41 lines
1.5 KiB
Django/Jinja
41 lines
1.5 KiB
Django/Jinja
{% set vhost = item.value %}
|
|
{% set vhost_name = item.key %}
|
|
{% set vhost_listen = vhost.listen|default({}) %}
|
|
|
|
server {
|
|
server_name {{ vhost.servername|join(' ') }};
|
|
|
|
{% if vhost_listen.ssl|default(True) %}
|
|
listen {{ vhost_listen.ssl_port|default(443) }} ssl {% if vhost.default_server|default(False) %}default_server{% endif %};
|
|
listen [::]:{{ vhost_listen.ssl_port|default(443) }} ssl {% if vhost.default_server|default(False) %}default_server{% endif %};
|
|
{% endif %}
|
|
{% if vhost_listen.nossl|default(False) %}
|
|
listen {{ vhost_listen.nossl_port|default(80) }} ssl {% if vhost.default_server|default(False) %}default_server{% endif %};
|
|
listen [::]:{{ vhost_listen.nossl_port|default(80) }} ssl {% if vhost.default_server|default(False) %}default_server{% endif %};
|
|
{% endif %}
|
|
|
|
{% if vhost.backend|default(False) %}
|
|
location / {
|
|
proxy_pass {{ vhost.backend }};
|
|
|
|
# add proxy headers
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
# hide downstream headers for security reasons
|
|
proxy_hide_header X-Powered-By;
|
|
proxy_hide_header Server;
|
|
proxy_hide_header X-AspNetMvc-Version;
|
|
proxy_hide_header X-AspNet-Version;
|
|
}
|
|
{% endif %}
|
|
|
|
{% if vhost.letsencrypt|d(True) %}
|
|
ssl_certificate /etc/ssl/letsencrypt_{{ vhost_name }}_chained.crt;
|
|
ssl_certificate_key /etc/ssl/private/letsencrypt_{{ vhost_name }}.key;
|
|
ssl_trusted_certificate /etc/ssl/letsencrypt_full_chain.crt;
|
|
ssl_stapling_verify on;
|
|
ssl_stapling on;
|
|
{% endif %}
|
|
}
|