dataset/seed/nginx-reverse-proxy/templates/revprox-nginx.conf

#RISOTTO: do not compare
{% macro add_location(rp_domainname, family, loc_idx, location, http) %}
    location {{ location }} {
        proxy_pass              {{ rp_domainname['revprox_url_' + family] }};
{% if loc_idx in rp_domainname['revprox_is_websocket_' + family] and rp_domainname['revprox_is_websocket_' + family][loc_idx] %}
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
{% else %}
        proxy_set_header        Host                    $http_host;
        proxy_set_header        X-Real-IP               $remote_addr;
        proxy_set_header        X-Forwarded-Host        $host;
        proxy_set_header        X-Forwarded-Port        $server_port;
        proxy_set_header        X-Forwarded-Server      $host;
        proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto       $scheme;
        proxy_set_header        Destination             $dest;
{% endif %}
{%if not http %}
        proxy_ssl_trusted_certificate {{ tls_ca_directory }}/InternalReverseProxy.crt;
        proxy_ssl_verify       on;
        proxy_ssl_verify_depth 2;
        proxy_ssl_session_reuse on;
        # SNI support
        proxy_ssl_server_name on;
{% endif %}
{% set maxbody = rp_domainname['revprox_max_body_size_' + family] %}
{% if maxbody %}
        client_max_body_size {{ maxbody }};
{% endif %}
        set                     $dest  $http_destination;
        index  error.html;
        root /var/www/html;
    }
# If user missing '/'
{% if location != '/' and location.endswith('/') %}
    location {{ location[:-1] }} {
        rewrite ^({{ location[:-1] }})$ $1/ permanent;
    }
{% endif %}
{% endmacro %}
{% macro add_locations(domainname, http) %}
{% for remote in nginx.remotes %}
{% set family = remote|normalize_family %}
{% set revprox = nginx['reverse_proxy_for_' + family]['reverse_proxy_' + family] %}
{% for rp_domainname in revprox['revprox_domainnames_' + family] %}
{% if rp_domainname['revprox_http_' + family] == http and (rp_domainname|string == 'None' or domainname == rp_domainname|string) %}
{% for location in rp_domainname['revprox_location_' + family] %}
{{ add_location(rp_domainname, family, loop.index - 1, location, http) }}
{% endfor %}
{% endif %}
{% endfor %}
{% endfor %}
{% endmacro %}
# Add default HTTP entries if useful
# Not for HTTPs because there is no certificate
{% set default_http_location = [] %}
{% for remote in nginx.remotes %}
{% set family = remote|normalize_family %}
{% for rp_domainname in nginx['reverse_proxy_for_' + family]['reverse_proxy_' + family]['revprox_domainnames_' + family] %}
{% if rp_domainname|string == 'None' and rp_domainname['revprox_http_' + family] %}
{{ default_http_location.append((family, rp_domainname)) }}
{% endif %}
{% endfor %}
{% endfor %}
{% if default_http_location %}
server {
    listen 80;
    server_name _ default;
{% for family, rp_domainname in default_http_location %}
{% for location in rp_domainname['revprox_location_' + family] %}
{{ add_location(rp_domainname, family, loop.index - 1, location, True) }}
{% endfor %}
{% endfor %}
    break;
}
{% endif %}
{% for domainname in nginx.revprox_domainnames %}
# Configuration HTTP {{ domainname }}
server {
    listen 80;
    server_name {{ domainname }};
{{ add_locations(domainname, True) }}
    location / {
        return 301 https://{{ domainname }}$request_uri;
    }
}

# Configuration HTTPS {{ domainname }}
server {
    listen 443 ssl http2;
    ssl_certificate    {{ tls_cert_directory }}/{{ domainname }}.crt;
    ssl_certificate_key     {{ tls_key_directory }}/{{ domainname }}.key;
    server_name {{ domainname }};
    error_page   403 404 502 503 504  /error.html;
    location = /error.html {
        root /var/www/html;
    }

{{ add_locations(domainname, False) }}
}

{% endfor %}