123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 |
- #
- # FF Frontend configuration (Salt managed)
- #
- {%- set acme_thumbprint = salt['pillar.get']('acme:thumbprint', False) %}
- {%- for domain, config in pillar.get('frontend', {}).items()|sort if 'file' not in config %}
- {%- set https = domain in salt['pillar.get']('cert', {}) and salt['pillar.get']('frontend:' ~ domain ~ ':https', True) %}
- {%- set http = salt['pillar.get']('frontend:' ~ domain ~ ':http', not https) %}
- {%- set host = salt['pillar.get']('frontend:' ~ domain ~ ':host', domain) %}
- #
- # {{ domain }}
- server {
- {%- if http %}
- listen 80{% if http == 'default_server' %} default_server{% endif %};
- listen [::]:80{% if http == 'default_server' %} default_server{% endif %};
- {%- endif %}
- {%- if https %}
- listen 443{% if https == 'default_server' %} default_server{% endif %};
- listen [::]:443{% if https == 'default_server' %} default_server{% endif %};
- {%- endif %}
- {#- set server_name #}
- {%- if 'server_name' in config %}
- server_name {{ config.server_name }};
- {%- elif 'domains' in config %}
- {%- set domains = config.domains %}
- {%- do domains.append(domain) %}
- server_name ~^({{ domains|join('|') }})$;
- {%- else %}
- server_name "{{ domain }}";
- {%- endif %}
- {%- if https %}
- ssl on;
- ssl_certificate /etc/ssl/certs/{{ domain }}.cert.pem;
- ssl_certificate_key /etc/ssl/private/{{ domain }}.key.pem;
- {%- endif %}
- {%- if 'proxy_pass' in config %}
- location / {
- proxy_pass {{ config.proxy_pass }};
- proxy_redirect default;
- proxy_set_header Host "{{ host }}";
- proxy_set_header X-Forwarded-For $remote_addr;
- }
- {%- elif 'redirect' in config %}
- location / {
- return 302 {{ config.redirect }};
- }
- {%- elif 'location' in config %}
- {%- for location, loc_conf in config.location.items()|sort %}
- location {{ location }} {
- {%- if 'proxy_pass' in loc_conf %}
- {%- set loc_host = salt['pillar.get']('frontend:' ~ domain ~ ':location:' ~ location ~ ':host', host) %}
- proxy_pass {{ loc_conf.proxy_pass }};
- proxy_redirect default;
- proxy_set_header Host "{{ loc_host }}";
- proxy_set_header X-Forwarded-For $remote_addr;
- {%- elif 'redirect' in loc_conf %}
- return 302 {{ loc_conf.redirect }};
- {%- endif %}
- }
- {% endfor %}
- {%- endif %}
- {%- if acme_thumbprint %}
- location ~ "^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$" {
- default_type text/plain;
- return 200 "$1.{{ acme_thumbprint }}";
- }
- {%- endif %}
- }
- {%- endfor %}
|