forked from ISTI-ansible-roles/ansible-roles
Add support for ACLs
This commit is contained in:
parent
202340fe65
commit
92622b285e
|
@ -7,21 +7,25 @@ server {
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
return 404;
|
return 404;
|
||||||
}
|
}
|
||||||
|
|
||||||
{% if letsencrypt_acme_install %}
|
{% if letsencrypt_acme_install %}
|
||||||
## Disable .htaccess and other hidden files
|
|
||||||
include /etc/nginx/snippets/letsencrypt-proxy.conf;
|
include /etc/nginx/snippets/letsencrypt-proxy.conf;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.access_log is defined %}
|
{% if item.access_log is defined %}
|
||||||
access_log {{ item.access_log }};
|
access_log {{ item.access_log }};
|
||||||
{% else %}
|
{% else %}
|
||||||
access_log /var/log/nginx/{{ item.server_name }}_access.log;
|
access_log /var/log/nginx/{{ item.server_name }}_access.log;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.error_log is defined %}
|
{% if item.error_log is defined %}
|
||||||
error_log {{ item.error_log }};
|
error_log {{ item.error_log }};
|
||||||
{% else %}
|
{% else %}
|
||||||
error_log /var/log/nginx/{{ item.server_name }}_error.log;
|
error_log /var/log/nginx/{{ item.server_name }}_error.log;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
server_tokens {{ item.server_tokens | default('off') }};
|
server_tokens {{ item.server_tokens | default('off') }};
|
||||||
|
|
||||||
{% if item.ssl_enabled and item.ssl_only %}
|
{% if item.ssl_enabled and item.ssl_only %}
|
||||||
location / {
|
location / {
|
||||||
return 301 https://{{ item.server_name }}$request_uri;
|
return 301 https://{{ item.server_name }}$request_uri;
|
||||||
|
@ -55,17 +59,21 @@ server {
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
real_ip_header X-Forwarded-For;
|
real_ip_header X-Forwarded-For;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.max_body is defined %}
|
{% if item.max_body is defined %}
|
||||||
client_max_body_size {{ item.max_body }};
|
client_max_body_size {{ item.max_body }};
|
||||||
{% else %}
|
{% else %}
|
||||||
client_max_body_size {{ nginx_client_max_body_size }};
|
client_max_body_size {{ nginx_client_max_body_size }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.body_timeout is defined %}
|
{% if item.body_timeout is defined %}
|
||||||
client_body_timeout {{ item.body_timeout }};
|
client_body_timeout {{ item.body_timeout }};
|
||||||
{% else %}
|
{% else %}
|
||||||
client_body_timeout {{ nginx_client_body_timeout }};
|
client_body_timeout {{ nginx_client_body_timeout }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
server_tokens {{ item.server_tokens | default('off') }};
|
||||||
|
|
||||||
{% if nginx_cors_enabled %}
|
{% if nginx_cors_enabled %}
|
||||||
{% if nginx_cors_global %}
|
{% if nginx_cors_global %}
|
||||||
include /etc/nginx/snippets/nginx-cors.conf;
|
include /etc/nginx/snippets/nginx-cors.conf;
|
||||||
|
@ -74,9 +82,13 @@ server {
|
||||||
|
|
||||||
{% if item.additional_options is defined %}
|
{% if item.additional_options is defined %}
|
||||||
{% for add_opt in item.additional_options %}
|
{% for add_opt in item.additional_options %}
|
||||||
|
|
||||||
{{ add_opt }};
|
{{ add_opt }};
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if item.http_acls is defined %}
|
||||||
|
{% for acl in item.http_acls %}
|
||||||
|
{{ acl }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
@ -84,20 +96,26 @@ server {
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection $connection_upgrade;
|
proxy_set_header Connection $connection_upgrade;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
|
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
|
||||||
|
|
||||||
# Proxy stuff
|
# Proxy stuff
|
||||||
{% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %}
|
{% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %}
|
||||||
{% else %}
|
{% else %}
|
||||||
include /etc/nginx/snippets/nginx-proxy-params.conf;
|
include /etc/nginx/snippets/nginx-proxy-params.conf;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.proxy_additional_options is defined %}
|
{% if item.proxy_additional_options is defined %}
|
||||||
{% for popt in item.proxy_additional_options %}
|
{% for popt in item.proxy_additional_options %}
|
||||||
{{ popt }};
|
{{ popt }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.locations is defined %}
|
{% if item.locations is defined %}
|
||||||
{% for location in item.locations %}
|
{% for location in item.locations %}
|
||||||
|
|
||||||
location {{ location.location }} {
|
location {{ location.location }} {
|
||||||
|
|
||||||
{% if nginx_cors_enabled %}
|
{% if nginx_cors_enabled %}
|
||||||
{% if not nginx_cors_global %}
|
{% if not nginx_cors_global %}
|
||||||
{% if location.cors is defined and location.cors %}
|
{% if location.cors is defined and location.cors %}
|
||||||
|
@ -105,24 +123,35 @@ server {
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if location.target is defined %}
|
{% if location.target is defined %}
|
||||||
proxy_pass {{ location.target }};
|
proxy_pass {{ location.target }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if location.extra_conf is defined %}
|
{% if location.extra_conf is defined %}
|
||||||
{{ location.extra_conf }}
|
{{ location.extra_conf }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if location.other_opts is defined %}
|
|
||||||
|
{% if location.acls is defined %}
|
||||||
|
{% for acl in location.acls %}
|
||||||
|
{{ acl }};
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if location.other_opts is defined %}
|
||||||
{% for opt in location.other_opts %}
|
{% for opt in location.other_opts %}
|
||||||
{{ opt }};
|
{{ opt }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
}
|
}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.extra_parameters is defined %}
|
{% if item.extra_parameters is defined %}
|
||||||
{{ item.extra_parameters }}
|
{{ item.extra_parameters }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -131,16 +160,19 @@ server {
|
||||||
server {
|
server {
|
||||||
listen {{ https_port | default('443') }} {{ nginx_ssl_type }};
|
listen {{ https_port | default('443') }} {{ nginx_ssl_type }};
|
||||||
server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
|
server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
|
||||||
|
|
||||||
{% if item.access_log is defined %}
|
{% if item.access_log is defined %}
|
||||||
access_log {{ item.access_log }};
|
access_log {{ item.access_log }};
|
||||||
{% else %}
|
{% else %}
|
||||||
access_log /var/log/nginx/{{ item.server_name }}_ssl_access.log;
|
access_log /var/log/nginx/{{ item.server_name }}_ssl_access.log;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.error_log is defined %}
|
{% if item.error_log is defined %}
|
||||||
error_log {{ item.error_log }};
|
error_log {{ item.error_log }};
|
||||||
{% else %}
|
{% else %}
|
||||||
error_log /var/log/nginx/{{ item.server_name }}_ssl_error.log;
|
error_log /var/log/nginx/{{ item.server_name }}_ssl_error.log;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
root {{ item.root | default('/usr/share/nginx/html/') }};
|
root {{ item.root | default('/usr/share/nginx/html/') }};
|
||||||
index {{ item.index | default('index.html index.htm') }};
|
index {{ item.index | default('index.html index.htm') }};
|
||||||
error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }};
|
error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }};
|
||||||
|
@ -159,6 +191,7 @@ server {
|
||||||
location ~ /\. {
|
location ~ /\. {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
|
|
||||||
{% if haproxy_ips is defined %}
|
{% if haproxy_ips is defined %}
|
||||||
# We are behind haproxy
|
# We are behind haproxy
|
||||||
{% for ip in haproxy_ips %}
|
{% for ip in haproxy_ips %}
|
||||||
|
@ -166,6 +199,7 @@ server {
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
real_ip_header X-Forwarded-For;
|
real_ip_header X-Forwarded-For;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.max_body is defined %}
|
{% if item.max_body is defined %}
|
||||||
client_max_body_size {{ item.max_body }};
|
client_max_body_size {{ item.max_body }};
|
||||||
{% else %}
|
{% else %}
|
||||||
|
@ -176,6 +210,7 @@ server {
|
||||||
{% else %}
|
{% else %}
|
||||||
client_body_timeout {{ nginx_client_body_timeout }};
|
client_body_timeout {{ nginx_client_body_timeout }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
server_tokens {{ item.server_tokens | default('off') }};
|
server_tokens {{ item.server_tokens | default('off') }};
|
||||||
|
|
||||||
include /etc/nginx/snippets/nginx-server-ssl.conf;
|
include /etc/nginx/snippets/nginx-server-ssl.conf;
|
||||||
|
@ -188,26 +223,34 @@ server {
|
||||||
|
|
||||||
{% if item.additional_options is defined %}
|
{% if item.additional_options is defined %}
|
||||||
{% for add_opt in item.additional_options %}
|
{% for add_opt in item.additional_options %}
|
||||||
|
|
||||||
{{ add_opt }};
|
{{ add_opt }};
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if item.https_acls is defined %}
|
||||||
|
{% for acl in item.https_acls %}
|
||||||
|
{{ acl }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
|
{% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
|
||||||
|
|
||||||
# Proxy stuff
|
# Proxy stuff
|
||||||
{% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %}
|
{% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %}
|
||||||
{% else %}
|
{% else %}
|
||||||
include /etc/nginx/snippets/nginx-proxy-params.conf;
|
include /etc/nginx/snippets/nginx-proxy-params.conf;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.proxy_additional_options is defined %}
|
{% if item.proxy_additional_options is defined %}
|
||||||
{% for popt in item.proxy_additional_options %}
|
{% for popt in item.proxy_additional_options %}
|
||||||
{{ popt }}
|
{{ popt }}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.locations is defined %}
|
{% if item.locations is defined %}
|
||||||
{% for location in item.locations %}
|
{% for location in item.locations %}
|
||||||
location {{ location.location }} {
|
location {{ location.location }} {
|
||||||
|
|
||||||
{% if nginx_cors_enabled %}
|
{% if nginx_cors_enabled %}
|
||||||
{% if not nginx_cors_global %}
|
{% if not nginx_cors_global %}
|
||||||
{% if location.cors is defined and location.cors %}
|
{% if location.cors is defined and location.cors %}
|
||||||
|
@ -215,25 +258,36 @@ server {
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if location.target is defined %}
|
{% if location.target is defined %}
|
||||||
proxy_pass {{ location.target }};
|
proxy_pass {{ location.target }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if location.websockets is defined and location.websockets %}
|
{% if location.websockets is defined and location.websockets %}
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "Upgrade";
|
proxy_set_header Connection "Upgrade";
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if location.extra_conf is defined %}
|
{% if location.extra_conf is defined %}
|
||||||
{{ location.extra_conf }}
|
{{ location.extra_conf }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if location.other_opts is defined %}
|
|
||||||
|
{% if location.acls is defined %}
|
||||||
|
{% for acl in location.acls %}
|
||||||
|
{{ acl }};
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if location.other_opts is defined %}
|
||||||
{% for opt in location.other_opts %}
|
{% for opt in location.other_opts %}
|
||||||
{{ opt }};
|
{{ opt }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
}
|
}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.extra_parameters is defined %}
|
{% if item.extra_parameters is defined %}
|
||||||
{{ item.extra_parameters }}
|
{{ item.extra_parameters }}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
Loading…
Reference in New Issue