90 lines
1.8 KiB
Django/Jinja
90 lines
1.8 KiB
Django/Jinja
include /etc/nginx/modules-enabled/*.conf;
|
|
|
|
events {}
|
|
|
|
stream {
|
|
# TCP Load Balancing for the K3s API
|
|
upstream k3s_servers {
|
|
{% for ip in k3s_server_ips %}
|
|
server {{ ip }}:{{k3s.loadbalancer.default_port}};
|
|
{% endfor %}
|
|
}
|
|
|
|
server {
|
|
listen {{k3s.loadbalancer.default_port}};
|
|
proxy_pass k3s_servers;
|
|
}
|
|
|
|
upstream dns_servers {
|
|
{% for ip in k3s_server_ips %}
|
|
server {{ ip }}:53;
|
|
{% endfor %}
|
|
}
|
|
|
|
server {
|
|
listen 53 udp;
|
|
proxy_pass dns_servers;
|
|
}
|
|
}
|
|
|
|
http {
|
|
upstream k3s_servers_http {
|
|
least_conn;
|
|
{% for ip in k3s_server_ips %}
|
|
server {{ ip }}:80;
|
|
{% endfor %}
|
|
}
|
|
|
|
upstream k3s_servers_https {
|
|
least_conn;
|
|
{% for ip in k3s_server_ips %}
|
|
server {{ ip }}:443;
|
|
{% endfor %}
|
|
}
|
|
|
|
server {
|
|
listen 80;
|
|
|
|
location / {
|
|
proxy_pass http://k3s_servers_http;
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto http;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
|
|
server_name staging.k3s.seyshiro.de *.staging.k3s.seyshiro.de;
|
|
|
|
ssl_certificate /etc/nginx/ssl/staging_tls.crt;
|
|
ssl_certificate_key /etc/nginx/ssl/staging_tls.key;
|
|
|
|
location / {
|
|
proxy_pass https://k3s_servers_https;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
}
|
|
}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
|
|
server_name k3s.seyshiro.de *.k3s.seyshiro.de;
|
|
|
|
ssl_certificate /etc/nginx/ssl/production_tls.crt;
|
|
ssl_certificate_key /etc/nginx/ssl/production_tls.key;
|
|
|
|
location / {
|
|
proxy_pass https://k3s_servers_https;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
}
|
|
}
|
|
}
|
|
|
|
|