dataset/seed/applicationservice/2022.03.08/nginx-reverse-proxy-server/templates/revprox-nginx.conf

56 lines
2.2 KiB
Text

%for %%idx, %%domainname in %%enumerate(%%revprox_domainnames_all)
%set %%family = %%normalize_family(%%domainname)
%set %%revprox = %%nginx['reverse_proxy_for_' + family]['reverse_proxy_' + family]
%set %%wildcard = %%nginx['reverse_proxy_for_' + family]['revprox_domain_wildcard_' + family]
# Configuration HTTP %%domainname
server {
listen 80;
server_name %%domainname;
return 301 https://www.domain.com$request_uri;
}
# Configuration HTTPS %%domainname
server {
listen 443 ssl http2;
ssl_certificate %%nginx_certificate_filename[%%idx];
ssl_certificate_key %%nginx_private_key_filename[%%idx];
server_name %%domainname;
error_page 403 404 502 503 504 /error.html;
location = /error.html{
root /var/www/html;
}
%for %%location in %%revprox['revprox_location_' + family]
%set %%location_str = %%str(%%location)
location %%location {
proxy_pass %%location['revprox_url_' + family];
%if %%location['revprox_is_websocket_' + family]
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
%else
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Destination $dest;
%end if
proxy_ssl_trusted_certificate /etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
set $dest $http_destination;
index error.html;
root /var/www/html;
}
# If user missing '/'
%if %%location_str != '/' and %%location_str.endswith('/')
location %%location_str[:-1] {
rewrite ^(%%location_str[:-1])$ $1/ permanent;
}
%end if
%end for
}
%end for