2022-03-08 19:42:28 +01:00
|
|
|
%for %%idx, %%domainname in %%enumerate(%%revprox_domainnames_all)
|
|
|
|
%set %%family = %%normalize_family(%%domainname)
|
|
|
|
%set %%revprox = %%nginx['reverse_proxy_for_' + family]['reverse_proxy_' + family]
|
|
|
|
%set %%wildcard = %%nginx['reverse_proxy_for_' + family]['revprox_domain_wildcard_' + family]
|
|
|
|
# Configuration HTTP %%domainname
|
|
|
|
server {
|
|
|
|
listen 80;
|
2022-03-11 19:55:02 +01:00
|
|
|
server_name %%domainname;
|
2022-03-08 19:42:28 +01:00
|
|
|
error_page 403 404 502 503 504 /error.html;
|
|
|
|
|
2022-03-11 19:55:02 +01:00
|
|
|
location / {
|
2022-03-08 19:42:28 +01:00
|
|
|
rewrite ^(.*) https://$host$1 permanent;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
# FIXME return 301 https://www.domain.com$request_uri; => https://www.nginx.com/blog/creating-nginx-rewrite-rules/
|
|
|
|
}
|
|
|
|
|
|
|
|
# Configuration HTTPS %%domainname
|
|
|
|
server {
|
2022-03-11 18:41:49 +01:00
|
|
|
listen 443 ssl http2;
|
2022-03-08 19:42:28 +01:00
|
|
|
ssl_certificate %%nginx_certificate_filename[%%idx];
|
|
|
|
ssl_certificate_key %%nginx_private_key_filename[%%idx];
|
|
|
|
ssl_client_certificate %%nginx_chain_filename[%%idx];
|
|
|
|
server_name %%domainname;
|
|
|
|
error_page 403 404 502 503 504 /error.html;
|
|
|
|
location = /error.html{
|
|
|
|
root /var/www/html;
|
|
|
|
}
|
|
|
|
|
|
|
|
%for %%location in %%revprox['revprox_location_' + family]
|
2022-03-11 19:55:02 +01:00
|
|
|
%set %%location_str = %%str(%%location)
|
2022-03-08 19:42:28 +01:00
|
|
|
location %%location {
|
|
|
|
proxy_pass %%location['revprox_url_' + family];
|
2022-03-11 19:55:02 +01:00
|
|
|
%if %%location['revprox_is_websocket_' + family]
|
|
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
|
|
proxy_set_header Connection "upgrade";
|
|
|
|
%else
|
2022-03-08 19:42:28 +01:00
|
|
|
proxy_set_header Host $http_host;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
|
|
proxy_set_header X-Forwarded-Port $server_port;
|
|
|
|
proxy_set_header X-Forwarded-Server $host;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
proxy_set_header Destination $dest;
|
2022-03-11 19:55:02 +01:00
|
|
|
%end if
|
2022-03-08 19:42:28 +01:00
|
|
|
proxy_ssl_trusted_certificate /etc/pki/ca-trust/source/anchors/ca_ReverseProxy.crt;
|
|
|
|
proxy_ssl_verify on;
|
|
|
|
proxy_ssl_verify_depth 2;
|
|
|
|
proxy_ssl_session_reuse on;
|
|
|
|
set $dest $http_destination;
|
|
|
|
index error.html;
|
|
|
|
root /var/www/html;
|
|
|
|
}
|
2022-03-11 18:41:49 +01:00
|
|
|
# If user missing '/'
|
2022-03-08 19:42:28 +01:00
|
|
|
%if %%location_str != '/' and %%location_str.endswith('/')
|
|
|
|
location %%location_str[:-1] {
|
|
|
|
rewrite ^(%%location_str[:-1])$ $1/ permanent;
|
|
|
|
}
|
|
|
|
%end if
|
|
|
|
%end for
|
|
|
|
}
|
|
|
|
%end for
|