32 lines
706 B
Markdown
32 lines
706 B
Markdown
# Nginx Ansible Configuration
|
|
|
|
## Installation
|
|
|
|
Check vars.yaml to edit your servers.
|
|
|
|
```bash
|
|
# Run certbot first to ensure certs exist
|
|
ansible-playbook -i ansible/inventory.yaml nginx/certbot.yaml
|
|
ansible-playbook -i ansible/inventory.yaml nginx/nginx.yaml
|
|
```
|
|
|
|
## Restricted Addresses
|
|
|
|
We can detect whether traffic is originating internally or externally by checking if
|
|
it came in on port 443 or 444.
|
|
|
|
External traffic always come in through 444.
|
|
|
|
## Certbot
|
|
|
|
Use `certbot delete` to remove unused certs.
|
|
|
|
## vars.yaml
|
|
|
|
`allowed_ips` restricts access to the endpoint (deny all) and then allows only the list
|
|
of ips provided.
|
|
|
|
## Logging
|
|
|
|
You can tail all the nginx logs with `tail -f /var/log/nginx/*`
|