Home Explore Help
Register Sign In
FreifunkHochstift
/
ffho-salt-public
2
0
Fork 2
Files Issues 0 Pull Requests 0
Tree: f2aadbff7e
Branches Tags
ffho-salt-pu...
/
nginx
/
ff-frontend.conf

ff-frontend.conf 2.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 
  1. #
    2. 

  2. # FF Frontend configuration (Salt managed)
    3. 

  3. #
    4. 

  4. 

  5. {%- set acme_thumbprint = salt['pillar.get']('acme:thumbprint', False) %}
    6. 

  6. 

  7. {%- for domain, config in pillar.get('frontend', {}).items()|sort if 'file' not in config %}
    8. 

  8.   {%- set https = domain in salt['pillar.get']('cert', {}) and salt['pillar.get']('frontend:' ~ domain ~ ':https', True) %}
    9. 

  9.   {%- set http = salt['pillar.get']('frontend:' ~ domain ~ ':http', not https) %}
    10. 

  10.   {%- set host = salt['pillar.get']('frontend:' ~ domain ~ ':host', domain) %}
    11. 

  11. 

  12. #
    13. 

  13. # {{ domain }}
    14. 

  14. server {
    15. 

  15.   {%- if http %}
    16. 

  16. 	listen 80{% if http == 'default_server' %} default_server{% endif %};
    17. 

  17. 	listen [::]:80{% if http == 'default_server' %} default_server{% endif %};
    18. 

  18.   {%- endif %}
    19. 

  19.   {%- if https %}
    20. 

  20. 	listen 443{% if https == 'default_server' %} default_server{% endif %};
    21. 

  21. 	listen [::]:443{% if https == 'default_server' %} default_server{% endif %};
    22. 

  22.   {%- endif %}
    23. 

  23. 

  24.   {#- set server_name #}
    25. 

  25.   {%- if 'server_name' in config %}
    26. 

  26. 	server_name {{ config.server_name }};
    27. 

  27.   {%- elif 'domains' in config %}
    28. 

  28.     {%- set domains = config.domains %}
    29. 

  29.     {%- do domains.append(domain) %}
    30. 

  30. 	server_name ~^({{ domains|join('|') }})$;
    31. 

  31.   {%- else %}
    32. 

  32. 	server_name "{{ domain }}";
    33. 

  33.   {%- endif %}
    34. 

  34. 

  35.   {%- if https %}
    36. 

  36. 	ssl on;
    37. 

  37. 	ssl_certificate /etc/ssl/certs/{{ domain }}.cert.pem;
    38. 

  38. 	ssl_certificate_key /etc/ssl/private/{{ domain }}.key.pem;
    39. 

  39.   {%- endif %}
    40. 

  40. 

  41.   {%- if 'proxy_pass' in config %}
    42. 

  42. 	location / {
    43. 

  43. 		proxy_pass		{{ config.proxy_pass }};
    44. 

  44. 		proxy_redirect		default;
    45. 

  45. 		proxy_set_header	Host "{{ host }}";
    46. 

  46. 		proxy_set_header	X-Forwarded-For $remote_addr;
    47. 

  47. 	}
    48. 

  48.   {%- elif 'redirect' in config %}
    49. 

  49. 	location / {
    50. 

  50. 		return 302 {{ config.redirect }};
    51. 

  51. 	}
    52. 

  52.   {%- elif 'location' in config %}
    53. 

  53.     {%- for location, loc_conf in config.location.items()|sort %}
    54. 

  54. 	location {{ location }} {
    55. 

  55.       {%- if 'proxy_pass' in loc_conf %}
    56. 

  56.         {%- set loc_host = salt['pillar.get']('frontend:' ~ domain ~ ':location:' ~ location ~ ':host', host) %}
    57. 

  57. 		proxy_pass		{{ loc_conf.proxy_pass }};
    58. 

  58. 		proxy_redirect		default;
    59. 

  59. 		proxy_set_header	Host "{{ loc_host }}";
    60. 

  60. 		proxy_set_header	X-Forwarded-For $remote_addr;
    61. 

  61.       {%- elif 'redirect' in loc_conf %}
    62. 

  62. 		return 302 {{ loc_conf.redirect }};
    63. 

  63.       {%- endif %}
    64. 

  64. 	}
    65. 

  65.     {% endfor %}
    66. 

  66.   {%- endif %}
    67. 

  67. 

  68.   {%- if acme_thumbprint %}
    69. 

  69. 	location ~ "^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$" {
    70. 

  70. 		default_type text/plain;
    71. 

  71. 		return 200 "$1.{{ acme_thumbprint }}";
    72. 

  72. 	}
    73. 

  73.   {%- endif %}
    74. 

  74. }
    75. 

  75. {%- endfor %}
    76.