diff options
Diffstat (limited to 'roles/nginx')
3 files changed, 59 insertions, 41 deletions
diff --git a/roles/nginx/vhost/defaults/main.yml b/roles/nginx/vhost/defaults/main.yml index b5de1fad..233015be 100644 --- a/roles/nginx/vhost/defaults/main.yml +++ b/roles/nginx/vhost/defaults/main.yml @@ -7,15 +7,21 @@ # hostnames: # - example.com # - www.example.com -# proxy_pass: http://127.0.0.1:8080 -# proxy_redirect: -# - redirect: "http://$host/" -# replacement: "https://$host/" -# - redirect: "http://$host:8080/" -# replacement: "https://$host/" -# proxy_ssl: -# verify: on -# trusted_certificate: /path/to/ca.pem +# extra_directives: |- +# add_header X-Example-Header "foo"; +# locations: +# '/': +# proxy_pass: http://127.0.0.1:8080 +# proxy_redirect: +# - redirect: "http://$host/" +# replacement: "https://$host/" +# - redirect: "http://$host:8080/" +# replacement: "https://$host/" +# extra_directives: |- +# add_header X-Example-Header "foo"; +# proxy_ssl: +# verify: on +# trusted_certificate: /path/to/ca.pem # nginx_vhost: # name: other-example diff --git a/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2 b/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2 index f74f920b..fe6cb70b 100644 --- a/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2 +++ b/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2 @@ -1,6 +1,6 @@ server { - listen 80; - listen [::]:80; + listen 80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; + listen [::]:80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; server_name {{ nginx_vhost.hostnames | join(' ') }}; include snippets/acmetool.conf; @@ -11,8 +11,8 @@ server { } server { - listen 443 ssl http2; - listen [::]:443 ssl http2; + listen 443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; + listen [::]:443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; server_name {{ nginx_vhost.hostnames | join(' ') }}; include snippets/acmetool.conf; @@ -21,12 +21,13 @@ server { ssl_certificate_key /var/lib/acme/live/{{ nginx_vhost.hostnames[0] }}/privkey; include snippets/hsts.conf; - location / { - include snippets/proxy-nobuff.conf; -{% if 'client_max_body_size' in nginx_vhost %} - client_max_body_size {{ nginx_vhost.client_max_body_size }}; -{% endif %} +{% if 'extra_directives' in nginx_vhost %} + {{ nginx_vhost.extra_directives | indent(4) }} +{% endif %} +{% for path, location in nginx_vhost.locations.items() %} + location {{ path }} { + include snippets/proxy-nobuff.conf; proxy_set_header Host $host; include snippets/proxy-forward-headers.conf; @@ -34,16 +35,21 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; - proxy_pass {{ nginx_vhost.proxy_pass }}; -{% if 'proxy_redirect' in nginx_vhost %} -{% for entry in nginx_vhost.proxy_redirect %} + proxy_pass {{ location.proxy_pass }}; +{% if 'proxy_redirect' in location %} +{% for entry in location.proxy_redirect %} proxy_redirect {{ entry.redirect }} {{ entry.replacement }}; -{% endfor %} -{% endif %} -{% if 'proxy_ssl' in nginx_vhost %} -{% for prop in (nginx_vhost.proxy_ssl | list | sort) %} - proxy_ssl_{{ prop }} {{ nginx_vhost.proxy_ssl[prop] }}; -{% endfor %} -{% endif %} +{% endfor %} +{% endif %} +{% if 'proxy_ssl' in location %} +{% for prop in (location.proxy_ssl | list | sort) %} + proxy_ssl_{{ prop }} {{ location.proxy_ssl[prop] }}; +{% endfor %} +{% endif %} +{% if 'extra_directives' in location %} + + {{ location.extra_directives | indent(8) }} +{% endif %} } +{% endfor %} } diff --git a/roles/nginx/vhost/templates/generic-proxy-no-buffering.conf.j2 b/roles/nginx/vhost/templates/generic-proxy-no-buffering.conf.j2 index 10697441..2a74697e 100644 --- a/roles/nginx/vhost/templates/generic-proxy-no-buffering.conf.j2 +++ b/roles/nginx/vhost/templates/generic-proxy-no-buffering.conf.j2 @@ -1,14 +1,15 @@ server { - listen 80; - listen [::]:80; + listen 80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; + listen [::]:80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %}; server_name {{ nginx_vhost.hostnames | join(' ') }}; - location / { - include snippets/proxy-nobuff.conf; -{% if 'client_max_body_size' in nginx_vhost %} - client_max_body_size {{ nginx_vhost.client_max_body_size }}; -{% endif %} +{% if 'extra_directives' in nginx_vhost %} + {{ nginx_vhost.extra_directives | indent(4) }} +{% endif %} +{% for path, location in nginx_vhost.locations.items() %} + location {{ path }} { + include snippets/proxy-nobuff.conf; proxy_set_header Host $host; include snippets/proxy-forward-headers.conf; @@ -16,16 +17,21 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; - proxy_pass {{ nginx_vhost.proxy_pass }}; -{% if 'proxy_redirect' in nginx_vhost %} -{% for entry in nginx_vhost.proxy_redirect %} + proxy_pass {{ location.proxy_pass }}; +{% if 'proxy_redirect' in location %} +{% for entry in location.proxy_redirect %} proxy_redirect {{ entry.redirect }} {{ entry.replacement }}; {% endfor %} {% endif %} -{% if 'proxy_ssl' in nginx_vhost %} -{% for prop in (nginx_vhost.proxy_ssl | list | sort) %} - proxy_ssl_{{ prop }} {{ nginx_vhost.proxy_ssl[prop] }}; +{% if 'proxy_ssl' in location %} +{% for prop in (location.proxy_ssl | list | sort) %} + proxy_ssl_{{ prop }} {{ location.proxy_ssl[prop] }}; {% endfor %} +{% endif %} +{% if 'extra_directives' in location %} + + {{ location.extra_directives | indent(8) }} {% endif %} } +{% endfor %} } |