# Nginx Ansible Configuration

## Installation

Check vars.yaml to edit your servers.

```bash
# Run certbot first to ensure certs exist
ansible-playbook -i ansible/inventory.yaml nginx/certbot.yaml
ansible-playbook -i ansible/inventory.yaml nginx/nginx.yaml
```

## Restricted Addresses

We can detect whether traffic is originating internally or externally by checking if
it came in on port 443 or 444.

External traffic always come in through 444.

## Certbot

Use `certbot delete` to remove unused certs.

## vars.yaml

`allowed_ips` restricts access to the endpoint (deny all) and then allows only the list
of ips provided.

## Logging

You can tail all the nginx logs with `tail -f /var/log/nginx/*`