ansible-nginx/templates/etc/nginx/sites-available/_base.j2

167 lines
5.5 KiB
Plaintext
Raw Normal View History

2016-01-12 00:20:42 +07:00
{% set __proto = item.proto | default(['http']) %}
{% set __main_name = item.filename | default(item.name if item.name is string else item.name[0]) %}
2017-01-03 18:07:31 +07:00
{% set __listen = item.listen | default([80]) %}
{% set __listen_ssl = item.listen_ssl | default([443]) %}
{% set __http_proxy_protocol_port = item.http_proxy_protocol_port | default([]) %}
{% set __https_proxy_protocol_port = item.https_proxy_protocol_port | default([]) %}
2015-07-31 05:38:16 +07:00
{% set __location = item.location | default({}) %}
2016-03-15 21:01:58 +07:00
{% set __headers = item.headers | default({'X-Frame-Options': 'DENY always', 'X-Content-Type-Options': 'nosniff always' }) %}
2016-11-07 23:22:14 +07:00
{% set __ssl_name = item.ssl_name | default(item.name if item.name is string else item.name[0]) %}
{% set __location_order = item.location_order | default(__location.keys()) %}
2015-12-03 23:09:29 +07:00
{% macro htpasswd(htpasswd_name, indent=1) -%}
2016-01-12 00:20:42 +07:00
{% for ht in nginx_htpasswd if ht.name == htpasswd_name %}
2015-12-03 22:59:37 +07:00
{{ "\t" * indent }}auth_basic "{{ ht.description }}";
{{ "\t" * indent }}auth_basic_user_file {{ nginx_htpasswd_dir }}/{{ ht.name }};
2016-01-12 00:20:42 +07:00
{% endfor%}
{%- endmacro %}
{% macro ssl(ssl_name) %}
{% for sn in nginx_ssl_pairs if sn.name == ssl_name %}
2016-01-12 23:26:30 +07:00
ssl_certificate {{ nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.crt' if sn.dest_cert is not defined else sn.dest_cert }};
ssl_certificate_key {{ nginx_ssl_dir + '/' + ssl_name + '/' + ssl_name + '.key' if sn.dest_key is not defined else sn.dest_key }};
2016-01-12 00:20:42 +07:00
{% endfor %}
2015-12-03 22:59:37 +07:00
{%- endmacro %}
2015-07-30 18:02:21 +07:00
#
# {{ ansible_managed }}
#
#
# HTTP
#
server {
2016-01-12 00:20:42 +07:00
{% if 'http' in __proto %}
2015-07-30 18:02:21 +07:00
{% for port in __listen %}
2017-01-03 18:07:31 +07:00
listen {{ port }}{% if nginx_default_vhost == __main_name %} default_server{% endif %}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %};
2015-07-30 18:02:21 +07:00
{% endfor %}
2016-01-12 00:20:42 +07:00
{% endif %}
{% if 'https' in __proto %}
{% for port in __listen_ssl %}
2017-01-03 18:07:31 +07:00
listen {{ port }}{% if nginx_default_vhost_ssl == __main_name %} default_server{% endif %} ssl{% if nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %} http2{% endif %}{% if port | int in __https_proxy_protocol_port %} proxy_protocol{% endif %};
2016-01-12 00:20:42 +07:00
{% endfor %}
2016-11-07 23:22:14 +07:00
{{ ssl(__ssl_name) }}
2016-03-15 18:16:57 +07:00
{% if item.ssl_template is not defined or item.ssl_template != false %}
2016-01-12 00:20:42 +07:00
include {{ nginx_helper_dir + '/ssl-' + item.ssl_template | default('strong') }};
2016-03-15 18:16:57 +07:00
{% endif %}
2016-01-12 00:20:42 +07:00
{% endif %}
server_name {% if item.name is string %}{{ item.name }}{% else %}{{ "\n\t\t" }}{{ item.name | join("\n\t\t") }}{% endif %};
2015-12-01 21:46:57 +07:00
{% block root %}
2015-07-30 18:02:21 +07:00
{% if item.root is defined %}
root {{ item.root }};
{% else %}
2016-01-12 15:27:53 +07:00
root {{ nginx_root }}/{{ __main_name }}/public;
2015-07-30 18:02:21 +07:00
{% endif %}
2015-12-01 21:46:57 +07:00
{% endblock %}
2015-07-30 18:02:21 +07:00
{% block template_index %}
index {{ item.index | default('index.html index.htm') }};
{% endblock %}
{% block template_more %}
2015-09-09 22:44:53 +07:00
{% if item.more is defined and item.more is iterable %}
{% for line in item.more %}
{{ line }}
2015-09-09 22:44:53 +07:00
{% endfor %}
{% endif %}
{% endblock %}
2015-09-09 22:44:53 +07:00
2015-12-03 23:09:29 +07:00
{% if item.htpasswd is defined %}
{{ htpasswd(item.htpasswd, 1) }}
{% endif %}
{% block template_headers %}
# --> Custom headers
{% for key, value in __headers.iteritems() %}
add_header {{ key }} {{ value | replace(' always', '') }}{% if nginx_version.stdout | version_compare('1.7.5', 'ge') and ' always' in value %} always{% endif %};
{% endfor %}
# <-- Custom headers
{% endblock %}
2015-11-03 20:31:50 +07:00
{% if not __location.has_key('/') %}
2015-08-28 14:54:43 +07:00
location / {
2015-07-30 18:02:21 +07:00
{% block template_try_files %}
try_files {{ override_try_files | default('$uri $uri/ =404') }};
2015-07-30 18:02:21 +07:00
{% endblock %}
2015-08-28 14:54:43 +07:00
}
2015-11-03 20:31:50 +07:00
{% endif %}
2015-07-30 18:02:21 +07:00
2015-07-30 20:37:25 +07:00
{% block template_upstream_location %}
{% endblock %}
2015-07-30 18:02:21 +07:00
{% block template_custom_location %}
{% endblock %}
{% if __location_order | length > 0 %}
# --> Custom locations
{% for location in __location_order %}
location {{ location }} {
{% set opts = __location[location] %}
{% for opt in opts %}
{% if opt.htpasswd is defined %}{{ htpasswd(opt.htpasswd, 2) }}{% else %}
{{ opt }}
{% endif %}
{% endfor %}
}
{% endfor %} # <-- Custom locations
{% endif %}
2015-12-01 21:46:57 +07:00
{% block template_local_content %}
{% if item.manage_local_content is not defined or item.manage_local_content %}
2015-07-31 05:38:16 +07:00
location ~ /\.ht {
2015-07-30 18:02:21 +07:00
deny all;
}
2015-07-30 20:37:25 +07:00
location = /favicon.ico {
expires 30d;
access_log off;
log_not_found off;
}
location ~* \.(txt|js|css|png|jpe?g|gif|ico|svg)$ {
2015-07-30 18:02:21 +07:00
expires 30d;
log_not_found off;
}
2015-10-19 14:39:51 +07:00
{% endif %}
2015-10-08 23:21:40 +07:00
{% endblock %}
2015-07-30 18:02:21 +07:00
{% if item.use_access_log is defined %}
{% if item.use_access_log %}
2016-01-12 15:27:53 +07:00
access_log {{ nginx_log_dir }}/{{ __main_name }}_access.log combined;
2015-07-30 18:02:21 +07:00
{% else %}
access_log off;
{% endif %}
{% endif %}
{% if item.use_error_log is defined %}
{% if item.use_error_log %}
2016-01-12 15:27:53 +07:00
error_log {{ nginx_log_dir }}/{{ __main_name }}_error.log {{ nginx_error_log_level }};
2015-07-30 18:02:21 +07:00
{% else %}
error_log off;
{% endif %}
{% endif %}
2015-07-30 18:02:21 +07:00
}
{% if item.redirect_https is defined and item.redirect_https %}
#
# Redirect HTTP to HTTPS
#
server {
{% for port in __listen %}
2017-01-03 18:07:31 +07:00
listen {{ port }}{% if nginx_default_vhost == __main_name %} default_server{% endif %}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %};
{% endfor %}
2016-11-17 02:51:03 +07:00
server_name {% if item.name is string %}{{ item.name }}{% else %}{{ "\n\t\t" }}{{ item.name | join("\n\t\t") }}{% endif %};
return 301 https://{{ __main_name }}{% if '443' not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri;
}
{% endif %}
2015-07-30 18:02:21 +07:00
{% if item.redirect_from is defined and item.redirect_from is iterable %}
#
# Redirect from
#
server {
{% for port in __listen %}
2017-01-03 18:07:31 +07:00
listen {{ port }}{% if port | int in __http_proxy_protocol_port %} proxy_protocol{% endif %};
2015-07-30 18:02:21 +07:00
{% endfor %}
2016-11-17 02:51:03 +07:00
server_name {% if item.redirect_from is string %}{{ item.redirect_from }}{% else %}{{ "\n\t\t" }}{{ item.redirect_from | join("\n\t\t") }}{% endif %};
2016-01-12 15:27:53 +07:00
return 301 $scheme://{{ __main_name }}$request_uri;
2015-07-30 18:02:21 +07:00
}
{% endif %}
# vim:filetype=nginx