infra/ansible-role-nginx
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-role-nginx/templates/vhost.conf.j2
nd be5a9d8b8e
moved ssl_stapling to main config
2020-04-16 22:55:35 +02:00

68 lines
2.2 KiB
Django/Jinja
Raw Blame History

#jinja2:lstrip_blocks: True
{% set vhost = item.value %}
{% set vhost_name = item.key %}
{% set vhost_listen = vhost.listen|default({}) %}
{% set vhost_headers = nginx.add_headers|default({})|combine(vhost.add_headers|default({})) %}
server {
{% if vhost.servername|default([])|length > 0 %}
server_name {{ vhost.servername|join(' ') }};
{% endif %}
{% if vhost_listen.ssl|default(True) %}
listen {{ vhost_listen.ssl_port|default(443) }} ssl {% if vhost.default_server|default(False) %}default_server{% endif %};
listen [::]:{{ vhost_listen.ssl_port|default(443) }} ssl {% if vhost.default_server|default(False) %}default_server{% endif %};
{% endif %}
{% if vhost_listen.nossl|default(False) %}
listen {{ vhost_listen.nossl_port|default(80) }} {% if vhost.default_server|default(False) %}default_server{% endif %};
listen [::]:{{ vhost_listen.nossl_port|default(80) }} {% if vhost.default_server|default(False) %}default_server{% endif %};
{% endif %}
{% for header in vhost_headers if header %}
add_header {{ header }} "{{ vhost_headers[header] }}";
{% endfor %}
{% for c in vhost.custom|default([]) %}
{{ c }};
{% endfor %}
{% if vhost.backend|default(False) %}
location / {
proxy_pass {{ vhost.backend }};
# add proxy headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl $https;
proxy_set_header X-Url-Scheme $scheme;
# Websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# hide downstream headers for security reasons
proxy_hide_header X-Powered-By;
proxy_hide_header Server;
proxy_hide_header X-AspNetMvc-Version;
proxy_hide_header X-AspNet-Version;
# no double headers
proxy_hide_header Strict-Transport-Security;
}
{% endif %}
{% for location in vhost.locations|default([]) %}
location {{ location.match }} {
{% if location.alias %}alias {{ location.alias }};{% endif %}
}
{% endfor %}
{% if vhost.letsencrypt|d(False) %}
ssl_certificate /etc/ssl/nginx_{{ vhost_name }}.chain.crt;
ssl_certificate_key /etc/ssl/private/nginx_{{ vhost_name }}.key;
{% endif %}
}
Reference in a new issue View git blame Copy permalink