sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add multiple servers for reverse proxy template (#194)

Browse Source 
* Change custom options to better reflect multiple server support
This commit is contained in:
Seena Fallah 2019-11-26 03:16:03 +03:30 committed by Alessandro Fael Garcia
parent cb014cdab4
commit 1771878e9e
5 changed files with 824 additions and 808 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

528
README.md
View File

@ -201,6 +201,10 @@ nginx_start: true
# Print NGINX configuration file to terminal after executing playbook.
nginx_debug_output: false
# Supported systems
nginx_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
nginx_bsd_systems: ['FreeBSD', 'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD']
# Specify which type of NGINX you want to install.
# Options are 'opensource' or 'plus'.
# Default is 'opensource'.
@ -222,24 +226,23 @@ nginx_install_from: nginx_repository
# Specify source repository for NGINX Open Source.
# Only works if 'install_from' is set to 'nginx_repository'.
# Defaults are the official NGINX repositories.
nginx_repository:
alpine: >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}alpine/v{{ ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') }}/main
debian:
- >-
deb https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
- >-
deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
redhat: >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}{{ (ansible_distribution == "RedHat")
| ternary('rhel', 'centos') }}/{{ ansible_distribution_major_version }}/$basearch/
suse: >-
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
| ternary('mainline/', '') }}sles/{{ ansible_distribution_major_version }}
# nginx_repository: deb https://nginx.org/packages/mainline/debian/ stretch nginx
# Choose to install BSD packages or ports.
# Options are True for packages or False for ports.
# Default is True.
nginx_bsd_install_packages: true
# Choose to update BSD ports collection.
# Options are True for update or False for do not update.
# Default is True.
nginx_bsd_update_ports: true
# Choose to install packages built from BSD ports collection if
# available.
# Options are True for use packages or False for do not use packages.
# Default is True.
nginx_bsd_portinstall_use_packages: true
# Specify which branch of NGINX Open Source you want to install.
# Options are 'mainline' or 'stable'.
@ -379,87 +382,191 @@ nginx_http_template:
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
listen:
listen_localhost:
ip: localhost # Wrap in square brackets for IPv6 addresses
port: 8081
opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
server_name: localhost
include_files: []
error_page: /usr/share/nginx/html
access_log:
- name: main
location: /var/log/nginx/access.log
error_log:
location: /var/log/nginx/error.log
level: warn
root: /usr/share/nginx/html
https_redirect: false
autoindex: false
auth_basic: null
auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404
#auth_request: /auth
#auth_request_set:
#name: $auth_user
#value: $upstream_http_x_user
client_max_body_size: 1m
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
ssl:
cert: /etc/ssl/certs/default.crt
key: /etc/ssl/private/default.key
dhparam: /etc/ssl/private/dh_param.pem
protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5
prefer_server_ciphers: true
session_cache: none
session_timeout: 5m
disable_session_tickets: false
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
stapling: true
stapling_verify: true
web_server:
locations:
default:
location: /
include_files: []
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
html_file_location: /usr/share/nginx/html
html_file_name: index.html
autoindex: false
auth_basic: null
auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404
#auth_request: /auth
#auth_request_set:
#name: $auth_user
#value: $upstream_http_x_user
client_max_body_size: 1m
#returns:
#return302:
#code: 302
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
#custom_options: []
http_demo_conf: false
reverse_proxy:
servers:
server1:
listen:
listen_localhost:
ip: localhost # Wrap in square brackets for IPv6 addresses
port: 8081
opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
server_name: localhost
include_files: []
error_page: /usr/share/nginx/html
access_log:
- name: main
location: /var/log/nginx/access.log
error_log:
location: /var/log/nginx/error.log
level: warn
root: /usr/share/nginx/html
https_redirect: false
autoindex: false
auth_basic: null
auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404
#auth_request: /auth
#auth_request_set:
#name: $auth_user
#value: $upstream_http_x_user
client_max_body_size: 1m
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
ssl:
cert: /etc/ssl/certs/default.crt
key: /etc/ssl/private/default.key
dhparam: /etc/ssl/private/dh_param.pem
protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5
prefer_server_ciphers: true
session_cache: none
session_timeout: 5m
disable_session_tickets: false
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
stapling: true
stapling_verify: true
#custom_options: []
web_server:
locations:
default:
location: /
include_files: []
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
html_file_location: /usr/share/nginx/html
html_file_name: index.html
autoindex: false
auth_basic: null
auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404
#auth_request: /auth
#auth_request_set:
#name: $auth_user
#value: $upstream_http_x_user
client_max_body_size: 1m
#returns:
#return302:
#code: 302
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
#custom_options: []
http_demo_conf: false
reverse_proxy:
locations:
backend:
location: /
include_files: []
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
proxy_connect_timeout: null
proxy_pass: http://backend
#rewrites:
# - /foo(.*) /$1 break
#proxy_pass_request_body: off
#allows:
# - 192.168.1.0/24
#denies:
# - all
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
#header_upgrade:
#name: Upgrade
#value: $http_upgrade
#header_connection:
#name: Connection
#value: "Upgrade"
#header_random:
#name: RandomName
#value: RandomValue
#internal: false
#proxy_store: off
#proxy_store_acccess: user:rw
proxy_read_timeout: null
proxy_send_timeout: null
proxy_ssl:
cert: /etc/ssl/certs/proxy_default.crt
key: /etc/ssl/private/proxy_default.key
trusted_cert: /etc/ssl/certs/proxy_ca.crt
protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5
verify: false
verify_depth: 1
session_reuse: true
proxy_cache: backend_proxy_cache
proxy_cache_valid:
- code: 200
time: 10m
- code: 301
time: 1m
proxy_temp_path:
path: /var/cache/nginx/proxy/backend/temp
proxy_cache_lock: false
proxy_cache_min_uses: 3
proxy_cache_revalidate: false
proxy_cache_use_stale:
- http_403
- http_404
proxy_ignore_headers:
- Vary
- Cache-Control
proxy_cookie_path:
path: /web/
replacement: /
proxy_buffering: false
proxy_http_version: 1.0
websocket: false
auth_basic: null
auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404
#auth_request: /auth
#auth_request_set:
#name: $auth_user
#value: $upstream_http_x_user
#returns:
#return302:
#code: 302
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
#custom_options: []
health_check_plus: false
returns:
return301:
location: /
code: 301
value: http://$host$request_uri
proxy_cache:
proxy_cache_path:
- path: /var/cache/nginx/proxy/backend
keys_zone:
@ -471,6 +578,11 @@ nginx_http_template:
use_temp_path: true
proxy_temp_path:
path: /var/cache/nginx/proxy/temp
proxy_cache_valid:
- code: 200
time: 10m
- code: 301
time: 1m
proxy_cache_lock: true
proxy_cache_min_uses: 5
proxy_cache_revalidate: true
@ -479,108 +591,6 @@ nginx_http_template:
- timeout
proxy_ignore_headers:
- Expires
locations:
backend:
location: /
include_files: []
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
proxy_connect_timeout: null
proxy_pass: http://backend
#rewrites:
# - /foo(.*) /$1 break
#proxy_pass_request_body: off
#allows:
# - 192.168.1.0/24
#denies:
# - all
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
#header_upgrade:
#name: Upgrade
#value: $http_upgrade
#header_connection:
#name: Connection
#value: "Upgrade"
#header_random:
#name: RandomName
#value: RandomValue
#internal: false
#proxy_store: off
#proxy_store_acccess: user:rw
proxy_read_timeout: null
proxy_ssl:
cert: /etc/ssl/certs/proxy_default.crt
key: /etc/ssl/private/proxy_default.key
trusted_cert: /etc/ssl/certs/proxy_ca.crt
protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5
verify: false
verify_depth: 1
session_reuse: true
proxy_cache: frontend_proxy_cache
proxy_cache_valid:
- code: 200
time: 10m
- code: 301
time: 1m
proxy_temp_path:
path: /var/cache/nginx/proxy/backend/temp
proxy_cache_lock: false
proxy_cache_min_uses: 3
proxy_cache_revalidate: false
proxy_cache_use_stale:
- http_403
- http_404
proxy_ignore_headers:
- Vary
- Cache-Control
proxy_cookie_path:
path: /web/
replacement: /
proxy_buffering: false
proxy_http_version: 1.0
websocket: false
auth_basic: null
auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404
#auth_request: /auth
#auth_request_set:
#name: $auth_user
#value: $upstream_http_x_user
#returns:
#return302:
#code: 302
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
#custom_options: []
health_check_plus: false
proxy_cache:
proxy_cache_path:
path: /var/cache/nginx
keys_zone:
name: one
size: 10m
proxy_temp_path:
path: /var/cache/nginx/proxy
upstreams:
upstream1:
name: backend
@ -595,13 +605,7 @@ nginx_http_template:
weight: 1
health_check: max_fails=1 fail_timeout=10s
#custom_options: []
returns:
return301:
location: /
code: 301
value: http://$host$request_uri
#http_custom_options: []
#server_custom_options: []
#custom_options: []
# Enable NGINX status data.
# Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus.
@ -740,23 +744,25 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
listen:
listen_localhost:
#ip: 0.0.0.0
port: 80
opts:
- default_server
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
reverse_proxy:
locations:
frontend:
location: /
proxy_pass: http://frontend_servers
backend:
location: /backend
proxy_pass: http://backend_servers
servers:
server1:
listen:
listen_localhost:
#ip: 0.0.0.0
port: 80
opts:
- default_server
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
reverse_proxy:
locations:
frontend:
location: /
proxy_pass: http://frontend_servers
backend:
location: /backend
proxy_pass: http://backend_servers
upstreams:
upstream_1:
name: frontend_servers
@ -786,44 +792,48 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
template_file: http/default.conf.j2
conf_file_name: frontend_default.conf
conf_file_location: /etc/nginx/conf.d/
listen:
listen_localhost:
ip: 0.0.0.0
port: 8081
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
web_server:
locations:
frontend_site:
location: /
proxy_hide_headers:
- X-Powered-By
html_file_location: /usr/share/nginx/html
html_file_name: index.html
autoindex: false
http_demo_conf: false
servers:
server1:
listen:
listen_localhost:
ip: 0.0.0.0
port: 8081
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
web_server:
locations:
frontend_site:
location: /
proxy_hide_headers:
- X-Powered-By
html_file_location: /usr/share/nginx/html
html_file_name: index.html
autoindex: false
http_demo_conf: false
backend:
template_file: http/default.conf.j2
conf_file_name: backend_default.conf
conf_file_location: /etc/nginx/conf.d/
listen:
listen_localhost:
ip: 0.0.0.0
port: 8082
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
web_server:
locations:
backend_site:
location: /
html_file_location: /usr/share/nginx/html
html_file_name: index.html
autoindex: false
http_demo_conf: false
servers:
server1:
listen:
listen_localhost:
ip: 0.0.0.0
port: 8082
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
web_server:
locations:
backend_site:
location: /
html_file_location: /usr/share/nginx/html
html_file_name: index.html
autoindex: false
http_demo_conf: false
```

377
defaults/main.yml
View File

@ -191,87 +191,191 @@ nginx_http_template:
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
listen:
listen_localhost:
ip: localhost # Wrap in square brackets for IPv6 addresses
port: 8081
opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
server_name: localhost
include_files: []
error_page: /usr/share/nginx/html
access_log:
- name: main
location: /var/log/nginx/access.log
error_log:
location: /var/log/nginx/error.log
level: warn
root: /usr/share/nginx/html
https_redirect: false
autoindex: false
auth_basic: null
auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404
#auth_request: /auth
#auth_request_set:
#name: $auth_user
#value: $upstream_http_x_user
client_max_body_size: 1m
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
ssl:
cert: /etc/ssl/certs/default.crt
key: /etc/ssl/private/default.key
dhparam: /etc/ssl/private/dh_param.pem
protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5
prefer_server_ciphers: true
session_cache: none
session_timeout: 5m
disable_session_tickets: false
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
stapling: true
stapling_verify: true
web_server:
locations:
default:
location: /
include_files: []
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
html_file_location: /usr/share/nginx/html
html_file_name: index.html
autoindex: false
auth_basic: null
auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404
#auth_request: /auth
#auth_request_set:
#name: $auth_user
#value: $upstream_http_x_user
client_max_body_size: 1m
#returns:
#return302:
#code: 302
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
#custom_options: []
http_demo_conf: false
reverse_proxy:
servers:
server1:
listen:
listen_localhost:
ip: localhost # Wrap in square brackets for IPv6 addresses
port: 8081
opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
server_name: localhost
include_files: []
error_page: /usr/share/nginx/html
access_log:
- name: main
location: /var/log/nginx/access.log
error_log:
location: /var/log/nginx/error.log
level: warn
root: /usr/share/nginx/html
https_redirect: false
autoindex: false
auth_basic: null
auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404
#auth_request: /auth
#auth_request_set:
#name: $auth_user
#value: $upstream_http_x_user
client_max_body_size: 1m
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
ssl:
cert: /etc/ssl/certs/default.crt
key: /etc/ssl/private/default.key
dhparam: /etc/ssl/private/dh_param.pem
protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5
prefer_server_ciphers: true
session_cache: none
session_timeout: 5m
disable_session_tickets: false
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
stapling: true
stapling_verify: true
#custom_options: []
web_server:
locations:
default:
location: /
include_files: []
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
html_file_location: /usr/share/nginx/html
html_file_name: index.html
autoindex: false
auth_basic: null
auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404
#auth_request: /auth
#auth_request_set:
#name: $auth_user
#value: $upstream_http_x_user
client_max_body_size: 1m
#returns:
#return302:
#code: 302
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
#custom_options: []
http_demo_conf: false
reverse_proxy:
locations:
backend:
location: /
include_files: []
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
proxy_connect_timeout: null
proxy_pass: http://backend
#rewrites:
# - /foo(.*) /$1 break
#proxy_pass_request_body: off
#allows:
# - 192.168.1.0/24
#denies:
# - all
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
#header_upgrade:
#name: Upgrade
#value: $http_upgrade
#header_connection:
#name: Connection
#value: "Upgrade"
#header_random:
#name: RandomName
#value: RandomValue
#internal: false
#proxy_store: off
#proxy_store_acccess: user:rw
proxy_read_timeout: null
proxy_send_timeout: null
proxy_ssl:
cert: /etc/ssl/certs/proxy_default.crt
key: /etc/ssl/private/proxy_default.key
trusted_cert: /etc/ssl/certs/proxy_ca.crt
protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5
verify: false
verify_depth: 1
session_reuse: true
proxy_cache: backend_proxy_cache
proxy_cache_valid:
- code: 200
time: 10m
- code: 301
time: 1m
proxy_temp_path:
path: /var/cache/nginx/proxy/backend/temp
proxy_cache_lock: false
proxy_cache_min_uses: 3
proxy_cache_revalidate: false
proxy_cache_use_stale:
- http_403
- http_404
proxy_ignore_headers:
- Vary
- Cache-Control
proxy_cookie_path:
path: /web/
replacement: /
proxy_buffering: false
proxy_http_version: 1.0
websocket: false
auth_basic: null
auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404
#auth_request: /auth
#auth_request_set:
#name: $auth_user
#value: $upstream_http_x_user
#returns:
#return302:
#code: 302
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
#custom_options: []
health_check_plus: false
returns:
return301:
location: /
code: 301
value: http://$host$request_uri
proxy_cache:
proxy_cache_path:
- path: /var/cache/nginx/proxy/backend
keys_zone:
@ -296,109 +400,6 @@ nginx_http_template:
- timeout
proxy_ignore_headers:
- Expires
locations:
backend:
location: /
include_files: []
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
#header_name:
#name: Header-X
#value: Value-X
#always: false
proxy_connect_timeout: null
proxy_pass: http://backend
#rewrites:
# - /foo(.*) /$1 break
#proxy_pass_request_body: off
#allows:
# - 192.168.1.0/24
#denies:
# - all
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
#header_upgrade:
#name: Upgrade
#value: $http_upgrade
#header_connection:
#name: Connection
#value: "Upgrade"
#header_random:
#name: RandomName
#value: RandomValue
#internal: false
#proxy_store: off
#proxy_store_acccess: user:rw
proxy_read_timeout: null
proxy_send_timeout: null
proxy_ssl:
cert: /etc/ssl/certs/proxy_default.crt
key: /etc/ssl/private/proxy_default.key
trusted_cert: /etc/ssl/certs/proxy_ca.crt
protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5
verify: false
verify_depth: 1
session_reuse: true
proxy_cache: backend_proxy_cache
proxy_cache_valid:
- code: 200
time: 10m
- code: 301
time: 1m
proxy_temp_path:
path: /var/cache/nginx/proxy/backend/temp
proxy_cache_lock: false
proxy_cache_min_uses: 3
proxy_cache_revalidate: false
proxy_cache_use_stale:
- http_403
- http_404
proxy_ignore_headers:
- Vary
- Cache-Control
proxy_cookie_path:
path: /web/
replacement: /
proxy_buffering: false
proxy_http_version: 1.0
websocket: false
auth_basic: null
auth_basic_user_file: null
try_files: $uri $uri/index.html $uri.html =404
#auth_request: /auth
#auth_request_set:
#name: $auth_user
#value: $upstream_http_x_user
#returns:
#return302:
#code: 302
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
#custom_options: []
health_check_plus: false
proxy_cache:
proxy_cache_path:
path: /var/cache/nginx
keys_zone:
name: one
size: 10m
proxy_temp_path:
path: /var/cache/nginx/proxy
upstreams:
upstream1:
name: backend
@ -413,13 +414,7 @@ nginx_http_template:
weight: 1
health_check: max_fails=1 fail_timeout=10s
#custom_options: []
returns:
return301:
location: /
code: 301
value: http://$host$request_uri
#http_custom_options: []
#server_custom_options: []
#custom_options: []
# Enable NGINX status data.
# Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus.

295
molecule/template/playbook.yml
View File

@ -42,23 +42,111 @@
template_file: http/default.conf.j2
conf_file_name: default.conf
conf_file_location: /etc/nginx/conf.d/
listen:
listen_localhost:
ip: 0.0.0.0
port: 80
opts:
- default_server
server_name: localhost
error_page: /usr/share/nginx/html
client_max_body_size: 512k
proxy_hide_headers:
- X-Powered-By
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
reverse_proxy:
servers:
server1:
listen:
listen_localhost:
ip: 0.0.0.0
port: 80
opts:
- default_server
server_name: localhost
error_page: /usr/share/nginx/html
client_max_body_size: 512k
proxy_hide_headers:
- X-Powered-By
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
reverse_proxy:
locations:
frontend:
location: /
proxy_hide_headers:
- X-Powered-By
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
another_header:
name: Fancy-New-Header-To-Test
value: testing=true
always: false
proxy_pass: http://frontend_servers/
proxy_cache: frontend_proxy_cache
proxy_cache_valid:
- code: 200
time: 10m
- code: 301
time: 1m
proxy_temp_path:
path: /var/cache/nginx/proxy/frontend/temp
proxy_cache_lock: false
proxy_cache_min_uses: 3
proxy_cache_revalidate: false
proxy_cache_use_stale:
- http_403
- http_404
proxy_ignore_headers:
- Vary
- Cache-Control
proxy_redirect: false
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
proxy_buffering: false
client_max_body_size: 5m
backend:
location: /backend
proxy_pass: http://backend_servers/
proxy_cache: backend_proxy_cache
proxy_cache_valid:
- time: 10m
proxy_temp_path:
path: /var/cache/nginx/proxy/backend/temp
proxy_cache_lock: true
proxy_cache_min_uses: 2
proxy_cache_revalidate: true
proxy_cache_use_stale:
- http_500
- http_502
- http_503
proxy_redirect: default
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
proxy_cookie_path:
path: /web/
replacement: /
returns:
return301:
location: ^~ /old-path
code: 301
value: http://$host/new-path
proxy_cache:
proxy_cache_path:
- path: /var/cache/nginx/proxy/frontend
keys_zone:
@ -86,86 +174,6 @@
- timeout
proxy_ignore_headers:
- Expires
locations:
frontend:
location: /
proxy_hide_headers:
- X-Powered-By
add_headers:
strict_transport_security:
name: Strict-Transport-Security
value: max-age=15768000; includeSubDomains
always: true
another_header:
name: Fancy-New-Header-To-Test
value: testing=true
always: false
proxy_pass: http://frontend_servers/
proxy_cache: frontend_proxy_cache
proxy_cache_valid:
- code: 200
time: 10m
- code: 301
time: 1m
proxy_temp_path:
path: /var/cache/nginx/proxy/frontend/temp
proxy_cache_lock: false
proxy_cache_min_uses: 3
proxy_cache_revalidate: false
proxy_cache_use_stale:
- http_403
- http_404
proxy_ignore_headers:
- Vary
- Cache-Control
proxy_redirect: false
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
proxy_buffering: false
client_max_body_size: 5m
backend:
location: /backend
proxy_pass: http://backend_servers/
proxy_cache: backend_proxy_cache
proxy_cache_valid:
- time: 10m
proxy_temp_path:
path: /var/cache/nginx/proxy/backend/temp
proxy_cache_lock: true
proxy_cache_min_uses: 2
proxy_cache_revalidate: true
proxy_cache_use_stale:
- http_500
- http_502
- http_503
proxy_redirect: default
proxy_set_header:
header_host:
name: Host
value: $host
header_x_real_ip:
name: X-Real-IP
value: $remote_addr
header_x_forwarded_for:
name: X-Forwarded-For
value: $proxy_add_x_forwarded_for
header_x_forwarded_proto:
name: X-Forwarded-Proto
value: $scheme
proxy_cookie_path:
path: /web/
replacement: /
upstreams:
frontend_upstream:
name: frontend_servers
@ -191,61 +199,60 @@
port: 8082
weight: 1
health_check: max_fails=3 fail_timeout=5s
returns:
return301:
location: ^~ /old-path
code: 301
value: http://$host/new-path
frontend:
template_file: http/default.conf.j2
conf_file_name: frontend_default.conf
conf_file_location: /etc/nginx/conf.d/
listen:
listen_localhost:
port: 8081
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
web_server:
locations:
frontend_site:
location: /
proxy_hide_headers:
- X-Powered-By
html_file_location: /usr/share/nginx/html
html_file_name: frontend_index.html
autoindex: false
http_demo_conf: true
servers:
server1:
listen:
listen_localhost:
port: 8081
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
web_server:
locations:
frontend_site:
location: /
proxy_hide_headers:
- X-Powered-By
html_file_location: /usr/share/nginx/html
html_file_name: frontend_index.html
autoindex: false
http_demo_conf: true
backend:
template_file: http/default.conf.j2
conf_file_name: backend_default.conf
conf_file_location: /etc/nginx/conf.d/
listen:
listen_localhost:
port: 8082
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
web_server:
locations:
backend_site:
location: /
html_file_location: /usr/share/nginx/html
html_file_name: backend_index.html
autoindex: false
php:
location: ~ \.php$
html_file_location: /usr/share/nginx/html
autoindex: false
custom_options:
- fastcgi_split_path_info ^(.+\.php)(/.+)$
- fastcgi_pass unix:/run/php/php7.2-fpm.sock
- fastcgi_index index.php
- include fastcgi_params
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name
http_demo_conf: true
servers:
server1:
listen:
listen_localhost:
port: 8082
opts: []
server_name: localhost
error_page: /usr/share/nginx/html
autoindex: false
web_server:
locations:
backend_site:
location: /
html_file_location: /usr/share/nginx/html
html_file_name: backend_index.html
autoindex: false
php:
location: ~ \.php$
html_file_location: /usr/share/nginx/html
autoindex: false
custom_options:
- fastcgi_split_path_info ^(.+\.php)(/.+)$
- fastcgi_pass unix:/run/php/php7.2-fpm.sock
- fastcgi_index index.php
- include fastcgi_params
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name
http_demo_conf: true
nginx_html_demo_template_enable: true
nginx_html_demo_template:
frontend:

2
tasks/conf/template-config.yml
View File

@ -42,7 +42,7 @@
owner: "{{ nginx_main_template.user | default('nginx') }}"
with_subelements:
- "{{ nginx_http_template }}"
- reverse_proxy.proxy_cache_path
- proxy_cache.proxy_cache_path
- skip_missing: true
when: nginx_http_template_enable | bool

430
templates/http/default.conf.j2
View File

@ -22,36 +22,36 @@ upstream {{ item.value.upstreams[upstream].name }} {
{% endfor %}
{% endif %}
{% if item.value.reverse_proxy is defined and item.value.reverse_proxy %}
{% if item.value.reverse_proxy.proxy_cache_path is defined and item.value.reverse_proxy.proxy_cache_path %}
{% for proxy_cache_path in item.value.reverse_proxy.proxy_cache_path %}
{% if item.value.proxy_cache is defined and item.value.proxy_cache %}
{% if item.value.proxy_cache.proxy_cache_path is defined and item.value.proxy_cache.proxy_cache_path %}
{% for proxy_cache_path in item.value.proxy_cache.proxy_cache_path %}
proxy_cache_path {{ proxy_cache_path.path }} keys_zone={{ proxy_cache_path.keys_zone.name }}:{{ proxy_cache_path.keys_zone.size }}
levels={{ proxy_cache_path.levels }} max_size={{ proxy_cache_path.max_size }}
inactive={{ proxy_cache_path.inactive }} use_temp_path={{ proxy_cache_path.use_temp_path | ternary("on", "off") }};
{% endfor %}
{% if item.value.reverse_proxy.proxy_cache_background_update is defined and item.value.reverse_proxy.proxy_cache_background_update%}
proxy_cache_background_update {{ item.value.reverse_proxy.proxy_cache_background_update | ternary("on", "off") }};
{% if item.value.proxy_cache.proxy_cache_background_update is defined and item.value.proxy_cache.proxy_cache_background_update%}
proxy_cache_background_update {{ item.value.proxy_cache.proxy_cache_background_update | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.proxy_cache_lock is defined and item.value.reverse_proxy.proxy_cache_lock %}
proxy_cache_lock {{ item.value.reverse_proxy.proxy_cache_lock | ternary("on", "off") }};
{% if item.value.proxy_cache.proxy_cache_lock is defined and item.value.proxy_cache.proxy_cache_lock %}
proxy_cache_lock {{ item.value.proxy_cache.proxy_cache_lock | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.proxy_cache_min_uses is defined and item.value.reverse_proxy.proxy_cache_min_uses %}
proxy_cache_min_uses {{ item.value.reverse_proxy.proxy_cache_min_uses }};
{% if item.value.proxy_cache.proxy_cache_min_uses is defined and item.value.proxy_cache.proxy_cache_min_uses %}
proxy_cache_min_uses {{ item.value.proxy_cache.proxy_cache_min_uses }};
{% endif %}
{% if item.value.reverse_proxy.proxy_cache_revalidate is defined and item.value.reverse_proxy.proxy_cache_revalidate %}
proxy_cache_revalidate {{ item.value.reverse_proxy.proxy_cache_revalidate | ternary("on", "off") }};
{% if item.value.proxy_cache.proxy_cache_revalidate is defined and item.value.proxy_cache.proxy_cache_revalidate %}
proxy_cache_revalidate {{ item.value.proxy_cache.proxy_cache_revalidate | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.proxy_cache_use_stale is defined and item.value.reverse_proxy.proxy_cache_use_stale %}
proxy_cache_use_stale {{ item.value.reverse_proxy.proxy_cache_use_stale | join(" ") }};
{% if item.value.proxy_cache.proxy_cache_use_stale is defined and item.value.proxy_cache.proxy_cache_use_stale %}
proxy_cache_use_stale {{ item.value.proxy_cache.proxy_cache_use_stale | join(" ") }};
{% endif %}
{% if item.value.reverse_proxy.proxy_ignore_headers is defined and item.value.reverse_proxy.proxy_ignore_headers %}
proxy_ignore_headers {{ item.value.reverse_proxy.proxy_ignore_headers | join(" ") }};
{% if item.value.proxy_cache.proxy_ignore_headers is defined and item.value.proxy_cache.proxy_ignore_headers %}
proxy_ignore_headers {{ item.value.proxy_cache.proxy_ignore_headers | join(" ") }};
{% endif %}
{% if item.value.reverse_proxy.proxy_temp_path is defined and item.value.reverse_proxy.proxy_temp_path.path %}
proxy_temp_path {{ item.value.reverse_proxy.proxy_temp_path.path }} {{ item.value.reverse_proxy.proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_3 | default("") }};
{% if item.value.proxy_cache.proxy_temp_path is defined and item.value.proxy_cache.proxy_temp_path.path %}
proxy_temp_path {{ item.value.proxy_cache.proxy_temp_path.path }} {{ item.value.proxy_cache.proxy_temp_path.level_1 | default("") }} {{ item.value.proxy_cache.proxy_temp_path.level_2 | default("") }} {{ item.value.proxy_cache.proxy_temp_path.level_3 | default("") }};
{% endif %}
{% if item.value.reverse_proxy.proxy_cache_valid is defined %}
{% for proxy_cache_valid in item.value.reverse_proxy.proxy_cache_valid %}
{% if item.value.proxy_cache.proxy_cache_valid is defined %}
{% for proxy_cache_valid in item.value.proxy_cache.proxy_cache_valid %}
{% if proxy_cache_valid.code is defined %}
proxy_cache_valid {{ proxy_cache_valid.code }} {{ proxy_cache_valid.time | default("10m") }};
{% elif proxy_cache_valid.time is defined and proxy_cache_valid.code is not defined %}
@ -68,231 +68,233 @@ auth_request {{ item.value.auth_request_http }};
auth_request_set {{ item.value.auth_request_set_http.name }} {{ item.value.auth_request_set_http.value }};
{% endif %}
{% if item.value.http_custom_options is defined and item.value.http_custom_options | length %}
{% for inline_option in item.value.http_custom_options %}
{% if item.value.custom_options is defined and item.value.custom_options | length %}
{% for inline_option in item.value.custom_options %}
{{ inline_option }};
{% endfor %}
{% endif %}
{% if item.value.servers is defined %}
{% for server in item.value.servers %}
server {
{% for listen in item.value.listen %}
listen {% if item.value.listen[listen].ip is defined and item.value.listen[listen].ip | length %}{{ item.value.listen[listen].ip }}:{% endif %}{{ item.value.listen[listen].port }}{% if item.value.ssl is defined and item.value.ssl %} ssl{% endif %}{% if item.value.listen[listen].opts is defined and item.value.listen[listen].opts | length %} {{ item.value.listen[listen].opts | join(" ") }}{% endif %};
{% for listen in item.value.servers[server].listen %}
listen {% if item.value.servers[server].listen[listen].ip is defined and item.value.servers[server].listen[listen].ip | length %}{{ item.value.servers[server].listen[listen].ip }}:{% endif %}{{ item.value.servers[server].listen[listen].port }}{% if item.value.servers[server].ssl is defined and item.value.servers[server].ssl %} ssl{% endif %}{% if item.value.servers[server].listen[listen].opts is defined and item.value.servers[server].listen[listen].opts | length %} {{ item.value.servers[server].listen[listen].opts | join(" ") }}{% endif %};
{% endfor %}
server_name {{ item.value.server_name | default('localhost') }};
{% if item.value.ssl is defined and item.value.ssl %}
ssl_certificate {{ item.value.ssl.cert }};
ssl_certificate_key {{ item.value.ssl.key }};
{% if item.value.ssl.trusted_cert is defined %}
ssl_trusted_certificate {{ item.value.ssl.trusted_cert }};
server_name {{ item.value.servers[server].server_name | default('localhost') }};
{% if item.value.servers[server].ssl is defined and item.value.servers[server].ssl %}
ssl_certificate {{ item.value.servers[server].ssl.cert }};
ssl_certificate_key {{ item.value.servers[server].ssl.key }};
{% if item.value.servers[server].ssl.trusted_cert is defined %}
ssl_trusted_certificate {{ item.value.servers[server].ssl.trusted_cert }};
{% endif %}
{% if item.value.ssl.dhparam is defined %}
ssl_dhparam {{ item.value.ssl.dhparam }};
{% if item.value.servers[server].ssl.dhparam is defined %}
ssl_dhparam {{ item.value.servers[server].ssl.dhparam }};
{% endif %}
{% if item.value.ssl.protocols is defined and item.value.ssl.protocols %}
ssl_protocols {{ item.value.ssl.protocols }};
{% if item.value.servers[server].ssl.protocols is defined and item.value.servers[server].ssl.protocols %}
ssl_protocols {{ item.value.servers[server].ssl.protocols }};
{% endif %}
{% if item.value.ssl.ciphers is defined and item.value.ssl.ciphers %}
ssl_ciphers {{ item.value.ssl.ciphers }};
{% if item.value.servers[server].ssl.ciphers is defined and item.value.servers[server].ssl.ciphers %}
ssl_ciphers {{ item.value.servers[server].ssl.ciphers }};
{% endif %}
{% if item.value.ssl.prefer_server_ciphers is defined and item.value.ssl.prefer_server_ciphers %}
{% if item.value.servers[server].ssl.prefer_server_ciphers is defined and item.value.servers[server].ssl.prefer_server_ciphers %}
ssl_prefer_server_ciphers on;
{% endif %}
{% if item.value.ssl.session_cache is defined and item.value.ssl.session_cache %}
ssl_session_cache {{ item.value.ssl.session_cache }};
{% if item.value.servers[server].ssl.session_cache is defined and item.value.servers[server].ssl.session_cache %}
ssl_session_cache {{ item.value.servers[server].ssl.session_cache }};
{% endif %}
{% if item.value.ssl.session_timeout is defined and item.value.ssl.session_timeout %}
ssl_session_timeout {{ item.value.ssl.session_timeout }};
{% if item.value.servers[server].ssl.session_timeout is defined and item.value.servers[server].ssl.session_timeout %}
ssl_session_timeout {{ item.value.servers[server].ssl.session_timeout }};
{% endif %}
{% if item.value.ssl.disable_session_tickets is defined and item.value.ssl.disable_session_tickets %}
{% if item.value.servers[server].ssl.disable_session_tickets is defined and item.value.servers[server].ssl.disable_session_tickets %}
ssl_session_tickets off;
{% endif %}
{% if item.value.ssl.stapling is defined and item.value.ssl.stapling %}
{% if item.value.servers[server].ssl.stapling is defined and item.value.servers[server].ssl.stapling %}
ssl_stapling on;
{% endif %}
{% if item.value.ssl.stapling_verify is defined and item.value.ssl.stapling_verify %}
{% if item.value.servers[server].ssl.stapling_verify is defined and item.value.servers[server].ssl.stapling_verify %}
ssl_stapling_verify on;
{% endif %}
{% endif %}
{% if item.value.include_files is defined and item.value.include_files | length %}
{% for file in item.value.include_files %}
{% if item.value.servers[server].include_files is defined and item.value.servers[server].include_files | length %}
{% for file in item.value.servers[server].include_files %}
include "{{ file }}";
{% endfor %}
{% endif %}
{% if item.value.proxy_hide_headers is defined %}
{% for header in item.value.proxy_hide_headers %}
{% if item.value.servers[server].proxy_hide_headers is defined %}
{% for header in item.value.servers[server].proxy_hide_headers %}
proxy_hide_header {{ header }};
{% endfor %}
{% endif %}
{% if item.value.add_headers is defined %}
{% for header in item.value.add_headers %}
add_header {{ item.value.add_headers[header].name }} "{{ item.value.add_headers[header].value }}"{% if item.value.add_headers[header].always is defined and item.value.add_headers[header].always %} always{% endif %};
{% if item.value.servers[server].add_headers is defined %}
{% for header in item.value.servers[server].add_headers %}
add_header {{ item.value.servers[server].add_headers[header].name }} "{{ item.value.servers[server].add_headers[header].value }}"{% if item.value.servers[server].add_headers[header].always is defined and item.value.servers[server].add_headers[header].always %} always{% endif %};
{% endfor %}
{% endif %}
{% if item.value.auth_basic is defined and item.value.auth_basic %}
auth_basic "{{ item.value.auth_basic }}";
{% if item.value.servers[server].auth_basic is defined and item.value.servers[server].auth_basic %}
auth_basic "{{ item.value.servers[server].auth_basic }}";
{% endif %}
{% if item.value.auth_basic_user_file is defined and item.value.auth_basic_user_file %}
auth_basic_user_file {{ item.value.auth_basic_user_file }};
{% if item.value.servers[server].auth_basic_user_file is defined and item.value.servers[server].auth_basic_user_file %}
auth_basic_user_file {{ item.value.servers[server].auth_basic_user_file }};
{% endif %}
{% if item.value.root is defined and item.value.root %}
root {{ item.value.root }};
{% if item.value.servers[server].root is defined and item.value.servers[server].root %}
root {{ item.value.servers[server].root }};
{% endif %}
{% if item.value.https_redirect is defined and item.value.https_redirect %}
return 301 https://{% if item.value.server_name == "_" %}$host{% else %}{{ item.value.server_name }}{% endif %}$request_uri;
{% if item.value.servers[server].https_redirect is defined and item.value.servers[server].https_redirect %}
return 301 https://{% if item.value.servers[server].server_name == "_" %}$host{% else %}{{ item.value.servers[server].server_name }}{% endif %}$request_uri;
{% endif %}
{% if item.value.autoindex is defined and item.value.autoindex %}
{% if item.value.servers[server].autoindex is defined and item.value.servers[server].autoindex %}
autoindex on;
{% endif %}
{% if item.value.try_files is defined %}
try_files {{ item.value.try_files }};
{% if item.value.servers[server].try_files is defined %}
try_files {{ item.value.servers[server].try_files }};
{% endif %}
{% if item.value.auth_request is defined %}
auth_request {{ item.value.auth_request }};
{% if item.value.servers[server].auth_request is defined %}
auth_request {{ item.value.servers[server].auth_request }};
{% endif %}
{% if item.value.auth_request_set is defined %}
auth_request_set {{ item.value.auth_request_set.name }} {{ item.value.auth_request_set.value }};
{% if item.value.servers[server].auth_request_set is defined %}
auth_request_set {{ item.value.servers[server].auth_request_set.name }} {{ item.value.servers[server].auth_request_set.value }};
{% endif %}
{% if item.value.client_max_body_size is defined and item.value.client_max_body_size %}
client_max_body_size {{ item.value.client_max_body_size }};
{% if item.value.servers[server].client_max_body_size is defined and item.value.servers[server].client_max_body_size %}
client_max_body_size {{ item.value.servers[server].client_max_body_size }};
{% endif %}
{% if item.value.server_custom_options is defined and item.value.server_custom_options | length %}
{% for inline_option in item.value.server_custom_options %}
{% if item.value.servers[server].custom_options is defined and item.value.servers[server].custom_options | length %}
{% for inline_option in item.value.servers[server].custom_options %}
{{ inline_option }};
{% endfor %}
{% endif %}
{% if item.value.reverse_proxy is defined and item.value.reverse_proxy %}
{% for location in item.value.reverse_proxy.locations %}
location {{ item.value.reverse_proxy.locations[location].location }} {
{% if item.value.reverse_proxy.locations[location].internal is sameas true %}
{% if item.value.servers[server].reverse_proxy is defined and item.value.servers[server].reverse_proxy %}
{% for location in item.value.servers[server].reverse_proxy.locations %}
location {{ item.value.servers[server].reverse_proxy.locations[location].location }} {
{% if item.value.servers[server].reverse_proxy.locations[location].internal is sameas true %}
internal;
{% endif %}
{% if item.value.reverse_proxy.locations[location].include_files is defined and item.value.reverse_proxy.locations[location].include_files | length %}
{% for file in item.value.reverse_proxy.locations[location].include_files %}
{% if item.value.servers[server].reverse_proxy.locations[location].include_files is defined and item.value.servers[server].reverse_proxy.locations[location].include_files | length %}
{% for file in item.value.servers[server].reverse_proxy.locations[location].include_files %}
include "{{ file }}";
{% endfor %}
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_hide_headers is defined %}
{% for header in item.value.reverse_proxy.locations[location].proxy_hide_headers %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_hide_headers is defined %}
{% for header in item.value.servers[server].reverse_proxy.locations[location].proxy_hide_headers %}
proxy_hide_header {{ header }};
{% endfor %}
{% endif %}
{% if item.value.reverse_proxy.locations[location].add_headers is defined %}
{% for header in item.value.reverse_proxy.locations[location].add_headers %}
add_header {{ item.value.reverse_proxy.locations[location].add_headers[header].name }} "{{ item.value.reverse_proxy.locations[location].add_headers[header].value }}"{% if item.value.reverse_proxy.locations[location].add_headers[header].always is defined and item.value.reverse_proxy.locations[location].add_headers[header].always %} always{% endif %};
{% if item.value.servers[server].reverse_proxy.locations[location].add_headers is defined %}
{% for header in item.value.servers[server].reverse_proxy.locations[location].add_headers %}
add_header {{ item.value.servers[server].reverse_proxy.locations[location].add_headers[header].name }} "{{ item.value.servers[server].reverse_proxy.locations[location].add_headers[header].value }}"{% if item.value.servers[server].reverse_proxy.locations[location].add_headers[header].always is defined and item.value.servers[server].reverse_proxy.locations[location].add_headers[header].always %} always{% endif %};
{% endfor %}
{% endif %}
{% if item.value.reverse_proxy.locations[location].auth_request is defined %}
auth_request {{ item.value.reverse_proxy.locations[location].auth_request }};
{% if item.value.servers[server].reverse_proxy.locations[location].auth_request is defined %}
auth_request {{ item.value.servers[server].reverse_proxy.locations[location].auth_request }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].auth_request_set is defined %}
auth_request_set {{ item.value.reverse_proxy.locations[location].auth_request_set.name }} {{ item.value.reverse_proxy.locations[location].auth_request_set.value }};
{% if item.value.servers[server].reverse_proxy.locations[location].auth_request_set is defined %}
auth_request_set {{ item.value.servers[server].reverse_proxy.locations[location].auth_request_set.name }} {{ item.value.servers[server].reverse_proxy.locations[location].auth_request_set.value }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].auth_basic is defined and item.value.reverse_proxy.locations[location].auth_basic %}
auth_basic "{{ item.value.reverse_proxy.locations[location].auth_basic }}";
{% if item.value.servers[server].reverse_proxy.locations[location].auth_basic is defined and item.value.servers[server].reverse_proxy.locations[location].auth_basic %}
auth_basic "{{ item.value.servers[server].reverse_proxy.locations[location].auth_basic }}";
{% endif %}
{% if item.value.reverse_proxy.locations[location].auth_basic_user_file is defined and item.value.reverse_proxy.locations[location].auth_basic_user_file %}
auth_basic_user_file {{ item.value.reverse_proxy.locations[location].auth_basic_user_file }};
{% if item.value.servers[server].reverse_proxy.locations[location].auth_basic_user_file is defined and item.value.servers[server].reverse_proxy.locations[location].auth_basic_user_file %}
auth_basic_user_file {{ item.value.servers[server].reverse_proxy.locations[location].auth_basic_user_file }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].returns is defined %}
{% for code in item.value.reverse_proxy.locations[location].returns %}
{% if item.value.reverse_proxy.locations[location].returns[code] is defined %}
return {{ item.value.reverse_proxy.locations[location].returns[code].code }} {{ item.value.reverse_proxy.locations[location].returns[code].url }};
{% if item.value.servers[server].reverse_proxy.locations[location].returns is defined %}
{% for code in item.value.servers[server].reverse_proxy.locations[location].returns %}
{% if item.value.servers[server].reverse_proxy.locations[location].returns[code] is defined %}
return {{ item.value.servers[server].reverse_proxy.locations[location].returns[code].code }} {{ item.value.servers[server].reverse_proxy.locations[location].returns[code].url }};
{% else %}
return {{ item.value.reverse_proxy.locations[location].returns[code].url }};
return {{ item.value.servers[server].reverse_proxy.locations[location].returns[code].url }};
{% endif %}
{% endfor %}
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_connect_timeout is defined and item.value.reverse_proxy.locations[location].proxy_connect_timeout %}
proxy_connect_timeout {{ item.value.reverse_proxy.locations[location].proxy_connect_timeout }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_connect_timeout is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_connect_timeout %}
proxy_connect_timeout {{ item.value.servers[server].reverse_proxy.locations[location].proxy_connect_timeout }};
{% endif %}
proxy_pass {{ item.value.reverse_proxy.locations[location].proxy_pass }};
{% if item.value.reverse_proxy.locations[location].rewrites is defined %}
{% for rewrite in item.value.reverse_proxy.locations[location].rewrites %}
proxy_pass {{ item.value.servers[server].reverse_proxy.locations[location].proxy_pass }};
{% if item.value.servers[server].reverse_proxy.locations[location].rewrites is defined %}
{% for rewrite in item.value.servers[server].reverse_proxy.locations[location].rewrites %}
rewrite {{ rewrite }};
{% endfor %}
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_read_timeout is defined and item.value.reverse_proxy.locations[location].proxy_read_timeout %}
proxy_read_timeout {{ item.value.reverse_proxy.locations[location].proxy_read_timeout }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_read_timeout is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_read_timeout %}
proxy_read_timeout {{ item.value.servers[server].reverse_proxy.locations[location].proxy_read_timeout }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_send_timeout is defined and item.value.reverse_proxy.locations[location].proxy_send_timeout %}
proxy_send_timeout {{ item.value.reverse_proxy.locations[location].proxy_send_timeout }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_send_timeout is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_send_timeout %}
proxy_send_timeout {{ item.value.servers[server].reverse_proxy.locations[location].proxy_send_timeout }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_pass_request_body is defined %}
proxy_pass_request_body {{ item.value.reverse_proxy.locations[location].proxy_pass_request_body }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_pass_request_body is defined %}
proxy_pass_request_body {{ item.value.servers[server].reverse_proxy.locations[location].proxy_pass_request_body }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_store is defined %}
proxy_store {{ item.value.reverse_proxy.locations[location].proxy_store | ternary("on", "off") }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_store is defined %}
proxy_store {{ item.value.servers[server].reverse_proxy.locations[location].proxy_store | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_store_access is defined %}
proxy_store_access {{ item.value.reverse_proxy.locations[location].proxy_store_access }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_store_access is defined %}
proxy_store_access {{ item.value.servers[server].reverse_proxy.locations[location].proxy_store_access }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].allows is defined %}
{% for allow in item.value.reverse_proxy.locations[location].allows %}
{% if item.value.servers[server].reverse_proxy.locations[location].allows is defined %}
{% for allow in item.value.servers[server].reverse_proxy.locations[location].allows %}
allow {{ allow }};
{% endfor %}
{% endif %}
{% if item.value.reverse_proxy.locations[location].denies is defined %}
{% for deny in item.value.reverse_proxy.locations[location].denies %}
{% if item.value.servers[server].reverse_proxy.locations[location].denies is defined %}
{% for deny in item.value.servers[server].reverse_proxy.locations[location].denies %}
deny {{ deny }};
{% endfor %}
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_set_header is defined %}
{% for header in item.value.reverse_proxy.locations[location].proxy_set_header %}
proxy_set_header {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].name }} {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].value }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_set_header is defined %}
{% for header in item.value.servers[server].reverse_proxy.locations[location].proxy_set_header %}
proxy_set_header {{ item.value.servers[server].reverse_proxy.locations[location].proxy_set_header[header].name }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_set_header[header].value }};
{% endfor %}
{% if item.value.reverse_proxy.locations[location].proxy_http_version is defined %}
proxy_http_version {{ item.value.reverse_proxy.locations[location].proxy_http_version }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_http_version is defined %}
proxy_http_version {{ item.value.servers[server].reverse_proxy.locations[location].proxy_http_version }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].websocket is defined and item.value.reverse_proxy.locations[location].websocket %}
{% if item.value.servers[server].reverse_proxy.locations[location].websocket is defined and item.value.servers[server].reverse_proxy.locations[location].websocket %}
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
{% endif %}
{% endif %}
{% if item.value.reverse_proxy.locations[location].try_files is defined %}
try_files {{ item.value.reverse_proxy.locations[location].try_files }};
{% if item.value.servers[server].reverse_proxy.locations[location].try_files is defined %}
try_files {{ item.value.servers[server].reverse_proxy.locations[location].try_files }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_ssl is defined and item.value.reverse_proxy.locations[location].proxy_ssl %}
{% if item.value.reverse_proxy.locations[location].proxy_ssl.cert is defined %}
proxy_ssl_certificate {{ item.value.reverse_proxy.locations[location].proxy_ssl.cert }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_ssl %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.cert is defined %}
proxy_ssl_certificate {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.cert }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_ssl.key is defined %}
proxy_ssl_certificate_key {{ item.value.reverse_proxy.locations[location].proxy_ssl.key }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.key is defined %}
proxy_ssl_certificate_key {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.key }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_ssl.trusted_cert is defined %}
proxy_ssl_trusted_certificate {{ item.value.reverse_proxy.locations[location].proxy_ssl.trusted_cert }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.trusted_cert is defined %}
proxy_ssl_trusted_certificate {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.trusted_cert }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_ssl.server_name is defined %}
proxy_ssl_server_name {{ item.value.reverse_proxy.locations[location].proxy_ssl.server_name | ternary("on", "off") }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.server_name is defined %}
proxy_ssl_server_name {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.server_name | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_ssl.name is defined %}
proxy_ssl_name {{ item.value.reverse_proxy.locations[location].proxy_ssl.name }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.name is defined %}
proxy_ssl_name {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.name }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_ssl.protocols is defined %}
proxy_ssl_protocols {{ item.value.reverse_proxy.locations[location].proxy_ssl.protocols }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.protocols is defined %}
proxy_ssl_protocols {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.protocols }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_ssl.ciphers is defined %}
proxy_ssl_ciphers {{ item.value.reverse_proxy.locations[location].proxy_ssl.ciphers }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.ciphers is defined %}
proxy_ssl_ciphers {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.ciphers }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_ssl.verify is defined %}
proxy_ssl_verify {{ item.value.reverse_proxy.locations[location].proxy_ssl.verify | ternary("on", "off") }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify is defined %}
proxy_ssl_verify {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_ssl.verify_depth is defined %}
proxy_ssl_verify_depth {{ item.value.reverse_proxy.locations[location].proxy_ssl.verify_depth }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify_depth is defined %}
proxy_ssl_verify_depth {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify_depth }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_ssl.session_reuse is defined %}
proxy_ssl_session_reuse {{ item.value.reverse_proxy.locations[location].proxy_ssl.session_reuse | ternary("on", "off") }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.session_reuse is defined %}
proxy_ssl_session_reuse {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.session_reuse | ternary("on", "off") }};
{% endif %}
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_redirect is defined %}
proxy_redirect {{ item.value.reverse_proxy.locations[location].proxy_redirect | ternary(item.value.reverse_proxy.locations[location].proxy_redirect, "off") }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_redirect is defined %}
proxy_redirect {{ item.value.servers[server].reverse_proxy.locations[location].proxy_redirect | ternary(item.value.servers[server].reverse_proxy.locations[location].proxy_redirect, "off") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cache is defined %}
proxy_cache {{ item.value.reverse_proxy.locations[location].proxy_cache }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache is defined %}
proxy_cache {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cache_valid is defined %}
{% for proxy_cache_valid in item.value.reverse_proxy.locations[location].proxy_cache_valid %}
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_valid is defined %}
{% for proxy_cache_valid in item.value.servers[server].reverse_proxy.locations[location].proxy_cache_valid %}
{% if proxy_cache_valid.code is defined %}
proxy_cache_valid {{ proxy_cache_valid.code }} {{ proxy_cache_valid.time | default("10m") }};
{% elif proxy_cache_valid.time is defined and proxy_cache_valid.code is not defined %}
@ -300,42 +302,42 @@ server {
{% endif %}
{% endfor %}
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cache_background_update is defined %}
proxy_cache_background_update {{ item.value.reverse_proxy.locations[location].proxy_cache_background_update | ternary("on", "off") }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_background_update is defined %}
proxy_cache_background_update {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_background_update | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cache_lock is defined %}
proxy_cache_lock {{ item.value.reverse_proxy.locations[location].proxy_cache_lock | ternary("on", "off") }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_lock is defined %}
proxy_cache_lock {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_lock | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cache_min_uses is defined %}
proxy_cache_min_uses {{ item.value.reverse_proxy.locations[location].proxy_cache_min_uses }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_min_uses is defined %}
proxy_cache_min_uses {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_min_uses }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cache_revalidate is defined %}
proxy_cache_revalidate {{ item.value.reverse_proxy.locations[location].proxy_cache_revalidate | ternary("on", "off") }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_revalidate is defined %}
proxy_cache_revalidate {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_revalidate | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cache_use_stale is defined %}
proxy_cache_use_stale {{ item.value.reverse_proxy.locations[location].proxy_cache_use_stale | join(" ") }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_use_stale is defined %}
proxy_cache_use_stale {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_use_stale | join(" ") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_temp_path is defined %}
proxy_temp_path {{ item.value.reverse_proxy.locations[location].proxy_temp_path.path }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_3 | default("") }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path is defined %}
proxy_temp_path {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.path }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.level_1 | default("") }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.level_2 | default("") }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.level_3 | default("") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_ignore_headers is defined %}
proxy_ignore_headers {{ item.value.reverse_proxy.locations[location].proxy_ignore_headers | join(" ") }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ignore_headers is defined %}
proxy_ignore_headers {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ignore_headers | join(" ") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].client_max_body_size is defined and item.value.reverse_proxy.locations[location].client_max_body_size %}
client_max_body_size {{ item.value.reverse_proxy.locations[location].client_max_body_size }};
{% if item.value.servers[server].reverse_proxy.locations[location].client_max_body_size is defined and item.value.servers[server].reverse_proxy.locations[location].client_max_body_size %}
client_max_body_size {{ item.value.servers[server].reverse_proxy.locations[location].client_max_body_size }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_cookie_path is defined %}
proxy_cookie_path {{ item.value.reverse_proxy.locations[location].proxy_cookie_path.path }} {{ item.value.reverse_proxy.locations[location].proxy_cookie_path.replacement }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cookie_path is defined %}
proxy_cookie_path {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cookie_path.path }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cookie_path.replacement }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].proxy_buffering is defined %}
proxy_buffering {{ item.value.reverse_proxy.locations[location].proxy_buffering | ternary("on", "off") }};
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_buffering is defined %}
proxy_buffering {{ item.value.servers[server].reverse_proxy.locations[location].proxy_buffering | ternary("on", "off") }};
{% endif %}
{% if item.value.reverse_proxy.locations[location].custom_options is defined and item.value.reverse_proxy.locations[location].custom_options | length %}
{% for inline_option in item.value.reverse_proxy.locations[location].custom_options %}
{% if item.value.servers[server].reverse_proxy.locations[location].custom_options is defined and item.value.servers[server].reverse_proxy.locations[location].custom_options | length %}
{% for inline_option in item.value.servers[server].reverse_proxy.locations[location].custom_options %}
{{ inline_option }};
{% endfor %}
{% endif %}
{% if (item.value.reverse_proxy.health_check_plus is defined) and item.value.reverse_proxy.health_check_plus %}
{% if (item.value.servers[server].reverse_proxy.health_check_plus is defined) and item.value.servers[server].reverse_proxy.health_check_plus %}
health_check;
{% endif %}
@ -343,66 +345,66 @@ server {
{% endfor %}
{% endif %}
{% if item.value.web_server is defined %}
{% for location in item.value.web_server.locations %}
location {{ item.value.web_server.locations[location].location }} {
{% if item.value.web_server.locations[location].html_file_location is defined %}
root {{ item.value.web_server.locations[location].html_file_location }};
{% if item.value.servers[server].web_server is defined %}
{% for location in item.value.servers[server].web_server.locations %}
location {{ item.value.servers[server].web_server.locations[location].location }} {
{% if item.value.servers[server].web_server.locations[location].html_file_location is defined %}
root {{ item.value.servers[server].web_server.locations[location].html_file_location }};
{% endif %}
{% if item.value.web_server.locations[location].html_file_name is defined %}
index {{ item.value.web_server.locations[location].html_file_name }};
{% if item.value.servers[server].web_server.locations[location].html_file_name is defined %}
index {{ item.value.servers[server].web_server.locations[location].html_file_name }};
{% endif %}
{% if item.value.web_server.locations[location].autoindex | default(false) %}
{% if item.value.servers[server].web_server.locations[location].autoindex | default(false) %}
autoindex on;
{% endif %}
{% if item.value.web_server.locations[location].try_files is defined %}
try_files {{ item.value.web_server.locations[location].try_files }};
{% if item.value.servers[server].web_server.locations[location].try_files is defined %}
try_files {{ item.value.servers[server].web_server.locations[location].try_files }};
{% endif %}
{% if item.value.web_server.locations[location].include_files is defined and item.value.web_server.locations[location].include_files | length %}
{% for file in item.value.web_server.locations[location].include_files %}
{% if item.value.servers[server].web_server.locations[location].include_files is defined and item.value.servers[server].web_server.locations[location].include_files | length %}
{% for file in item.value.servers[server].web_server.locations[location].include_files %}
include "{{ file }}";
{% endfor %}
{% endif %}
{% if item.value.web_server.locations[location].custom_options is defined and item.value.web_server.locations[location].custom_options | length %}
{% for inline_option in item.value.web_server.locations[location].custom_options %}
{% if item.value.servers[server].web_server.locations[location].custom_options is defined and item.value.servers[server].web_server.locations[location].custom_options | length %}
{% for inline_option in item.value.servers[server].web_server.locations[location].custom_options %}
{{ inline_option }};
{% endfor %}
{% endif %}
{% if item.value.web_server.locations[location].proxy_hide_headers is defined %}
{% for header in item.value.web_server.locations[location].proxy_hide_headers %}
{% if item.value.servers[server].web_server.locations[location].proxy_hide_headers is defined %}
{% for header in item.value.servers[server].web_server.locations[location].proxy_hide_headers %}
proxy_hide_header {{ header }};
{% endfor %}
{% endif %}
{% if item.value.web_server.locations[location].add_headers is defined %}
{% for header in item.value.web_server.locations[location].add_headers %}
add_header {{ item.value.web_server.locations[location].add_headers[header].name }} "{{ item.value.web_server.locations[location].add_headers[header].value }}"{% if item.value.web_server.locations[location].add_headers[header].always is defined and item.value.web_server.locations[location].add_headers[header].always %} always{% endif %};
{% if item.value.servers[server].web_server.locations[location].add_headers is defined %}
{% for header in item.value.servers[server].web_server.locations[location].add_headers %}
add_header {{ item.value.servers[server].web_server.locations[location].add_headers[header].name }} "{{ item.value.servers[server].web_server.locations[location].add_headers[header].value }}"{% if item.value.servers[server].web_server.locations[location].add_headers[header].always is defined and item.value.servers[server].web_server.locations[location].add_headers[header].always %} always{% endif %};
{% endfor %}
{% endif %}
{% if item.value.web_server.locations[location].returns is defined %}
{% for code in item.value.web_server.locations[location].returns %}
{% if item.value.web_server.locations[location].returns[code] is defined %}
return {{ item.value.web_server.locations[location].returns[code].code }} {{ item.value.web_server.locations[location].returns[code].url }};
{% if item.value.servers[server].web_server.locations[location].returns is defined %}
{% for code in item.value.servers[server].web_server.locations[location].returns %}
{% if item.value.servers[server].web_server.locations[location].returns[code] is defined %}
return {{ item.value.servers[server].web_server.locations[location].returns[code].code }} {{ item.value.servers[server].web_server.locations[location].returns[code].url }};
{% else %}
return {{ item.value.web_server.locations[location].returns[code].url }};
return {{ item.value.servers[server].web_server.locations[location].returns[code].url }};
{% endif %}
{% endfor %}
{% endif %}
{% if item.value.web_server.locations[location].auth_basic is defined and item.value.web_server.locations[location].auth_basic %}
auth_basic "{{ item.value.web_server.locations[location].auth_basic }}";
{% if item.value.servers[server].web_server.locations[location].auth_basic is defined and item.value.servers[server].web_server.locations[location].auth_basic %}
auth_basic "{{ item.value.servers[server].web_server.locations[location].auth_basic }}";
{% endif %}
{% if item.value.web_server.locations[location].auth_basic_user_file is defined and item.value.web_server.locations[location].auth_basic_user_file %}
auth_basic_user_file {{ item.value.web_server.locations[location].auth_basic_user_file }};
{% if item.value.servers[server].web_server.locations[location].auth_basic_user_file is defined and item.value.servers[server].web_server.locations[location].auth_basic_user_file %}
auth_basic_user_file {{ item.value.servers[server].web_server.locations[location].auth_basic_user_file }};
{% endif %}
{% if item.value.web_server.locations[location].auth_request is defined %}
auth_request {{ item.value.web_server.locations[location].auth_request }};
{% if item.value.servers[server].web_server.locations[location].auth_request is defined %}
auth_request {{ item.value.servers[server].web_server.locations[location].auth_request }};
{% endif %}
{% if item.value.web_server.locations[location].auth_request_set is defined %}
auth_request_set {{ item.value.web_server.locations[location].auth_request_set.name }} {{ item.value.web_server.locations[location].auth_request_set.value }};
{% if item.value.servers[server].web_server.locations[location].auth_request_set is defined %}
auth_request_set {{ item.value.servers[server].web_server.locations[location].auth_request_set.name }} {{ item.value.servers[server].web_server.locations[location].auth_request_set.value }};
{% endif %}
}
{% endfor %}
{% if item.value.web_server.http_demo_conf %}
{% if item.value.servers[server].web_server.http_demo_conf %}
sub_filter_once off;
sub_filter 'server_hostname' '$hostname';
sub_filter 'server_address' '$server_addr:$server_port';
@ -416,29 +418,31 @@ server {
sub_filter 'proxied_for_ip' '$http_x_forwarded_for';
{% endif %}
{% endif %}
{% if item.value.returns is defined %}
{% for return in item.value.returns %}
location {{ item.value.returns[return].location }} {
return {{ item.value.returns[return].code }}{% if item.value.returns[return].value is defined %} {{ item.value.returns[return].value }}{% endif %};
{% if item.value.servers[server].returns is defined %}
{% for return in item.value.servers[server].returns %}
location {{ item.value.servers[server].returns[return].location }} {
return {{ item.value.servers[server].returns[return].code }}{% if item.value.servers[server].returns[return].value is defined %} {{ item.value.servers[server].returns[return].value }}{% endif %};
}
{% endfor %}
{% endif %}
{% if item.value.error_page is defined %}
{% if item.value.servers[server].error_page is defined %}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root {{ item.value.error_page }};
root {{ item.value.servers[server].error_page }};
}
{% endif %}
{% if item.value.access_log is defined %}
{% for access_log in item.value.access_log %}
{% if item.value.servers[server].access_log is defined %}
{% for access_log in item.value.servers[server].access_log %}
access_log {{ access_log.location }} {{ access_log.name }};
{% endfor %}
{% endif %}
{% if item.value.error_log is defined %}
error_log {{ item.value.error_log.location }} {{ item.value.error_log.level }};
{% if item.value.servers[server].error_log is defined %}
error_log {{ item.value.servers[server].error_log.location }} {{ item.value.servers[server].error_log.level }};
{% endif %}
}
{% endfor %}
{% endif %}