58 lines
1.8 KiB
Django/Jinja
58 lines
1.8 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
server {
|
|
|
|
listen {{ keystone_web_server_bind_address }}:{{ keystone_nginx_ports[item] }};
|
|
|
|
{% if keystone_ssl | bool and keystone_service_adminuri_proto == "https" %}
|
|
ssl on;
|
|
ssl_protocols {{ keystone_ssl_protocol }};
|
|
ssl_certificate {{ keystone_ssl_cert }};
|
|
ssl_certificate_key {{ keystone_ssl_key }};
|
|
ssl_trusted_certificate {{ keystone_ssl_ca_cert }};
|
|
ssl_ciphers {{ keystone_ssl_cipher_suite }};
|
|
ssl_prefer_server_ciphers on;
|
|
ssl_session_cache shared:SSL:2m;
|
|
ssl_session_timeout 2m;
|
|
{%- endif %}
|
|
|
|
{% for line in keystone_nginx_extra_conf %}
|
|
{{ line }}
|
|
{%- endfor %}
|
|
|
|
error_log syslog:server=unix:/dev/log;
|
|
access_log syslog:server=unix:/dev/log;
|
|
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Content-Security-Policy "default-src 'self' https: wss:;";
|
|
add_header X-Frame-Options {{ keystone_x_frame_options | default ('DENY') }};
|
|
|
|
real_ip_header X-Forwarded-For;
|
|
{% for ip in keystone_set_real_ip_from %}
|
|
set_real_ip_from {{ ip }};
|
|
{%- endfor %}
|
|
|
|
{% if keystone_security_txt_content is defined %}
|
|
location /security.txt {
|
|
alias {{ keystone_security_txt_dir }}/security.txt;
|
|
}
|
|
|
|
location /.well-known/security.txt {
|
|
alias {{ keystone_security_txt_dir }}/security.txt;
|
|
}
|
|
{%- endif %}
|
|
|
|
location / {
|
|
try_files $uri @yourapplication;
|
|
}
|
|
|
|
location @yourapplication {
|
|
include uwsgi_params;
|
|
uwsgi_pass 127.0.0.1:{{ keystone_uwsgi_ports[item]['socket'] }};
|
|
uwsgi_param SCRIPT_NAME '';
|
|
{% for header in keystone_extra_headers %}
|
|
add_header "{{ header['parameter'] }}" "{{ header['value'] }}";
|
|
{% endfor %}
|
|
}
|
|
}
|