# Nginx Ansible Configuration

## Installation

Check vars.yaml to edit your servers.

```bash
# Run certbot first to ensure certs exist
ansible-playbook -i ansible/inventory.yaml nginx/certbot.yaml
ansible-playbook -i ansible/inventory.yaml nginx/nginx.yaml
```

## Restricted Addresses

We'll use nginx basic auth to protect our internal addresses

```bash
htpasswd -c secrets/.htpasswd ducoterra
```

## Certbot

Use `certbot delete` to remove unused certs.

## vars.yaml

`allowed_ips` restricts access to the endpoint (deny all) and then allows only the list
of ips provided.

## Logging

You can tail all the nginx logs with `tail -f /var/log/nginx/*`