nginx-vhost.j2 2.73 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
{% macro config_location(pe_config, shard) %}
{% set upstream = float_http_upstreams[pe_config.float_upstream_name] %}
{% if pe_config.path != '/' %}
        location = {{ pe_config.path.rstrip('/') }} {
                return 301 {{ pe_config.path }}?$query_string;
        }
{% endif %}
        location {{ pe_config.path }} {
                include /etc/nginx/snippets/block.conf;
                include /etc/nginx/snippets/proxy.conf;
{% if not upstream.enable_sso_proxy and pe_config.get('scheme', 'https') == 'https' %}
                proxy_pass https://{{ pe_config.float_upstream_name }}{% if upstream.sharded and shard %}_{{ shard }}{% endif %};
                include /etc/nginx/snippets/proxy-ssl.conf;
                proxy_ssl_name {{ upstream.service_name }}.{{ domain }};
{% else %}
                proxy_pass http://{{ pe_config.float_upstream_name }}{% if upstream.sharded and shard %}_{{ shard }}{% endif %};
17 18 19
{% endif %}
{% if not upstream.enable_sso_proxy %}
                proxy_cache global;
20 21 22 23
{% endif %}
        }
{% endmacro -%}

24
{% macro config_vhost(endpoint, shard=None) %}
ale's avatar
ale committed
25
server {
26
        listen [::]:{{ nginx_https_port }} http2;
27
{% if endpoint.domains %}
godog's avatar
godog committed
28
        server_name {{ endpoint.domains | join(' ') }};
ale's avatar
ale committed
29
{% else %}
30
        server_name {% for d in domain_public %}{% if shard %}{{ shard }}.{% endif %}{{ endpoint.name }}.{{ d }} {% endfor %}{% if shard %}{{ shard }}.{% endif %}{{ endpoint.name }}.{{ domain }};
ale's avatar
ale committed
31 32 33
{% endif %}

        ssl on;
godog's avatar
godog committed
34 35
        ssl_certificate /etc/credentials/public/{{ endpoint.name }}.{{ domain_public[0] }}/fullchain.pem;
        ssl_certificate_key /etc/credentials/public/{{ endpoint.name }}.{{ domain_public[0] }}/privkey.pem;
ale's avatar
ale committed
36

37
        include /etc/nginx/snippets/site-common.conf;
ale's avatar
ale committed
38

39 40 41 42 43 44
{#
    When multiple locations are defined, we must make sure
    that / comes last.
#}
{% set pe_list = endpoint.float_path_map.values() | sort(attribute='path', reverse=True) %}
{% for pe_config in pe_list %}
ale's avatar
ale committed
45
{{ config_location(pe_config, shard) }}
46
{% endfor %}
47 48

{# Output any custom configuration #}
ale's avatar
ale committed
49
{% if endpoint.extra_nginx_config | default(None) %}{{ endpoint.extra_nginx_config }}{% endif %}
ale's avatar
ale committed
50
}
51
{% endmacro -%}
ale's avatar
ale committed
52

ale's avatar
ale committed
53
{% for endpoint in float_http_endpoints.values() | sort(attribute='name') %}
54
{% if endpoint.get('autoconfig', True) %}
55 56
{% if endpoint.sharded %}
{#
57 58 59 60
    For sharded domains, what matters is the sharding of /.

    Similarly, setting autoconfig=False on the / endpoint will
    disable generation of the entire virtual host.
61
#}
ale's avatar
ale committed
62
{% set root_upstream = float_http_upstreams[endpoint.float_path_map['/'].float_upstream_name] %}
ale's avatar
ale committed
63
{% for h in groups[root_upstream.service_name]|sort %}
64
{{ config_vhost(endpoint, hostvars[h]['shard_id']) }}
ale's avatar
ale committed
65 66
{% endfor %}
{% else %}
67
{{ config_vhost(endpoint) }}
ale's avatar
ale committed
68
{% endif %}
69
{% endif %}
70
{% endfor %}