add support for listen ips

2021-07-11 04:08:39 +02:00 · 2021-07-11 04:08:39 +02:00 · 13d7194e4f
commit 13d7194e4f
parent 75e21a2e2e
4 changed files with 68 additions and 22 deletions
--- a/templates/vhost.conf.j2
+++ b/templates/vhost.conf.j2
@ -1,23 +1,34 @@
 #jinja2:lstrip_blocks: True
-{% set vhost = item.value %}
+{% set vhost = {}|combine(nginx_vhosts_defaults, item.value, recursive=True) %}
 {% set vhost_name = item.key %}
-{% set vhost_listen = vhost.listen|default({}) %}
-{% set vhost_headers = nginx.add_headers|default({})|combine(vhost.add_headers|default({})) %}
+{% set vhost_headers = {}|combine(nginx.add_headers, vhost.add_headers) %}
+
+{% macro nginx_listen(ips, port, options) %}
+	{% for ip in ips %}
+	listen {{ ip }}:{{ port }} {{ options|join(' ') }}{% if vhost.default_server %} default_server{% endif %};
+	{% endfor %}
+{% endmacro %}

 server {
-	{% if vhost.servername|default([])|length > 0 %}
+	{% if vhost.servername|length > 0 %}
 	server_name {{ vhost.servername|join(' ') }};
 	{% endif %}

-	{% if vhost_listen.ssl|default(True) %}
-	listen {{ vhost_listen.ssl_port|default(443) }} ssl http2 {% if vhost.default_server|default(False) %}default_server{% endif %};
-	listen [::]:{{ vhost_listen.ssl_port|default(443) }} ssl http2 {% if vhost.default_server|default(False) %}default_server{% endif %};
+	{% if vhost.listen.ssl %}
+	{% if vhost.listen.v4 %}{{ nginx_listen(vhost.listen.v4_ip, vhost.listen.ssl_port, ["ssl", "http2"]) }}{% endif %}
+	{% if vhost.listen.v6 %}{{ nginx_listen(vhost.listen.v6_ip, vhost.listen.ssl_port, ["ssl", "http2"]) }}{% endif %}
+
 	{% endif %}
-	{% if vhost_listen.nossl|default(False) %}
-	listen {{ vhost_listen.nossl_port|default(80) }} {% if vhost.default_server|default(False) %}default_server{% endif %};
-	listen [::]:{{ vhost_listen.nossl_port|default(80) }} {% if vhost.default_server|default(False) %}default_server{% endif %};
+
+	{% if vhost.listen.nossl %}
+	{% if vhost.listen.v4 %}{{ nginx_listen(vhost.listen.v4_ip, vhost.listen.nossl_port, []) }}{% endif %}
+	{% if vhost.listen.v6 %}{{ nginx_listen(vhost.listen.v6_ip, vhost.listen.nossl_port, []) }}{% endif %}
 	{% endif %}

+	{% for i in vhost.listen.custom %}
+	listen {{ i }};
+	{% endfor %}
+
 	{% for header in vhost_headers if header %}
 	add_header {{ header }} "{{ vhost_headers[header] }}";
 	{% endfor %}
@ -27,12 +38,12 @@ server {
 	{% endfor %}


-	{% if vhost.backend|default(False) %}
+	{% if vhost.backend %}
 	location / {
 		proxy_pass {{ vhost.backend }};

 		# add proxy headers
-		proxy_set_header Host			{% if 'host' in vhost %}"{{ vhost.host }}"{% else %}$host{% endif %};
+		proxy_set_header Host			{{ vhost.host }};
 		proxy_set_header X-Real-IP		$remote_addr;
 		proxy_set_header X-Forwarded-For	$proxy_add_x_forwarded_for;
 		proxy_set_header X-Forwarded-Proto	$scheme;
@ -40,9 +51,9 @@ server {
 		proxy_set_header X-Url-Scheme		$scheme;

 		# add custom proxy headers
-{% for header in vhost.add_proxy_headers|d({}) if header %}
+		{% for header in vhost.add_proxy_headers if header %}
 		proxy_set_header {{ header }}		"{{ vhost.add_proxy_headers[header] }}";
-{% endfor %}
+		{% endfor %}

 		# Websockets
 		proxy_http_version 1.1;
@ -50,7 +61,7 @@ server {
 		proxy_set_header Connection "upgrade";

 		# remove custom proxy headers
-{% for header in vhost.hide_proxy_headers|d({}) if header %}
+{% for header in vhost.hide_proxy_headers if header %}
 		proxy_hide_header {{ header }};
 {% endfor %}
 		# hide downstream headers for security reasons
@ -64,7 +75,7 @@ server {
 	}
 	{% endif %}

-	{% for location in vhost.locations|default([]) %}
+	{% for location in vhost.locations %}
 	location {{ location.match }} {
 		{% if "alias" in location %}
 		alias {{ location.alias }};
@ -75,21 +86,21 @@ server {
 	}
 	{% endfor %}

-	{% if vhost.auth.enable|default(False) %}
+	{% if vhost.auth.enable %}
 	auth_basic           "restricted area";
 	auth_basic_user_file {{ vhost.auth.path }}; 
-	satisfy {{ vhost.auth.satisfy|d('all') }};
+	satisfy {{ vhost.auth.satisfy }};
 	{% endif %}


-	{% for include in vhost.includes|default([]) %}
+	{% for include in vhost.includes %}
 	include {{ include }};
 	{% endfor %}

-	{% if vhost.letsencrypt|d(False) %}
+	{% if vhost.letsencrypt %}
 	ssl_certificate /etc/ssl/nginx_{{ vhost_name }}.chain.crt;
 	ssl_certificate_key /etc/ssl/private/nginx_{{ vhost_name }}.key;
-	{% elif vhost.crt|d(None) and vhost.key|d(None) %}
+	{% elif vhost.crt and vhost.key %}
 	ssl_certificate {{ vhost.crt }};
 	ssl_certificate_key {{ vhost.key }};
 	{% endif %}