{% set __proto = item.proto | default(['http']) %} {% set __main_name = item | nginx_site_name %} {% set __listen = item.listen | default(nginx_default_listen) %} {% set __listen_ssl = item.listen_ssl | default(nginx_default_listen_ssl) %} {% set __listen_proxy_protocol = item.listen_proxy_protocol | default(nginx_default_listen_proxy_protocol) %} {% set __listen_proxy_protocol_ssl = item.listen_proxy_protocol_ssl | default(nginx_default_listen_proxy_protocol_ssl) %} {% set __location = item.location | default({}) %} {% set __location_before = item.location_before | default({}) %} {% set __headers = item.headers | default(nginx_servers_default_headers) %} {% set __ssl_name = item.ssl_name | default(__main_name) %} {% set __location_order = item.location_order | default(__location.keys()) %} {% set __location_order_before = item.location_order_before | default(__location_before.keys()) %} {% set __http2 = nginx_auto_config_httpv2 and 'http_v2' in nginx_modules %} {% macro listen_http() %} {% endmacro %} {% macro server_name(name) %} {% if name is string %}{{ name }}{% else %}{{ name | join(" ") }}{% endif %} {% endmacro %} {% macro locations(list, order) %} {% if order | length > 0 %} # --> Custom locations {% for location in order %} location {{ location }} { {% set opts = list[location] %} {% for opt in opts %} {% if opt.htpasswd is defined %} {{ htpasswd(opt.htpasswd, 2) }} {% else %} {{ opt }} {% endif %} {% endfor %} } {% endfor %} # <-- Custom locations {% endif %} {% endmacro %} {% macro htpasswd(htpasswd_name, indent=1) -%} {%- if htpasswd_name != false %} {%- for ht in nginx_htpasswd if ht.name == htpasswd_name %} {{ "\t" * indent }}auth_basic "{{ ht.description }}"; {{ "\t" * indent }}auth_basic_user_file {{ nginx_htpasswd_dir }}/{{ ht.name }}; {%- endfor %} {%- endif %} {%- endmacro %} {% macro ssl(ssl_name) %} {% for sn in nginx_ssl_pairs if (sn.name is defined and (sn | nginx_site_name) == ssl_name) %} ssl_certificate {{ sn | nginx_cert_path(nginx_ssl_dir) }}; ssl_certificate_key {{ sn | nginx_key_path(nginx_ssl_dir) }}; {% endfor %} {%- endmacro %} {% macro httpsredirect(name) %} server { {% for port in __listen %} listen {{ port }}; {% endfor %} {% for port in __listen_proxy_protocol %} listen {{ port }} proxy_protocol; {% endfor %} server_name {{ server_name(name) }}; location / { return 301 https://{{ name }}{% if '443' not in __listen_ssl and 443 not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri; } } {% endmacro %} # # {{ ansible_managed }} # # # HTTP # server { {% if 'http' in __proto %} {% for port in __listen %} listen {{ port }}{% if nginx_default_site == __main_name %} default_server{% endif %}; {% endfor %} {% for port in __listen_proxy_protocol %} listen {{ port }}{% if nginx_default_site == __main_name %} default_server{% endif %} proxy_protocol; {% endfor %} {% endif %} {% if 'https' in __proto %} {% for port in __listen_ssl %} listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %}; {% endfor %} {% for port in __listen_proxy_protocol_ssl %} listen {{ port }}{% if nginx_default_site_ssl == __main_name %} default_server{% endif %} ssl{% if __http2 %} http2{% endif %} proxy_protocol; {% endfor %} {{ ssl(__ssl_name) }} {% if item.ssl_template is not defined or item.ssl_template != false %} include {{ nginx_helper_dir + '/ssl-' + item.ssl_template | default('strong') }}; add_header Strict-Transport-Security "{{ item.hsts | default(nginx_default_hsts) }}" always; {% endif %} {% endif %} server_name {{ server_name(item.name) }}; {% block root %} {% if item.root is defined %} root {{ item.root }}; {% else %} root {{ nginx_root }}/{{ item | nginx_site_filename }}/public; {% endif %} {% endblock %} {% block template_index %} index {{ item.index | default('index.html index.htm') }}; {% endblock %} {% block template_more %} {% if item.more is defined and item.more is iterable %} {% for line in item.more %} {{ line }} {% endfor %} {% endif %} {% endblock %} {% if item.htpasswd is defined %} {{ htpasswd(item.htpasswd, 1) }} {% endif %} {% block template_headers %} # --> Custom headers {% for key, value in __headers.items() %} add_header {{ key }} "{{ value | regex_replace('\s+always$', '') }}"{% if value | regex_search('\s+always$') %} always{% endif %}; {% endfor %} # <-- Custom headers {% endblock %} {{ locations(__location_before, __location_order_before) }} {% if not '/' in __location %} location / { {% block template_try_files %} try_files {{ item.override_try_files | default('$uri $uri/ =404') }}; {% endblock %} } {% endif %} {% block template_upstream_location %} {% endblock %} {% block template_custom_location %} {% endblock %} {{ locations(__location, __location_order) }} {% block template_local_content %} {% if item.manage_local_content is not defined or item.manage_local_content %} location ~ /\.ht { deny all; } location = /favicon.ico { expires 30d; access_log off; log_not_found off; } location ~* \.(txt|js|css|png|jpe?g|gif|ico|svg|(o|t)tf|woff2?|eot)$ { expires 30d; log_not_found off; } {% endif %} {% endblock %} {% if item.use_access_log is defined %} {% if item.use_access_log %} access_log {{ nginx_log_dir }}/{{ __main_name }}_access.log combined; {% else %} access_log off; {% endif %} {% endif %} {% if item.use_error_log is defined %} {% if item.use_error_log %} error_log {{ nginx_log_dir }}/{{ __main_name }}_error.log {{ nginx_error_log_level }}; {% else %} error_log off; {% endif %} {% endif %} } {% if item.redirect_https is defined and item.redirect_https %} # # Redirect HTTP to HTTPS # {% if item.name is string %} {{ httpsredirect(item.name) }} {% else %} {% for i in item.name %} {{ httpsredirect(i) }} {% endfor %} {% endif %} {% endif %} {% if item.redirect_from is defined and item.redirect_from is iterable %} # # Redirect from # server { {% for port in __listen %} listen {{ port }}; {% endfor %} {% for port in __listen_proxy_protocol %} listen {{ port }} proxy_protocol; {% endfor %} server_name {{ server_name(item.redirect_from) }}; location / { return 301 $scheme://{{ __main_name }}$request_uri; } } {% if 'https' in __proto %} server { {% for port in __listen_ssl %} listen {{ port }} ssl{% if __http2 %} http2{% endif %}; {% endfor %} {% for port in __listen_proxy_protocol_ssl %} listen {{ port }} ssl{% if __http2 %} http2{% endif %} proxy_protocol; {% endfor %} {{ ssl(__ssl_name) }} {% if item.ssl_template is not defined or item.ssl_template != false %} include {{ nginx_helper_dir + '/ssl-' + item.ssl_template | default('strong') }}; add_header Strict-Transport-Security "{{ item.hsts | default(nginx_default_hsts) }}" always; {% endif %} server_name {{ server_name(item.redirect_from) }}; location / { return 301 https://{{ __main_name }}{% if '443' not in __listen_ssl and 443 not in __listen_ssl %}:{{ __listen_ssl[0] }}{% endif %}$request_uri; } } {% endif %} {% endif %} # vim:filetype=nginx