listen 80 default_server;
listen 443 default_server ssl;
- server_name localhost {{ ansible_fqdn }};
+ server_name {{ inventory_hostname }};
- ssl_certificate /etc/ssl/certs/{{ ansible_fqdn }}-bundled.crt;
- ssl_certificate_key /etc/ssl/private/{{ ansible_fqdn }}.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000";
access_log /var/log/nginx/jenkins_access.log;
error_log /var/log/nginx/jenkins_error.log;
+ location '/.well-known/acme-challenge' {
+ default_type "text/plain";
+ root /var/www/{{ inventory_hostname }};
+ }
+
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
- proxy_pass http://127.0.0.1:8080;
+ proxy_pass http://127.0.0.1:{{ jenkins_port }};
proxy_read_timeout 180;
+ # http://tracker.ceph.com/issues/18176
+ proxy_buffer_size 128k;
+ proxy_buffers 4 256k;
+ proxy_busy_buffers_size 256k;
+
# Redirect all plaintext HTTP to HTTPS
if ($scheme != "https") {
rewrite ^ https://$host$uri permanent;
projects / ceph-build.git / commitdiff