Gitiles
Code Review Sign In
gerrit.opencord.org / ansible / role / nginx / b313baee16bd5606f793dea1b367f1ec07fbeefd / . / templates / vhost.conf.j2
blob: 94ea8da0f06c5a650ead5ecc37a3eb78372456af [file] [log] [blame]
Zack Williamsb313bae2020-04-22 22:00:53 -0700[diff] [blame^]1# nginx templates/vhost.conf.j2 - {{ ansible_managed }}
2#
3# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
4# SPDX-License-Identifier: Apache-2.0
5
6{% if item.aliases is defined %}
7# Redirection of aliases to canonical URL
8server {
9 server_name {{ item.aliases | join(" ") }};
10
11 listen {{ item.insecure_port | default("80") }};
12 listen [::]:{{ item.insecure_port | default("80") }};
13{% if item.tls is defined and item.tls %}
14 listen {{ item.secure_port | default("443") }} ssl http2;
15 listen [::]:{{ item.secure_port | default("443") }} ssl http2;
16
17 ssl_certificate {{ certificate_dir }}/{{ item.cert_name | default(item.name) }}/fullchain.pem;
18 ssl_certificate_key {{ certificate_dir }}/{{ item.cert_name | default(item.name) }}/privkey.pem;
19{% endif %}
20
21 # serve ACME Challenges
22 location /.well-known/acme-challenge {
23 root {{ acme_challenge_dir }};
24 }
25
26{% if item.strip_request_uri is defined and item.strip_request_uri %}
27{% set uri = "" %}
28{% else %}
29{% set uri = "$request_uri" %}
30{% endif %}
31 location / {
32 return 301 {{ item.redirect_url | default("https://" ~ item.name) }}{{ uri }};
33 }
34}
35
36{% endif %}
37{% if item.redirect_url is not defined %}
38{% if item.tls is defined and item.tls %}
39# HTTP -> HTTPS redirect
40server {
41 server_name {{ item.name }};
42
43 listen {{ item.insecure_port | default("80") }}{% if item.default_server is defined and item.default_server %} default_server{% endif %};
44 listen [::]:{{ item.insecure_port | default("80") }}{% if item.default_server is defined and item.default_server %} default_server{% endif %};
45
46 # serve ACME Challenges
47 location /.well-known/acme-challenge {
48 root {{ acme_challenge_dir }};
49 }
50
51 location / {
52 return 301 https://{{ item.name }}$request_uri;
53 }
54}
55
56{% endif %}
57# Server with content
58server {
59 server_name {{ item.name }};
60
61 # Listening ports
62{% if item.tls is defined and item.tls %}
63 listen {{ item.secure_port | default("443") }} ssl http2 {% if item.default_server is defined and item.default_server %} default_server{% endif %};
64 listen [::]:{{ item.secure_port | default("443") }} ssl http2 {% if item.default_server is defined and item.default_server %} default_server{% endif %};
65
66 ssl_certificate {{ certificate_dir }}/{{ item.cert_name | default(item.name) }}/fullchain.pem;
67 ssl_certificate_key {{ certificate_dir }}/{{ item.cert_name | default(item.name) }}/privkey.pem;
68{% else %}
69 listen {{ item.insecure_port | default("80") }}{% if item.default_server is defined and item.default_server %} default_server{% endif %};
70 listen [::]:{{ item.insecure_port | default("80") }}{% if item.default_server is defined and item.default_server %} default_server{% endif %};
71
72 # serve ACME Challenges
73 location /.well-known/acme-challenge {
74 root {{ acme_challenge_dir }};
75 }
76{% endif %}
77
78 # logfile locations
79 access_log {{ nginx_log_dir }}/{{ item.name }}_access.log;
80 error_log {{ nginx_log_dir }}/{{ item.name }}_error.log;
81
82{% if item.extra_config is defined and item.extra_config %}
83 # extra config
84 {{ item.extra_config | indent(2) }}
85
86{% endif %}
87 location / {
88{% if item.auth_scope is defined and item.auth_scope %}
89 auth_basic "{{ item.auth_scope }}";
90 auth_basic_user_file "{{ nginx_auth_basic_dir }}/{{ item.auth_scope }}.htpasswd";
91{% endif %}
92{% if item.proxy_pass is not defined or not item.proxy_pass %}
93 # Static site configuration
94{% if item.custom_root is defined and item.custom_root %}
95 root {{ item.custom_root }};
96{% else %}
97 root {{ nginx_static_dir }}/{{ item.name }};
98{% endif %}
99 index index.html index.htm;
100{% if item.autoindex is defined and item.autoindex %}
101 autoindex on;
102 autoindex_exact_size on;
103{% endif %}
104{% else %}
105 # Proxy configuration
106 proxy_pass {{ item.proxy_pass }};
107 proxy_buffering off;
108 proxy_http_version 1.1;
109 proxy_read_timeout 60;
110 proxy_connect_timeout 90;
111
112 proxy_set_header Host $host;
113 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
114 proxy_set_header X-Forwarded-Proto $scheme;
115 proxy_set_header X-Real-IP $remote_addr;
116 proxy_set_header Accept-Encoding "";
117{% endif %}
118 }
119}
120{% endif %}