Ansible role to set up syncthing, with relay and discovery server, nginx frontend
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

61 lines
2.2 KiB

upstream {{syncthing_disco_domain}} {
# Local IP address:port for discovery server
#server 192.0.2.1:8443;
server 127.0.0.1:{{syncthing_disco_http_port|default('8443')}};
}
server {
listen 80;
listen [::]:80;
server_name {{syncthing_disco_domain}};
include /etc/nginx/snippets/acme-challenge.conf;
# The "location" condition is to not do a redirect for ACME challenge
location ^~ {
rewrite ^ https://$http_host$request_uri? permanent;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{syncthing_disco_domain}};
ssl_certificate /etc/dehydrated/certs/{{syncthing_disco_cert_domain}}/fullchain.pem;
ssl_certificate_key /etc/dehydrated/certs/{{syncthing_disco_cert_domain}}/privkey.pem;
include /etc/nginx/snippets/tls.conf;
access_log /var/log/nginx/{{syncthing_disco_domain}}.access.log timed_combined;
error_log /var/log/nginx/{{syncthing_disco_domain}}.error.log;
include /etc/nginx/snippets/acme-challenge.conf;
include /etc/nginx/snippets/content-headers.conf;
include /etc/nginx/snippets/spam.conf;
# See https://docs.syncthing.net/users/stdiscosrv.html
#proxy_set_header Connection $connection_upgrade;
#proxy_set_header Connection $proxy_connection;
#proxy_set_header Host $http_host;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
#proxy_set_header X-Forwarded-Proto $scheme;
ssl_verify_client optional_no_ca;
#location /v2 {
location / {
proxy_pass http://{{syncthing_disco_domain}};
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-SSL-Cert $ssl_client_cert;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
}