ansible-role-nginx/templates/http/default.conf.j2

156 lines
8.2 KiB
Plaintext
Raw Normal View History

# {{ ansible_managed }}
{% if item.value.upstreams is defined %}
{% for upstream in item.value.upstreams %}
upstream {{ item.value.upstreams[upstream].name }} {
{{ item.value.upstreams[upstream].lb_method }};
zone {{ item.value.upstreams[upstream].zone_name }} {{ item.value.upstreams[upstream].zone_size }};
{% for server in item.value.upstreams[upstream].servers %}
2018-11-09 11:28:16 +01:00
server {{ item.value.upstreams[upstream].servers[server].address }}:{{ item.value.upstreams[upstream].servers[server].port }} weight={{ item.value.upstreams[upstream].servers[server].weight|default("1") }} {{ item.value.upstreams[upstream].servers[server].health_check|default("") }};
{% endfor %}
{% if item.value.upstreams[upstream].sticky_cookie %}
sticky cookie srv_id expires=1h path=/;
{% endif %}
}
{% endfor %}
{% endif %}
{% if item.value.reverse_proxy is defined %}
{% if item.value.reverse_proxy.proxy_cache_path is defined %}
{% for proxy_cache_path in item.value.reverse_proxy.proxy_cache_path %}
proxy_cache_path {{ proxy_cache_path.path }} keys_zone={{ proxy_cache_path.keys_zone.name }}:{{ proxy_cache_path.keys_zone.size }}
levels={{ proxy_cache_path.levels }} max_size={{ proxy_cache_path.max_size }}
inactive={{ proxy_cache_path.inactive }} use_temp_path={{ proxy_cache_path.use_temp_path | ternary("on", "off") }};
{% endfor %}
{% if item.value.reverse_proxy.proxy_cache_background_update is defined %}
proxy_cache_background_update {{ item.value.reverse_proxy.proxy_cache_background_update | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.proxy_cache_lock is defined %}
proxy_cache_lock {{ item.value.reverse_proxy.proxy_cache_lock | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.proxy_cache_min_uses is defined %}
proxy_cache_min_uses {{ item.value.reverse_proxy.proxy_cache_min_uses }};
{% endif %}
{% if item.value.reverse_proxy.proxy_cache_revalidate is defined %}
proxy_cache_revalidate {{ item.value.reverse_proxy.proxy_cache_revalidate | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.proxy_cache_use_stale is defined %}
proxy_cache_use_stale {{ item.value.reverse_proxy.proxy_cache_use_stale | join(" ") }};
{% endif %}
{% if item.value.reverse_proxy.proxy_ignore_headers is defined %}
proxy_ignore_headers {{ item.value.reverse_proxy.proxy_ignore_headers | join(" ") }};
{% endif %}
{% if item.value.reverse_proxy.proxy_temp_path is defined %}
proxy_temp_path {{ item.value.reverse_proxy.proxy_temp_path.path }} {{ item.value.reverse_proxy.proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_3 | default("") }};
{% endif %}
{% endif %}
{% endif %}
server {
{% if item.value.ssl is defined %}
listen {{ item.value.port }} ssl;
ssl_certificate {{ item.value.ssl.cert }};
ssl_certificate_key {{ item.value.ssl.key }};
{% else %}
listen {{ item.value.port }};
{% endif %}
server_name {{ item.value.server_name }};
{% if item.value.autoindex is defined and item.value.autoindex %}
autoindex on;
{% endif %}
{% if item.value.https_redirect is defined and item.value.https_redirect %}
return 301 https://{{ item.value.server_name }}$request_uri;
{% endif%}
{% if item.value.reverse_proxy is defined %}
{% for location in item.value.reverse_proxy.locations %}
location {{ item.value.reverse_proxy.locations[location].location }} {
{% if item.value.reverse_proxy.locations[location].auth_basic is defined and item.value.reverse_proxy.locations[location].auth_basic %}
auth_basic "{{ item.value.reverse_proxy.locations[location].auth_basic }}";
{% endif %}
{% if item.value.reverse_proxy.locations[location].auth_basic_file is defined and item.value.reverse_proxy.locations[location].auth_basic_file %}
auth_basic_user_file {{ item.value.reverse_proxy.locations[location].auth_basic_file }};
{% endif %}
proxy_pass {{ item.value.reverse_proxy.locations[location].proxy_pass }};
{% if item.value.reverse_proxy.locations[location].proxy_cache is defined %}
proxy_cache {{ item.value.reverse_proxy.locations[location].proxy_cache }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cache_background_update is defined %}
proxy_cache_background_update {{ item.value.reverse_proxy.locations[location].proxy_cache_background_update | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cache_lock is defined %}
proxy_cache_lock {{ item.value.reverse_proxy.locations[location].proxy_cache_lock | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cache_min_uses is defined %}
proxy_cache_min_uses {{ item.value.reverse_proxy.locations[location].proxy_cache_min_uses }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cache_revalidate is defined %}
proxy_cache_revalidate {{ item.value.reverse_proxy.locations[location].proxy_cache_revalidate | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cache_use_stale is defined %}
proxy_cache_use_stale {{ item.value.reverse_proxy.locations[location].proxy_cache_use_stale | join(" ") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_temp_path is defined %}
proxy_temp_path {{ item.value.reverse_proxy.locations[location].proxy_temp_path.path }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_3 | default("") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_ignore_headers is defined %}
proxy_ignore_headers {{ item.value.reverse_proxy.locations[location].proxy_ignore_headers | join(" ") }};
{% endif %}
{% if (item.value.reverse_proxy.health_check_plus is defined) and item.value.reverse_proxy.health_check_plus %}
health_check;
{% endif %}
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
{% if item.value.reverse_proxy.locations[location].websocket is defined and item.value.reverse_proxy.locations[location].websocket %}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
{% endif %}
}
{% endfor %}
{% endif %}
{% if item.value.web_server is defined %}
{% for location in item.value.web_server.locations %}
location {{ item.value.web_server.locations[location].location }} {
root {{ item.value.web_server.locations[location].html_file_location }};
index {{ item.value.web_server.locations[location].html_file_name }};
{% if item.value.web_server.locations[location].autoindex %}
autoindex on;
{% endif %}
{% if item.value.web_server.locations[location].auth_basic is defined and item.value.web_server.locations[location].auth_basic %}
auth_basic "{{ item.value.web_server.locations[location].auth_basic }}";
{% endif %}
{% if item.value.web_server.locations[location].auth_basic_file is defined and item.value.web_server.locations[location].auth_basic_file %}
auth_basic_user_file {{ item.value.web_server.locations[location].auth_basic_file }};
{% endif %}
}
{% endfor %}
{% if item.value.web_server.http_demo_conf %}
sub_filter_once off;
sub_filter 'server_hostname' '$hostname';
sub_filter 'server_address' '$server_addr:$server_port';
sub_filter 'server_url' '$request_uri';
sub_filter 'remote_addr' '$remote_addr:$remote_port';
sub_filter 'server_date' '$time_local';
sub_filter 'client_browser' '$http_user_agent';
sub_filter 'request_id' '$request_id';
sub_filter 'nginx_version' '$nginx_version';
sub_filter 'document_root' '$document_root';
sub_filter 'proxied_for_ip' '$http_x_forwarded_for';
{% endif %}
{% endif %}
{% if item.value.error_page is defined %}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root {{ item.value.error_page }};
}
{% endif %}
}