# {{ ansible_managed }} proxy_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=cdncache:20m max_size=1g inactive=48h; {% for domain in cdn_domains %} server { listen 8800 ssl http2 proxy_protocol; server_name {{ domain }}; ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/{{ domain }}/chain.pem; include includes/ssl.conf; real_ip_header proxy_protocol; set_real_ip_from 127.0.0.1; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; location / { proxy_cache cdncache; add_header X-Cache-Status $upstream_cache_status; proxy_pass https://{{ wireguard.clients.ingress.ip }}:443; } } {% endfor %}