706 B
706 B
Nginx Ansible Configuration
Installation
Check vars.yaml to edit your servers.
# Run certbot first to ensure certs exist
ansible-playbook -i ansible/inventory.yaml nginx/certbot.yaml
ansible-playbook -i ansible/inventory.yaml nginx/nginx.yaml
Restricted Addresses
We can detect whether traffic is originating internally or externally by checking if it came in on port 443 or 444.
External traffic always come in through 444.
Certbot
Use certbot delete to remove unused certs.
vars.yaml
allowed_ips restricts access to the endpoint (deny all) and then allows only the list
of ips provided.
Logging
You can tail all the nginx logs with tail -f /var/log/nginx/*