infra/ansible-role-nginx
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-role-nginx/templates/vhost.conf.j2

96 lines
3.1 KiB
Django/Jinja
Raw Blame History

#jinja2:lstrip_blocks: True
{% set vhost = item.value %}
{% set vhost_name = item.key %}
{% set vhost_listen = vhost.listen|default({}) %}
{% set vhost_headers = nginx.add_headers|default({})|combine(vhost.add_headers|default({})) %}
server {
{% if vhost.servername|default([])|length > 0 %}
server_name {{ vhost.servername|join(' ') }};
{% endif %}
{% if vhost_listen.ssl|default(True) %}
listen {{ vhost_listen.ssl_port|default(443) }} ssl http2 {% if vhost.default_server|default(False) %}default_server{% endif %};
listen [::]:{{ vhost_listen.ssl_port|default(443) }} ssl http2 {% if vhost.default_server|default(False) %}default_server{% endif %};
{% endif %}
{% if vhost_listen.nossl|default(False) %}
listen {{ vhost_listen.nossl_port|default(80) }} {% if vhost.default_server|default(False) %}default_server{% endif %};
listen [::]:{{ vhost_listen.nossl_port|default(80) }} {% if vhost.default_server|default(False) %}default_server{% endif %};
{% endif %}
{% for header in vhost_headers if header %}
add_header {{ header }} "{{ vhost_headers[header] }}";
{% endfor %}
{% for c in vhost.custom|default([]) %}
{{ c }};
{% endfor %}
{% if vhost.backend|default(False) %}
location / {
proxy_pass {{ vhost.backend }};
# add proxy headers
proxy_set_header Host {% if 'host' in vhost %}"{{ vhost.host }}"{% else %}$host{% endif %};
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl $https;
proxy_set_header X-Url-Scheme $scheme;
# add custom proxy headers
{% for header in vhost.add_proxy_headers|d({}) if header %}
proxy_set_header {{ header }} "{{ vhost.add_proxy_headers[header] }}";
{% endfor %}
# Websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# remove custom proxy headers
{% for header in vhost.hide_proxy_headers|d({}) if header %}
proxy_hide_header {{ header }};
{% endfor %}
# hide downstream headers for security reasons
proxy_hide_header X-Powered-By;
proxy_hide_header Server;
proxy_hide_header X-AspNetMvc-Version;
proxy_hide_header X-AspNet-Version;
# no double headers
proxy_hide_header Strict-Transport-Security;
}
{% endif %}
{% for location in vhost.locations|default([]) %}
location {{ location.match }} {
{% if "alias" in location %}
alias {{ location.alias }};
{% endif %}
{% for c in location.custom|default([]) %}
{{ c }};
{% endfor %}
}
{% endfor %}
{% if vhost.auth.enable|default(False) %}
auth_basic "restricted area";
auth_basic_user_file {{ vhost.auth.path }};
satisfy {{ vhost.auth.satisfy|d('all') }};
{% endif %}
{% for include in vhost.includes|default([]) %}
include {{ include }};
{% endfor %}
{% if vhost.letsencrypt|d(False) %}
ssl_certificate /etc/ssl/nginx_{{ vhost_name }}.chain.crt;
ssl_certificate_key /etc/ssl/private/nginx_{{ vhost_name }}.key;
{% elif vhost.crt|d(None) and vhost.key|d(None) %}
ssl_certificate {{ vhost.crt }};
ssl_certificate_key {{ vhost.key }};
{% endif %}
}
Reference in a new issue View git blame Copy permalink