dataset/seed/nginx-reverse-proxy/templates/revprox-nginx.conf
2023-02-14 14:24:16 +01:00

107 lines
3.8 KiB
Text

#RISOTTO: do not compare
%def %%add_location(%%rp_domainname, %%family, %%loc_idx, %%location, %%http)
location %%location {
proxy_pass %%rp_domainname['revprox_url_' + %%family];
%if %%rp_domainname['revprox_is_websocket_' + %%family][%%loc_idx]
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
%else
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Destination $dest;
%end if
%if not %%http
proxy_ssl_trusted_certificate %%tls_ca_directory/InternalReverseProxy.crt;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
# SNI support
proxy_ssl_server_name on;
%end if
%set %%maxbody = %%rp_domainname['revprox_max_body_size_' + %%family]
%if %%maxbody
client_max_body_size %%maxbody;
%end if
set $dest $http_destination;
index error.html;
root /var/www/html;
}
# If user missing '/'
%if %%location != '/' and %%location.endswith('/')
location %%location[:-1] {
rewrite ^(%%location[:-1])$ $1/ permanent;
}
%end if
%end def
%def %%add_locations(%%domainname, %%http)
%for %%remote in %%nginx.remotes
%set %%family = %%normalize_family(%%remote)
%set %%revprox = %%nginx['reverse_proxy_for_' + %%family]['reverse_proxy_' + %%family]
%for %%rp_domainname in %%revprox['revprox_domainnames_' + %%family]
%if %%rp_domainname['revprox_http_' + %%family] != %%http
%continue
%end if
%if %%str(%%rp_domainname) != 'None' and %%domainname != %%str(%%rp_domainname)
%continue
%end if
%for %%loc_idx, %%location in %%enumerate(%%rp_domainname['revprox_location_' + %%family])
%%add_location(%%rp_domainname, %%family, %%loc_idx, %%location, %%http)
%end for
%end for
%end for
%end def
# Add default HTTP entries if useful
# Not for HTTPs because there is no certificate
%set %%default_http_location = []
%for %%remote in %%nginx.remotes
%set %%family = %%normalize_family(%%remote)
%for %%rp_domainname in %%nginx['reverse_proxy_for_' + %%family]['reverse_proxy_' + %%family]['revprox_domainnames_' + %%family]
%if %%str(%%rp_domainname) == 'None' and %%rp_domainname['revprox_http_' + %%family]
%%default_http_location.append((%%family, %%rp_domainname))
%end if
%end for
%end for
%if %%default_http_location
server {
listen 80;
server_name _ default;
%for %%family, %%rp_domainname in %%default_http_location
%for %%loc_idx, %%location in %%enumerate(%%rp_domainname['revprox_location_' + %%family])
%%add_location(%%rp_domainname, %%family, %%loc_idx, %%location, True)
%end for
%end for
break;
}
%end if
%for %%domainname in %%nginx.revprox_domainnames
# Configuration HTTP %%domainname
server {
listen 80;
server_name %%domainname;
%%add_locations(%%domainname, True)%slurp
location / {
return 301 https://%%domainname$request_uri;
}
}
# Configuration HTTPS %%domainname
server {
listen 443 ssl http2;
ssl_certificate %%tls_cert_directory/%%{domainname}.crt;
ssl_certificate_key %%tls_key_directory/%%{domainname}.key;
server_name %%domainname;
error_page 403 404 502 503 504 /error.html;
location = /error.html {
root /var/www/html;
}
%%add_locations(%%domainname, False)%slurp
}
%end for