{# code: language=ansible-jinja #} # THIS FILE IS MANAGED BY ANSIBLE {% for env in proxy_environments %} # BEGIN Environment: {{ env }} {% if 'nextcloud' in proxy_vars[env].app01.apps_include %} cloud.{{ proxy_vars[env].app01.base_domain }} { tls {{ tls_email }} { dns njalla {{ njalla_api_token }} } header { Strict-Transport-Security "max-age=31536000; includeSubDomains" -Server } {% if env == 'production' %} reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080 {% else %} @local { remote_ip {{ proxy_trusted_subnets | join(' ') }} } handle @local { reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080 } respond 403 {% endif %} } {% endif %} {% if 'ipfs' in proxy_vars[env].app01.apps_include %} ipfs-gateway.{{ proxy_vars[env].app01.base_domain }}, *.ipfs.ipfs-gateway.{{ proxy_vars[env].app01.base_domain }}, *.ipns.ipfs-gateway.{{ proxy_vars[env].app01.base_domain }} { tls {{ tls_email }} { dns njalla {{ njalla_api_token }} } header { Strict-Transport-Security "max-age=31536000; includeSubDomains" -Server } {% if env == 'production' %} reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080 {% else %} @local { remote_ip {{ proxy_trusted_subnets | join(' ') }} } handle @local { reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080 } respond 403 {% endif %} } ipfs.local.{{ proxy_vars[env].app01.base_domain }} { tls {{ tls_email }} { dns njalla {{ njalla_api_token }} } header { Strict-Transport-Security "max-age=31536000; includeSubDomains" -Server } @local { remote_ip {{ proxy_trusted_subnets | join(' ') }} } handle @local { reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080 } respond 403 } {% endif %} {% if 'joplin' in proxy_vars[env].app01.apps_include %} joplin.{{ proxy_vars[env].app01.base_domain }} { tls {{ tls_email }} { dns njalla {{ njalla_api_token }} } header { Strict-Transport-Security "max-age=31536000; includeSubDomains" -Server } {% if env == 'production' %} reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080 {% else %} @local { remote_ip {{ proxy_trusted_subnets | join(' ') }} } handle @local { reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080 } respond 403 {% endif %} } {% endif %} {% if 'jitsi' in proxy_vars[env].app01.apps_include %} meet.{{ proxy_vars[env].app01.base_domain }} { tls {{ tls_email }} { dns njalla {{ njalla_api_token }} } header { Strict-Transport-Security "max-age=31536000; includeSubDomains" -Server } {% if env == 'production' %} reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080 {% else %} @local { remote_ip {{ proxy_trusted_subnets | join(' ') }} } handle @local { reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080 } respond 403 {% endif %} } {% endif %} {% if 'monerod' in proxy_vars[env].app01.apps_include %} xmr.local.{{ proxy_vars[env].app01.base_domain }} { tls {{ tls_email }} { dns njalla {{ njalla_api_token }} } header { Strict-Transport-Security "max-age=31536000; includeSubDomains" -Server } @local { remote_ip {{ proxy_trusted_subnets | join(' ') }} } handle @local { reverse_proxy {{ proxy_vars[env].app01.internal_ipv4 }}:8080 } respond 403 } {% endif %} # END Environment: {{ env }} {% endfor %}