# {{ ansible_managed }}

# Cockpit Instance Proxy
server {
    
    	server_name cockpit.{{ domain_name }} www.cockpit.{{ domain_name }};
        
    	location / {
        	proxy_pass https://10.0.0.199:9090;
		proxy_set_header   Host                $host;
        	proxy_set_header   X-Real-IP           $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto $scheme;

		# Required for web sockets to function
        	proxy_http_version 1.1;
        	proxy_buffering off;
        	proxy_set_header Upgrade $http_upgrade;
        	proxy_set_header Connection "upgrade";

        	# Pass ETag header from Cockpit to clients.
        	# See: https://github.com/cockpit-project/cockpit/issues/5239
        	gzip off;

        	include proxy_params;
    	}

    listen [::]:443 ssl; 
    listen 443 ssl; 
    ssl_certificate /etc/letsencrypt/live/{{ domain_name }}/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/{{ domain_name }}/privkey.pem; 
    include /etc/letsencrypt/options-ssl-nginx.conf; 
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 


}

server {
    if ($host = www.cockpit.{{ domain_name }}) {
        return 301 https://$host$request_uri;
    } 


    if ($host = cockpit.{{ domain_name }}) {
        return 301 https://$host$request_uri;
    } 


    	listen 80;
    	listen [::]:80;
    
    	server_name cockpit.{{ domain_name }} www.cockpit.{{ domain_name }};
    return 404; 




}