2016-01-12 00:20:42 +07:00
|
|
|
{% set __proto = item.proto | default(['http']) %}
|
2019-12-30 23:28:34 +07:00
|
|
|
{% set __main_name = item | nginx_site_name %}
|
2018-03-23 01:47:30 +07:00
|
|
|
{% set __listen = item.listen | default(['80', '[::]:80']) %}
|
|
|
|
{% set __listen_ssl = item.listen_ssl | default(['443', '[::]:443']) %}
|
2017-01-03 18:07:31 +07:00
|
|
|
{% set __http_proxy_protocol_port = item.http_proxy_protocol_port | default([]) %}
|
|
|
|
{% set __https_proxy_protocol_port = item.https_proxy_protocol_port | default([]) %}
|
2015-07-31 05:38:16 +07:00
|
|
|
{% set __location = item.location | default({}) %}
|
2019-02-20 21:13:25 +07:00
|
|
|
{% set __location_before = item.location_before | default({}) %}
|
2017-02-08 22:16:19 +07:00
|
|
|
{% set __headers = item.headers | default(nginx_servers_default_headers) %}
|
2019-12-30 23:28:34 +07:00
|
|
|
{% set __ssl_name = item.ssl_name | default(__main_name) %}
|
2016-11-23 17:43:13 +07:00
|
|
|
{% set __location_order = item.location_order | default(__location.keys()) %}
|
2019-02-20 21:13:25 +07:00
|
|
|
{% set __location_order_before = item.location_order_before | default(__location_before.keys()) %}
|
2019-12-30 23:28:34 +07:00
|
|
|
{% set __http2 = nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %}
|
|
|
|
{% macro listen_http() %}
|
|
|
|
{% endmacro %}
|
2019-03-21 01:37:55 +07:00
|
|
|
{% macro server_name(name) %}
|
|
|
|
{% if name is string %}{{ name }}{% else %}{{ name | join(" ") }}{% endif %}
|
|
|
|
{% endmacro %}
|
2019-02-20 21:13:25 +07:00
|
|
|
{% macro locations(list, order) %}
|
|
|
|
{% if order | length > 0 %}
|
|
|
|
# --> Custom locations
|
|
|
|
{% for location in order %}
|
|
|
|
location {{ location }} {
|
|
|
|
{% set opts = list[location] %}
|
|
|
|
{% for opt in opts %}
|
|
|
|
{% if opt.htpasswd is defined %}
|
|
|
|
{{ htpasswd(opt.htpasswd, 2) }}
|
|
|
|
{% else %}
|
|
|
|
{{ opt }}
|
|
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
|
|
}
|
|
|
|
{% endfor %}
|
|
|
|
# <-- Custom locations
|
|
|
|
{% endif %}
|
|
|
|
{% endmacro %}
|
2015-12-03 23:09:29 +07:00
|
|
|
{% macro htpasswd(htpasswd_name, indent=1) -%}
|
2017-03-08 17:10:14 +07:00
|
|
|
{%- if htpasswd_name != false %}
|
|
|
|
{%- for ht in nginx_htpasswd if ht.name == htpasswd_name %}
|
2015-12-03 22:59:37 +07:00
|
|
|
{{ "\t" * indent }}auth_basic "{{ ht.description }}";
|
|
|
|
{{ "\t" * indent }}auth_basic_user_file {{ nginx_htpasswd_dir }}/{{ ht.name }};
|
2017-03-08 17:10:14 +07:00
|
|
|
{%- endfor %}
|
|
|
|
{%- endif %}
|
2016-01-12 00:20:42 +07:00
|
|
|
{%- endmacro %}
|
|
|
|
{% macro ssl(ssl_name) %}
|
2018-03-23 00:43:44 +07:00
|
|
|
{% for sn in nginx_ssl_pairs if ((sn.name is string and sn.name == ssl_name) or (sn.name.0 == ssl_name)) %}
|
2019-04-26 18:29:06 +07:00
|
|
|
ssl_certificate {{ sn | nginx_cert_path(nginx_ssl_dir) }};
|
|
|
|
ssl_certificate_key {{ sn | nginx_key_path(nginx_ssl_dir) }};
|
2016-01-12 00:20:42 +07:00
|
|
|
{% endfor %}
|
2015-12-03 22:59:37 +07:00
|
|
|
{%- endmacro %}
|
2017-04-13 19:21:14 +07:00
|
|
|
{% macro httpsredirect(name) %}
|
|
|
|
server {
|
|
|
|
{% for port in __listen %}
|
2019-12-30 23:28:34 +07:00
|
|
|
listen {{ port }};
|
|
|
|
{% endfor %}
|
|
|
|
{% for port in __http_proxy_protocol_port %}
|
|
|
|
listen {{ port }} proxy_protocol;
|
2017-04-13 19:21:14 +07:00
|
|
|
{% endfor %}
|
2019-03-21 01:37:55 +07:00
|
|
|
server_name {{ server_name(name) }};
|
2018-03-16 00:30:01 +07:00
|
|
|
location / {
|
|
|
|
return 301 https://{{ name }}{% if '443' not in __listen_ssl and 443 not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri;
|
|
|
|
}
|
2017-04-13 19:21:14 +07:00
|
|
|
}
|
|
|
|
{% endmacro %}
|
|
|
|
|
2015-07-30 18:02:21 +07:00
|
|
|
#
|
|
|
|
# {{ ansible_managed }}
|
|
|
|
#
|
|
|
|
|
|
|
|
#
|
|
|
|
# HTTP
|
|
|
|
#
|
|
|
|
server {
|
2016-01-12 00:20:42 +07:00
|
|
|
{% if 'http' in __proto %}
|
2015-07-30 18:02:21 +07:00
|
|
|
{% for port in __listen %}
|
2019-12-30 23:28:34 +07:00
|
|
|
listen {{ port }}{% if nginx_default_site == __main_name %} default_server{% endif %};
|
|
|
|
{% endfor %}
|
|
|
|
{% for port in __http_proxy_protocol_port %}
|
|
|
|
listen {{ port }}{% if nginx_default_site == __main_name %} default_server{% endif %} proxy_protocol;
|
2015-07-30 18:02:21 +07:00
|
|
|
{% endfor %}
|
2016-01-12 00:20:42 +07:00
|
|
|
{% endif %}
|
|
|
|
{% if 'https' in __proto %}
|
|
|
|
{% for port in __listen_ssl %}
|
2019-12-30 23:28:34 +07:00
|
|
|
listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %};
|
|
|
|
{% endfor %}
|
|
|
|
{% for port in __https_proxy_protocol_port %}
|
|
|
|
listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %} proxy_protocol;
|
2016-01-12 00:20:42 +07:00
|
|
|
{% endfor %}
|
2016-11-07 23:22:14 +07:00
|
|
|
{{ ssl(__ssl_name) }}
|
2016-03-15 18:16:57 +07:00
|
|
|
{% if item.ssl_template is not defined or item.ssl_template != false %}
|
2016-01-12 00:20:42 +07:00
|
|
|
include {{ nginx_helper_dir + '/ssl-' + item.ssl_template | default('strong') }};
|
2016-03-15 18:16:57 +07:00
|
|
|
{% endif %}
|
2016-01-12 00:20:42 +07:00
|
|
|
{% endif %}
|
2019-03-21 01:37:55 +07:00
|
|
|
server_name {{ server_name(item.name) }};
|
2015-12-01 21:46:57 +07:00
|
|
|
{% block root %}
|
2015-07-30 18:02:21 +07:00
|
|
|
{% if item.root is defined %}
|
|
|
|
root {{ item.root }};
|
|
|
|
{% else %}
|
2019-12-30 23:28:34 +07:00
|
|
|
root {{ nginx_root }}/{{ item | nginx_site_filename }}/public;
|
2015-07-30 18:02:21 +07:00
|
|
|
{% endif %}
|
2015-12-01 21:46:57 +07:00
|
|
|
{% endblock %}
|
2015-07-30 18:02:21 +07:00
|
|
|
{% block template_index %}
|
|
|
|
index {{ item.index | default('index.html index.htm') }};
|
|
|
|
{% endblock %}
|
|
|
|
|
2016-08-11 02:29:03 +07:00
|
|
|
{% block template_more %}
|
2015-09-09 22:44:53 +07:00
|
|
|
{% if item.more is defined and item.more is iterable %}
|
|
|
|
{% for line in item.more %}
|
2015-09-21 16:47:49 +07:00
|
|
|
{{ line }}
|
2015-09-09 22:44:53 +07:00
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
2016-08-11 02:29:03 +07:00
|
|
|
{% endblock %}
|
2015-09-09 22:44:53 +07:00
|
|
|
|
2015-12-03 23:09:29 +07:00
|
|
|
{% if item.htpasswd is defined %}
|
|
|
|
{{ htpasswd(item.htpasswd, 1) }}
|
|
|
|
{% endif %}
|
|
|
|
|
2016-03-15 21:46:49 +07:00
|
|
|
{% block template_headers %}
|
2016-03-15 16:51:14 +07:00
|
|
|
# --> Custom headers
|
|
|
|
{% for key, value in __headers.iteritems() %}
|
2019-08-20 15:35:16 +07:00
|
|
|
add_header {{ key }} "{{ value | regex_replace('\s+always$', '') }}"{% if value | regex_search('\s+always$') %} always{% endif %};
|
2016-03-15 16:51:14 +07:00
|
|
|
{% endfor %}
|
|
|
|
# <-- Custom headers
|
2016-03-15 21:46:49 +07:00
|
|
|
{% endblock %}
|
2016-03-15 16:51:14 +07:00
|
|
|
|
2019-02-20 21:13:25 +07:00
|
|
|
{{ locations(__location_before, __location_order_before) }}
|
|
|
|
|
2015-11-03 20:31:50 +07:00
|
|
|
{% if not __location.has_key('/') %}
|
2015-08-28 14:54:43 +07:00
|
|
|
location / {
|
2015-07-30 18:02:21 +07:00
|
|
|
{% block template_try_files %}
|
2019-02-20 23:08:56 +07:00
|
|
|
try_files {{ item.override_try_files | default('$uri $uri/ =404') }};
|
2015-07-30 18:02:21 +07:00
|
|
|
{% endblock %}
|
2015-08-28 14:54:43 +07:00
|
|
|
}
|
2015-11-03 20:31:50 +07:00
|
|
|
{% endif %}
|
2015-07-30 18:02:21 +07:00
|
|
|
|
2015-07-30 20:37:25 +07:00
|
|
|
{% block template_upstream_location %}
|
|
|
|
{% endblock %}
|
2015-07-30 18:02:21 +07:00
|
|
|
{% block template_custom_location %}
|
|
|
|
{% endblock %}
|
|
|
|
|
2019-02-20 21:13:25 +07:00
|
|
|
{{ locations(__location, __location_order) }}
|
2016-08-11 02:29:03 +07:00
|
|
|
|
2015-12-01 21:46:57 +07:00
|
|
|
{% block template_local_content %}
|
|
|
|
{% if item.manage_local_content is not defined or item.manage_local_content %}
|
2015-07-31 05:38:16 +07:00
|
|
|
location ~ /\.ht {
|
2015-07-30 18:02:21 +07:00
|
|
|
deny all;
|
|
|
|
}
|
2015-07-30 20:37:25 +07:00
|
|
|
|
|
|
|
location = /favicon.ico {
|
|
|
|
expires 30d;
|
|
|
|
access_log off;
|
|
|
|
log_not_found off;
|
|
|
|
}
|
|
|
|
|
2019-08-08 02:11:00 +07:00
|
|
|
location ~* \.(txt|js|css|png|jpe?g|gif|ico|svg|(o|t)tf|woff2?|eot)$ {
|
2015-07-30 18:02:21 +07:00
|
|
|
expires 30d;
|
|
|
|
log_not_found off;
|
|
|
|
}
|
2015-10-19 14:39:51 +07:00
|
|
|
{% endif %}
|
2015-10-08 23:21:40 +07:00
|
|
|
{% endblock %}
|
2015-07-30 18:02:21 +07:00
|
|
|
|
2016-03-05 18:00:07 +07:00
|
|
|
{% if item.use_access_log is defined %}
|
|
|
|
{% if item.use_access_log %}
|
2016-01-12 15:27:53 +07:00
|
|
|
access_log {{ nginx_log_dir }}/{{ __main_name }}_access.log combined;
|
2015-07-30 18:02:21 +07:00
|
|
|
{% else %}
|
|
|
|
access_log off;
|
|
|
|
{% endif %}
|
2016-03-05 18:00:07 +07:00
|
|
|
{% endif %}
|
|
|
|
{% if item.use_error_log is defined %}
|
|
|
|
{% if item.use_error_log %}
|
2016-01-12 15:27:53 +07:00
|
|
|
error_log {{ nginx_log_dir }}/{{ __main_name }}_error.log {{ nginx_error_log_level }};
|
2015-07-30 18:02:21 +07:00
|
|
|
{% else %}
|
|
|
|
error_log off;
|
|
|
|
{% endif %}
|
2016-03-05 18:00:07 +07:00
|
|
|
{% endif %}
|
2015-07-30 18:02:21 +07:00
|
|
|
}
|
|
|
|
|
2016-03-15 01:20:08 +07:00
|
|
|
{% if item.redirect_https is defined and item.redirect_https %}
|
|
|
|
#
|
|
|
|
# Redirect HTTP to HTTPS
|
|
|
|
#
|
2017-04-13 19:21:14 +07:00
|
|
|
{% if item.name is string %}
|
|
|
|
{{ httpsredirect(item.name) }}
|
|
|
|
{% else %}
|
|
|
|
{% for i in item.name %}
|
|
|
|
{{ httpsredirect(i) }}
|
2016-03-15 01:20:08 +07:00
|
|
|
{% endfor %}
|
|
|
|
{% endif %}
|
2017-04-13 19:21:14 +07:00
|
|
|
{% endif %}
|
2016-03-15 01:20:08 +07:00
|
|
|
|
2015-07-30 18:02:21 +07:00
|
|
|
{% if item.redirect_from is defined and item.redirect_from is iterable %}
|
|
|
|
#
|
|
|
|
# Redirect from
|
|
|
|
#
|
|
|
|
server {
|
|
|
|
{% for port in __listen %}
|
2019-12-30 23:28:34 +07:00
|
|
|
listen {{ port }};
|
2015-07-30 18:02:21 +07:00
|
|
|
{% endfor %}
|
2019-12-30 23:28:34 +07:00
|
|
|
{% for port in __http_proxy_protocol_port %}
|
|
|
|
listen {{ port }} proxy_protocol;
|
|
|
|
{% endfor %}
|
|
|
|
|
2019-03-21 01:37:55 +07:00
|
|
|
server_name {{ server_name(item.redirect_from) }};
|
2018-03-16 00:30:01 +07:00
|
|
|
location / {
|
2019-12-30 23:28:34 +07:00
|
|
|
return 301 $scheme://{{ __main_name }}$request_uri;
|
2018-03-16 00:30:01 +07:00
|
|
|
}
|
2015-07-30 18:02:21 +07:00
|
|
|
}
|
2018-03-15 18:54:12 +07:00
|
|
|
|
|
|
|
{% if 'https' in __proto %}
|
|
|
|
server {
|
|
|
|
{% for port in __listen_ssl %}
|
2019-12-30 23:28:34 +07:00
|
|
|
listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %};
|
|
|
|
{% endfor %}
|
|
|
|
{% for port in __https_proxy_protocol_port %}
|
|
|
|
listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %} proxy_protocol;
|
2018-03-15 18:54:12 +07:00
|
|
|
{% endfor %}
|
|
|
|
{{ ssl(__ssl_name) }}
|
|
|
|
{% if item.ssl_template is not defined or item.ssl_template != false %}
|
|
|
|
include {{ nginx_helper_dir + '/ssl-' + item.ssl_template | default('strong') }};
|
|
|
|
{% endif %}
|
2019-03-21 01:37:55 +07:00
|
|
|
server_name {{ server_name(item.redirect_from) }};
|
2018-03-16 00:30:01 +07:00
|
|
|
location / {
|
2019-12-30 23:28:34 +07:00
|
|
|
return 301 https://{{ __main_name }}{% if '443' not in __listen_ssl and 443 not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri;
|
2018-03-16 00:30:01 +07:00
|
|
|
}
|
2018-03-15 18:54:12 +07:00
|
|
|
}
|
|
|
|
{% endif %}
|
|
|
|
|
2015-07-30 18:02:21 +07:00
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
# vim:filetype=nginx
|