-vault;
client_max_body_size 512M;
if ($request_method !~ ^(GET|POST|HEAD|PUT|DELETE)$ ) {
return 405;
}
location /notifications/hub {
proxy_pass http://localhost:{{ bitwarden_ws_port }};
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://localhost:{{ bitwarden_http_port }};
}
location @proxy {
proxy_pass http://localhost:{{ bitwarden_http_port }};
}
location / {
try_files $uri $uri/index.html @proxy;
}
add_header X-Frame-Options "DENY";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "$hsts_header";
# Send info about the original request to the backend
proxy_set_header X-Forwarded-For "$proxy_add_x_forwarded_for";
proxy_set_header X-Real-IP "$remote_addr";
proxy_set_header X-Forwarded-Proto "$scheme";
proxy_set_header X-Forwarded-Host "$host";
proxy_set_header Host "$host";
# Set the timeout to read responses from the backend
proxy_read_timeout 60s;
# Enable Keep Alive to the backend
proxy_socket_keepalive on;
# Disable buffering large files
proxy_max_temp_file_size 5m;
allow 127.0.0.1;
{% for ip in bitwarden_web_src_ip %}
allow {{ ip }};
{% endfor %}
deny all;
}