Skip to content
Snippets Groups Projects
Select Git revision
  • master default
  • registry-mirror
  • nginx-default-site
  • acmeserver2
  • clickhouse
  • improve-dns-toplevel-probes
  • tabacco-in-container
  • rsyslog-modern-json
  • improve-service-discovery
  • prometheus-external-healthchecks
  • env-vars-in-include-paths
  • dns-resolver
  • service-turndown
  • use_proxy_protocol
  • loki
  • docs_operating
  • net-overlay_firewall_containers
  • webdiff
18 results

nginx-vhost.j2

Blame
    • nginx-vhost.j2 2.96 KiB 
    {% macro config_location(pe_config, shard) %}
{% set upstream = float_http_upstreams[pe_config.float_upstream_name] %}
{% if pe_config.path != '/' %}
        location = {{ pe_config.path.rstrip('/') }} {
                return 301 {{ pe_config.path }}?$query_string;
        }
{% endif %}
        location {{ pe_config.path }} {
                include /etc/nginx/snippets/block.conf;
                include /etc/nginx/snippets/proxy.conf;
{% if not upstream.enable_sso_proxy and not upstream.enable_api_proxy and pe_config.get('scheme', 'https') == 'https' %}
                proxy_pass https://{{ pe_config.float_upstream_name }}{% if upstream.sharded and shard %}_{{ shard }}{% endif %};
                include /etc/nginx/snippets/proxy-ssl.conf;
                proxy_ssl_name {{ upstream.service_name }}.{{ domain }};
{% else %}
                proxy_pass http://{{ pe_config.float_upstream_name }}{% if upstream.sharded and shard %}_{{ shard }}{% endif %};
{% endif %}
{% if not upstream.enable_sso_proxy and not upstream.enable_api_proxy %}
                proxy_cache global;
{% endif %}
        }
{% endmacro -%}

{% macro config_vhost(endpoint, shard=None) %}
server {
        listen [::]:{{ nginx_https_port }} http2 ssl;
{% if endpoint.get('domains') %}
        server_name {{ endpoint.domains | join(' ') }};
{% else %}
        server_name {% for d in domain_public %}{% if shard %}{{ shard }}.{% endif %}{{ endpoint.name }}.{{ d }} {% endfor %};
{% endif %}

{% if endpoint.get('domains') %}
        ssl_certificate /etc/credentials/public/{{ endpoint.domains[0] }}/fullchain.pem;
        ssl_certificate_key /etc/credentials/public/{{ endpoint.domains[0] }}/privkey.pem;
{% else %}
        ssl_certificate /etc/credentials/public/{{ endpoint.name }}.{{ domain_public[0] }}/fullchain.pem;
        ssl_certificate_key /etc/credentials/public/{{ endpoint.name }}.{{ domain_public[0] }}/privkey.pem;
{% endif %}

        include /etc/nginx/snippets/site-common.conf;

{#
    When multiple locations are defined, we must make sure
    that / comes last.
#}
{% set pe_list = endpoint.float_path_map.values() | sort(attribute='path', reverse=True) %}
{% for pe_config in pe_list %}
{{ config_location(pe_config, shard) }}
{% endfor %}

{# Output any custom configuration #}
{% if endpoint.extra_nginx_config | default(None) %}{{ endpoint.extra_nginx_config }}{% endif %}
}
{% endmacro -%}

{% for endpoint in float_http_endpoints.values() | sort(attribute='name') %}
{% if endpoint.get('autoconfig', True) %}
{% if endpoint.sharded %}
{#
    For sharded domains, what matters is the sharding of /.

    Similarly, setting autoconfig=False on the / endpoint will
    disable generation of the entire virtual host.
#}
{% set root_upstream = float_http_upstreams[endpoint.float_path_map['/'].float_upstream_name] %}
{% for h in services[root_upstream.service_name].hosts|sort %}
{{ config_vhost(endpoint, hostvars[h]['shard_id']) }}
{% endfor %}
{% else %}
    {{ config_vhost(endpoint) }}
{% endif %}
{% endif %}
{% endfor %}