155c13c140
* Add `add_header` support for either `server` and `location` block * Add Tests for adding headers to either server and location block
283 lines
17 KiB
Django/Jinja
283 lines
17 KiB
Django/Jinja
{{ ansible_managed | comment }}
|
|
|
|
{% if item.value.upstreams is defined and item.value.upstreams %}
|
|
{% for upstream in item.value.upstreams %}
|
|
upstream {{ item.value.upstreams[upstream].name }} {
|
|
{{ item.value.upstreams[upstream].lb_method }};
|
|
zone {{ item.value.upstreams[upstream].zone_name }} {{ item.value.upstreams[upstream].zone_size }};
|
|
{% for server in item.value.upstreams[upstream].servers %}
|
|
server {{ item.value.upstreams[upstream].servers[server].address }}:{{ item.value.upstreams[upstream].servers[server].port }} weight={{ item.value.upstreams[upstream].servers[server].weight|default("1") }} {{ item.value.upstreams[upstream].servers[server].health_check|default("") }};
|
|
{% endfor %}
|
|
{% if item.value.upstreams[upstream].sticky_cookie %}
|
|
sticky cookie srv_id expires=1h path=/;
|
|
{% endif %}
|
|
}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if item.value.reverse_proxy is defined and item.value.reverse_proxy %}
|
|
{% if item.value.reverse_proxy.proxy_cache_path is defined and item.value.reverse_proxy.proxy_cache_path %}
|
|
{% for proxy_cache_path in item.value.reverse_proxy.proxy_cache_path %}
|
|
proxy_cache_path {{ proxy_cache_path.path }} keys_zone={{ proxy_cache_path.keys_zone.name }}:{{ proxy_cache_path.keys_zone.size }}
|
|
levels={{ proxy_cache_path.levels }} max_size={{ proxy_cache_path.max_size }}
|
|
inactive={{ proxy_cache_path.inactive }} use_temp_path={{ proxy_cache_path.use_temp_path | ternary("on", "off") }};
|
|
{% endfor %}
|
|
{% if item.value.reverse_proxy.proxy_cache_background_update is defined and item.value.reverse_proxy.proxy_cache_background_update%}
|
|
proxy_cache_background_update {{ item.value.reverse_proxy.proxy_cache_background_update | ternary("on", "off") }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.proxy_cache_lock is defined and item.value.reverse_proxy.proxy_cache_lock %}
|
|
proxy_cache_lock {{ item.value.reverse_proxy.proxy_cache_lock | ternary("on", "off") }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.proxy_cache_min_uses is defined and item.value.reverse_proxy.proxy_cache_min_uses %}
|
|
proxy_cache_min_uses {{ item.value.reverse_proxy.proxy_cache_min_uses }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.proxy_cache_revalidate is defined and item.value.reverse_proxy.proxy_cache_revalidate %}
|
|
proxy_cache_revalidate {{ item.value.reverse_proxy.proxy_cache_revalidate | ternary("on", "off") }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.proxy_cache_use_stale is defined and item.value.reverse_proxy.proxy_cache_use_stale %}
|
|
proxy_cache_use_stale {{ item.value.reverse_proxy.proxy_cache_use_stale | join(" ") }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.proxy_ignore_headers is defined and item.value.reverse_proxy.proxy_ignore_headers %}
|
|
proxy_ignore_headers {{ item.value.reverse_proxy.proxy_ignore_headers | join(" ") }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.proxy_temp_path is defined and item.value.reverse_proxy.proxy_temp_path.path %}
|
|
proxy_temp_path {{ item.value.reverse_proxy.proxy_temp_path.path }} {{ item.value.reverse_proxy.proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.proxy_temp_path.level_3 | default("") }};
|
|
{% endif %}
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if item.value.auth_request_http is defined %}
|
|
auth_request {{ item.value.auth_request_http }};
|
|
{% endif %}
|
|
|
|
server {
|
|
{% if item.value.ssl is defined and item.value.ssl %}
|
|
listen {{ item.value.port }} ssl;
|
|
ssl_certificate {{ item.value.ssl.cert }};
|
|
ssl_certificate_key {{ item.value.ssl.key }};
|
|
{% if item.value.ssl.dhparam is defined %}
|
|
ssl_dhparam {{ item.value.ssl.dhparam }};
|
|
{% endif %}
|
|
{% if item.value.ssl.protocols is defined and item.value.ssl.protocols %}
|
|
ssl_protocols {{ item.value.ssl.protocols }};
|
|
{% endif %}
|
|
{% if item.value.ssl.ciphers is defined and item.value.ssl.ciphers %}
|
|
ssl_ciphers {{ item.value.ssl.ciphers }};
|
|
{% endif %}
|
|
{% if item.value.ssl.session_cache is defined and item.value.ssl.session_cache %}
|
|
ssl_session_cache {{ item.value.ssl.session_cache }};
|
|
{% endif %}
|
|
{% if item.value.ssl.session_timeout is defined and item.value.ssl.session_timeout %}
|
|
ssl_session_timeout {{ item.value.ssl.session_timeout }};
|
|
{% endif %}
|
|
{% else %}
|
|
listen {{ item.value.port }};
|
|
{% endif %}
|
|
server_name {{ item.value.server_name | default('localhost') }};
|
|
{% if item.value.add_headers is defined %}
|
|
{% for header in item.value.add_headers %}
|
|
add_header {{ item.value.add_headers[header].name }} "{{ item.value.add_headers[header].value }}"{% if item.value.add_headers[header].always is defined and item.value.add_headers[header].always %} always{% endif %};
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if item.value.auth_basic is defined and item.value.auth_basic %}
|
|
auth_basic "{{ item.value.auth_basic }}";
|
|
{% endif %}
|
|
{% if item.value.auth_basic_user_file is defined and item.value.auth_basic_user_file %}
|
|
auth_basic_user_file {{ item.value.auth_basic_user_file }};
|
|
{% endif %}
|
|
{% if item.value.root is defined and item.value.root %}
|
|
root {{ item.value.root }};
|
|
{% endif %}
|
|
{% if item.value.https_redirect is defined and item.value.https_redirect %}
|
|
return 301 https://{% if item.value.server_name == "_" %}$host{% else %}{{ item.value.server_name }}{% endif %}$request_uri;
|
|
{% endif %}
|
|
{% if item.value.autoindex is defined and item.value.autoindex %}
|
|
autoindex on;
|
|
{% endif %}
|
|
{% if item.value.try_files is defined %}
|
|
try_files {{ item.value.try_files }};
|
|
{% endif %}
|
|
{% if item.value.auth_request is defined %}
|
|
auth_request {{ item.value.auth_request }};
|
|
{% endif %}
|
|
|
|
{% if item.value.reverse_proxy is defined and item.value.reverse_proxy %}
|
|
{% for location in item.value.reverse_proxy.locations %}
|
|
location {{ item.value.reverse_proxy.locations[location].location }} {
|
|
{% if item.value.reverse_proxy.locations[location].internal is sameas true %}
|
|
internal;
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].add_headers is defined %}
|
|
{% for header in item.value.reverse_proxy.locations[location].add_headers %}
|
|
add_header {{ item.value.reverse_proxy.locations[location].add_headers[header].name }} "{{ item.value.reverse_proxy.locations[location].add_headers[header].value }}"{% if item.value.reverse_proxy.locations[location].add_headers[header].always is defined and item.value.reverse_proxy.locations[location].add_headers[header].always %} always{% endif %};
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].auth_request is defined %}
|
|
auth_request {{ item.value.reverse_proxy.locations[location].auth_request }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].auth_basic is defined and item.value.reverse_proxy.locations[location].auth_basic %}
|
|
auth_basic "{{ item.value.reverse_proxy.locations[location].auth_basic }}";
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].auth_basic_user_file is defined and item.value.reverse_proxy.locations[location].auth_basic_user_file %}
|
|
auth_basic_user_file {{ item.value.reverse_proxy.locations[location].auth_basic_user_file }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].returns is defined %}
|
|
{% for code in item.value.reverse_proxy.locations[location].returns %}
|
|
{% if item.value.reverse_proxy.locations[location].returns[code] is defined %}
|
|
return {{ item.value.reverse_proxy.locations[location].returns[code].code }} {{ item.value.reverse_proxy.locations[location].returns[code].url }};
|
|
{% else %}
|
|
return {{ item.value.reverse_proxy.locations[location].returns[code].url }};
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_connect_timeout is defined and item.value.reverse_proxy.locations[location].proxy_connect_timeout %}
|
|
proxy_connect_timeout {{ item.value.reverse_proxy.locations[location].proxy_connect_timeout }};
|
|
{% endif %}
|
|
proxy_pass {{ item.value.reverse_proxy.locations[location].proxy_pass }};
|
|
{% if item.value.reverse_proxy.locations[location].proxy_read_timeout is defined and item.value.reverse_proxy.locations[location].proxy_read_timeout %}
|
|
proxy_read_timeout {{ item.value.reverse_proxy.locations[location].proxy_read_timeout }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_pass_request_body is defined %}
|
|
proxy_pass_request_body {{ item.value.reverse_proxy.locations[location].proxy_pass_request_body }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_store is defined %}
|
|
proxy_store {{ item.value.reverse_proxy.locations[location].proxy_store | ternary("on", "off") }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_store_access is defined %}
|
|
proxy_store_access {{ item.value.reverse_proxy.locations[location].proxy_store_access }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_set_header is defined %}
|
|
{% for header in item.value.reverse_proxy.locations[location].proxy_set_header %}
|
|
proxy_set_header {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].name }} {{ item.value.reverse_proxy.locations[location].proxy_set_header[header].value }};
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].try_files is defined %}
|
|
try_files {{ item.value.reverse_proxy.locations[location].try_files }};
|
|
{% endif %}
|
|
|
|
{% if item.value.reverse_proxy.locations[location].proxy_ssl is defined and item.value.reverse_proxy.locations[location].proxy_ssl %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_ssl.cert is defined %}
|
|
proxy_ssl_certificate {{ item.value.reverse_proxy.locations[location].proxy_ssl.cert }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_ssl.key is defined %}
|
|
proxy_ssl_certificate_key {{ item.value.reverse_proxy.locations[location].proxy_ssl.key }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_ssl.trusted_cert is defined %}
|
|
proxy_ssl_trusted_certificate {{ item.value.reverse_proxy.locations[location].proxy_ssl.trusted_cert }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_ssl.server_name is defined %}
|
|
proxy_ssl_server_name {{ item.value.reverse_proxy.locations[location].proxy_ssl.server_name | ternary("on", "off") }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_ssl.name is defined %}
|
|
proxy_ssl_name {{ item.value.reverse_proxy.locations[location].proxy_ssl.name }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_ssl.protocols is defined %}
|
|
proxy_ssl_protocols {{ item.value.reverse_proxy.locations[location].proxy_ssl.protocols }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_ssl.ciphers is defined %}
|
|
proxy_ssl_ciphers {{ item.value.reverse_proxy.locations[location].proxy_ssl.ciphers }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_ssl.verify is defined %}
|
|
proxy_ssl_verify {{ item.value.reverse_proxy.locations[location].proxy_ssl.verify | ternary("on", "off") }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_ssl.verify_depth is defined %}
|
|
proxy_ssl_verify_depth {{ item.value.reverse_proxy.locations[location].proxy_ssl.verify_depth }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_ssl.session_reuse is defined %}
|
|
proxy_ssl_session_reuse {{ item.value.reverse_proxy.locations[location].proxy_ssl.session_reuse | ternary("on", "off") }};
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_redirect is defined %}
|
|
proxy_redirect {{ item.value.reverse_proxy.locations[location].proxy_redirect | ternary(item.value.reverse_proxy.locations[location].proxy_redirect, "off") }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_cache is defined %}
|
|
proxy_cache {{ item.value.reverse_proxy.locations[location].proxy_cache }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_cache_background_update is defined %}
|
|
proxy_cache_background_update {{ item.value.reverse_proxy.locations[location].proxy_cache_background_update | ternary("on", "off") }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_cache_lock is defined %}
|
|
proxy_cache_lock {{ item.value.reverse_proxy.locations[location].proxy_cache_lock | ternary("on", "off") }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_cache_min_uses is defined %}
|
|
proxy_cache_min_uses {{ item.value.reverse_proxy.locations[location].proxy_cache_min_uses }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_cache_revalidate is defined %}
|
|
proxy_cache_revalidate {{ item.value.reverse_proxy.locations[location].proxy_cache_revalidate | ternary("on", "off") }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_cache_use_stale is defined %}
|
|
proxy_cache_use_stale {{ item.value.reverse_proxy.locations[location].proxy_cache_use_stale | join(" ") }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_temp_path is defined %}
|
|
proxy_temp_path {{ item.value.reverse_proxy.locations[location].proxy_temp_path.path }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_1 | default("") }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_2 | default("") }} {{ item.value.reverse_proxy.locations[location].proxy_temp_path.level_3 | default("") }};
|
|
{% endif %}
|
|
{% if item.value.reverse_proxy.locations[location].proxy_ignore_headers is defined %}
|
|
proxy_ignore_headers {{ item.value.reverse_proxy.locations[location].proxy_ignore_headers | join(" ") }};
|
|
{% endif %}
|
|
{% if (item.value.reverse_proxy.health_check_plus is defined) and item.value.reverse_proxy.health_check_plus %}
|
|
health_check;
|
|
{% endif %}
|
|
|
|
}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if item.value.web_server is defined %}
|
|
{% for location in item.value.web_server.locations %}
|
|
location {{ item.value.web_server.locations[location].location }} {
|
|
root {{ item.value.web_server.locations[location].html_file_location }};
|
|
index {{ item.value.web_server.locations[location].html_file_name }};
|
|
{% if item.value.web_server.locations[location].autoindex %}
|
|
autoindex on;
|
|
{% endif %}
|
|
{% if item.value.web_server.locations[location].try_files is defined %}
|
|
try_files {{ item.value.web_server.locations[location].try_files }};
|
|
{% endif %}
|
|
{% if item.value.web_server.locations[location].add_headers is defined %}
|
|
{% for header in item.value.web_server.locations[location].add_headers %}
|
|
add_header {{ item.value.web_server.locations[location].add_headers[header].name }} "{{ item.value.web_server.locations[location].add_headers[header].value }}"{% if item.value.web_server.locations[location].add_headers[header].always is defined and item.value.web_server.locations[location].add_headers[header].always %} always{% endif %};
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if item.value.web_server.locations[location].returns is defined %}
|
|
{% for code in item.value.web_server.locations[location].returns %}
|
|
{% if item.value.web_server.locations[location].returns[code] is defined %}
|
|
return {{ item.value.web_server.locations[location].returns[code].code }} {{ item.value.web_server.locations[location].returns[code].url }};
|
|
{% else %}
|
|
return {{ item.value.web_server.locations[location].returns[code].url }};
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if item.value.web_server.locations[location].auth_basic is defined and item.value.web_server.locations[location].auth_basic %}
|
|
auth_basic "{{ item.value.web_server.locations[location].auth_basic }}";
|
|
{% endif %}
|
|
{% if item.value.web_server.locations[location].auth_basic_user_file is defined and item.value.web_server.locations[location].auth_basic_user_file %}
|
|
auth_basic_user_file {{ item.value.web_server.locations[location].auth_basic_user_file }};
|
|
{% endif %}
|
|
{% if item.value.web_server.locations[location].auth_request is defined %}
|
|
auth_request {{ item.value.web_server.locations[location].auth_request }};
|
|
{% endif %}
|
|
}
|
|
{% endfor %}
|
|
{% if item.value.web_server.http_demo_conf %}
|
|
sub_filter_once off;
|
|
sub_filter 'server_hostname' '$hostname';
|
|
sub_filter 'server_address' '$server_addr:$server_port';
|
|
sub_filter 'server_url' '$request_uri';
|
|
sub_filter 'remote_addr' '$remote_addr:$remote_port';
|
|
sub_filter 'server_date' '$time_local';
|
|
sub_filter 'client_browser' '$http_user_agent';
|
|
sub_filter 'request_id' '$request_id';
|
|
sub_filter 'nginx_version' '$nginx_version';
|
|
sub_filter 'document_root' '$document_root';
|
|
sub_filter 'proxied_for_ip' '$http_x_forwarded_for';
|
|
{% endif %}
|
|
{% endif %}
|
|
{% if item.value.error_page is defined %}
|
|
# redirect server error pages to the static page /50x.html
|
|
#
|
|
error_page 500 502 503 504 /50x.html;
|
|
location = /50x.html {
|
|
root {{ item.value.error_page }};
|
|
}
|
|
{% endif %}
|
|
}
|