From 88f9ccc57964d8530dd23952f4ef3d85bab2438b Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 17 Aug 2022 20:05:00 +0200
Subject: nginx/vhost: combine templates to one generic version

---
 roles/nginx/vhost/templates/generic.conf.j2 | 74 +++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 roles/nginx/vhost/templates/generic.conf.j2

(limited to 'roles/nginx/vhost/templates/generic.conf.j2')

diff --git a/roles/nginx/vhost/templates/generic.conf.j2 b/roles/nginx/vhost/templates/generic.conf.j2
new file mode 100644
index 00000000..08bf7a60
--- /dev/null
+++ b/roles/nginx/vhost/templates/generic.conf.j2
@@ -0,0 +1,74 @@
+server {
+    listen 80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
+    listen [::]:80{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
+    server_name {{ nginx_vhost.hostnames | join(' ') }};
+
+{% if 'acme' in nginx_vhost and nginx_vhost.acme %}
+    include snippets/acmetool.conf;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
+    listen [::]:443 ssl http2{% if 'default' in nginx_vhost and nginx_vhost.default %} default_server{% endif %};
+    server_name {{ nginx_vhost.hostnames | join(' ') }};
+
+    include snippets/acmetool.conf;
+    include snippets/tls{% if 'tls_variant' in nginx_vhost %}-{{ nginx_vhost.tls_variant }}{% endif %}.conf;
+    ssl_certificate     /var/lib/acme/live/{{ nginx_vhost.hostnames[0] }}/fullchain;
+    ssl_certificate_key /var/lib/acme/live/{{ nginx_vhost.hostnames[0] }}/privkey;
+    include snippets/hsts.conf;
+
+{% endif %}
+{% if 'extra_directives' in nginx_vhost %}
+    {{ nginx_vhost.extra_directives | indent(4) }}
+
+{% endif %}
+{% for path, location in nginx_vhost.locations.items() %}
+    location {{ path }} {
+{%   if 'proxy_pass' in location %}
+        include snippets/proxy-nobuff.conf;
+        proxy_set_header Host $host;
+        include snippets/proxy-forward-headers.conf;
+
+        # for websockets
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
+
+        proxy_pass {{ location.proxy_pass }};
+{%     if 'proxy_redirect' in location %}
+{%       for entry in location.proxy_redirect %}
+        proxy_redirect {{ entry.redirect }} {{ entry.replacement }};
+{%       endfor %}
+{%     endif %}
+{%     if 'proxy_ssl' in location %}
+{%       for prop in (location.proxy_ssl | list | sort)  %}
+        proxy_ssl_{{ prop }} {{ location.proxy_ssl[prop] }};
+{%       endfor %}
+{%     endif %}
+{%   else %}
+{%     if 'root' in location %}
+        root {{ location.root }};
+{%     elif 'alias' in location %}
+        alias {{ location.alias }};
+{%     endif %}
+{%     if 'index' in location %}
+        index {{ location.index }};
+{%     endif %}
+{%     if 'autoindex' in location %}
+        autoindex on;
+{%       if 'format' in location.autoindex %}
+        autoindex_format {{ nginx_vhost.autoindex.format }};
+{%       endif  %}
+{%     endif %}
+{%   endif %}
+{%   if 'extra_directives' in location %}
+
+        {{ location.extra_directives | indent(8) }}
+{%   endif %}
+    }
+{% endfor %}
+}
-- 
cgit v1.2.3