157 lines
4.2 KiB
Django/Jinja
157 lines
4.2 KiB
Django/Jinja
# {{ ansible_managed }}
|
|
|
|
{% if nginx_upstreams is defined %}
|
|
# Upstreams
|
|
{% for upstream in nginx_upstreams | dict2items %}
|
|
{% if upstream.value.servers | length != 0 %}
|
|
upstream {{ upstream.key }} {
|
|
{% if upstream.value.method is defined %}
|
|
{{ upstream.value.method }};
|
|
{% endif %}
|
|
{% for server in upstream.value.servers %}
|
|
{% if server | int != 0 %}
|
|
server 127.0.0.1:{{ server }};
|
|
{% else %}
|
|
server {{ server }};
|
|
{% endif %}
|
|
{% endfor %}
|
|
}
|
|
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if nginx_maps is defined %}
|
|
{% for map in nginx_maps | dict2items %}
|
|
{% if map.value.var | length != 0 %}
|
|
map ${{ map.value.var }} ${{ map.key }} {
|
|
{% for rule in map.value.rules | dict2items %}
|
|
{{ rule.key }} {{ rule.value }};
|
|
{% endfor %}
|
|
}
|
|
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if nginx_certbot %}
|
|
# HTTP -> HTTPS redirect
|
|
server {
|
|
listen 0.0.0.0:80 default_server;
|
|
{% if ansible_default_ipv6.address is defined %}
|
|
listen [::]:80 default_server;
|
|
{% endif %}
|
|
server_name {{ ansible_fqdn }};
|
|
location / {
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
}
|
|
{% endif %}
|
|
|
|
# Websocket map
|
|
map $http_upgrade $connection_upgrade {
|
|
default upgrade;
|
|
'' close;
|
|
}
|
|
|
|
{% for server in nginx_servers %}
|
|
server {
|
|
{% for listener in server.listen | default([{}]) %}
|
|
{% if listener.ip | default('all') == 'all' %}
|
|
listen 0.0.0.0:{{ listener.port | default('443' if nginx_certbot else '80') }} {{ 'ssl http2 ' if nginx_certbot else '' }}{{ 'default_server' if server.name is not defined or server.name == ansible_fqdn }};
|
|
{% if ansible_default_ipv6.address is defined %}
|
|
listen [::]:{{ listener.port | default('443' if nginx_certbot else '80') }} {{ 'ssl http2 ' if nginx_certbot else '' }}{{ 'default_server' if server.name is not defined or server.name == ansible_fqdn }};
|
|
{% endif %}
|
|
server_name {{ server.name | default(ansible_fqdn) }};
|
|
|
|
{% elif listener.ip == 'localhost' %}
|
|
listen 127.0.0.1:{{ listener.port }} default_server;
|
|
{% if ansible_default_ipv6.address is defined %}
|
|
listen [::1]:{{ listener.port }} default_server;
|
|
{% endif %}
|
|
server_name localhost;
|
|
{% endif %}
|
|
{% endfor %}
|
|
|
|
{% if server.return is defined %}
|
|
# Sipmle returns
|
|
{% for return in server.return %}
|
|
location {{ return.location }} {
|
|
return {{ return.type | default('200') }} '{{ return.content | to_json if return.content_type | default('plain') == 'json' else return.content }}';
|
|
{% if return.headers is mapping %}
|
|
{% for header in return.headers | dict2items %}
|
|
add_header {{ header.key }} {{ header.value }};
|
|
{% endfor %}
|
|
{% endif %}
|
|
}
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if server.reverse_proxy is defined %}
|
|
# Reverse proxy
|
|
{% for upstream in server.reverse_proxy %}
|
|
{% if nginx_upstreams[upstream].servers | length != 0 %}
|
|
|
|
# {{ upstream }}
|
|
{% for location in nginx_upstreams[upstream].locations | default([{'name': '/'}]) %}
|
|
|
|
{% if location.name | length != 0 %}
|
|
location {{ location.name }} {
|
|
proxy_pass http://{{ upstream }};
|
|
{% if location.proxy_headers is mapping %}
|
|
{% for header in location.proxy_headers | dict2items %}
|
|
proxy_set_header {{ header.key }} {{ header.value }};
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if nginx_proxy_headers is mapping %}
|
|
{% for header in nginx_proxy_headers | dict2items %}
|
|
{% if location.proxy_headers[header.key] is not defined %}
|
|
proxy_set_header {{ header.key }} {{ header.value }};
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if location.additional_options is defined %}
|
|
{% for item in location.additional_options %}
|
|
{{ item }};
|
|
{% endfor %}
|
|
{% endif %}
|
|
}
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% endfor %}
|
|
{% endif %}
|
|
|
|
{% if server.reverse_proxy_map is defined %}
|
|
# Mapping reverse proxy
|
|
{% for map in server.reverse_proxy_map %}
|
|
{% if nginx_maps[map].var | length != 0 %}
|
|
|
|
# {{ map }}
|
|
{% for location in nginx_maps[map].locations %}
|
|
|
|
{% if location.name | length != 0 %}
|
|
location {{ location.name }} {
|
|
proxy_pass http://${{ map }};
|
|
{% if nginx_proxy_headers is mapping %}
|
|
{% for header in nginx_proxy_headers | dict2items %}
|
|
proxy_set_header {{ header.key }} {{ header.value }};
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% if location.additional_options is defined %}
|
|
{% for item in location.additional_options %}
|
|
{{ item }};
|
|
{% endfor %}
|
|
{% endif %}
|
|
}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
{% endfor %}
|
|
{% endif %}
|
|
}
|
|
|
|
{% endfor %}
|