|
|
|
@ -449,7 +449,44 @@ server { |
|
|
|
listen [::]:443 ssl http2 {{ $default_server }}; |
|
|
|
{{ end }} |
|
|
|
access_log /var/log/nginx/access.log vhost; |
|
|
|
{{/* Enable usage of self-signed SSL certificate if .local hostname */}} |
|
|
|
{{ if hasSuffix "local" $host }} |
|
|
|
{{ if eq $network_tag "internal" }} |
|
|
|
# Only allow traffic from internal clients |
|
|
|
include /etc/nginx/network_internal.conf; |
|
|
|
{{ end }} |
|
|
|
|
|
|
|
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }} |
|
|
|
include {{ printf "/etc/nginx/vhost.d/%s" $host }}; |
|
|
|
{{ else if (exists "/etc/nginx/vhost.d/default") }} |
|
|
|
include /etc/nginx/vhost.d/default; |
|
|
|
{{ end }} |
|
|
|
|
|
|
|
location / { |
|
|
|
{{ if eq $proto "uwsgi" }} |
|
|
|
include uwsgi_params; |
|
|
|
uwsgi_pass {{ trim $proto }}://{{ trim $upstream_name }}; |
|
|
|
{{ else if eq $proto "fastcgi" }} |
|
|
|
root {{ trim $vhost_root }}; |
|
|
|
include fastcgi.conf; |
|
|
|
fastcgi_pass {{ trim $upstream_name }}; |
|
|
|
{{ else }} |
|
|
|
proxy_pass {{ trim $proto }}://{{ trim $upstream_name }}; |
|
|
|
{{ end }} |
|
|
|
{{ if (exists (printf "/etc/nginx/htpasswd/%s" $host)) }} |
|
|
|
auth_basic "Restricted {{ $host }}"; |
|
|
|
auth_basic_user_file {{ (printf "/etc/nginx/htpasswd/%s" $host) }}; |
|
|
|
{{ end }} |
|
|
|
{{ if (exists (printf "/etc/nginx/vhost.d/%s_location" $host)) }} |
|
|
|
include {{ printf "/etc/nginx/vhost.d/%s_location" $host}}; |
|
|
|
{{ else if (exists "/etc/nginx/vhost.d/default_location") }} |
|
|
|
include /etc/nginx/vhost.d/default_location; |
|
|
|
{{ end }} |
|
|
|
} |
|
|
|
{{ template "redirects" (dict "HostName" $host_name "Containers" $) }} |
|
|
|
{{ else }} |
|
|
|
return 500; |
|
|
|
{{ end }} |
|
|
|
|
|
|
|
ssl_certificate /etc/nginx/certs/default.crt; |
|
|
|
ssl_certificate_key /etc/nginx/certs/default.key; |
|
|
|
|
J. Maurice
5 years ago
Nicolas Dorier