Skip to content
Snippets Groups Projects
Select Git revision
  • master default
  • registry-mirror
  • nginx-default-site
  • acmeserver2
  • clickhouse
  • improve-dns-toplevel-probes
  • tabacco-in-container
  • rsyslog-modern-json
  • improve-service-discovery
  • prometheus-external-healthchecks
  • env-vars-in-include-paths
  • dns-resolver
  • service-turndown
  • use_proxy_protocol
  • loki
  • docs_operating
  • net-overlay_firewall_containers
  • webdiff
18 results

nginx-vhost.j2

Blame
  • nginx-vhost.j2 2.96 KiB
    {% macro config_location(pe_config, shard) %}
    {% set upstream = float_http_upstreams[pe_config.float_upstream_name] %}
    {% if pe_config.path != '/' %}
            location = {{ pe_config.path.rstrip('/') }} {
                    return 301 {{ pe_config.path }}?$query_string;
            }
    {% endif %}
            location {{ pe_config.path }} {
                    include /etc/nginx/snippets/block.conf;
                    include /etc/nginx/snippets/proxy.conf;
    {% if not upstream.enable_sso_proxy and not upstream.enable_api_proxy and pe_config.get('scheme', 'https') == 'https' %}
                    proxy_pass https://{{ pe_config.float_upstream_name }}{% if upstream.sharded and shard %}_{{ shard }}{% endif %};
                    include /etc/nginx/snippets/proxy-ssl.conf;
                    proxy_ssl_name {{ upstream.service_name }}.{{ domain }};
    {% else %}
                    proxy_pass http://{{ pe_config.float_upstream_name }}{% if upstream.sharded and shard %}_{{ shard }}{% endif %};
    {% endif %}
    {% if not upstream.enable_sso_proxy and not upstream.enable_api_proxy %}
                    proxy_cache global;
    {% endif %}
            }
    {% endmacro -%}
    
    {% macro config_vhost(endpoint, shard=None) %}
    server {
            listen [::]:{{ nginx_https_port }} http2 ssl;
    {% if endpoint.get('domains') %}
            server_name {{ endpoint.domains | join(' ') }};
    {% else %}
            server_name {% for d in domain_public %}{% if shard %}{{ shard }}.{% endif %}{{ endpoint.name }}.{{ d }} {% endfor %};
    {% endif %}
    
    {% if endpoint.get('domains') %}
            ssl_certificate /etc/credentials/public/{{ endpoint.domains[0] }}/fullchain.pem;
            ssl_certificate_key /etc/credentials/public/{{ endpoint.domains[0] }}/privkey.pem;
    {% else %}
            ssl_certificate /etc/credentials/public/{{ endpoint.name }}.{{ domain_public[0] }}/fullchain.pem;
            ssl_certificate_key /etc/credentials/public/{{ endpoint.name }}.{{ domain_public[0] }}/privkey.pem;
    {% endif %}
    
            include /etc/nginx/snippets/site-common.conf;
    
    {#
        When multiple locations are defined, we must make sure
        that / comes last.
    #}
    {% set pe_list = endpoint.float_path_map.values() | sort(attribute='path', reverse=True) %}
    {% for pe_config in pe_list %}
    {{ config_location(pe_config, shard) }}
    {% endfor %}
    
    {# Output any custom configuration #}
    {% if endpoint.extra_nginx_config | default(None) %}{{ endpoint.extra_nginx_config }}{% endif %}
    }
    {% endmacro -%}
    
    {% for endpoint in float_http_endpoints.values() | sort(attribute='name') %}
    {% if endpoint.get('autoconfig', True) %}
    {% if endpoint.sharded %}
    {#
        For sharded domains, what matters is the sharding of /.
    
        Similarly, setting autoconfig=False on the / endpoint will
        disable generation of the entire virtual host.
    #}
    {% set root_upstream = float_http_upstreams[endpoint.float_path_map['/'].float_upstream_name] %}
    {% for h in services[root_upstream.service_name].hosts|sort %}
    {{ config_vhost(endpoint, hostvars[h]['shard_id']) }}
    {% endfor %}
    {% else %}
    {{ config_vhost(endpoint) }}
    {% endif %}
    {% endif %}
    {% endfor %}