Add multiple servers for reverse proxy template (#194)
* Change custom options to better reflect multiple server support
This commit is contained in:
parent
cb014cdab4
commit
1771878e9e
528
README.md
528
README.md
@ -201,6 +201,10 @@ nginx_start: true
|
|||||||
# Print NGINX configuration file to terminal after executing playbook.
|
# Print NGINX configuration file to terminal after executing playbook.
|
||||||
nginx_debug_output: false
|
nginx_debug_output: false
|
||||||
|
|
||||||
|
# Supported systems
|
||||||
|
nginx_linux_families: ['Alpine', 'Debian', 'RedHat', 'Suse']
|
||||||
|
nginx_bsd_systems: ['FreeBSD', 'NetBSD', 'OpenBSD', 'DragonFlyBSD', 'HardenedBSD']
|
||||||
|
|
||||||
# Specify which type of NGINX you want to install.
|
# Specify which type of NGINX you want to install.
|
||||||
# Options are 'opensource' or 'plus'.
|
# Options are 'opensource' or 'plus'.
|
||||||
# Default is 'opensource'.
|
# Default is 'opensource'.
|
||||||
@ -222,24 +226,23 @@ nginx_install_from: nginx_repository
|
|||||||
# Specify source repository for NGINX Open Source.
|
# Specify source repository for NGINX Open Source.
|
||||||
# Only works if 'install_from' is set to 'nginx_repository'.
|
# Only works if 'install_from' is set to 'nginx_repository'.
|
||||||
# Defaults are the official NGINX repositories.
|
# Defaults are the official NGINX repositories.
|
||||||
nginx_repository:
|
# nginx_repository: deb https://nginx.org/packages/mainline/debian/ stretch nginx
|
||||||
alpine: >-
|
|
||||||
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
# Choose to install BSD packages or ports.
|
||||||
| ternary('mainline/', '') }}alpine/v{{ ansible_distribution_version | regex_search('^[0-9]+\\.[0-9]+') }}/main
|
# Options are True for packages or False for ports.
|
||||||
debian:
|
# Default is True.
|
||||||
- >-
|
nginx_bsd_install_packages: true
|
||||||
deb https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
|
||||||
| ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
|
# Choose to update BSD ports collection.
|
||||||
- >-
|
# Options are True for update or False for do not update.
|
||||||
deb-src https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
# Default is True.
|
||||||
| ternary('mainline/', '') }}{{ ansible_distribution | lower }}/ {{ ansible_distribution_release }} nginx
|
nginx_bsd_update_ports: true
|
||||||
redhat: >-
|
|
||||||
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
# Choose to install packages built from BSD ports collection if
|
||||||
| ternary('mainline/', '') }}{{ (ansible_distribution == "RedHat")
|
# available.
|
||||||
| ternary('rhel', 'centos') }}/{{ ansible_distribution_major_version }}/$basearch/
|
# Options are True for use packages or False for do not use packages.
|
||||||
suse: >-
|
# Default is True.
|
||||||
https://nginx.org/packages/{{ (nginx_branch == 'mainline')
|
nginx_bsd_portinstall_use_packages: true
|
||||||
| ternary('mainline/', '') }}sles/{{ ansible_distribution_major_version }}
|
|
||||||
|
|
||||||
# Specify which branch of NGINX Open Source you want to install.
|
# Specify which branch of NGINX Open Source you want to install.
|
||||||
# Options are 'mainline' or 'stable'.
|
# Options are 'mainline' or 'stable'.
|
||||||
@ -379,87 +382,191 @@ nginx_http_template:
|
|||||||
template_file: http/default.conf.j2
|
template_file: http/default.conf.j2
|
||||||
conf_file_name: default.conf
|
conf_file_name: default.conf
|
||||||
conf_file_location: /etc/nginx/conf.d/
|
conf_file_location: /etc/nginx/conf.d/
|
||||||
listen:
|
servers:
|
||||||
listen_localhost:
|
server1:
|
||||||
ip: localhost # Wrap in square brackets for IPv6 addresses
|
listen:
|
||||||
port: 8081
|
listen_localhost:
|
||||||
opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
|
ip: localhost # Wrap in square brackets for IPv6 addresses
|
||||||
server_name: localhost
|
port: 8081
|
||||||
include_files: []
|
opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
|
||||||
error_page: /usr/share/nginx/html
|
server_name: localhost
|
||||||
access_log:
|
include_files: []
|
||||||
- name: main
|
error_page: /usr/share/nginx/html
|
||||||
location: /var/log/nginx/access.log
|
access_log:
|
||||||
error_log:
|
- name: main
|
||||||
location: /var/log/nginx/error.log
|
location: /var/log/nginx/access.log
|
||||||
level: warn
|
error_log:
|
||||||
root: /usr/share/nginx/html
|
location: /var/log/nginx/error.log
|
||||||
https_redirect: false
|
level: warn
|
||||||
autoindex: false
|
root: /usr/share/nginx/html
|
||||||
auth_basic: null
|
https_redirect: false
|
||||||
auth_basic_user_file: null
|
autoindex: false
|
||||||
try_files: $uri $uri/index.html $uri.html =404
|
auth_basic: null
|
||||||
#auth_request: /auth
|
auth_basic_user_file: null
|
||||||
#auth_request_set:
|
try_files: $uri $uri/index.html $uri.html =404
|
||||||
#name: $auth_user
|
#auth_request: /auth
|
||||||
#value: $upstream_http_x_user
|
#auth_request_set:
|
||||||
client_max_body_size: 1m
|
#name: $auth_user
|
||||||
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
|
#value: $upstream_http_x_user
|
||||||
add_headers:
|
client_max_body_size: 1m
|
||||||
strict_transport_security:
|
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
|
||||||
name: Strict-Transport-Security
|
add_headers:
|
||||||
value: max-age=15768000; includeSubDomains
|
strict_transport_security:
|
||||||
always: true
|
name: Strict-Transport-Security
|
||||||
#header_name:
|
value: max-age=15768000; includeSubDomains
|
||||||
#name: Header-X
|
always: true
|
||||||
#value: Value-X
|
#header_name:
|
||||||
#always: false
|
#name: Header-X
|
||||||
ssl:
|
#value: Value-X
|
||||||
cert: /etc/ssl/certs/default.crt
|
#always: false
|
||||||
key: /etc/ssl/private/default.key
|
ssl:
|
||||||
dhparam: /etc/ssl/private/dh_param.pem
|
cert: /etc/ssl/certs/default.crt
|
||||||
protocols: TLSv1 TLSv1.1 TLSv1.2
|
key: /etc/ssl/private/default.key
|
||||||
ciphers: HIGH:!aNULL:!MD5
|
dhparam: /etc/ssl/private/dh_param.pem
|
||||||
prefer_server_ciphers: true
|
protocols: TLSv1 TLSv1.1 TLSv1.2
|
||||||
session_cache: none
|
ciphers: HIGH:!aNULL:!MD5
|
||||||
session_timeout: 5m
|
prefer_server_ciphers: true
|
||||||
disable_session_tickets: false
|
session_cache: none
|
||||||
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
|
session_timeout: 5m
|
||||||
stapling: true
|
disable_session_tickets: false
|
||||||
stapling_verify: true
|
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
|
||||||
web_server:
|
stapling: true
|
||||||
locations:
|
stapling_verify: true
|
||||||
default:
|
#custom_options: []
|
||||||
location: /
|
web_server:
|
||||||
include_files: []
|
locations:
|
||||||
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
|
default:
|
||||||
add_headers:
|
location: /
|
||||||
strict_transport_security:
|
include_files: []
|
||||||
name: Strict-Transport-Security
|
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
|
||||||
value: max-age=15768000; includeSubDomains
|
add_headers:
|
||||||
always: true
|
strict_transport_security:
|
||||||
#header_name:
|
name: Strict-Transport-Security
|
||||||
#name: Header-X
|
value: max-age=15768000; includeSubDomains
|
||||||
#value: Value-X
|
always: true
|
||||||
#always: false
|
#header_name:
|
||||||
html_file_location: /usr/share/nginx/html
|
#name: Header-X
|
||||||
html_file_name: index.html
|
#value: Value-X
|
||||||
autoindex: false
|
#always: false
|
||||||
auth_basic: null
|
html_file_location: /usr/share/nginx/html
|
||||||
auth_basic_user_file: null
|
html_file_name: index.html
|
||||||
try_files: $uri $uri/index.html $uri.html =404
|
autoindex: false
|
||||||
#auth_request: /auth
|
auth_basic: null
|
||||||
#auth_request_set:
|
auth_basic_user_file: null
|
||||||
#name: $auth_user
|
try_files: $uri $uri/index.html $uri.html =404
|
||||||
#value: $upstream_http_x_user
|
#auth_request: /auth
|
||||||
client_max_body_size: 1m
|
#auth_request_set:
|
||||||
#returns:
|
#name: $auth_user
|
||||||
#return302:
|
#value: $upstream_http_x_user
|
||||||
#code: 302
|
client_max_body_size: 1m
|
||||||
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
#returns:
|
||||||
#custom_options: []
|
#return302:
|
||||||
http_demo_conf: false
|
#code: 302
|
||||||
reverse_proxy:
|
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
||||||
|
#custom_options: []
|
||||||
|
http_demo_conf: false
|
||||||
|
reverse_proxy:
|
||||||
|
locations:
|
||||||
|
backend:
|
||||||
|
location: /
|
||||||
|
include_files: []
|
||||||
|
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
|
||||||
|
add_headers:
|
||||||
|
strict_transport_security:
|
||||||
|
name: Strict-Transport-Security
|
||||||
|
value: max-age=15768000; includeSubDomains
|
||||||
|
always: true
|
||||||
|
#header_name:
|
||||||
|
#name: Header-X
|
||||||
|
#value: Value-X
|
||||||
|
#always: false
|
||||||
|
proxy_connect_timeout: null
|
||||||
|
proxy_pass: http://backend
|
||||||
|
#rewrites:
|
||||||
|
# - /foo(.*) /$1 break
|
||||||
|
#proxy_pass_request_body: off
|
||||||
|
#allows:
|
||||||
|
# - 192.168.1.0/24
|
||||||
|
#denies:
|
||||||
|
# - all
|
||||||
|
proxy_set_header:
|
||||||
|
header_host:
|
||||||
|
name: Host
|
||||||
|
value: $host
|
||||||
|
header_x_real_ip:
|
||||||
|
name: X-Real-IP
|
||||||
|
value: $remote_addr
|
||||||
|
header_x_forwarded_for:
|
||||||
|
name: X-Forwarded-For
|
||||||
|
value: $proxy_add_x_forwarded_for
|
||||||
|
header_x_forwarded_proto:
|
||||||
|
name: X-Forwarded-Proto
|
||||||
|
value: $scheme
|
||||||
|
#header_upgrade:
|
||||||
|
#name: Upgrade
|
||||||
|
#value: $http_upgrade
|
||||||
|
#header_connection:
|
||||||
|
#name: Connection
|
||||||
|
#value: "Upgrade"
|
||||||
|
#header_random:
|
||||||
|
#name: RandomName
|
||||||
|
#value: RandomValue
|
||||||
|
#internal: false
|
||||||
|
#proxy_store: off
|
||||||
|
#proxy_store_acccess: user:rw
|
||||||
|
proxy_read_timeout: null
|
||||||
|
proxy_send_timeout: null
|
||||||
|
proxy_ssl:
|
||||||
|
cert: /etc/ssl/certs/proxy_default.crt
|
||||||
|
key: /etc/ssl/private/proxy_default.key
|
||||||
|
trusted_cert: /etc/ssl/certs/proxy_ca.crt
|
||||||
|
protocols: TLSv1 TLSv1.1 TLSv1.2
|
||||||
|
ciphers: HIGH:!aNULL:!MD5
|
||||||
|
verify: false
|
||||||
|
verify_depth: 1
|
||||||
|
session_reuse: true
|
||||||
|
proxy_cache: backend_proxy_cache
|
||||||
|
proxy_cache_valid:
|
||||||
|
- code: 200
|
||||||
|
time: 10m
|
||||||
|
- code: 301
|
||||||
|
time: 1m
|
||||||
|
proxy_temp_path:
|
||||||
|
path: /var/cache/nginx/proxy/backend/temp
|
||||||
|
proxy_cache_lock: false
|
||||||
|
proxy_cache_min_uses: 3
|
||||||
|
proxy_cache_revalidate: false
|
||||||
|
proxy_cache_use_stale:
|
||||||
|
- http_403
|
||||||
|
- http_404
|
||||||
|
proxy_ignore_headers:
|
||||||
|
- Vary
|
||||||
|
- Cache-Control
|
||||||
|
proxy_cookie_path:
|
||||||
|
path: /web/
|
||||||
|
replacement: /
|
||||||
|
proxy_buffering: false
|
||||||
|
proxy_http_version: 1.0
|
||||||
|
websocket: false
|
||||||
|
auth_basic: null
|
||||||
|
auth_basic_user_file: null
|
||||||
|
try_files: $uri $uri/index.html $uri.html =404
|
||||||
|
#auth_request: /auth
|
||||||
|
#auth_request_set:
|
||||||
|
#name: $auth_user
|
||||||
|
#value: $upstream_http_x_user
|
||||||
|
#returns:
|
||||||
|
#return302:
|
||||||
|
#code: 302
|
||||||
|
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
||||||
|
#custom_options: []
|
||||||
|
health_check_plus: false
|
||||||
|
returns:
|
||||||
|
return301:
|
||||||
|
location: /
|
||||||
|
code: 301
|
||||||
|
value: http://$host$request_uri
|
||||||
|
proxy_cache:
|
||||||
proxy_cache_path:
|
proxy_cache_path:
|
||||||
- path: /var/cache/nginx/proxy/backend
|
- path: /var/cache/nginx/proxy/backend
|
||||||
keys_zone:
|
keys_zone:
|
||||||
@ -471,6 +578,11 @@ nginx_http_template:
|
|||||||
use_temp_path: true
|
use_temp_path: true
|
||||||
proxy_temp_path:
|
proxy_temp_path:
|
||||||
path: /var/cache/nginx/proxy/temp
|
path: /var/cache/nginx/proxy/temp
|
||||||
|
proxy_cache_valid:
|
||||||
|
- code: 200
|
||||||
|
time: 10m
|
||||||
|
- code: 301
|
||||||
|
time: 1m
|
||||||
proxy_cache_lock: true
|
proxy_cache_lock: true
|
||||||
proxy_cache_min_uses: 5
|
proxy_cache_min_uses: 5
|
||||||
proxy_cache_revalidate: true
|
proxy_cache_revalidate: true
|
||||||
@ -479,108 +591,6 @@ nginx_http_template:
|
|||||||
- timeout
|
- timeout
|
||||||
proxy_ignore_headers:
|
proxy_ignore_headers:
|
||||||
- Expires
|
- Expires
|
||||||
locations:
|
|
||||||
backend:
|
|
||||||
location: /
|
|
||||||
include_files: []
|
|
||||||
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
|
|
||||||
add_headers:
|
|
||||||
strict_transport_security:
|
|
||||||
name: Strict-Transport-Security
|
|
||||||
value: max-age=15768000; includeSubDomains
|
|
||||||
always: true
|
|
||||||
#header_name:
|
|
||||||
#name: Header-X
|
|
||||||
#value: Value-X
|
|
||||||
#always: false
|
|
||||||
proxy_connect_timeout: null
|
|
||||||
proxy_pass: http://backend
|
|
||||||
#rewrites:
|
|
||||||
# - /foo(.*) /$1 break
|
|
||||||
#proxy_pass_request_body: off
|
|
||||||
#allows:
|
|
||||||
# - 192.168.1.0/24
|
|
||||||
#denies:
|
|
||||||
# - all
|
|
||||||
proxy_set_header:
|
|
||||||
header_host:
|
|
||||||
name: Host
|
|
||||||
value: $host
|
|
||||||
header_x_real_ip:
|
|
||||||
name: X-Real-IP
|
|
||||||
value: $remote_addr
|
|
||||||
header_x_forwarded_for:
|
|
||||||
name: X-Forwarded-For
|
|
||||||
value: $proxy_add_x_forwarded_for
|
|
||||||
header_x_forwarded_proto:
|
|
||||||
name: X-Forwarded-Proto
|
|
||||||
value: $scheme
|
|
||||||
#header_upgrade:
|
|
||||||
#name: Upgrade
|
|
||||||
#value: $http_upgrade
|
|
||||||
#header_connection:
|
|
||||||
#name: Connection
|
|
||||||
#value: "Upgrade"
|
|
||||||
#header_random:
|
|
||||||
#name: RandomName
|
|
||||||
#value: RandomValue
|
|
||||||
#internal: false
|
|
||||||
#proxy_store: off
|
|
||||||
#proxy_store_acccess: user:rw
|
|
||||||
proxy_read_timeout: null
|
|
||||||
proxy_ssl:
|
|
||||||
cert: /etc/ssl/certs/proxy_default.crt
|
|
||||||
key: /etc/ssl/private/proxy_default.key
|
|
||||||
trusted_cert: /etc/ssl/certs/proxy_ca.crt
|
|
||||||
protocols: TLSv1 TLSv1.1 TLSv1.2
|
|
||||||
ciphers: HIGH:!aNULL:!MD5
|
|
||||||
verify: false
|
|
||||||
verify_depth: 1
|
|
||||||
session_reuse: true
|
|
||||||
proxy_cache: frontend_proxy_cache
|
|
||||||
proxy_cache_valid:
|
|
||||||
- code: 200
|
|
||||||
time: 10m
|
|
||||||
- code: 301
|
|
||||||
time: 1m
|
|
||||||
proxy_temp_path:
|
|
||||||
path: /var/cache/nginx/proxy/backend/temp
|
|
||||||
proxy_cache_lock: false
|
|
||||||
proxy_cache_min_uses: 3
|
|
||||||
proxy_cache_revalidate: false
|
|
||||||
proxy_cache_use_stale:
|
|
||||||
- http_403
|
|
||||||
- http_404
|
|
||||||
proxy_ignore_headers:
|
|
||||||
- Vary
|
|
||||||
- Cache-Control
|
|
||||||
proxy_cookie_path:
|
|
||||||
path: /web/
|
|
||||||
replacement: /
|
|
||||||
proxy_buffering: false
|
|
||||||
proxy_http_version: 1.0
|
|
||||||
websocket: false
|
|
||||||
auth_basic: null
|
|
||||||
auth_basic_user_file: null
|
|
||||||
try_files: $uri $uri/index.html $uri.html =404
|
|
||||||
#auth_request: /auth
|
|
||||||
#auth_request_set:
|
|
||||||
#name: $auth_user
|
|
||||||
#value: $upstream_http_x_user
|
|
||||||
#returns:
|
|
||||||
#return302:
|
|
||||||
#code: 302
|
|
||||||
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
|
||||||
#custom_options: []
|
|
||||||
health_check_plus: false
|
|
||||||
proxy_cache:
|
|
||||||
proxy_cache_path:
|
|
||||||
path: /var/cache/nginx
|
|
||||||
keys_zone:
|
|
||||||
name: one
|
|
||||||
size: 10m
|
|
||||||
proxy_temp_path:
|
|
||||||
path: /var/cache/nginx/proxy
|
|
||||||
upstreams:
|
upstreams:
|
||||||
upstream1:
|
upstream1:
|
||||||
name: backend
|
name: backend
|
||||||
@ -595,13 +605,7 @@ nginx_http_template:
|
|||||||
weight: 1
|
weight: 1
|
||||||
health_check: max_fails=1 fail_timeout=10s
|
health_check: max_fails=1 fail_timeout=10s
|
||||||
#custom_options: []
|
#custom_options: []
|
||||||
returns:
|
#custom_options: []
|
||||||
return301:
|
|
||||||
location: /
|
|
||||||
code: 301
|
|
||||||
value: http://$host$request_uri
|
|
||||||
#http_custom_options: []
|
|
||||||
#server_custom_options: []
|
|
||||||
|
|
||||||
# Enable NGINX status data.
|
# Enable NGINX status data.
|
||||||
# Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus.
|
# Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus.
|
||||||
@ -740,23 +744,25 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
|
|||||||
template_file: http/default.conf.j2
|
template_file: http/default.conf.j2
|
||||||
conf_file_name: default.conf
|
conf_file_name: default.conf
|
||||||
conf_file_location: /etc/nginx/conf.d/
|
conf_file_location: /etc/nginx/conf.d/
|
||||||
listen:
|
servers:
|
||||||
listen_localhost:
|
server1:
|
||||||
#ip: 0.0.0.0
|
listen:
|
||||||
port: 80
|
listen_localhost:
|
||||||
opts:
|
#ip: 0.0.0.0
|
||||||
- default_server
|
port: 80
|
||||||
server_name: localhost
|
opts:
|
||||||
error_page: /usr/share/nginx/html
|
- default_server
|
||||||
autoindex: false
|
server_name: localhost
|
||||||
reverse_proxy:
|
error_page: /usr/share/nginx/html
|
||||||
locations:
|
autoindex: false
|
||||||
frontend:
|
reverse_proxy:
|
||||||
location: /
|
locations:
|
||||||
proxy_pass: http://frontend_servers
|
frontend:
|
||||||
backend:
|
location: /
|
||||||
location: /backend
|
proxy_pass: http://frontend_servers
|
||||||
proxy_pass: http://backend_servers
|
backend:
|
||||||
|
location: /backend
|
||||||
|
proxy_pass: http://backend_servers
|
||||||
upstreams:
|
upstreams:
|
||||||
upstream_1:
|
upstream_1:
|
||||||
name: frontend_servers
|
name: frontend_servers
|
||||||
@ -786,44 +792,48 @@ This is a sample playbook file for deploying the Ansible Galaxy NGINX role in a
|
|||||||
template_file: http/default.conf.j2
|
template_file: http/default.conf.j2
|
||||||
conf_file_name: frontend_default.conf
|
conf_file_name: frontend_default.conf
|
||||||
conf_file_location: /etc/nginx/conf.d/
|
conf_file_location: /etc/nginx/conf.d/
|
||||||
listen:
|
servers:
|
||||||
listen_localhost:
|
server1:
|
||||||
ip: 0.0.0.0
|
listen:
|
||||||
port: 8081
|
listen_localhost:
|
||||||
opts: []
|
ip: 0.0.0.0
|
||||||
server_name: localhost
|
port: 8081
|
||||||
error_page: /usr/share/nginx/html
|
opts: []
|
||||||
autoindex: false
|
server_name: localhost
|
||||||
web_server:
|
error_page: /usr/share/nginx/html
|
||||||
locations:
|
autoindex: false
|
||||||
frontend_site:
|
web_server:
|
||||||
location: /
|
locations:
|
||||||
proxy_hide_headers:
|
frontend_site:
|
||||||
- X-Powered-By
|
location: /
|
||||||
html_file_location: /usr/share/nginx/html
|
proxy_hide_headers:
|
||||||
html_file_name: index.html
|
- X-Powered-By
|
||||||
autoindex: false
|
html_file_location: /usr/share/nginx/html
|
||||||
http_demo_conf: false
|
html_file_name: index.html
|
||||||
|
autoindex: false
|
||||||
|
http_demo_conf: false
|
||||||
backend:
|
backend:
|
||||||
template_file: http/default.conf.j2
|
template_file: http/default.conf.j2
|
||||||
conf_file_name: backend_default.conf
|
conf_file_name: backend_default.conf
|
||||||
conf_file_location: /etc/nginx/conf.d/
|
conf_file_location: /etc/nginx/conf.d/
|
||||||
listen:
|
servers:
|
||||||
listen_localhost:
|
server1:
|
||||||
ip: 0.0.0.0
|
listen:
|
||||||
port: 8082
|
listen_localhost:
|
||||||
opts: []
|
ip: 0.0.0.0
|
||||||
server_name: localhost
|
port: 8082
|
||||||
error_page: /usr/share/nginx/html
|
opts: []
|
||||||
autoindex: false
|
server_name: localhost
|
||||||
web_server:
|
error_page: /usr/share/nginx/html
|
||||||
locations:
|
autoindex: false
|
||||||
backend_site:
|
web_server:
|
||||||
location: /
|
locations:
|
||||||
html_file_location: /usr/share/nginx/html
|
backend_site:
|
||||||
html_file_name: index.html
|
location: /
|
||||||
autoindex: false
|
html_file_location: /usr/share/nginx/html
|
||||||
http_demo_conf: false
|
html_file_name: index.html
|
||||||
|
autoindex: false
|
||||||
|
http_demo_conf: false
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
@ -191,87 +191,191 @@ nginx_http_template:
|
|||||||
template_file: http/default.conf.j2
|
template_file: http/default.conf.j2
|
||||||
conf_file_name: default.conf
|
conf_file_name: default.conf
|
||||||
conf_file_location: /etc/nginx/conf.d/
|
conf_file_location: /etc/nginx/conf.d/
|
||||||
listen:
|
servers:
|
||||||
listen_localhost:
|
server1:
|
||||||
ip: localhost # Wrap in square brackets for IPv6 addresses
|
listen:
|
||||||
port: 8081
|
listen_localhost:
|
||||||
opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
|
ip: localhost # Wrap in square brackets for IPv6 addresses
|
||||||
server_name: localhost
|
port: 8081
|
||||||
include_files: []
|
opts: [] # Listen opts like http2 which will be added (ssl is automatically added if you specify 'ssl:').
|
||||||
error_page: /usr/share/nginx/html
|
server_name: localhost
|
||||||
access_log:
|
include_files: []
|
||||||
- name: main
|
error_page: /usr/share/nginx/html
|
||||||
location: /var/log/nginx/access.log
|
access_log:
|
||||||
error_log:
|
- name: main
|
||||||
location: /var/log/nginx/error.log
|
location: /var/log/nginx/access.log
|
||||||
level: warn
|
error_log:
|
||||||
root: /usr/share/nginx/html
|
location: /var/log/nginx/error.log
|
||||||
https_redirect: false
|
level: warn
|
||||||
autoindex: false
|
root: /usr/share/nginx/html
|
||||||
auth_basic: null
|
https_redirect: false
|
||||||
auth_basic_user_file: null
|
autoindex: false
|
||||||
try_files: $uri $uri/index.html $uri.html =404
|
auth_basic: null
|
||||||
#auth_request: /auth
|
auth_basic_user_file: null
|
||||||
#auth_request_set:
|
try_files: $uri $uri/index.html $uri.html =404
|
||||||
#name: $auth_user
|
#auth_request: /auth
|
||||||
#value: $upstream_http_x_user
|
#auth_request_set:
|
||||||
client_max_body_size: 1m
|
#name: $auth_user
|
||||||
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
|
#value: $upstream_http_x_user
|
||||||
add_headers:
|
client_max_body_size: 1m
|
||||||
strict_transport_security:
|
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
|
||||||
name: Strict-Transport-Security
|
add_headers:
|
||||||
value: max-age=15768000; includeSubDomains
|
strict_transport_security:
|
||||||
always: true
|
name: Strict-Transport-Security
|
||||||
#header_name:
|
value: max-age=15768000; includeSubDomains
|
||||||
#name: Header-X
|
always: true
|
||||||
#value: Value-X
|
#header_name:
|
||||||
#always: false
|
#name: Header-X
|
||||||
ssl:
|
#value: Value-X
|
||||||
cert: /etc/ssl/certs/default.crt
|
#always: false
|
||||||
key: /etc/ssl/private/default.key
|
ssl:
|
||||||
dhparam: /etc/ssl/private/dh_param.pem
|
cert: /etc/ssl/certs/default.crt
|
||||||
protocols: TLSv1 TLSv1.1 TLSv1.2
|
key: /etc/ssl/private/default.key
|
||||||
ciphers: HIGH:!aNULL:!MD5
|
dhparam: /etc/ssl/private/dh_param.pem
|
||||||
prefer_server_ciphers: true
|
protocols: TLSv1 TLSv1.1 TLSv1.2
|
||||||
session_cache: none
|
ciphers: HIGH:!aNULL:!MD5
|
||||||
session_timeout: 5m
|
prefer_server_ciphers: true
|
||||||
disable_session_tickets: false
|
session_cache: none
|
||||||
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
|
session_timeout: 5m
|
||||||
stapling: true
|
disable_session_tickets: false
|
||||||
stapling_verify: true
|
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt
|
||||||
web_server:
|
stapling: true
|
||||||
locations:
|
stapling_verify: true
|
||||||
default:
|
#custom_options: []
|
||||||
location: /
|
web_server:
|
||||||
include_files: []
|
locations:
|
||||||
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
|
default:
|
||||||
add_headers:
|
location: /
|
||||||
strict_transport_security:
|
include_files: []
|
||||||
name: Strict-Transport-Security
|
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
|
||||||
value: max-age=15768000; includeSubDomains
|
add_headers:
|
||||||
always: true
|
strict_transport_security:
|
||||||
#header_name:
|
name: Strict-Transport-Security
|
||||||
#name: Header-X
|
value: max-age=15768000; includeSubDomains
|
||||||
#value: Value-X
|
always: true
|
||||||
#always: false
|
#header_name:
|
||||||
html_file_location: /usr/share/nginx/html
|
#name: Header-X
|
||||||
html_file_name: index.html
|
#value: Value-X
|
||||||
autoindex: false
|
#always: false
|
||||||
auth_basic: null
|
html_file_location: /usr/share/nginx/html
|
||||||
auth_basic_user_file: null
|
html_file_name: index.html
|
||||||
try_files: $uri $uri/index.html $uri.html =404
|
autoindex: false
|
||||||
#auth_request: /auth
|
auth_basic: null
|
||||||
#auth_request_set:
|
auth_basic_user_file: null
|
||||||
#name: $auth_user
|
try_files: $uri $uri/index.html $uri.html =404
|
||||||
#value: $upstream_http_x_user
|
#auth_request: /auth
|
||||||
client_max_body_size: 1m
|
#auth_request_set:
|
||||||
#returns:
|
#name: $auth_user
|
||||||
#return302:
|
#value: $upstream_http_x_user
|
||||||
#code: 302
|
client_max_body_size: 1m
|
||||||
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
#returns:
|
||||||
#custom_options: []
|
#return302:
|
||||||
http_demo_conf: false
|
#code: 302
|
||||||
reverse_proxy:
|
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
||||||
|
#custom_options: []
|
||||||
|
http_demo_conf: false
|
||||||
|
reverse_proxy:
|
||||||
|
locations:
|
||||||
|
backend:
|
||||||
|
location: /
|
||||||
|
include_files: []
|
||||||
|
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
|
||||||
|
add_headers:
|
||||||
|
strict_transport_security:
|
||||||
|
name: Strict-Transport-Security
|
||||||
|
value: max-age=15768000; includeSubDomains
|
||||||
|
always: true
|
||||||
|
#header_name:
|
||||||
|
#name: Header-X
|
||||||
|
#value: Value-X
|
||||||
|
#always: false
|
||||||
|
proxy_connect_timeout: null
|
||||||
|
proxy_pass: http://backend
|
||||||
|
#rewrites:
|
||||||
|
# - /foo(.*) /$1 break
|
||||||
|
#proxy_pass_request_body: off
|
||||||
|
#allows:
|
||||||
|
# - 192.168.1.0/24
|
||||||
|
#denies:
|
||||||
|
# - all
|
||||||
|
proxy_set_header:
|
||||||
|
header_host:
|
||||||
|
name: Host
|
||||||
|
value: $host
|
||||||
|
header_x_real_ip:
|
||||||
|
name: X-Real-IP
|
||||||
|
value: $remote_addr
|
||||||
|
header_x_forwarded_for:
|
||||||
|
name: X-Forwarded-For
|
||||||
|
value: $proxy_add_x_forwarded_for
|
||||||
|
header_x_forwarded_proto:
|
||||||
|
name: X-Forwarded-Proto
|
||||||
|
value: $scheme
|
||||||
|
#header_upgrade:
|
||||||
|
#name: Upgrade
|
||||||
|
#value: $http_upgrade
|
||||||
|
#header_connection:
|
||||||
|
#name: Connection
|
||||||
|
#value: "Upgrade"
|
||||||
|
#header_random:
|
||||||
|
#name: RandomName
|
||||||
|
#value: RandomValue
|
||||||
|
#internal: false
|
||||||
|
#proxy_store: off
|
||||||
|
#proxy_store_acccess: user:rw
|
||||||
|
proxy_read_timeout: null
|
||||||
|
proxy_send_timeout: null
|
||||||
|
proxy_ssl:
|
||||||
|
cert: /etc/ssl/certs/proxy_default.crt
|
||||||
|
key: /etc/ssl/private/proxy_default.key
|
||||||
|
trusted_cert: /etc/ssl/certs/proxy_ca.crt
|
||||||
|
protocols: TLSv1 TLSv1.1 TLSv1.2
|
||||||
|
ciphers: HIGH:!aNULL:!MD5
|
||||||
|
verify: false
|
||||||
|
verify_depth: 1
|
||||||
|
session_reuse: true
|
||||||
|
proxy_cache: backend_proxy_cache
|
||||||
|
proxy_cache_valid:
|
||||||
|
- code: 200
|
||||||
|
time: 10m
|
||||||
|
- code: 301
|
||||||
|
time: 1m
|
||||||
|
proxy_temp_path:
|
||||||
|
path: /var/cache/nginx/proxy/backend/temp
|
||||||
|
proxy_cache_lock: false
|
||||||
|
proxy_cache_min_uses: 3
|
||||||
|
proxy_cache_revalidate: false
|
||||||
|
proxy_cache_use_stale:
|
||||||
|
- http_403
|
||||||
|
- http_404
|
||||||
|
proxy_ignore_headers:
|
||||||
|
- Vary
|
||||||
|
- Cache-Control
|
||||||
|
proxy_cookie_path:
|
||||||
|
path: /web/
|
||||||
|
replacement: /
|
||||||
|
proxy_buffering: false
|
||||||
|
proxy_http_version: 1.0
|
||||||
|
websocket: false
|
||||||
|
auth_basic: null
|
||||||
|
auth_basic_user_file: null
|
||||||
|
try_files: $uri $uri/index.html $uri.html =404
|
||||||
|
#auth_request: /auth
|
||||||
|
#auth_request_set:
|
||||||
|
#name: $auth_user
|
||||||
|
#value: $upstream_http_x_user
|
||||||
|
#returns:
|
||||||
|
#return302:
|
||||||
|
#code: 302
|
||||||
|
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
||||||
|
#custom_options: []
|
||||||
|
health_check_plus: false
|
||||||
|
returns:
|
||||||
|
return301:
|
||||||
|
location: /
|
||||||
|
code: 301
|
||||||
|
value: http://$host$request_uri
|
||||||
|
proxy_cache:
|
||||||
proxy_cache_path:
|
proxy_cache_path:
|
||||||
- path: /var/cache/nginx/proxy/backend
|
- path: /var/cache/nginx/proxy/backend
|
||||||
keys_zone:
|
keys_zone:
|
||||||
@ -296,109 +400,6 @@ nginx_http_template:
|
|||||||
- timeout
|
- timeout
|
||||||
proxy_ignore_headers:
|
proxy_ignore_headers:
|
||||||
- Expires
|
- Expires
|
||||||
locations:
|
|
||||||
backend:
|
|
||||||
location: /
|
|
||||||
include_files: []
|
|
||||||
proxy_hide_headers: [] # A list of headers which shouldn't be passed to the application
|
|
||||||
add_headers:
|
|
||||||
strict_transport_security:
|
|
||||||
name: Strict-Transport-Security
|
|
||||||
value: max-age=15768000; includeSubDomains
|
|
||||||
always: true
|
|
||||||
#header_name:
|
|
||||||
#name: Header-X
|
|
||||||
#value: Value-X
|
|
||||||
#always: false
|
|
||||||
proxy_connect_timeout: null
|
|
||||||
proxy_pass: http://backend
|
|
||||||
#rewrites:
|
|
||||||
# - /foo(.*) /$1 break
|
|
||||||
#proxy_pass_request_body: off
|
|
||||||
#allows:
|
|
||||||
# - 192.168.1.0/24
|
|
||||||
#denies:
|
|
||||||
# - all
|
|
||||||
proxy_set_header:
|
|
||||||
header_host:
|
|
||||||
name: Host
|
|
||||||
value: $host
|
|
||||||
header_x_real_ip:
|
|
||||||
name: X-Real-IP
|
|
||||||
value: $remote_addr
|
|
||||||
header_x_forwarded_for:
|
|
||||||
name: X-Forwarded-For
|
|
||||||
value: $proxy_add_x_forwarded_for
|
|
||||||
header_x_forwarded_proto:
|
|
||||||
name: X-Forwarded-Proto
|
|
||||||
value: $scheme
|
|
||||||
#header_upgrade:
|
|
||||||
#name: Upgrade
|
|
||||||
#value: $http_upgrade
|
|
||||||
#header_connection:
|
|
||||||
#name: Connection
|
|
||||||
#value: "Upgrade"
|
|
||||||
#header_random:
|
|
||||||
#name: RandomName
|
|
||||||
#value: RandomValue
|
|
||||||
#internal: false
|
|
||||||
#proxy_store: off
|
|
||||||
#proxy_store_acccess: user:rw
|
|
||||||
proxy_read_timeout: null
|
|
||||||
proxy_send_timeout: null
|
|
||||||
proxy_ssl:
|
|
||||||
cert: /etc/ssl/certs/proxy_default.crt
|
|
||||||
key: /etc/ssl/private/proxy_default.key
|
|
||||||
trusted_cert: /etc/ssl/certs/proxy_ca.crt
|
|
||||||
protocols: TLSv1 TLSv1.1 TLSv1.2
|
|
||||||
ciphers: HIGH:!aNULL:!MD5
|
|
||||||
verify: false
|
|
||||||
verify_depth: 1
|
|
||||||
session_reuse: true
|
|
||||||
proxy_cache: backend_proxy_cache
|
|
||||||
proxy_cache_valid:
|
|
||||||
- code: 200
|
|
||||||
time: 10m
|
|
||||||
- code: 301
|
|
||||||
time: 1m
|
|
||||||
proxy_temp_path:
|
|
||||||
path: /var/cache/nginx/proxy/backend/temp
|
|
||||||
proxy_cache_lock: false
|
|
||||||
proxy_cache_min_uses: 3
|
|
||||||
proxy_cache_revalidate: false
|
|
||||||
proxy_cache_use_stale:
|
|
||||||
- http_403
|
|
||||||
- http_404
|
|
||||||
proxy_ignore_headers:
|
|
||||||
- Vary
|
|
||||||
- Cache-Control
|
|
||||||
proxy_cookie_path:
|
|
||||||
path: /web/
|
|
||||||
replacement: /
|
|
||||||
proxy_buffering: false
|
|
||||||
proxy_http_version: 1.0
|
|
||||||
websocket: false
|
|
||||||
auth_basic: null
|
|
||||||
auth_basic_user_file: null
|
|
||||||
try_files: $uri $uri/index.html $uri.html =404
|
|
||||||
#auth_request: /auth
|
|
||||||
#auth_request_set:
|
|
||||||
#name: $auth_user
|
|
||||||
#value: $upstream_http_x_user
|
|
||||||
#returns:
|
|
||||||
#return302:
|
|
||||||
#code: 302
|
|
||||||
#url: https://sso.somehost.local/?url=https://$http_host$request_uri
|
|
||||||
#custom_options: []
|
|
||||||
health_check_plus: false
|
|
||||||
proxy_cache:
|
|
||||||
proxy_cache_path:
|
|
||||||
path: /var/cache/nginx
|
|
||||||
keys_zone:
|
|
||||||
name: one
|
|
||||||
size: 10m
|
|
||||||
proxy_temp_path:
|
|
||||||
path: /var/cache/nginx/proxy
|
|
||||||
upstreams:
|
upstreams:
|
||||||
upstream1:
|
upstream1:
|
||||||
name: backend
|
name: backend
|
||||||
@ -413,13 +414,7 @@ nginx_http_template:
|
|||||||
weight: 1
|
weight: 1
|
||||||
health_check: max_fails=1 fail_timeout=10s
|
health_check: max_fails=1 fail_timeout=10s
|
||||||
#custom_options: []
|
#custom_options: []
|
||||||
returns:
|
#custom_options: []
|
||||||
return301:
|
|
||||||
location: /
|
|
||||||
code: 301
|
|
||||||
value: http://$host$request_uri
|
|
||||||
#http_custom_options: []
|
|
||||||
#server_custom_options: []
|
|
||||||
|
|
||||||
# Enable NGINX status data.
|
# Enable NGINX status data.
|
||||||
# Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus.
|
# Will enable 'stub_status' in NGINX Open Source and 'status' in NGINX Plus.
|
||||||
|
@ -42,23 +42,111 @@
|
|||||||
template_file: http/default.conf.j2
|
template_file: http/default.conf.j2
|
||||||
conf_file_name: default.conf
|
conf_file_name: default.conf
|
||||||
conf_file_location: /etc/nginx/conf.d/
|
conf_file_location: /etc/nginx/conf.d/
|
||||||
listen:
|
servers:
|
||||||
listen_localhost:
|
server1:
|
||||||
ip: 0.0.0.0
|
listen:
|
||||||
port: 80
|
listen_localhost:
|
||||||
opts:
|
ip: 0.0.0.0
|
||||||
- default_server
|
port: 80
|
||||||
server_name: localhost
|
opts:
|
||||||
error_page: /usr/share/nginx/html
|
- default_server
|
||||||
client_max_body_size: 512k
|
server_name: localhost
|
||||||
proxy_hide_headers:
|
error_page: /usr/share/nginx/html
|
||||||
- X-Powered-By
|
client_max_body_size: 512k
|
||||||
add_headers:
|
proxy_hide_headers:
|
||||||
strict_transport_security:
|
- X-Powered-By
|
||||||
name: Strict-Transport-Security
|
add_headers:
|
||||||
value: max-age=15768000; includeSubDomains
|
strict_transport_security:
|
||||||
always: true
|
name: Strict-Transport-Security
|
||||||
reverse_proxy:
|
value: max-age=15768000; includeSubDomains
|
||||||
|
always: true
|
||||||
|
reverse_proxy:
|
||||||
|
locations:
|
||||||
|
frontend:
|
||||||
|
location: /
|
||||||
|
proxy_hide_headers:
|
||||||
|
- X-Powered-By
|
||||||
|
add_headers:
|
||||||
|
strict_transport_security:
|
||||||
|
name: Strict-Transport-Security
|
||||||
|
value: max-age=15768000; includeSubDomains
|
||||||
|
always: true
|
||||||
|
another_header:
|
||||||
|
name: Fancy-New-Header-To-Test
|
||||||
|
value: testing=true
|
||||||
|
always: false
|
||||||
|
proxy_pass: http://frontend_servers/
|
||||||
|
proxy_cache: frontend_proxy_cache
|
||||||
|
proxy_cache_valid:
|
||||||
|
- code: 200
|
||||||
|
time: 10m
|
||||||
|
- code: 301
|
||||||
|
time: 1m
|
||||||
|
proxy_temp_path:
|
||||||
|
path: /var/cache/nginx/proxy/frontend/temp
|
||||||
|
proxy_cache_lock: false
|
||||||
|
proxy_cache_min_uses: 3
|
||||||
|
proxy_cache_revalidate: false
|
||||||
|
proxy_cache_use_stale:
|
||||||
|
- http_403
|
||||||
|
- http_404
|
||||||
|
proxy_ignore_headers:
|
||||||
|
- Vary
|
||||||
|
- Cache-Control
|
||||||
|
proxy_redirect: false
|
||||||
|
proxy_set_header:
|
||||||
|
header_host:
|
||||||
|
name: Host
|
||||||
|
value: $host
|
||||||
|
header_x_real_ip:
|
||||||
|
name: X-Real-IP
|
||||||
|
value: $remote_addr
|
||||||
|
header_x_forwarded_for:
|
||||||
|
name: X-Forwarded-For
|
||||||
|
value: $proxy_add_x_forwarded_for
|
||||||
|
header_x_forwarded_proto:
|
||||||
|
name: X-Forwarded-Proto
|
||||||
|
value: $scheme
|
||||||
|
proxy_buffering: false
|
||||||
|
client_max_body_size: 5m
|
||||||
|
backend:
|
||||||
|
location: /backend
|
||||||
|
proxy_pass: http://backend_servers/
|
||||||
|
proxy_cache: backend_proxy_cache
|
||||||
|
proxy_cache_valid:
|
||||||
|
- time: 10m
|
||||||
|
proxy_temp_path:
|
||||||
|
path: /var/cache/nginx/proxy/backend/temp
|
||||||
|
proxy_cache_lock: true
|
||||||
|
proxy_cache_min_uses: 2
|
||||||
|
proxy_cache_revalidate: true
|
||||||
|
proxy_cache_use_stale:
|
||||||
|
- http_500
|
||||||
|
- http_502
|
||||||
|
- http_503
|
||||||
|
proxy_redirect: default
|
||||||
|
proxy_set_header:
|
||||||
|
header_host:
|
||||||
|
name: Host
|
||||||
|
value: $host
|
||||||
|
header_x_real_ip:
|
||||||
|
name: X-Real-IP
|
||||||
|
value: $remote_addr
|
||||||
|
header_x_forwarded_for:
|
||||||
|
name: X-Forwarded-For
|
||||||
|
value: $proxy_add_x_forwarded_for
|
||||||
|
header_x_forwarded_proto:
|
||||||
|
name: X-Forwarded-Proto
|
||||||
|
value: $scheme
|
||||||
|
proxy_cookie_path:
|
||||||
|
path: /web/
|
||||||
|
replacement: /
|
||||||
|
returns:
|
||||||
|
return301:
|
||||||
|
location: ^~ /old-path
|
||||||
|
code: 301
|
||||||
|
value: http://$host/new-path
|
||||||
|
proxy_cache:
|
||||||
proxy_cache_path:
|
proxy_cache_path:
|
||||||
- path: /var/cache/nginx/proxy/frontend
|
- path: /var/cache/nginx/proxy/frontend
|
||||||
keys_zone:
|
keys_zone:
|
||||||
@ -86,86 +174,6 @@
|
|||||||
- timeout
|
- timeout
|
||||||
proxy_ignore_headers:
|
proxy_ignore_headers:
|
||||||
- Expires
|
- Expires
|
||||||
locations:
|
|
||||||
frontend:
|
|
||||||
location: /
|
|
||||||
proxy_hide_headers:
|
|
||||||
- X-Powered-By
|
|
||||||
add_headers:
|
|
||||||
strict_transport_security:
|
|
||||||
name: Strict-Transport-Security
|
|
||||||
value: max-age=15768000; includeSubDomains
|
|
||||||
always: true
|
|
||||||
another_header:
|
|
||||||
name: Fancy-New-Header-To-Test
|
|
||||||
value: testing=true
|
|
||||||
always: false
|
|
||||||
proxy_pass: http://frontend_servers/
|
|
||||||
proxy_cache: frontend_proxy_cache
|
|
||||||
proxy_cache_valid:
|
|
||||||
- code: 200
|
|
||||||
time: 10m
|
|
||||||
- code: 301
|
|
||||||
time: 1m
|
|
||||||
proxy_temp_path:
|
|
||||||
path: /var/cache/nginx/proxy/frontend/temp
|
|
||||||
proxy_cache_lock: false
|
|
||||||
proxy_cache_min_uses: 3
|
|
||||||
proxy_cache_revalidate: false
|
|
||||||
proxy_cache_use_stale:
|
|
||||||
- http_403
|
|
||||||
- http_404
|
|
||||||
proxy_ignore_headers:
|
|
||||||
- Vary
|
|
||||||
- Cache-Control
|
|
||||||
proxy_redirect: false
|
|
||||||
proxy_set_header:
|
|
||||||
header_host:
|
|
||||||
name: Host
|
|
||||||
value: $host
|
|
||||||
header_x_real_ip:
|
|
||||||
name: X-Real-IP
|
|
||||||
value: $remote_addr
|
|
||||||
header_x_forwarded_for:
|
|
||||||
name: X-Forwarded-For
|
|
||||||
value: $proxy_add_x_forwarded_for
|
|
||||||
header_x_forwarded_proto:
|
|
||||||
name: X-Forwarded-Proto
|
|
||||||
value: $scheme
|
|
||||||
proxy_buffering: false
|
|
||||||
client_max_body_size: 5m
|
|
||||||
backend:
|
|
||||||
location: /backend
|
|
||||||
proxy_pass: http://backend_servers/
|
|
||||||
proxy_cache: backend_proxy_cache
|
|
||||||
proxy_cache_valid:
|
|
||||||
- time: 10m
|
|
||||||
proxy_temp_path:
|
|
||||||
path: /var/cache/nginx/proxy/backend/temp
|
|
||||||
proxy_cache_lock: true
|
|
||||||
proxy_cache_min_uses: 2
|
|
||||||
proxy_cache_revalidate: true
|
|
||||||
proxy_cache_use_stale:
|
|
||||||
- http_500
|
|
||||||
- http_502
|
|
||||||
- http_503
|
|
||||||
proxy_redirect: default
|
|
||||||
proxy_set_header:
|
|
||||||
header_host:
|
|
||||||
name: Host
|
|
||||||
value: $host
|
|
||||||
header_x_real_ip:
|
|
||||||
name: X-Real-IP
|
|
||||||
value: $remote_addr
|
|
||||||
header_x_forwarded_for:
|
|
||||||
name: X-Forwarded-For
|
|
||||||
value: $proxy_add_x_forwarded_for
|
|
||||||
header_x_forwarded_proto:
|
|
||||||
name: X-Forwarded-Proto
|
|
||||||
value: $scheme
|
|
||||||
proxy_cookie_path:
|
|
||||||
path: /web/
|
|
||||||
replacement: /
|
|
||||||
upstreams:
|
upstreams:
|
||||||
frontend_upstream:
|
frontend_upstream:
|
||||||
name: frontend_servers
|
name: frontend_servers
|
||||||
@ -191,61 +199,60 @@
|
|||||||
port: 8082
|
port: 8082
|
||||||
weight: 1
|
weight: 1
|
||||||
health_check: max_fails=3 fail_timeout=5s
|
health_check: max_fails=3 fail_timeout=5s
|
||||||
returns:
|
|
||||||
return301:
|
|
||||||
location: ^~ /old-path
|
|
||||||
code: 301
|
|
||||||
value: http://$host/new-path
|
|
||||||
frontend:
|
frontend:
|
||||||
template_file: http/default.conf.j2
|
template_file: http/default.conf.j2
|
||||||
conf_file_name: frontend_default.conf
|
conf_file_name: frontend_default.conf
|
||||||
conf_file_location: /etc/nginx/conf.d/
|
conf_file_location: /etc/nginx/conf.d/
|
||||||
listen:
|
servers:
|
||||||
listen_localhost:
|
server1:
|
||||||
port: 8081
|
listen:
|
||||||
opts: []
|
listen_localhost:
|
||||||
server_name: localhost
|
port: 8081
|
||||||
error_page: /usr/share/nginx/html
|
opts: []
|
||||||
autoindex: false
|
server_name: localhost
|
||||||
web_server:
|
error_page: /usr/share/nginx/html
|
||||||
locations:
|
autoindex: false
|
||||||
frontend_site:
|
web_server:
|
||||||
location: /
|
locations:
|
||||||
proxy_hide_headers:
|
frontend_site:
|
||||||
- X-Powered-By
|
location: /
|
||||||
html_file_location: /usr/share/nginx/html
|
proxy_hide_headers:
|
||||||
html_file_name: frontend_index.html
|
- X-Powered-By
|
||||||
autoindex: false
|
html_file_location: /usr/share/nginx/html
|
||||||
http_demo_conf: true
|
html_file_name: frontend_index.html
|
||||||
|
autoindex: false
|
||||||
|
http_demo_conf: true
|
||||||
backend:
|
backend:
|
||||||
template_file: http/default.conf.j2
|
template_file: http/default.conf.j2
|
||||||
conf_file_name: backend_default.conf
|
conf_file_name: backend_default.conf
|
||||||
conf_file_location: /etc/nginx/conf.d/
|
conf_file_location: /etc/nginx/conf.d/
|
||||||
listen:
|
servers:
|
||||||
listen_localhost:
|
server1:
|
||||||
port: 8082
|
listen:
|
||||||
opts: []
|
listen_localhost:
|
||||||
server_name: localhost
|
port: 8082
|
||||||
error_page: /usr/share/nginx/html
|
opts: []
|
||||||
autoindex: false
|
server_name: localhost
|
||||||
web_server:
|
error_page: /usr/share/nginx/html
|
||||||
locations:
|
autoindex: false
|
||||||
backend_site:
|
web_server:
|
||||||
location: /
|
locations:
|
||||||
html_file_location: /usr/share/nginx/html
|
backend_site:
|
||||||
html_file_name: backend_index.html
|
location: /
|
||||||
autoindex: false
|
html_file_location: /usr/share/nginx/html
|
||||||
php:
|
html_file_name: backend_index.html
|
||||||
location: ~ \.php$
|
autoindex: false
|
||||||
html_file_location: /usr/share/nginx/html
|
php:
|
||||||
autoindex: false
|
location: ~ \.php$
|
||||||
custom_options:
|
html_file_location: /usr/share/nginx/html
|
||||||
- fastcgi_split_path_info ^(.+\.php)(/.+)$
|
autoindex: false
|
||||||
- fastcgi_pass unix:/run/php/php7.2-fpm.sock
|
custom_options:
|
||||||
- fastcgi_index index.php
|
- fastcgi_split_path_info ^(.+\.php)(/.+)$
|
||||||
- include fastcgi_params
|
- fastcgi_pass unix:/run/php/php7.2-fpm.sock
|
||||||
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name
|
- fastcgi_index index.php
|
||||||
http_demo_conf: true
|
- include fastcgi_params
|
||||||
|
- fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name
|
||||||
|
http_demo_conf: true
|
||||||
nginx_html_demo_template_enable: true
|
nginx_html_demo_template_enable: true
|
||||||
nginx_html_demo_template:
|
nginx_html_demo_template:
|
||||||
frontend:
|
frontend:
|
||||||
|
@ -42,7 +42,7 @@
|
|||||||
owner: "{{ nginx_main_template.user | default('nginx') }}"
|
owner: "{{ nginx_main_template.user | default('nginx') }}"
|
||||||
with_subelements:
|
with_subelements:
|
||||||
- "{{ nginx_http_template }}"
|
- "{{ nginx_http_template }}"
|
||||||
- reverse_proxy.proxy_cache_path
|
- proxy_cache.proxy_cache_path
|
||||||
- skip_missing: true
|
- skip_missing: true
|
||||||
when: nginx_http_template_enable | bool
|
when: nginx_http_template_enable | bool
|
||||||
|
|
||||||
|
@ -22,36 +22,36 @@ upstream {{ item.value.upstreams[upstream].name }} {
|
|||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.value.reverse_proxy is defined and item.value.reverse_proxy %}
|
{% if item.value.proxy_cache is defined and item.value.proxy_cache %}
|
||||||
{% if item.value.reverse_proxy.proxy_cache_path is defined and item.value.reverse_proxy.proxy_cache_path %}
|
{% if item.value.proxy_cache.proxy_cache_path is defined and item.value.proxy_cache.proxy_cache_path %}
|
||||||
{% for proxy_cache_path in item.value.reverse_proxy.proxy_cache_path %}
|
{% for proxy_cache_path in item.value.proxy_cache.proxy_cache_path %}
|
||||||
proxy_cache_path {{ proxy_cache_path.path }} keys_zone={{ proxy_cache_path.keys_zone.name }}:{{ proxy_cache_path.keys_zone.size }}
|
proxy_cache_path {{ proxy_cache_path.path }} keys_zone={{ proxy_cache_path.keys_zone.name }}:{{ proxy_cache_path.keys_zone.size }}
|
||||||
levels={{ proxy_cache_path.levels }} max_size={{ proxy_cache_path.max_size }}
|
levels={{ proxy_cache_path.levels }} max_size={{ proxy_cache_path.max_size }}
|
||||||
inactive={{ proxy_cache_path.inactive }} use_temp_path={{ proxy_cache_path.use_temp_path | ternary("on", "off") }};
|
inactive={{ proxy_cache_path.inactive }} use_temp_path={{ proxy_cache_path.use_temp_path | ternary("on", "off") }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% if item.value.reverse_proxy.proxy_cache_background_update is defined and item.value.reverse_proxy.proxy_cache_background_update%}
|
{% if item.value.proxy_cache.proxy_cache_background_update is defined and item.value.proxy_cache.proxy_cache_background_update%}
|
||||||
proxy_cache_background_update {{ item.value.reverse_proxy.proxy_cache_background_update | ternary("on", "off") }};
|
proxy_cache_background_update {{ item.value.proxy_cache.proxy_cache_background_update | ternary("on", "off") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.proxy_cache_lock is defined and item.value.reverse_proxy.proxy_cache_lock %}
|
{% if item.value.proxy_cache.proxy_cache_lock is defined and item.value.proxy_cache.proxy_cache_lock %}
|
||||||
proxy_cache_lock {{ item.value.reverse_proxy.proxy_cache_lock | ternary("on", "off") }};
|
proxy_cache_lock {{ item.value.proxy_cache.proxy_cache_lock | ternary("on", "off") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.proxy_cache_min_uses is defined and item.value.reverse_proxy.proxy_cache_min_uses %}
|
{% if item.value.proxy_cache.proxy_cache_min_uses is defined and item.value.proxy_cache.proxy_cache_min_uses %}
|
||||||
proxy_cache_min_uses {{ item.value.reverse_proxy.proxy_cache_min_uses }};
|
proxy_cache_min_uses {{ item.value.proxy_cache.proxy_cache_min_uses }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.proxy_cache_revalidate is defined and item.value.reverse_proxy.proxy_cache_revalidate %}
|
{% if item.value.proxy_cache.proxy_cache_revalidate is defined and item.value.proxy_cache.proxy_cache_revalidate %}
|
||||||
proxy_cache_revalidate {{ item.value.reverse_proxy.proxy_cache_revalidate | ternary("on", "off") }};
|
proxy_cache_revalidate {{ item.value.proxy_cache.proxy_cache_revalidate | ternary("on", "off") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.proxy_cache_use_stale is defined and item.value.reverse_proxy.proxy_cache_use_stale %}
|
{% if item.value.proxy_cache.proxy_cache_use_stale is defined and item.value.proxy_cache.proxy_cache_use_stale %}
|
||||||
proxy_cache_use_stale {{ item.value.reverse_proxy.proxy_cache_use_stale | join(" ") }};
|
proxy_cache_use_stale {{ item.value.proxy_cache.proxy_cache_use_stale | join(" ") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.proxy_ignore_headers is defined and item.value.reverse_proxy.proxy_ignore_headers %}
|
{% if item.value.proxy_cache.proxy_ignore_headers is defined and item.value.proxy_cache.proxy_ignore_headers %}
|
||||||
proxy_ignore_headers {{ item.value.reverse_proxy.proxy_ignore_headers | join(" ") }};
|
proxy_ignore_headers {{ item.value.proxy_cache.proxy_ignore_headers | join(" ") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.proxy_temp_path is defined and item.value.reverse_proxy.proxy_temp_path.path %}
|
{% if item.value.proxy_cache.proxy_temp_path is defined and item.value.proxy_cache.proxy_temp_path.path %}
|
||||||
proxy_temp_path {{ item.value.reverse_proxy.proxy_temp_path.path }} {{ item.value.reverse_proxy.proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_3 | default("") }};
|
proxy_temp_path {{ item.value.proxy_cache.proxy_temp_path.path }} {{ item.value.proxy_cache.proxy_temp_path.level_1 | default("") }} {{ item.value.proxy_cache.proxy_temp_path.level_2 | default("") }} {{ item.value.proxy_cache.proxy_temp_path.level_3 | default("") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.proxy_cache_valid is defined %}
|
{% if item.value.proxy_cache.proxy_cache_valid is defined %}
|
||||||
{% for proxy_cache_valid in item.value.reverse_proxy.proxy_cache_valid %}
|
{% for proxy_cache_valid in item.value.proxy_cache.proxy_cache_valid %}
|
||||||
{% if proxy_cache_valid.code is defined %}
|
{% if proxy_cache_valid.code is defined %}
|
||||||
proxy_cache_valid {{ proxy_cache_valid.code }} {{ proxy_cache_valid.time | default("10m") }};
|
proxy_cache_valid {{ proxy_cache_valid.code }} {{ proxy_cache_valid.time | default("10m") }};
|
||||||
{% elif proxy_cache_valid.time is defined and proxy_cache_valid.code is not defined %}
|
{% elif proxy_cache_valid.time is defined and proxy_cache_valid.code is not defined %}
|
||||||
@ -68,231 +68,233 @@ auth_request {{ item.value.auth_request_http }};
|
|||||||
auth_request_set {{ item.value.auth_request_set_http.name }} {{ item.value.auth_request_set_http.value }};
|
auth_request_set {{ item.value.auth_request_set_http.name }} {{ item.value.auth_request_set_http.value }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.value.http_custom_options is defined and item.value.http_custom_options | length %}
|
{% if item.value.custom_options is defined and item.value.custom_options | length %}
|
||||||
{% for inline_option in item.value.http_custom_options %}
|
{% for inline_option in item.value.custom_options %}
|
||||||
{{ inline_option }};
|
{{ inline_option }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
{% if item.value.servers is defined %}
|
||||||
|
{% for server in item.value.servers %}
|
||||||
server {
|
server {
|
||||||
{% for listen in item.value.listen %}
|
{% for listen in item.value.servers[server].listen %}
|
||||||
listen {% if item.value.listen[listen].ip is defined and item.value.listen[listen].ip | length %}{{ item.value.listen[listen].ip }}:{% endif %}{{ item.value.listen[listen].port }}{% if item.value.ssl is defined and item.value.ssl %} ssl{% endif %}{% if item.value.listen[listen].opts is defined and item.value.listen[listen].opts | length %} {{ item.value.listen[listen].opts | join(" ") }}{% endif %};
|
listen {% if item.value.servers[server].listen[listen].ip is defined and item.value.servers[server].listen[listen].ip | length %}{{ item.value.servers[server].listen[listen].ip }}:{% endif %}{{ item.value.servers[server].listen[listen].port }}{% if item.value.servers[server].ssl is defined and item.value.servers[server].ssl %} ssl{% endif %}{% if item.value.servers[server].listen[listen].opts is defined and item.value.servers[server].listen[listen].opts | length %} {{ item.value.servers[server].listen[listen].opts | join(" ") }}{% endif %};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
server_name {{ item.value.server_name | default('localhost') }};
|
server_name {{ item.value.servers[server].server_name | default('localhost') }};
|
||||||
{% if item.value.ssl is defined and item.value.ssl %}
|
{% if item.value.servers[server].ssl is defined and item.value.servers[server].ssl %}
|
||||||
ssl_certificate {{ item.value.ssl.cert }};
|
ssl_certificate {{ item.value.servers[server].ssl.cert }};
|
||||||
ssl_certificate_key {{ item.value.ssl.key }};
|
ssl_certificate_key {{ item.value.servers[server].ssl.key }};
|
||||||
{% if item.value.ssl.trusted_cert is defined %}
|
{% if item.value.servers[server].ssl.trusted_cert is defined %}
|
||||||
ssl_trusted_certificate {{ item.value.ssl.trusted_cert }};
|
ssl_trusted_certificate {{ item.value.servers[server].ssl.trusted_cert }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.ssl.dhparam is defined %}
|
{% if item.value.servers[server].ssl.dhparam is defined %}
|
||||||
ssl_dhparam {{ item.value.ssl.dhparam }};
|
ssl_dhparam {{ item.value.servers[server].ssl.dhparam }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.ssl.protocols is defined and item.value.ssl.protocols %}
|
{% if item.value.servers[server].ssl.protocols is defined and item.value.servers[server].ssl.protocols %}
|
||||||
ssl_protocols {{ item.value.ssl.protocols }};
|
ssl_protocols {{ item.value.servers[server].ssl.protocols }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.ssl.ciphers is defined and item.value.ssl.ciphers %}
|
{% if item.value.servers[server].ssl.ciphers is defined and item.value.servers[server].ssl.ciphers %}
|
||||||
ssl_ciphers {{ item.value.ssl.ciphers }};
|
ssl_ciphers {{ item.value.servers[server].ssl.ciphers }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.ssl.prefer_server_ciphers is defined and item.value.ssl.prefer_server_ciphers %}
|
{% if item.value.servers[server].ssl.prefer_server_ciphers is defined and item.value.servers[server].ssl.prefer_server_ciphers %}
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.ssl.session_cache is defined and item.value.ssl.session_cache %}
|
{% if item.value.servers[server].ssl.session_cache is defined and item.value.servers[server].ssl.session_cache %}
|
||||||
ssl_session_cache {{ item.value.ssl.session_cache }};
|
ssl_session_cache {{ item.value.servers[server].ssl.session_cache }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.ssl.session_timeout is defined and item.value.ssl.session_timeout %}
|
{% if item.value.servers[server].ssl.session_timeout is defined and item.value.servers[server].ssl.session_timeout %}
|
||||||
ssl_session_timeout {{ item.value.ssl.session_timeout }};
|
ssl_session_timeout {{ item.value.servers[server].ssl.session_timeout }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.ssl.disable_session_tickets is defined and item.value.ssl.disable_session_tickets %}
|
{% if item.value.servers[server].ssl.disable_session_tickets is defined and item.value.servers[server].ssl.disable_session_tickets %}
|
||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.ssl.stapling is defined and item.value.ssl.stapling %}
|
{% if item.value.servers[server].ssl.stapling is defined and item.value.servers[server].ssl.stapling %}
|
||||||
ssl_stapling on;
|
ssl_stapling on;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.ssl.stapling_verify is defined and item.value.ssl.stapling_verify %}
|
{% if item.value.servers[server].ssl.stapling_verify is defined and item.value.servers[server].ssl.stapling_verify %}
|
||||||
ssl_stapling_verify on;
|
ssl_stapling_verify on;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.include_files is defined and item.value.include_files | length %}
|
{% if item.value.servers[server].include_files is defined and item.value.servers[server].include_files | length %}
|
||||||
{% for file in item.value.include_files %}
|
{% for file in item.value.servers[server].include_files %}
|
||||||
include "{{ file }}";
|
include "{{ file }}";
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.proxy_hide_headers is defined %}
|
{% if item.value.servers[server].proxy_hide_headers is defined %}
|
||||||
{% for header in item.value.proxy_hide_headers %}
|
{% for header in item.value.servers[server].proxy_hide_headers %}
|
||||||
proxy_hide_header {{ header }};
|
proxy_hide_header {{ header }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.add_headers is defined %}
|
{% if item.value.servers[server].add_headers is defined %}
|
||||||
{% for header in item.value.add_headers %}
|
{% for header in item.value.servers[server].add_headers %}
|
||||||
add_header {{ item.value.add_headers[header].name }} "{{ item.value.add_headers[header].value }}"{% if item.value.add_headers[header].always is defined and item.value.add_headers[header].always %} always{% endif %};
|
add_header {{ item.value.servers[server].add_headers[header].name }} "{{ item.value.servers[server].add_headers[header].value }}"{% if item.value.servers[server].add_headers[header].always is defined and item.value.servers[server].add_headers[header].always %} always{% endif %};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.auth_basic is defined and item.value.auth_basic %}
|
{% if item.value.servers[server].auth_basic is defined and item.value.servers[server].auth_basic %}
|
||||||
auth_basic "{{ item.value.auth_basic }}";
|
auth_basic "{{ item.value.servers[server].auth_basic }}";
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.auth_basic_user_file is defined and item.value.auth_basic_user_file %}
|
{% if item.value.servers[server].auth_basic_user_file is defined and item.value.servers[server].auth_basic_user_file %}
|
||||||
auth_basic_user_file {{ item.value.auth_basic_user_file }};
|
auth_basic_user_file {{ item.value.servers[server].auth_basic_user_file }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.root is defined and item.value.root %}
|
{% if item.value.servers[server].root is defined and item.value.servers[server].root %}
|
||||||
root {{ item.value.root }};
|
root {{ item.value.servers[server].root }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.https_redirect is defined and item.value.https_redirect %}
|
{% if item.value.servers[server].https_redirect is defined and item.value.servers[server].https_redirect %}
|
||||||
return 301 https://{% if item.value.server_name == "_" %}$host{% else %}{{ item.value.server_name }}{% endif %}$request_uri;
|
return 301 https://{% if item.value.servers[server].server_name == "_" %}$host{% else %}{{ item.value.servers[server].server_name }}{% endif %}$request_uri;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.autoindex is defined and item.value.autoindex %}
|
{% if item.value.servers[server].autoindex is defined and item.value.servers[server].autoindex %}
|
||||||
autoindex on;
|
autoindex on;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.try_files is defined %}
|
{% if item.value.servers[server].try_files is defined %}
|
||||||
try_files {{ item.value.try_files }};
|
try_files {{ item.value.servers[server].try_files }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.auth_request is defined %}
|
{% if item.value.servers[server].auth_request is defined %}
|
||||||
auth_request {{ item.value.auth_request }};
|
auth_request {{ item.value.servers[server].auth_request }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.auth_request_set is defined %}
|
{% if item.value.servers[server].auth_request_set is defined %}
|
||||||
auth_request_set {{ item.value.auth_request_set.name }} {{ item.value.auth_request_set.value }};
|
auth_request_set {{ item.value.servers[server].auth_request_set.name }} {{ item.value.servers[server].auth_request_set.value }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.client_max_body_size is defined and item.value.client_max_body_size %}
|
{% if item.value.servers[server].client_max_body_size is defined and item.value.servers[server].client_max_body_size %}
|
||||||
client_max_body_size {{ item.value.client_max_body_size }};
|
client_max_body_size {{ item.value.servers[server].client_max_body_size }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.server_custom_options is defined and item.value.server_custom_options | length %}
|
{% if item.value.servers[server].custom_options is defined and item.value.servers[server].custom_options | length %}
|
||||||
{% for inline_option in item.value.server_custom_options %}
|
{% for inline_option in item.value.servers[server].custom_options %}
|
||||||
{{ inline_option }};
|
{{ inline_option }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.value.reverse_proxy is defined and item.value.reverse_proxy %}
|
{% if item.value.servers[server].reverse_proxy is defined and item.value.servers[server].reverse_proxy %}
|
||||||
{% for location in item.value.reverse_proxy.locations %}
|
{% for location in item.value.servers[server].reverse_proxy.locations %}
|
||||||
location {{ item.value.reverse_proxy.locations[location].location }} {
|
location {{ item.value.servers[server].reverse_proxy.locations[location].location }} {
|
||||||
{% if item.value.reverse_proxy.locations[location].internal is sameas true %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].internal is sameas true %}
|
||||||
internal;
|
internal;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].include_files is defined and item.value.reverse_proxy.locations[location].include_files | length %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].include_files is defined and item.value.servers[server].reverse_proxy.locations[location].include_files | length %}
|
||||||
{% for file in item.value.reverse_proxy.locations[location].include_files %}
|
{% for file in item.value.servers[server].reverse_proxy.locations[location].include_files %}
|
||||||
include "{{ file }}";
|
include "{{ file }}";
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_hide_headers is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_hide_headers is defined %}
|
||||||
{% for header in item.value.reverse_proxy.locations[location].proxy_hide_headers %}
|
{% for header in item.value.servers[server].reverse_proxy.locations[location].proxy_hide_headers %}
|
||||||
proxy_hide_header {{ header }};
|
proxy_hide_header {{ header }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].add_headers is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].add_headers is defined %}
|
||||||
{% for header in item.value.reverse_proxy.locations[location].add_headers %}
|
{% for header in item.value.servers[server].reverse_proxy.locations[location].add_headers %}
|
||||||
add_header {{ item.value.reverse_proxy.locations[location].add_headers[header].name }} "{{ item.value.reverse_proxy.locations[location].add_headers[header].value }}"{% if item.value.reverse_proxy.locations[location].add_headers[header].always is defined and item.value.reverse_proxy.locations[location].add_headers[header].always %} always{% endif %};
|
add_header {{ item.value.servers[server].reverse_proxy.locations[location].add_headers[header].name }} "{{ item.value.servers[server].reverse_proxy.locations[location].add_headers[header].value }}"{% if item.value.servers[server].reverse_proxy.locations[location].add_headers[header].always is defined and item.value.servers[server].reverse_proxy.locations[location].add_headers[header].always %} always{% endif %};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].auth_request is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].auth_request is defined %}
|
||||||
auth_request {{ item.value.reverse_proxy.locations[location].auth_request }};
|
auth_request {{ item.value.servers[server].reverse_proxy.locations[location].auth_request }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].auth_request_set is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].auth_request_set is defined %}
|
||||||
auth_request_set {{ item.value.reverse_proxy.locations[location].auth_request_set.name }} {{ item.value.reverse_proxy.locations[location].auth_request_set.value }};
|
auth_request_set {{ item.value.servers[server].reverse_proxy.locations[location].auth_request_set.name }} {{ item.value.servers[server].reverse_proxy.locations[location].auth_request_set.value }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].auth_basic is defined and item.value.reverse_proxy.locations[location].auth_basic %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].auth_basic is defined and item.value.servers[server].reverse_proxy.locations[location].auth_basic %}
|
||||||
auth_basic "{{ item.value.reverse_proxy.locations[location].auth_basic }}";
|
auth_basic "{{ item.value.servers[server].reverse_proxy.locations[location].auth_basic }}";
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].auth_basic_user_file is defined and item.value.reverse_proxy.locations[location].auth_basic_user_file %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].auth_basic_user_file is defined and item.value.servers[server].reverse_proxy.locations[location].auth_basic_user_file %}
|
||||||
auth_basic_user_file {{ item.value.reverse_proxy.locations[location].auth_basic_user_file }};
|
auth_basic_user_file {{ item.value.servers[server].reverse_proxy.locations[location].auth_basic_user_file }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].returns is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].returns is defined %}
|
||||||
{% for code in item.value.reverse_proxy.locations[location].returns %}
|
{% for code in item.value.servers[server].reverse_proxy.locations[location].returns %}
|
||||||
{% if item.value.reverse_proxy.locations[location].returns[code] is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].returns[code] is defined %}
|
||||||
return {{ item.value.reverse_proxy.locations[location].returns[code].code }} {{ item.value.reverse_proxy.locations[location].returns[code].url }};
|
return {{ item.value.servers[server].reverse_proxy.locations[location].returns[code].code }} {{ item.value.servers[server].reverse_proxy.locations[location].returns[code].url }};
|
||||||
{% else %}
|
{% else %}
|
||||||
return {{ item.value.reverse_proxy.locations[location].returns[code].url }};
|
return {{ item.value.servers[server].reverse_proxy.locations[location].returns[code].url }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_connect_timeout is defined and item.value.reverse_proxy.locations[location].proxy_connect_timeout %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_connect_timeout is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_connect_timeout %}
|
||||||
proxy_connect_timeout {{ item.value.reverse_proxy.locations[location].proxy_connect_timeout }};
|
proxy_connect_timeout {{ item.value.servers[server].reverse_proxy.locations[location].proxy_connect_timeout }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
proxy_pass {{ item.value.reverse_proxy.locations[location].proxy_pass }};
|
proxy_pass {{ item.value.servers[server].reverse_proxy.locations[location].proxy_pass }};
|
||||||
{% if item.value.reverse_proxy.locations[location].rewrites is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].rewrites is defined %}
|
||||||
{% for rewrite in item.value.reverse_proxy.locations[location].rewrites %}
|
{% for rewrite in item.value.servers[server].reverse_proxy.locations[location].rewrites %}
|
||||||
rewrite {{ rewrite }};
|
rewrite {{ rewrite }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_read_timeout is defined and item.value.reverse_proxy.locations[location].proxy_read_timeout %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_read_timeout is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_read_timeout %}
|
||||||
proxy_read_timeout {{ item.value.reverse_proxy.locations[location].proxy_read_timeout }};
|
proxy_read_timeout {{ item.value.servers[server].reverse_proxy.locations[location].proxy_read_timeout }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_send_timeout is defined and item.value.reverse_proxy.locations[location].proxy_send_timeout %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_send_timeout is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_send_timeout %}
|
||||||
proxy_send_timeout {{ item.value.reverse_proxy.locations[location].proxy_send_timeout }};
|
proxy_send_timeout {{ item.value.servers[server].reverse_proxy.locations[location].proxy_send_timeout }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_pass_request_body is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_pass_request_body is defined %}
|
||||||
proxy_pass_request_body {{ item.value.reverse_proxy.locations[location].proxy_pass_request_body }};
|
proxy_pass_request_body {{ item.value.servers[server].reverse_proxy.locations[location].proxy_pass_request_body }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_store is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_store is defined %}
|
||||||
proxy_store {{ item.value.reverse_proxy.locations[location].proxy_store | ternary("on", "off") }};
|
proxy_store {{ item.value.servers[server].reverse_proxy.locations[location].proxy_store | ternary("on", "off") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_store_access is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_store_access is defined %}
|
||||||
proxy_store_access {{ item.value.reverse_proxy.locations[location].proxy_store_access }};
|
proxy_store_access {{ item.value.servers[server].reverse_proxy.locations[location].proxy_store_access }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].allows is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].allows is defined %}
|
||||||
{% for allow in item.value.reverse_proxy.locations[location].allows %}
|
{% for allow in item.value.servers[server].reverse_proxy.locations[location].allows %}
|
||||||
allow {{ allow }};
|
allow {{ allow }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].denies is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].denies is defined %}
|
||||||
{% for deny in item.value.reverse_proxy.locations[location].denies %}
|
{% for deny in item.value.servers[server].reverse_proxy.locations[location].denies %}
|
||||||
deny {{ deny }};
|
deny {{ deny }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_set_header is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_set_header is defined %}
|
||||||
{% for header in item.value.reverse_proxy.locations[location].proxy_set_header %}
|
{% for header in item.value.servers[server].reverse_proxy.locations[location].proxy_set_header %}
|
||||||
proxy_set_header {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].name }} {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].value }};
|
proxy_set_header {{ item.value.servers[server].reverse_proxy.locations[location].proxy_set_header[header].name }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_set_header[header].value }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_http_version is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_http_version is defined %}
|
||||||
proxy_http_version {{ item.value.reverse_proxy.locations[location].proxy_http_version }};
|
proxy_http_version {{ item.value.servers[server].reverse_proxy.locations[location].proxy_http_version }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].websocket is defined and item.value.reverse_proxy.locations[location].websocket %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].websocket is defined and item.value.servers[server].reverse_proxy.locations[location].websocket %}
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
proxy_set_header Connection "Upgrade";
|
proxy_set_header Connection "Upgrade";
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].try_files is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].try_files is defined %}
|
||||||
try_files {{ item.value.reverse_proxy.locations[location].try_files }};
|
try_files {{ item.value.servers[server].reverse_proxy.locations[location].try_files }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_ssl is defined and item.value.reverse_proxy.locations[location].proxy_ssl %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl is defined and item.value.servers[server].reverse_proxy.locations[location].proxy_ssl %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_ssl.cert is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.cert is defined %}
|
||||||
proxy_ssl_certificate {{ item.value.reverse_proxy.locations[location].proxy_ssl.cert }};
|
proxy_ssl_certificate {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.cert }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_ssl.key is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.key is defined %}
|
||||||
proxy_ssl_certificate_key {{ item.value.reverse_proxy.locations[location].proxy_ssl.key }};
|
proxy_ssl_certificate_key {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.key }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_ssl.trusted_cert is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.trusted_cert is defined %}
|
||||||
proxy_ssl_trusted_certificate {{ item.value.reverse_proxy.locations[location].proxy_ssl.trusted_cert }};
|
proxy_ssl_trusted_certificate {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.trusted_cert }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_ssl.server_name is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.server_name is defined %}
|
||||||
proxy_ssl_server_name {{ item.value.reverse_proxy.locations[location].proxy_ssl.server_name | ternary("on", "off") }};
|
proxy_ssl_server_name {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.server_name | ternary("on", "off") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_ssl.name is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.name is defined %}
|
||||||
proxy_ssl_name {{ item.value.reverse_proxy.locations[location].proxy_ssl.name }};
|
proxy_ssl_name {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.name }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_ssl.protocols is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.protocols is defined %}
|
||||||
proxy_ssl_protocols {{ item.value.reverse_proxy.locations[location].proxy_ssl.protocols }};
|
proxy_ssl_protocols {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.protocols }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_ssl.ciphers is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.ciphers is defined %}
|
||||||
proxy_ssl_ciphers {{ item.value.reverse_proxy.locations[location].proxy_ssl.ciphers }};
|
proxy_ssl_ciphers {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.ciphers }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_ssl.verify is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify is defined %}
|
||||||
proxy_ssl_verify {{ item.value.reverse_proxy.locations[location].proxy_ssl.verify | ternary("on", "off") }};
|
proxy_ssl_verify {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify | ternary("on", "off") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_ssl.verify_depth is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify_depth is defined %}
|
||||||
proxy_ssl_verify_depth {{ item.value.reverse_proxy.locations[location].proxy_ssl.verify_depth }};
|
proxy_ssl_verify_depth {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.verify_depth }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_ssl.session_reuse is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.session_reuse is defined %}
|
||||||
proxy_ssl_session_reuse {{ item.value.reverse_proxy.locations[location].proxy_ssl.session_reuse | ternary("on", "off") }};
|
proxy_ssl_session_reuse {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ssl.session_reuse | ternary("on", "off") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_redirect is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_redirect is defined %}
|
||||||
proxy_redirect {{ item.value.reverse_proxy.locations[location].proxy_redirect | ternary(item.value.reverse_proxy.locations[location].proxy_redirect, "off") }};
|
proxy_redirect {{ item.value.servers[server].reverse_proxy.locations[location].proxy_redirect | ternary(item.value.servers[server].reverse_proxy.locations[location].proxy_redirect, "off") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_cache is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache is defined %}
|
||||||
proxy_cache {{ item.value.reverse_proxy.locations[location].proxy_cache }};
|
proxy_cache {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_cache_valid is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_valid is defined %}
|
||||||
{% for proxy_cache_valid in item.value.reverse_proxy.locations[location].proxy_cache_valid %}
|
{% for proxy_cache_valid in item.value.servers[server].reverse_proxy.locations[location].proxy_cache_valid %}
|
||||||
{% if proxy_cache_valid.code is defined %}
|
{% if proxy_cache_valid.code is defined %}
|
||||||
proxy_cache_valid {{ proxy_cache_valid.code }} {{ proxy_cache_valid.time | default("10m") }};
|
proxy_cache_valid {{ proxy_cache_valid.code }} {{ proxy_cache_valid.time | default("10m") }};
|
||||||
{% elif proxy_cache_valid.time is defined and proxy_cache_valid.code is not defined %}
|
{% elif proxy_cache_valid.time is defined and proxy_cache_valid.code is not defined %}
|
||||||
@ -300,42 +302,42 @@ server {
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_cache_background_update is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_background_update is defined %}
|
||||||
proxy_cache_background_update {{ item.value.reverse_proxy.locations[location].proxy_cache_background_update | ternary("on", "off") }};
|
proxy_cache_background_update {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_background_update | ternary("on", "off") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_cache_lock is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_lock is defined %}
|
||||||
proxy_cache_lock {{ item.value.reverse_proxy.locations[location].proxy_cache_lock | ternary("on", "off") }};
|
proxy_cache_lock {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_lock | ternary("on", "off") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_cache_min_uses is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_min_uses is defined %}
|
||||||
proxy_cache_min_uses {{ item.value.reverse_proxy.locations[location].proxy_cache_min_uses }};
|
proxy_cache_min_uses {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_min_uses }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_cache_revalidate is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_revalidate is defined %}
|
||||||
proxy_cache_revalidate {{ item.value.reverse_proxy.locations[location].proxy_cache_revalidate | ternary("on", "off") }};
|
proxy_cache_revalidate {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_revalidate | ternary("on", "off") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_cache_use_stale is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cache_use_stale is defined %}
|
||||||
proxy_cache_use_stale {{ item.value.reverse_proxy.locations[location].proxy_cache_use_stale | join(" ") }};
|
proxy_cache_use_stale {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cache_use_stale | join(" ") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_temp_path is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path is defined %}
|
||||||
proxy_temp_path {{ item.value.reverse_proxy.locations[location].proxy_temp_path.path }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_3 | default("") }};
|
proxy_temp_path {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.path }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.level_1 | default("") }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.level_2 | default("") }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_temp_path.level_3 | default("") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_ignore_headers is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_ignore_headers is defined %}
|
||||||
proxy_ignore_headers {{ item.value.reverse_proxy.locations[location].proxy_ignore_headers | join(" ") }};
|
proxy_ignore_headers {{ item.value.servers[server].reverse_proxy.locations[location].proxy_ignore_headers | join(" ") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].client_max_body_size is defined and item.value.reverse_proxy.locations[location].client_max_body_size %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].client_max_body_size is defined and item.value.servers[server].reverse_proxy.locations[location].client_max_body_size %}
|
||||||
client_max_body_size {{ item.value.reverse_proxy.locations[location].client_max_body_size }};
|
client_max_body_size {{ item.value.servers[server].reverse_proxy.locations[location].client_max_body_size }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_cookie_path is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_cookie_path is defined %}
|
||||||
proxy_cookie_path {{ item.value.reverse_proxy.locations[location].proxy_cookie_path.path }} {{ item.value.reverse_proxy.locations[location].proxy_cookie_path.replacement }};
|
proxy_cookie_path {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cookie_path.path }} {{ item.value.servers[server].reverse_proxy.locations[location].proxy_cookie_path.replacement }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].proxy_buffering is defined %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].proxy_buffering is defined %}
|
||||||
proxy_buffering {{ item.value.reverse_proxy.locations[location].proxy_buffering | ternary("on", "off") }};
|
proxy_buffering {{ item.value.servers[server].reverse_proxy.locations[location].proxy_buffering | ternary("on", "off") }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.reverse_proxy.locations[location].custom_options is defined and item.value.reverse_proxy.locations[location].custom_options | length %}
|
{% if item.value.servers[server].reverse_proxy.locations[location].custom_options is defined and item.value.servers[server].reverse_proxy.locations[location].custom_options | length %}
|
||||||
{% for inline_option in item.value.reverse_proxy.locations[location].custom_options %}
|
{% for inline_option in item.value.servers[server].reverse_proxy.locations[location].custom_options %}
|
||||||
{{ inline_option }};
|
{{ inline_option }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if (item.value.reverse_proxy.health_check_plus is defined) and item.value.reverse_proxy.health_check_plus %}
|
{% if (item.value.servers[server].reverse_proxy.health_check_plus is defined) and item.value.servers[server].reverse_proxy.health_check_plus %}
|
||||||
health_check;
|
health_check;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
@ -343,66 +345,66 @@ server {
|
|||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.value.web_server is defined %}
|
{% if item.value.servers[server].web_server is defined %}
|
||||||
{% for location in item.value.web_server.locations %}
|
{% for location in item.value.servers[server].web_server.locations %}
|
||||||
location {{ item.value.web_server.locations[location].location }} {
|
location {{ item.value.servers[server].web_server.locations[location].location }} {
|
||||||
{% if item.value.web_server.locations[location].html_file_location is defined %}
|
{% if item.value.servers[server].web_server.locations[location].html_file_location is defined %}
|
||||||
root {{ item.value.web_server.locations[location].html_file_location }};
|
root {{ item.value.servers[server].web_server.locations[location].html_file_location }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.web_server.locations[location].html_file_name is defined %}
|
{% if item.value.servers[server].web_server.locations[location].html_file_name is defined %}
|
||||||
index {{ item.value.web_server.locations[location].html_file_name }};
|
index {{ item.value.servers[server].web_server.locations[location].html_file_name }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.web_server.locations[location].autoindex | default(false) %}
|
{% if item.value.servers[server].web_server.locations[location].autoindex | default(false) %}
|
||||||
autoindex on;
|
autoindex on;
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.web_server.locations[location].try_files is defined %}
|
{% if item.value.servers[server].web_server.locations[location].try_files is defined %}
|
||||||
try_files {{ item.value.web_server.locations[location].try_files }};
|
try_files {{ item.value.servers[server].web_server.locations[location].try_files }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.web_server.locations[location].include_files is defined and item.value.web_server.locations[location].include_files | length %}
|
{% if item.value.servers[server].web_server.locations[location].include_files is defined and item.value.servers[server].web_server.locations[location].include_files | length %}
|
||||||
{% for file in item.value.web_server.locations[location].include_files %}
|
{% for file in item.value.servers[server].web_server.locations[location].include_files %}
|
||||||
include "{{ file }}";
|
include "{{ file }}";
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.web_server.locations[location].custom_options is defined and item.value.web_server.locations[location].custom_options | length %}
|
{% if item.value.servers[server].web_server.locations[location].custom_options is defined and item.value.servers[server].web_server.locations[location].custom_options | length %}
|
||||||
{% for inline_option in item.value.web_server.locations[location].custom_options %}
|
{% for inline_option in item.value.servers[server].web_server.locations[location].custom_options %}
|
||||||
{{ inline_option }};
|
{{ inline_option }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.web_server.locations[location].proxy_hide_headers is defined %}
|
{% if item.value.servers[server].web_server.locations[location].proxy_hide_headers is defined %}
|
||||||
{% for header in item.value.web_server.locations[location].proxy_hide_headers %}
|
{% for header in item.value.servers[server].web_server.locations[location].proxy_hide_headers %}
|
||||||
proxy_hide_header {{ header }};
|
proxy_hide_header {{ header }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.web_server.locations[location].add_headers is defined %}
|
{% if item.value.servers[server].web_server.locations[location].add_headers is defined %}
|
||||||
{% for header in item.value.web_server.locations[location].add_headers %}
|
{% for header in item.value.servers[server].web_server.locations[location].add_headers %}
|
||||||
add_header {{ item.value.web_server.locations[location].add_headers[header].name }} "{{ item.value.web_server.locations[location].add_headers[header].value }}"{% if item.value.web_server.locations[location].add_headers[header].always is defined and item.value.web_server.locations[location].add_headers[header].always %} always{% endif %};
|
add_header {{ item.value.servers[server].web_server.locations[location].add_headers[header].name }} "{{ item.value.servers[server].web_server.locations[location].add_headers[header].value }}"{% if item.value.servers[server].web_server.locations[location].add_headers[header].always is defined and item.value.servers[server].web_server.locations[location].add_headers[header].always %} always{% endif %};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.web_server.locations[location].returns is defined %}
|
{% if item.value.servers[server].web_server.locations[location].returns is defined %}
|
||||||
{% for code in item.value.web_server.locations[location].returns %}
|
{% for code in item.value.servers[server].web_server.locations[location].returns %}
|
||||||
{% if item.value.web_server.locations[location].returns[code] is defined %}
|
{% if item.value.servers[server].web_server.locations[location].returns[code] is defined %}
|
||||||
return {{ item.value.web_server.locations[location].returns[code].code }} {{ item.value.web_server.locations[location].returns[code].url }};
|
return {{ item.value.servers[server].web_server.locations[location].returns[code].code }} {{ item.value.servers[server].web_server.locations[location].returns[code].url }};
|
||||||
{% else %}
|
{% else %}
|
||||||
return {{ item.value.web_server.locations[location].returns[code].url }};
|
return {{ item.value.servers[server].web_server.locations[location].returns[code].url }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.web_server.locations[location].auth_basic is defined and item.value.web_server.locations[location].auth_basic %}
|
{% if item.value.servers[server].web_server.locations[location].auth_basic is defined and item.value.servers[server].web_server.locations[location].auth_basic %}
|
||||||
auth_basic "{{ item.value.web_server.locations[location].auth_basic }}";
|
auth_basic "{{ item.value.servers[server].web_server.locations[location].auth_basic }}";
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.web_server.locations[location].auth_basic_user_file is defined and item.value.web_server.locations[location].auth_basic_user_file %}
|
{% if item.value.servers[server].web_server.locations[location].auth_basic_user_file is defined and item.value.servers[server].web_server.locations[location].auth_basic_user_file %}
|
||||||
auth_basic_user_file {{ item.value.web_server.locations[location].auth_basic_user_file }};
|
auth_basic_user_file {{ item.value.servers[server].web_server.locations[location].auth_basic_user_file }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.web_server.locations[location].auth_request is defined %}
|
{% if item.value.servers[server].web_server.locations[location].auth_request is defined %}
|
||||||
auth_request {{ item.value.web_server.locations[location].auth_request }};
|
auth_request {{ item.value.servers[server].web_server.locations[location].auth_request }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.web_server.locations[location].auth_request_set is defined %}
|
{% if item.value.servers[server].web_server.locations[location].auth_request_set is defined %}
|
||||||
auth_request_set {{ item.value.web_server.locations[location].auth_request_set.name }} {{ item.value.web_server.locations[location].auth_request_set.value }};
|
auth_request_set {{ item.value.servers[server].web_server.locations[location].auth_request_set.name }} {{ item.value.servers[server].web_server.locations[location].auth_request_set.value }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
}
|
}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% if item.value.web_server.http_demo_conf %}
|
{% if item.value.servers[server].web_server.http_demo_conf %}
|
||||||
sub_filter_once off;
|
sub_filter_once off;
|
||||||
sub_filter 'server_hostname' '$hostname';
|
sub_filter 'server_hostname' '$hostname';
|
||||||
sub_filter 'server_address' '$server_addr:$server_port';
|
sub_filter 'server_address' '$server_addr:$server_port';
|
||||||
@ -416,29 +418,31 @@ server {
|
|||||||
sub_filter 'proxied_for_ip' '$http_x_forwarded_for';
|
sub_filter 'proxied_for_ip' '$http_x_forwarded_for';
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.returns is defined %}
|
{% if item.value.servers[server].returns is defined %}
|
||||||
{% for return in item.value.returns %}
|
{% for return in item.value.servers[server].returns %}
|
||||||
location {{ item.value.returns[return].location }} {
|
location {{ item.value.servers[server].returns[return].location }} {
|
||||||
return {{ item.value.returns[return].code }}{% if item.value.returns[return].value is defined %} {{ item.value.returns[return].value }}{% endif %};
|
return {{ item.value.servers[server].returns[return].code }}{% if item.value.servers[server].returns[return].value is defined %} {{ item.value.servers[server].returns[return].value }}{% endif %};
|
||||||
}
|
}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.error_page is defined %}
|
{% if item.value.servers[server].error_page is defined %}
|
||||||
# redirect server error pages to the static page /50x.html
|
# redirect server error pages to the static page /50x.html
|
||||||
#
|
#
|
||||||
error_page 500 502 503 504 /50x.html;
|
error_page 500 502 503 504 /50x.html;
|
||||||
location = /50x.html {
|
location = /50x.html {
|
||||||
root {{ item.value.error_page }};
|
root {{ item.value.servers[server].error_page }};
|
||||||
}
|
}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if item.value.access_log is defined %}
|
{% if item.value.servers[server].access_log is defined %}
|
||||||
{% for access_log in item.value.access_log %}
|
{% for access_log in item.value.servers[server].access_log %}
|
||||||
access_log {{ access_log.location }} {{ access_log.name }};
|
access_log {{ access_log.location }} {{ access_log.name }};
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if item.value.error_log is defined %}
|
{% if item.value.servers[server].error_log is defined %}
|
||||||
error_log {{ item.value.error_log.location }} {{ item.value.error_log.level }};
|
error_log {{ item.value.servers[server].error_log.location }} {{ item.value.servers[server].error_log.level }};
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
Loading…
Reference in New Issue
Block a user