dataset/seed/nginx-reverse-proxy/templates/revprox-nginx.conf

103 lines
3.8 KiB
Text

#RISOTTO: do not compare
{% macro add_location(rp_domainname, family, loc_idx, location, http) %}
location {{ location }} {
proxy_pass {{ rp_domainname['revprox_url_' + family] }};
{% if loc_idx in rp_domainname['revprox_is_websocket_' + family] and rp_domainname['revprox_is_websocket_' + family][loc_idx] %}
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
{% else %}
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Destination $dest;
{% endif %}
{%if not http %}
proxy_ssl_trusted_certificate {{ tls_ca_directory }}/InternalReverseProxy.crt;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
# SNI support
proxy_ssl_server_name on;
{% endif %}
{% set maxbody = rp_domainname['revprox_max_body_size_' + family] %}
{% if maxbody %}
client_max_body_size {{ maxbody }};
{% endif %}
set $dest $http_destination;
index error.html;
root /var/www/html;
}
# If user missing '/'
{% if location != '/' and location.endswith('/') %}
location {{ location[:-1] }} {
rewrite ^({{ location[:-1] }})$ $1/ permanent;
}
{% endif %}
{% endmacro %}
{% macro add_locations(domainname, http) %}
{% for remote in nginx.remotes %}
{% set family = remote|normalize_family %}
{% set revprox = nginx['reverse_proxy_for_' + family]['reverse_proxy_' + family] %}
{% for rp_domainname in revprox['revprox_domainnames_' + family] %}
{% if rp_domainname['revprox_http_' + family] == http and (rp_domainname|string == 'None' or domainname == rp_domainname|string) %}
{% for location in rp_domainname['revprox_location_' + family] %}
{{ add_location(rp_domainname, family, loop.index - 1, location, http) }}
{% endfor %}
{% endif %}
{% endfor %}
{% endfor %}
{% endmacro %}
# Add default HTTP entries if useful
# Not for HTTPs because there is no certificate
{% set default_http_location = [] %}
{% for remote in nginx.remotes %}
{% set family = remote|normalize_family %}
{% for rp_domainname in nginx['reverse_proxy_for_' + family]['reverse_proxy_' + family]['revprox_domainnames_' + family] %}
{% if rp_domainname|string == 'None' and rp_domainname['revprox_http_' + family] %}
{{ default_http_location.append((family, rp_domainname)) }}
{% endif %}
{% endfor %}
{% endfor %}
{% if default_http_location %}
server {
listen 80;
server_name _ default;
{% for family, rp_domainname in default_http_location %}
{% for location in rp_domainname['revprox_location_' + family] %}
{{ add_location(rp_domainname, family, loop.index - 1, location, True) }}
{% endfor %}
{% endfor %}
break;
}
{% endif %}
{% for domainname in nginx.revprox_domainnames %}
# Configuration HTTP {{ domainname }}
server {
listen 80;
server_name {{ domainname }};
{{ add_locations(domainname, True) }}
location / {
return 301 https://{{ domainname }}$request_uri;
}
}
# Configuration HTTPS {{ domainname }}
server {
listen 443 ssl http2;
ssl_certificate {{ tls_cert_directory }}/{{ domainname }}.crt;
ssl_certificate_key {{ tls_key_directory }}/{{ domainname }}.key;
server_name {{ domainname }};
error_page 403 404 502 503 504 /error.html;
location = /error.html {
root /var/www/html;
}
{{ add_locations(domainname, False) }}
}
{% endfor %}