change directory structure

2023-04-13 17:24:01 +02:00 · 2023-04-13 17:24:01 +02:00 · 9eb52229f1
commit 9eb52229f1
parent b89713643d
83 changed files with 0 additions and 0 deletions
--- a/ansible/roles/static/templates/docker-compose.yml.j2
+++ b/ansible/roles/static/templates/docker-compose.yml.j2
@ -0,0 +1,26 @@
+version: "3.8"
+
+services:
+  blog:
+    image: nginx
+    container_name: blog
+    restart: always
+    volumes:
+      - {{ service_dir }}/git/templates:/etc/nginx/templates
+      - {{ service_dir }}/git/_site:/var/www/blog
+      - {{ service_dir }}/nginx.conf:/etc/nginx/conf.d/default.conf
+      - {{ service_dir }}/security.txt:/var/www/blog/security.txt
+    networks:
+      - traefik
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.blog.entrypoints=websecure
+      - "traefik.http.routers.blog.rule=(Host(`{{ domain_name_pim }}`) || Path(`/security.txt`, `/.well-known/security.txt`))"
+      - traefik.http.routers.blog.tls=true
+      - traefik.http.routers.blog.tls.certresolver=letsencrypt
+      - traefik.http.routers.blog.service=blog
+      - traefik.http.services.blog.loadbalancer.server.port=80
+
+networks:
+  traefik:
+    external: true
--- a/ansible/roles/static/templates/nginx.conf.j2
+++ b/ansible/roles/static/templates/nginx.conf.j2
@ -0,0 +1,43 @@
+server {
+	listen 80 default_server;
+
+	location /security.txt {
+		return 301 https://{{ domain_name_pim }}/.well-known/security.txt;
+	}
+
+	location /.well-known/security.txt {
+		return 301 https://{{ domain_name_pim }}/.well-known/security.txt;
+	}
+}
+
+server {
+	listen 80;
+	server_name {{ domain_name_pim }};
+	index index.html index.htm;
+	root /var/www/blog;
+
+	location /security.txt {
+		return 301 https://$host/.well-known/security.txt;
+	}
+
+	location /.well-known/security.txt {
+		add_header Content-Type 'text/plain';
+		add_header Cache-Control 'no-cache, no-store, must-revalidate';
+		add_header Pragma 'no-cache';
+		add_header Expires '0';
+		add_header Vary '*';
+		return 200 "Contact: mailto:pim@kunis.nl\nExpires: 1970-01-01T00:00:00.000Z\nPreferred-Languages: en,nl\n";
+	}
+
+	location / {
+	    try_files $uri $uri/ /index.html;
+	}
+
+	location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
+	    expires 30d;
+	    add_header Pragma public;
+	    add_header Cache-Control "public";
+	}
+
+	error_page 404 /404.html;
+}