33 lines
658 B
Markdown
33 lines
658 B
Markdown
# Nginx Ansible Configuration
|
|
|
|
## Installation
|
|
|
|
Check vars.yaml to edit your servers.
|
|
|
|
```bash
|
|
# Run certbot first to ensure certs exist
|
|
ansible-playbook -i ansible/inventory.yaml nginx/certbot.yaml
|
|
ansible-playbook -i ansible/inventory.yaml nginx/nginx.yaml
|
|
```
|
|
|
|
## Restricted Addresses
|
|
|
|
We'll use nginx basic auth to protect our internal addresses
|
|
|
|
```bash
|
|
htpasswd -c secrets/.htpasswd ducoterra
|
|
```
|
|
|
|
## Certbot
|
|
|
|
Use `certbot delete` to remove unused certs.
|
|
|
|
## vars.yaml
|
|
|
|
`allowed_ips` restricts access to the endpoint (deny all) and then allows only the list
|
|
of ips provided.
|
|
|
|
## Logging
|
|
|
|
You can tail all the nginx logs with `tail -f /var/log/nginx/*`
|