90 lines
2.7 KiB
Text
90 lines
2.7 KiB
Text
{%- set auth = "blocked" -%}
|
|
{%- if pillar['nginx'][server]['https'] is defined -%}
|
|
{%- if pillar['nginx'][server]['auth'] is defined-%}
|
|
{%- set auth = pillar['nginx'][server]['auth'] -%}
|
|
{%- endif -%}
|
|
{%- endif -%}
|
|
{%- set wildcard = "" -%}
|
|
{%- if pillar['nginx'][server]['wildcard'] is defined -%}
|
|
{%- if pillar['nginx'][server]['wildcard'] -%}
|
|
{%- set wildcard = "*." ~ server ~ ".actcur.com" -%}
|
|
{%- endif -%}
|
|
{%- endif -%}
|
|
|
|
server {
|
|
listen 443 ssl;
|
|
server_name {{server}}.actcur.com {{wildcard}};
|
|
|
|
resolver {{resolver}};
|
|
set $backend "https://{{server}}.actcur.com";
|
|
set $certbot "https://salt.actcur.com";
|
|
|
|
ssl_certificate /etc/nginx/certs/{{server}}.actcur.com/fullchain.pem;
|
|
ssl_certificate_key /etc/nginx/certs/{{server}}.actcur.com/privkey.pem;
|
|
ssl_session_cache shared:SSL:10m;
|
|
client_max_body_size 1024m;
|
|
|
|
location /.well-known/acme-challenge/ {
|
|
proxy_pass $certbot;
|
|
proxy_set_header Host $host;
|
|
}
|
|
|
|
{% set location="1" %}{% include 'roles/maintain/nginx-proxy/auth.conf' %}
|
|
|
|
{%- if auth != "blocked" %}
|
|
|
|
location / {
|
|
{% set location="2" %}{% include 'roles/maintain/nginx-proxy/auth.conf' %}
|
|
proxy_pass $backend;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
proxy_set_header X-Forwarded-Port 443;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
proxy_set_header X-Forwarded-Ssl on;
|
|
|
|
{%- if pillar['nginx'][server]['proxy_headers'] is defined -%}
|
|
{%- for header in pillar['nginx'][server]['proxy_headers'] %}
|
|
proxy_set_header {{header}} {{pillar['nginx'][server]['proxy_headers'][header]}};
|
|
{%- endfor %}
|
|
{%- endif %}
|
|
|
|
# re-write redirects to http as to https, example: /home
|
|
proxy_redirect http:// https://;
|
|
}
|
|
{%- endif %}
|
|
error_log /var/log/nginx/{{server}}_error.log;
|
|
access_log /var/log/nginx/{{server}}_access.log;
|
|
}
|
|
|
|
{%- if pillar['nginx'][server]['http'] is defined-%}
|
|
{%- if pillar['nginx'][server]['https']['auth'] is defined-%}
|
|
{%- set auth = pillar['nginx'][server]['https']['auth'] -%}
|
|
{%- else -%}
|
|
{%- set auth = "blocked" -%}
|
|
{%- endif -%}
|
|
server {
|
|
listen 80;
|
|
server_name {{server}}.actcur.com;
|
|
|
|
resolver {{resolver}};
|
|
set $backend "http://{{server}}.actcur.com";
|
|
set $certbot "http://salt.actcur.com";
|
|
client_max_body_size 1024m;
|
|
location /.well-known/acme-challenge/ {
|
|
proxy_pass $certbot;
|
|
proxy_set_header Host $host;
|
|
}
|
|
|
|
location / {
|
|
proxy_pass $backend;
|
|
proxy_set_header Host $host;
|
|
|
|
# re-write redirects to https as to http, example: /home
|
|
proxy_redirect https:// http://;
|
|
}
|
|
|
|
error_log /var/log/nginx/{{server}}_error.log;
|
|
access_log /var/log/nginx/{{server}}_access.log;
|
|
}
|
|
{%- endif -%}
|