fossilfranv/nginx-proxy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: mv base server block config to template

Browse Source
This commit is contained in:
Nicolas Duchon 2022-12-27 22:10:27 +01:00
parent 248dc28fd3
commit 99ee61a15d
1 changed files with 43 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
nginx.tmpl
View File

@ -144,6 +144,25 @@ upstream {{ .Upstream }} {
} }
{{ end }} {{ end }}
{{ define "server_config" }}
server_name {{ .Host }};
{{ if .ServerTokens }}
server_tokens {{ .ServerTokens }};
{{ end }}
{{ if .SSL }}
listen {{ .Port }} ssl http2 {{ .DefaultServer }};
{{ if .EnableIPv6 }}
listen [::]:{{ .Port }} ssl http2 {{ .DefaultServer }};
{{ end }}
{{ else }}
listen {{ .Port }} {{ .DefaultServer }};
{{ if .EnableIPv6 }}
listen [::]:{{ .Port }} {{ .DefaultServer }};
{{ end }}
{{ end }}
{{ .AccessLog }}
{{ end }}
{{ if ne $nginx_proxy_version "" }} {{ if ne $nginx_proxy_version "" }}
# nginx-proxy version : {{ $nginx_proxy_version }} # nginx-proxy version : {{ $nginx_proxy_version }}
{{ end }} {{ end }}
@ -313,21 +332,24 @@ server {
{{/* Use the cert specified on the container or fallback to the best vhost match */}} {{/* Use the cert specified on the container or fallback to the best vhost match */}}
{{ $cert := (coalesce $certName $vhostCert) }} {{ $cert := (coalesce $certName $vhostCert) }}
{{ $baseServerConfig := dict
"Host" $host
"ServerTokens" $server_tokens
"DefaultServer" $default_server
"EnableIPv6" $enable_ipv6
"AccessLog" $access_log
}}
{{ $is_https := (and (ne $https_method "nohttps") (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }} {{ $is_https := (and (ne $https_method "nohttps") (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }}
{{ if $is_https }} {{ if $is_https }}
{{ if eq $https_method "redirect" }} {{ if eq $https_method "redirect" }}
server { server {
server_name {{ $host }}; {{ template "server_config" (deepCopy $baseServerConfig | mustMerge (dict
{{ if $server_tokens }} "SSL" false
server_tokens {{ $server_tokens }}; "Port" $external_http_port
{{ end }} )) }}
listen {{ $external_http_port }} {{ $default_server }};
{{ if $enable_ipv6 }}
listen [::]:{{ $external_http_port }} {{ $default_server }};
{{ end }}
{{ $access_log }}
# Do not HTTPS redirect ACME challenge # Do not HTTPS redirect ACME challenge
location ^~ /.well-known/acme-challenge/ { location ^~ /.well-known/acme-challenge/ {
@ -350,15 +372,10 @@ server {
{{ end }} {{ end }}
server { server {
server_name {{ $host }}; {{ template "server_config" (deepCopy $baseServerConfig | mustMerge (dict
{{ if $server_tokens }} "SSL" true
server_tokens {{ $server_tokens }}; "Port" $external_https_port
{{ end }} )) }}
listen {{ $external_https_port }} ssl http2 {{ $default_server }};
{{ if $enable_ipv6 }}
listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }};
{{ end }}
{{ $access_log }}
{{ template "ssl_policy" (dict "ssl_policy" $ssl_policy) }} {{ template "ssl_policy" (dict "ssl_policy" $ssl_policy) }}
@ -421,15 +438,10 @@ server {
{{ if or (not $is_https) (eq $https_method "noredirect") }} {{ if or (not $is_https) (eq $https_method "noredirect") }}
server { server {
server_name {{ $host }}; {{ template "server_config" (deepCopy $baseServerConfig | mustMerge (dict
{{ if $server_tokens }} "SSL" false
server_tokens {{ $server_tokens }}; "Port" $external_http_port
{{ end }} )) }}
listen {{ $external_http_port }} {{ $default_server }};
{{ if $enable_ipv6 }}
listen [::]:{{ $external_http_port }} {{ $default_server }};
{{ end }}
{{ $access_log }}
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }} {{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
include {{ printf "/etc/nginx/vhost.d/%s" $host }}; include {{ printf "/etc/nginx/vhost.d/%s" $host }};
@ -466,15 +478,10 @@ server {
{{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }} {{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
server { server {
server_name {{ $host }}; {{ template "server_config" (deepCopy $baseServerConfig | mustMerge (dict
{{ if $server_tokens }} "SSL" true
server_tokens {{ $server_tokens }}; "Port" $external_https_port
{{ end }} )) }}
listen {{ $external_https_port }} ssl http2 {{ $default_server }};
{{ if $enable_ipv6 }}
listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }};
{{ end }}
{{ $access_log }}
return 500; return 500;
ssl_certificate /etc/nginx/certs/default.crt; ssl_certificate /etc/nginx/certs/default.crt;