Select Git revision
nginx-vhost.j2
nginx-vhost.j2 2.96 KiB
{% macro config_location(pe_config, shard) %}
{% set upstream = float_http_upstreams[pe_config.float_upstream_name] %}
{% if pe_config.path != '/' %}
location = {{ pe_config.path.rstrip('/') }} {
return 301 {{ pe_config.path }}?$query_string;
}
{% endif %}
location {{ pe_config.path }} {
include /etc/nginx/snippets/block.conf;
include /etc/nginx/snippets/proxy.conf;
{% if not upstream.enable_sso_proxy and not upstream.enable_api_proxy and pe_config.get('scheme', 'https') == 'https' %}
proxy_pass https://{{ pe_config.float_upstream_name }}{% if upstream.sharded and shard %}_{{ shard }}{% endif %};
include /etc/nginx/snippets/proxy-ssl.conf;
proxy_ssl_name {{ upstream.service_name }}.{{ domain }};
{% else %}
proxy_pass http://{{ pe_config.float_upstream_name }}{% if upstream.sharded and shard %}_{{ shard }}{% endif %};
{% endif %}
{% if not upstream.enable_sso_proxy and not upstream.enable_api_proxy %}
proxy_cache global;
{% endif %}
}
{% endmacro -%}
{% macro config_vhost(endpoint, shard=None) %}
server {
listen [::]:{{ nginx_https_port }} http2 ssl;
{% if endpoint.get('domains') %}
server_name {{ endpoint.domains | join(' ') }};
{% else %}
server_name {% for d in domain_public %}{% if shard %}{{ shard }}.{% endif %}{{ endpoint.name }}.{{ d }} {% endfor %};
{% endif %}
{% if endpoint.get('domains') %}
ssl_certificate /etc/credentials/public/{{ endpoint.domains[0] }}/fullchain.pem;
ssl_certificate_key /etc/credentials/public/{{ endpoint.domains[0] }}/privkey.pem;
{% else %}
ssl_certificate /etc/credentials/public/{{ endpoint.name }}.{{ domain_public[0] }}/fullchain.pem;
ssl_certificate_key /etc/credentials/public/{{ endpoint.name }}.{{ domain_public[0] }}/privkey.pem;
{% endif %}
include /etc/nginx/snippets/site-common.conf;
{#
When multiple locations are defined, we must make sure
that / comes last.
#}
{% set pe_list = endpoint.float_path_map.values() | sort(attribute='path', reverse=True) %}
{% for pe_config in pe_list %}
{{ config_location(pe_config, shard) }}
{% endfor %}
{# Output any custom configuration #}
{% if endpoint.extra_nginx_config | default(None) %}{{ endpoint.extra_nginx_config }}{% endif %}
}
{% endmacro -%}
{% for endpoint in float_http_endpoints.values() | sort(attribute='name') %}
{% if endpoint.get('autoconfig', True) %}
{% if endpoint.sharded %}
{#
For sharded domains, what matters is the sharding of /.
Similarly, setting autoconfig=False on the / endpoint will
disable generation of the entire virtual host.
#}
{% set root_upstream = float_http_upstreams[endpoint.float_path_map['/'].float_upstream_name] %}
{% for h in services[root_upstream.service_name].hosts|sort %}
{{ config_vhost(endpoint, hostvars[h]['shard_id']) }}
{% endfor %}
{% else %}
{{ config_vhost(endpoint) }}
{% endif %}
{% endif %}
{% endfor %}