diff --git a/nginx/templates/nginx-virthost.j2 b/nginx/templates/nginx-virthost.j2 index 99448da1..0de8dfcb 100644 --- a/nginx/templates/nginx-virthost.j2 +++ b/nginx/templates/nginx-virthost.j2 @@ -7,21 +7,25 @@ server { log_not_found off; return 404; } + {% if letsencrypt_acme_install %} -## Disable .htaccess and other hidden files include /etc/nginx/snippets/letsencrypt-proxy.conf; {% endif %} + {% if item.access_log is defined %} access_log {{ item.access_log }}; {% else %} access_log /var/log/nginx/{{ item.server_name }}_access.log; {% endif %} + {% if item.error_log is defined %} error_log {{ item.error_log }}; {% else %} error_log /var/log/nginx/{{ item.server_name }}_error.log; {% endif %} + server_tokens {{ item.server_tokens | default('off') }}; + {% if item.ssl_enabled and item.ssl_only %} location / { return 301 https://{{ item.server_name }}$request_uri; @@ -55,17 +59,21 @@ server { {% endfor %} real_ip_header X-Forwarded-For; {% endif %} + {% if item.max_body is defined %} client_max_body_size {{ item.max_body }}; {% else %} client_max_body_size {{ nginx_client_max_body_size }}; {% endif %} + {% if item.body_timeout is defined %} client_body_timeout {{ item.body_timeout }}; {% else %} client_body_timeout {{ nginx_client_body_timeout }}; {% endif %} + server_tokens {{ item.server_tokens | default('off') }}; + {% if nginx_cors_enabled %} {% if nginx_cors_global %} include /etc/nginx/snippets/nginx-cors.conf; @@ -74,9 +82,13 @@ server { {% if item.additional_options is defined %} {% for add_opt in item.additional_options %} - {{ add_opt }}; + {% endfor %} + {% endif %} + {% if item.http_acls is defined %} + {% for acl in item.http_acls %} + {{ acl }}; {% endfor %} {% endif %} @@ -84,20 +96,26 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; {% endif %} + {% if item.proxy_standard_setup is defined and item.proxy_standard_setup %} + # Proxy stuff {% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %} {% else %} include /etc/nginx/snippets/nginx-proxy-params.conf; {% endif %} + {% if item.proxy_additional_options is defined %} {% for popt in item.proxy_additional_options %} {{ popt }}; {% endfor %} {% endif %} + {% if item.locations is defined %} {% for location in item.locations %} + location {{ location.location }} { + {% if nginx_cors_enabled %} {% if not nginx_cors_global %} {% if location.cors is defined and location.cors %} @@ -105,24 +123,35 @@ server { {% endif %} {% endif %} {% endif %} + {% if location.target is defined %} proxy_pass {{ location.target }}; {% endif %} + {% if location.extra_conf is defined %} {{ location.extra_conf }} {% endif %} - {% if location.other_opts is defined %} + + {% if location.acls is defined %} + {% for acl in location.acls %} + {{ acl }}; + {% endfor %} + {% endif %} + + {% if location.other_opts is defined %} {% for opt in location.other_opts %} {{ opt }}; {% endfor %} {% endif %} - } + } {% endfor %} {% endif %} {% endif %} + {% if item.extra_parameters is defined %} {{ item.extra_parameters }} {% endif %} + {% endif %} } @@ -131,16 +160,19 @@ server { server { listen {{ https_port | default('443') }} {{ nginx_ssl_type }}; server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %}; + {% if item.access_log is defined %} access_log {{ item.access_log }}; {% else %} access_log /var/log/nginx/{{ item.server_name }}_ssl_access.log; {% endif %} + {% if item.error_log is defined %} error_log {{ item.error_log }}; {% else %} error_log /var/log/nginx/{{ item.server_name }}_ssl_error.log; {% endif %} + root {{ item.root | default('/usr/share/nginx/html/') }}; index {{ item.index | default('index.html index.htm') }}; error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }}; @@ -159,6 +191,7 @@ server { location ~ /\. { deny all; } + {% if haproxy_ips is defined %} # We are behind haproxy {% for ip in haproxy_ips %} @@ -166,6 +199,7 @@ server { {% endfor %} real_ip_header X-Forwarded-For; {% endif %} + {% if item.max_body is defined %} client_max_body_size {{ item.max_body }}; {% else %} @@ -176,6 +210,7 @@ server { {% else %} client_body_timeout {{ nginx_client_body_timeout }}; {% endif %} + server_tokens {{ item.server_tokens | default('off') }}; include /etc/nginx/snippets/nginx-server-ssl.conf; @@ -188,26 +223,34 @@ server { {% if item.additional_options is defined %} {% for add_opt in item.additional_options %} - {{ add_opt }}; + {% endfor %} + {% endif %} + {% if item.https_acls is defined %} + {% for acl in item.https_acls %} + {{ acl }}; {% endfor %} {% endif %} {% if item.proxy_standard_setup is defined and item.proxy_standard_setup %} + # Proxy stuff {% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %} {% else %} include /etc/nginx/snippets/nginx-proxy-params.conf; {% endif %} + {% if item.proxy_additional_options is defined %} {% for popt in item.proxy_additional_options %} {{ popt }} {% endfor %} {% endif %} + {% if item.locations is defined %} {% for location in item.locations %} location {{ location.location }} { + {% if nginx_cors_enabled %} {% if not nginx_cors_global %} {% if location.cors is defined and location.cors %} @@ -215,25 +258,36 @@ server { {% endif %} {% endif %} {% endif %} + {% if location.target is defined %} proxy_pass {{ location.target }}; {% endif %} + {% if location.websockets is defined and location.websockets %} proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; {% endif %} + {% if location.extra_conf is defined %} {{ location.extra_conf }} {% endif %} - {% if location.other_opts is defined %} + + {% if location.acls is defined %} + {% for acl in location.acls %} + {{ acl }}; + {% endfor %} + {% endif %} + + {% if location.other_opts is defined %} {% for opt in location.other_opts %} {{ opt }}; {% endfor %} {% endif %} - } + } {% endfor %} {% endif %} {% endif %} + {% if item.extra_parameters is defined %} {{ item.extra_parameters }} {% endif %}