forked from stove/dataset
103 lines
3.8 KiB
Text
103 lines
3.8 KiB
Text
#RISOTTO: do not compare
|
|
{% macro add_location(rp_domainname, family, loc_idx, location, http) %}
|
|
location {{ location }} {
|
|
proxy_pass {{ rp_domainname['revprox_url_' + family] }};
|
|
{% if loc_idx in rp_domainname['revprox_is_websocket_' + family] and rp_domainname['revprox_is_websocket_' + family][loc_idx] %}
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
{% else %}
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
proxy_set_header X-Forwarded-Port $server_port;
|
|
proxy_set_header X-Forwarded-Server $host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
proxy_set_header Destination $dest;
|
|
{% endif %}
|
|
{%if not http %}
|
|
proxy_ssl_trusted_certificate {{ tls_ca_directory }}/InternalReverseProxy.crt;
|
|
proxy_ssl_verify on;
|
|
proxy_ssl_verify_depth 2;
|
|
proxy_ssl_session_reuse on;
|
|
# SNI support
|
|
proxy_ssl_server_name on;
|
|
{% endif %}
|
|
{% set maxbody = rp_domainname['revprox_max_body_size_' + family] %}
|
|
{% if maxbody %}
|
|
client_max_body_size {{ maxbody }};
|
|
{% endif %}
|
|
set $dest $http_destination;
|
|
index error.html;
|
|
root /var/www/html;
|
|
}
|
|
# If user missing '/'
|
|
{% if location != '/' and location.endswith('/') %}
|
|
location {{ location[:-1] }} {
|
|
rewrite ^({{ location[:-1] }})$ $1/ permanent;
|
|
}
|
|
{% endif %}
|
|
{% endmacro %}
|
|
{% macro add_locations(domainname, http) %}
|
|
{% for remote in nginx.remotes %}
|
|
{% set family = remote|normalize_family %}
|
|
{% set revprox = nginx['reverse_proxy_for_' + family]['reverse_proxy_' + family] %}
|
|
{% for rp_domainname in revprox['revprox_domainnames_' + family] %}
|
|
{% if rp_domainname['revprox_http_' + family] == http and (rp_domainname|string == 'None' or domainname == rp_domainname|string) %}
|
|
{% for location in rp_domainname['revprox_location_' + family] %}
|
|
{{ add_location(rp_domainname, family, loop.index - 1, location, http) }}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endfor %}
|
|
{% endmacro %}
|
|
# Add default HTTP entries if useful
|
|
# Not for HTTPs because there is no certificate
|
|
{% set default_http_location = [] %}
|
|
{% for remote in nginx.remotes %}
|
|
{% set family = remote|normalize_family %}
|
|
{% for rp_domainname in nginx['reverse_proxy_for_' + family]['reverse_proxy_' + family]['revprox_domainnames_' + family] %}
|
|
{% if rp_domainname|string == 'None' and rp_domainname['revprox_http_' + family] %}
|
|
{{ default_http_location.append((family, rp_domainname)) }}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endfor %}
|
|
{% if default_http_location %}
|
|
server {
|
|
listen 80;
|
|
server_name _ default;
|
|
{% for family, rp_domainname in default_http_location %}
|
|
{% for location in rp_domainname['revprox_location_' + family] %}
|
|
{{ add_location(rp_domainname, family, loop.index - 1, location, True) }}
|
|
{% endfor %}
|
|
{% endfor %}
|
|
break;
|
|
}
|
|
{% endif %}
|
|
{% for domainname in nginx.revprox_domainnames %}
|
|
# Configuration HTTP {{ domainname }}
|
|
server {
|
|
listen 80;
|
|
server_name {{ domainname }};
|
|
{{ add_locations(domainname, True) }}
|
|
location / {
|
|
return 301 https://{{ domainname }}$request_uri;
|
|
}
|
|
}
|
|
|
|
# Configuration HTTPS {{ domainname }}
|
|
server {
|
|
listen 443 ssl http2;
|
|
ssl_certificate {{ tls_cert_directory }}/{{ domainname }}.crt;
|
|
ssl_certificate_key {{ tls_key_directory }}/{{ domainname }}.key;
|
|
server_name {{ domainname }};
|
|
error_page 403 404 502 503 504 /error.html;
|
|
location = /error.html {
|
|
root /var/www/html;
|
|
}
|
|
|
|
{{ add_locations(domainname, False) }}
|
|
}
|
|
|
|
{% endfor %}
|