diff --git a/docs/configuring-playbook-ngnix.md b/docs/configuring-playbook-ngnix.md index cc4a6494..14ae8b1d 100644 --- a/docs/configuring-playbook-ngnix.md +++ b/docs/configuring-playbook-ngnix.md @@ -12,7 +12,9 @@ This will serve a statuspage to the hosting machine only. Useful for monitoring matrix_nginx_proxy_proxy_matrix_nginx_status_enabled: true ``` -This will serve the status page under ```https://matrix.DOMAIN/nginx_status``` +This will serve the status page under the following addresses: +- `http://matrix.DOMAIN/nginx_status` (using HTTP) +- `https://matrix.DOMAIN/nginx_status` (using HTTPS) By default, if ```matrix_nginx_proxy_nginx_status_enabled``` is enabled, access to the status page would be allowed from the local IP address of the server. If you wish to allow access from other IP addresses, you can provide them as a list: diff --git a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 index 356c9f3a..b3efd700 100644 --- a/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 +++ b/roles/matrix-nginx-proxy/templates/nginx/conf.d/matrix-synapse.conf.j2 @@ -1,4 +1,17 @@ #jinja2: lstrip_blocks: "True" +{% macro render_nginx_status_location_block(addresses) %} + {# Empty first line to make indentation prettier. #} + + location /nginx_status { + stub_status on; + access_log off; + {% for address in addresses %} + allow {{ address }}; + {% endfor %} + deny all; + } +{% endmacro %} + server { listen {{ 8080 if matrix_nginx_proxy_enabled else 80 }}; server_name {{ matrix_nginx_proxy_proxy_matrix_hostname }}; @@ -17,16 +30,9 @@ server { {% endif %} } -{% if matrix_nginx_proxy_proxy_matrix_nginx_status_enabled %} - location /nginx_status { - stub_status on; - access_log off; -{% for address in matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses %} - allow {{ address }}; -{% endfor %} - deny all; - } -{% endif %} + {% if matrix_nginx_proxy_proxy_matrix_nginx_status_enabled %} + {{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }} + {% endif %} location / { return 301 https://$http_host$request_uri; @@ -63,6 +69,10 @@ server { add_header Access-Control-Allow-Origin *; } + {% if matrix_nginx_proxy_proxy_matrix_nginx_status_enabled %} + {{ render_nginx_status_location_block(matrix_nginx_proxy_proxy_matrix_nginx_status_allowed_addresses) }} + {% endif %} + {% if matrix_nginx_proxy_proxy_matrix_corporal_api_enabled %} location /_matrix/corporal { {% if matrix_nginx_proxy_enabled %}