dataset/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf
2022-03-11 18:41:49 +01:00

85 lines
3 KiB
Text

%for %%idx, %%domainname in %%enumerate(%%revprox_domainnames_all)
%set %%family = %%normalize_family(%%domainname)
%set %%revprox = %%nginx['reverse_proxy_for_' + family]['reverse_proxy_' + family]
%set %%wildcard = %%nginx['reverse_proxy_for_' + family]['revprox_domain_wildcard_' + family]
# Configuration HTTP %%domainname
server {
listen 80;
%if %%wildcard
%set %%prefix = "*."
%else
%set %%prefix = ""
%end if
server_name %%prefix%%domainname;
error_page 403 404 502 503 504 /error.html;
location = /error.html{
root /var/www/html;
}
%for %%location in %%revprox['revprox_location_' + family]
%set %%location_str = %%str(%%location)
%if %%location_str != '/' and %%location_str.endswith('/')
%set %%location_str = %%location_str[:-1]
%end if
location %%location_str {
%if %%wildcard
if ($host ~* ".%%domainname" ) {
%else
if ($host = "%%domainname" ) {
%end if
rewrite ^(.*) https://$host$1 permanent;
break;
}
index error.html;
root /var/www/html;
}
# FIXME return 301 https://www.domain.com$request_uri; => https://www.nginx.com/blog/creating-nginx-rewrite-rules/
%end for
}
# Configuration HTTPS %%domainname
server {
listen 443 ssl http2;
ssl_certificate %%nginx_certificate_filename[%%idx];
ssl_certificate_key %%nginx_private_key_filename[%%idx];
ssl_client_certificate %%nginx_chain_filename[%%idx];
server_name %%domainname;
error_page 403 404 502 503 504 /error.html;
location = /error.html{
root /var/www/html;
}
%for %%location in %%revprox['revprox_location_' + family]
location %%location {
# FIXME proxy_bind A.A.A.A;
proxy_pass %%location['revprox_url_' + family];
# %if %%location['revprox_is_websocket_' + family]
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
# %else
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Destination $dest;
# %end if
proxy_ssl_trusted_certificate /etc/pki/ca-trust/source/anchors/ca_ReverseProxy.crt;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
set $dest $http_destination;
index error.html;
root /var/www/html;
}
# If user missing '/'
%if %%location_str != '/' and %%location_str.endswith('/')
location %%location_str[:-1] {
rewrite ^(%%location_str[:-1])$ $1/ permanent;
}
%end if
%end for
}
%end for