diff options
author | Christian Pointner <equinox@spreadspace.org> | 2022-08-17 20:05:00 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2022-08-17 20:05:00 +0200 |
commit | 88f9ccc57964d8530dd23952f4ef3d85bab2438b (patch) | |
tree | 1ac6db932157df00af76a642b85ab85a05217724 /roles/nginx/vhost/templates/generic.conf.j2 | |
parent | acmetool: let's encrypt again updated it's subscriber aggreement (diff) |
nginx/vhost: combine templates to one generic version
Diffstat (limited to 'roles/nginx/vhost/templates/generic.conf.j2')
-rw-r--r-- | roles/nginx/vhost/templates/generic.conf.j2 | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/roles/nginx/vhost/templates/generic.conf.j2 b/roles/nginx/vhost/templates/generic.conf.j2 new file mode 100644 index 00000000..08bf7a60 --- /dev/null +++ b/roles/nginx/vhost/templates/generic.conf.j2 @@ -0,0 +1,74 @@ +server { + listen 80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; + listen [::]:80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; + server_name {{ nginx_vhost.hostnames | join(' ') }}; + +{% if 'acme' in nginx_vhost and nginx_vhost.acme %} + include snippets/acmetool.conf; + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; + listen [::]:443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; + server_name {{ nginx_vhost.hostnames | join(' ') }}; + + include snippets/acmetool.conf; + include snippets/tls{% if 'tls_variant' in nginx_vhost %}-{{ nginx_vhost.tls_variant }}{% endif %}.conf; + ssl_certificate /var/lib/acme/live/{{ nginx_vhost.hostnames[0] }}/fullchain; + ssl_certificate_key /var/lib/acme/live/{{ nginx_vhost.hostnames[0] }}/privkey; + include snippets/hsts.conf; + +{% endif %} +{% if 'extra_directives' in nginx_vhost %} + {{ nginx_vhost.extra_directives | indent(4) }} + +{% endif %} +{% for path, location in nginx_vhost.locations.items() %} + location {{ path }} { +{% if 'proxy_pass' in location %} + include snippets/proxy-nobuff.conf; + proxy_set_header Host $host; + include snippets/proxy-forward-headers.conf; + + # for websockets + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + proxy_pass {{ location.proxy_pass }}; +{% if 'proxy_redirect' in location %} +{% for entry in location.proxy_redirect %} + proxy_redirect {{ entry.redirect }} {{ entry.replacement }}; +{% endfor %} +{% endif %} +{% if 'proxy_ssl' in location %} +{% for prop in (location.proxy_ssl | list | sort) %} + proxy_ssl_{{ prop }} {{ location.proxy_ssl[prop] }}; +{% endfor %} +{% endif %} +{% else %} +{% if 'root' in location %} + root {{ location.root }}; +{% elif 'alias' in location %} + alias {{ location.alias }}; +{% endif %} +{% if 'index' in location %} + index {{ location.index }}; +{% endif %} +{% if 'autoindex' in location %} + autoindex on; +{% if 'format' in location.autoindex %} + autoindex_format {{ nginx_vhost.autoindex.format }}; +{% endif %} +{% endif %} +{% endif %} +{% if 'extra_directives' in location %} + + {{ location.extra_directives | indent(8) }} +{% endif %} + } +{% endfor %} +} |