moved nginx, graylog to podman

2022-05-01 03:31:16 -04:00
parent 8e373896a6
commit c5bc5a91ac
49 changed files with 2556 additions and 580 deletions
--- a/ansible/roles/podman/templates/nginx/sites/pi.bdebyl.net.conf.j2
+++ b/ansible/roles/podman/templates/nginx/sites/pi.bdebyl.net.conf.j2
@@ -0,0 +1,57 @@
+#
+# /etc/nginx/conf.d/pihole.conf
+#
+# https://github.com/pi-hole/pi-hole/wiki/Nginx-Configuration
+#
+
+server {
+  modsecurity on;
+  modsecurity_rules_file /etc/nginx/modsec_includes.conf;
+
+	listen 80;
+
+	root /srv/http/pihole;
+	server_name {{ pi_server_name }};
+	autoindex off;
+
+	proxy_intercept_errors on;
+	error_page 404 /pihole/index.php;
+
+	index pihole/index.php index.php index.html index.htm;
+
+	allow 192.168.1.0/24;
+	allow 127.0.0.1;
+	deny all;
+
+	location / {
+		expires max;
+		try_files $uri $uri/ =404;
+		add_header X-Pi-hole "A black hole for Internet advertisements";
+	}
+
+	location ~ \.php$ {
+		include fastcgi.conf;
+		fastcgi_intercept_errors on;
+		fastcgi_pass  unix:/run/php-fpm/php-fpm.sock;
+		fastcgi_param VIRTUAL_HOST open_basedir="/srv/http/pihole:run/pihole-ftl/pihole-FTL.port:run/log/pihole/pihole.log:run/log/pihole-ftl/pihole-FTL.log:etc/pihole:etc/hosts:etc/hostname:etc/dnsmasq.d/02-pihole-dhcp.conf:etc/dnsmasq.d/03-pihole-wildcard.conf:etc/dnsmasq.d/04-pihole-static-dhcp.conf:var/log/lighttpd/error.log:proc/meminfo:proc/cpuinfo:sys/class/thermal/thermal_zone0/temp:tmp";
+	}
+
+	location /admin {
+		root /srv/http/pihole;
+		index index.php index.html index.htm;
+		add_header X-Pi-hole "The Pi-hole Web interface is working!";
+		add_header X-Frame-Options "DENY";
+	}
+
+	location ~ /\.ttf {
+		add_header Access-Control-Allow-Origin "*";
+	}
+
+	location ~ /admin/\. {
+		deny all;
+	}
+
+	location ~ /\.ht {
+		deny all;
+	}
+}