From 0410643732195626e8be8bc1b2c6fbc23b3b3cc3 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Thu, 13 May 2021 04:20:44 +0200
Subject: make nginx vhost templates more generic

---
 .../generic-proxy-no-buffering-with-acme.conf.j2   | 44 ++++++++++++----------
 1 file changed, 25 insertions(+), 19 deletions(-)

(limited to 'roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2')

diff --git a/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2 b/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2
index f74f920b..fe6cb70b 100644
--- a/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2
+++ b/roles/nginx/vhost/templates/generic-proxy-no-buffering-with-acme.conf.j2
@@ -1,6 +1,6 @@
 server {
-    listen 80;
-    listen [::]:80;
+    listen 80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
+    listen [::]:80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
     server_name {{ nginx_vhost.hostnames | join(' ') }};
 
     include snippets/acmetool.conf;
@@ -11,8 +11,8 @@ server {
 }
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
+    listen [::]:443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
     server_name {{ nginx_vhost.hostnames | join(' ') }};
 
     include snippets/acmetool.conf;
@@ -21,12 +21,13 @@ server {
     ssl_certificate_key /var/lib/acme/live/{{ nginx_vhost.hostnames[0] }}/privkey;
     include snippets/hsts.conf;
 
-    location / {
-        include snippets/proxy-nobuff.conf;
-{% if 'client_max_body_size' in nginx_vhost %}
-        client_max_body_size {{ nginx_vhost.client_max_body_size }};
-{% endif %}
+{% if 'extra_directives' in nginx_vhost %}
+    {{ nginx_vhost.extra_directives | indent(4) }}
 
+{% endif %}
+{% for path, location in nginx_vhost.locations.items() %}
+    location {{ path }} {
+        include snippets/proxy-nobuff.conf;
         proxy_set_header Host $host;
         include snippets/proxy-forward-headers.conf;
 
@@ -34,16 +35,21 @@ server {
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection $connection_upgrade;
 
-        proxy_pass {{ nginx_vhost.proxy_pass }};
-{% if 'proxy_redirect' in nginx_vhost %}
-{%   for entry in nginx_vhost.proxy_redirect %}
+        proxy_pass {{ location.proxy_pass }};
+{%   if 'proxy_redirect' in location %}
+{%     for entry in location.proxy_redirect %}
         proxy_redirect {{ entry.redirect }} {{ entry.replacement }};
-{%   endfor %}
-{% endif %}
-{% if 'proxy_ssl' in nginx_vhost %}
-{%   for prop in (nginx_vhost.proxy_ssl | list | sort)  %}
-        proxy_ssl_{{ prop }} {{ nginx_vhost.proxy_ssl[prop] }};
-{%   endfor %}
-{% endif %}
+{%     endfor %}
+{%   endif %}
+{%   if 'proxy_ssl' in location %}
+{%     for prop in (location.proxy_ssl | list | sort)  %}
+        proxy_ssl_{{ prop }} {{ location.proxy_ssl[prop] }};
+{%     endfor %}
+{%   endif %}
+{%   if 'extra_directives' in location %}
+
+        {{ location.extra_directives | indent(8) }}
+{%   endif %}
     }
+{% endfor %}
 }
-- 
cgit v1.2.3