server { listen {{ item.http_port | default ('80') }}; server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %}; location ~ /\.(?!well-known).* { deny all; access_log off; log_not_found off; return 404; } {% if letsencrypt_acme_install %} include /etc/nginx/snippets/letsencrypt-proxy.conf; {% endif %} {% if item.access_log is defined %} access_log {{ item.access_log }}; {% else %} access_log /var/log/nginx/{{ item.server_name }}_access.log; {% endif %} {% if item.error_log is defined %} error_log {{ item.error_log }}; {% else %} error_log /var/log/nginx/{{ item.server_name }}_error.log; {% endif %} server_tokens {{ item.server_tokens | default('off') }}; {% if item.ssl_enabled and item.ssl_only %} location / { return 301 https://{{ item.server_name }}$request_uri; } {% else %} root {{ item.root | default('/usr/share/nginx/html/') }}; index {{ item.index | default('index.html index.htm') }}; error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }}; location = /50x.html { root /usr/share/nginx/html; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ /\. { deny all; access_log off; log_not_found off; return 404; } {% if haproxy_ips is defined %} # We are behind haproxy {% for ip in haproxy_ips %} set_real_ip_from {{ ip }}; {% endfor %} real_ip_header X-Forwarded-For; {% endif %} {% if item.max_body is defined %} client_max_body_size {{ item.max_body }}; {% else %} client_max_body_size {{ nginx_client_max_body_size }}; {% endif %} {% if item.body_timeout is defined %} client_body_timeout {{ item.body_timeout }}; {% else %} client_body_timeout {{ nginx_client_body_timeout }}; {% endif %} {% if nginx_cors_enabled %} {% if nginx_cors_global %} include /etc/nginx/snippets/nginx-cors.conf; {% endif %} {% endif %} {% if item.additional_options is defined %} {% for add_opt in item.additional_options %} {{ add_opt }}; {% endfor %} {% endif %} {% if item.http_acls is defined %} {% for acl in item.http_acls %} {{ acl }}; {% endfor %} {% endif %} {% if item.websockets is defined and item.websockets %} proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; {% endif %} {% if item.proxy_standard_setup is defined and item.proxy_standard_setup %} # Proxy stuff {% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %} {% else %} include /etc/nginx/snippets/nginx-proxy-params.conf; {% endif %} {% if item.proxy_additional_options is defined %} {% for popt in item.proxy_additional_options %} {{ popt }}; {% endfor %} {% endif %} {% if item.locations is defined %} {% for location in item.locations %} location {{ location.location }} { {% if nginx_cors_enabled %} {% if not nginx_cors_global %} {% if location.cors is defined and location.cors %} include /etc/nginx/snippets/nginx-cors.conf; {% endif %} {% endif %} {% endif %} {% if location.target is defined %} proxy_pass {{ location.target }}; {% endif %} {% if location.extra_conf is defined %} {{ location.extra_conf }} {% endif %} {% if location.acls is defined %} {% for acl in location.acls %} {{ acl }}; {% endfor %} {% endif %} {% if location.other_opts is defined %} {% for opt in location.other_opts %} {{ opt }}; {% endfor %} {% endif %} } {% endfor %} {% endif %} {% endif %} {% if item.extra_parameters is defined %} {{ item.extra_parameters }} {% endif %} {% endif %} } {% if item.ssl_enabled %} server { listen {{ https_port | default('443') }} {{ nginx_ssl_type }}; server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %}; {% if item.access_log is defined %} access_log {{ item.access_log }}; {% else %} access_log /var/log/nginx/{{ item.server_name }}_ssl_access.log; {% endif %} {% if item.error_log is defined %} error_log {{ item.error_log }}; {% else %} error_log /var/log/nginx/{{ item.server_name }}_ssl_error.log; {% endif %} root {{ item.root | default('/usr/share/nginx/html/') }}; index {{ item.index | default('index.html index.htm') }}; error_page 500 502 503 504 {{ item.error_page | default('/50x.html') }}; location = /50x.html { root /usr/share/nginx/html; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ /\. { deny all; } {% if haproxy_ips is defined %} # We are behind haproxy {% for ip in haproxy_ips %} set_real_ip_from {{ ip }}; {% endfor %} real_ip_header X-Forwarded-For; {% endif %} {% if item.max_body is defined %} client_max_body_size {{ item.max_body }}; {% else %} client_max_body_size {{ nginx_client_max_body_size }}; {% endif %} {% if item.body_timeout is defined %} client_body_timeout {{ item.body_timeout }}; {% else %} client_body_timeout {{ nginx_client_body_timeout }}; {% endif %} include /etc/nginx/snippets/nginx-server-ssl.conf; server_tokens {{ item.server_tokens | default('off') }}; {% if nginx_cors_enabled %} {% if nginx_cors_global %} include /etc/nginx/snippets/nginx-cors.conf; {% endif %} {% endif %} {% if item.additional_options is defined %} {% for add_opt in item.additional_options %} {{ add_opt }}; {% endfor %} {% endif %} {% if item.https_acls is defined %} {% for acl in item.https_acls %} {{ acl }}; {% endfor %} {% endif %} {% if item.proxy_standard_setup is defined and item.proxy_standard_setup %} # Proxy stuff {% if item.include_global_proxy_conf is defined and not item.include_global_proxy_conf %} {% else %} include /etc/nginx/snippets/nginx-proxy-params.conf; {% endif %} {% if item.proxy_additional_options is defined %} {% for popt in item.proxy_additional_options %} {{ popt }} {% endfor %} {% endif %} {% if item.locations is defined %} {% for location in item.locations %} location {{ location.location }} { {% if nginx_cors_enabled %} {% if not nginx_cors_global %} {% if location.cors is defined and location.cors %} include /etc/nginx/snippets/nginx-cors.conf; {% endif %} {% endif %} {% endif %} {% if location.target is defined %} proxy_pass {{ location.target }}; {% endif %} {% if location.websockets is defined and location.websockets %} proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; {% endif %} {% if location.extra_conf is defined %} {{ location.extra_conf }} {% endif %} {% if location.acls is defined %} {% for acl in location.acls %} {{ acl }}; {% endfor %} {% endif %} {% if location.other_opts is defined %} {% for opt in location.other_opts %} {{ opt }}; {% endfor %} {% endif %} } {% endfor %} {% endif %} {% endif %} {% if item.extra_parameters is defined %} {{ item.extra_parameters }} {% endif %} } {% endif %}