system-config/playbooks/roles/graphite/templates/graphite-statsd.conf.j2

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name _;

  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  listen [::]:443 ssl;
  server_name {{ inventory_hostname }};

  ssl_certificate /etc/letsencrypt-certs/{{ inventory_hostname }}/fullchain.cer;
  ssl_certificate_key /etc/letsencrypt-certs/{{ inventory_hostname }}/{{ inventory_hostname }}.key;
  root /opt/graphite/static;
  index index.html;

  location /nginx_status {
    stub_status on;
    access_log   off;
    allow 127.0.0.1;
    deny all;
  }

  # No remote login
  location /admin {
    allow 127.0.0.1;
    deny all;
  }
  location /account {
    allow 127.0.0.1;
    deny all;
  }

  location /media {
    # django admin static files
    alias /usr/local/lib/python3.6/dist-packages/django/contrib/admin/media/;
  }

  location /admin/auth/admin {
    alias /usr/local/lib/python3.6/dist-packages/django/contrib/admin/static/admin;
  }

  location /admin/auth/user/admin {
    alias /usr/local/lib/python3.6/dist-packages/django/contrib/admin/static/admin;
  }

  location / {
    proxy_pass http://127.0.0.1:8080;
    proxy_set_header  Host      $http_host;
    proxy_set_header  X-Real-IP $remote_addr;
    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;

    add_header 'Access-Control-Allow-Origin' '*' always;
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
    add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, X-Grafana-Device-Id' always;
    add_header 'Access-Control-Allow-Credentials' 'true' always;
  }

}