dataset/seed/nginx-reverse-proxy/templates/revprox-nginx.conf

68 lines
2.5 KiB
Text
Raw Normal View History

2022-08-18 10:19:43 +02:00
%for %%idx, %%domainname in %%enumerate(%%nginx.revprox_domainnames)
2022-03-08 19:42:28 +01:00
# Configuration HTTP %%domainname
server {
listen 80;
2022-03-11 19:55:02 +01:00
server_name %%domainname;
2022-04-08 18:52:43 +02:00
return 301 https://%%domainname$request_uri;
2022-03-08 19:42:28 +01:00
}
# Configuration HTTPS %%domainname
server {
2022-03-11 18:41:49 +01:00
listen 443 ssl http2;
2022-08-18 10:19:43 +02:00
ssl_certificate %%nginx.nginx_certificate_filename[%%idx];
ssl_certificate_key %%nginx.nginx_private_key_filename[%%idx];
2022-03-08 19:42:28 +01:00
server_name %%domainname;
error_page 403 404 502 503 504 /error.html;
location = /error.html{
root /var/www/html;
}
2022-08-18 10:19:43 +02:00
%for %%remote in %%nginx.remotes
%set %%family = %%normalize_family(%%remote)
%set %%revprox = %%nginx['reverse_proxy_for_' + %%family]['reverse_proxy_' + %%family]
%for %%rp_domainname in %%revprox['revprox_domainnames_' + %%family]
%if %%domainname != %%str(%%rp_domainname)
%continue
%end if
%for %%loc_idx, %%location in %%enumerate(%%rp_domainname['revprox_location_' + %%family])
2022-03-08 19:42:28 +01:00
location %%location {
2022-08-18 10:19:43 +02:00
proxy_pass %%rp_domainname['revprox_url_' + %%family];
%if %%rp_domainname['revprox_is_websocket_' + %%family][%%loc_idx]
2022-04-08 18:52:43 +02:00
proxy_http_version 1.1;
2022-03-11 19:55:02 +01:00
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
2022-08-18 10:19:43 +02:00
%else
2022-03-08 19:42:28 +01:00
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Destination $dest;
2022-08-18 10:19:43 +02:00
%end if
proxy_ssl_trusted_certificate /etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt;
2022-03-08 19:42:28 +01:00
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
2022-08-18 10:19:43 +02:00
%set %%maxbody = %%rp_domainname['revprox_max_body_size_' + %%family]
%if %%maxbody
2022-04-08 18:52:43 +02:00
client_max_body_size %%maxbody;
2022-08-18 10:19:43 +02:00
%end if
2022-03-08 19:42:28 +01:00
set $dest $http_destination;
index error.html;
root /var/www/html;
}
2022-03-11 18:41:49 +01:00
# If user missing '/'
2022-08-18 10:19:43 +02:00
%if %%location != '/' and %%location.endswith('/')
location %%location[:-1] {
rewrite ^(%%location[:-1])$ $1/ permanent;
2022-03-08 19:42:28 +01:00
}
2022-08-18 10:19:43 +02:00
%end if
%end for
%end for
2022-03-08 19:42:28 +01:00
%end for
}
2022-08-18 10:19:43 +02:00
2022-03-08 19:42:28 +01:00
%end for