Compare commits
3 Commits
main
...
refactor-t
| Author | SHA1 | Date | |
|---|---|---|---|
|
9dbb1b4153 | ||
|
|
99ee61a15d | ||
|
|
248dc28fd3 |
170
nginx.tmpl
170
nginx.tmpl
@ -83,7 +83,7 @@
|
||||
{{ else if (exists "/etc/nginx/vhost.d/default_location") }}
|
||||
include /etc/nginx/vhost.d/default_location;
|
||||
{{ end }}
|
||||
}
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
{{ define "upstream" }}
|
||||
@ -107,7 +107,13 @@ upstream {{ .Upstream }} {
|
||||
{{ end }}
|
||||
{{ range $knownNetwork := $networks }}
|
||||
{{ range $containerNetwork := sortObjectsByKeysAsc $container.Networks "Name" }}
|
||||
{{ if (and (ne $containerNetwork.Name "ingress") (or (eq $knownNetwork.Name $containerNetwork.Name) (eq $knownNetwork.Name "host"))) }}
|
||||
{{ if (and
|
||||
(ne $containerNetwork.Name "ingress")
|
||||
(or
|
||||
(eq $knownNetwork.Name $containerNetwork.Name)
|
||||
(eq $knownNetwork.Name "host")
|
||||
)
|
||||
)}}
|
||||
## Can be connected with "{{ $containerNetwork.Name }}" network
|
||||
{{ if $address }}
|
||||
{{/* If we got the containers from swarm and this container's port is published to host, use host IP:PORT */}}
|
||||
@ -144,6 +150,25 @@ upstream {{ .Upstream }} {
|
||||
}
|
||||
{{ end }}
|
||||
|
||||
{{ define "server_config" }}
|
||||
server_name {{ .Host }};
|
||||
{{ if .ServerTokens }}
|
||||
server_tokens {{ .ServerTokens }};
|
||||
{{ end }}
|
||||
{{ if .SSL }}
|
||||
listen {{ .Port }} ssl http2 {{ .DefaultServer }};
|
||||
{{ if .EnableIPv6 }}
|
||||
listen [::]:{{ .Port }} ssl http2 {{ .DefaultServer }};
|
||||
{{ end }}
|
||||
{{ else }}
|
||||
listen {{ .Port }} {{ .DefaultServer }};
|
||||
{{ if .EnableIPv6 }}
|
||||
listen [::]:{{ .Port }} {{ .DefaultServer }};
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{ .AccessLog }}
|
||||
{{ end }}
|
||||
|
||||
{{ if ne $nginx_proxy_version "" }}
|
||||
# nginx-proxy version : {{ $nginx_proxy_version }}
|
||||
{{ end }}
|
||||
@ -270,13 +295,23 @@ server {
|
||||
|
||||
{{ if eq $nPaths 0 }}
|
||||
# {{ $host }}
|
||||
{{ template "upstream" (dict "Upstream" $upstream_name "Containers" $containers "Networks" $CurrentContainer.Networks "Debug" $debug_all) }}
|
||||
{{ template "upstream" (dict
|
||||
"Upstream" $upstream_name
|
||||
"Containers" $containers
|
||||
"Networks" $CurrentContainer.Networks
|
||||
"Debug" $debug_all
|
||||
)}}
|
||||
{{ else }}
|
||||
{{ range $path, $containers := $paths }}
|
||||
{{ $sum := sha1 $path }}
|
||||
{{ $upstream := printf "%s-%s" $upstream_name $sum }}
|
||||
# {{ $host }}{{ $path }}
|
||||
{{ template "upstream" (dict "Upstream" $upstream "Containers" $containers "Networks" $CurrentContainer.Networks "Debug" $debug_all) }}
|
||||
{{ template "upstream" (dict
|
||||
"Upstream" $upstream
|
||||
"Containers" $containers
|
||||
"Networks" $CurrentContainer.Networks
|
||||
"Debug" $debug_all
|
||||
)}}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
|
||||
@ -313,23 +348,31 @@ server {
|
||||
{{/* Use the cert specified on the container or fallback to the best vhost match */}}
|
||||
{{ $cert := (coalesce $certName $vhostCert) }}
|
||||
|
||||
{{ $is_https := (and (ne $https_method "nohttps") (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }}
|
||||
{{ $baseServerConfig := dict
|
||||
"Host" $host
|
||||
"ServerTokens" $server_tokens
|
||||
"DefaultServer" $default_server
|
||||
"EnableIPv6" $enable_ipv6
|
||||
"AccessLog" $access_log
|
||||
}}
|
||||
|
||||
{{ $is_https := (and
|
||||
(ne $https_method "nohttps")
|
||||
(ne $cert "")
|
||||
(exists (printf "/etc/nginx/certs/%s.crt" $cert))
|
||||
(exists (printf "/etc/nginx/certs/%s.key" $cert))
|
||||
)}}
|
||||
|
||||
{{ if $is_https }}
|
||||
|
||||
{{ if eq $https_method "redirect" }}
|
||||
server {
|
||||
server_name {{ $host }};
|
||||
{{ if $server_tokens }}
|
||||
server_tokens {{ $server_tokens }};
|
||||
{{ end }}
|
||||
listen {{ $external_http_port }} {{ $default_server }};
|
||||
{{ if $enable_ipv6 }}
|
||||
listen [::]:{{ $external_http_port }} {{ $default_server }};
|
||||
{{ end }}
|
||||
{{ $access_log }}
|
||||
{{ template "server_config" (deepCopy $baseServerConfig | mustMerge (dict
|
||||
"SSL" false
|
||||
"Port" $external_http_port
|
||||
)) }}
|
||||
|
||||
# Do not HTTPS redirect Let'sEncrypt ACME challenge
|
||||
# Do not HTTPS redirect ACME challenge
|
||||
location ^~ /.well-known/acme-challenge/ {
|
||||
auth_basic off;
|
||||
auth_request off;
|
||||
@ -350,15 +393,10 @@ server {
|
||||
{{ end }}
|
||||
|
||||
server {
|
||||
server_name {{ $host }};
|
||||
{{ if $server_tokens }}
|
||||
server_tokens {{ $server_tokens }};
|
||||
{{ end }}
|
||||
listen {{ $external_https_port }} ssl http2 {{ $default_server }};
|
||||
{{ if $enable_ipv6 }}
|
||||
listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }};
|
||||
{{ end }}
|
||||
{{ $access_log }}
|
||||
{{ template "server_config" (deepCopy $baseServerConfig | mustMerge (dict
|
||||
"SSL" true
|
||||
"Port" $external_https_port
|
||||
)) }}
|
||||
|
||||
{{ template "ssl_policy" (dict "ssl_policy" $ssl_policy) }}
|
||||
|
||||
@ -395,7 +433,15 @@ server {
|
||||
|
||||
{{/* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external" */}}
|
||||
{{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }}
|
||||
{{ template "location" (dict "Path" "/" "Proto" $proto "Upstream" $upstream_name "Host" $host "VhostRoot" $vhost_root "Dest" "" "NetworkTag" $network_tag) }}
|
||||
{{ template "location" (dict
|
||||
"Path" "/"
|
||||
"Proto" $proto
|
||||
"Upstream" $upstream_name
|
||||
"Host" $host
|
||||
"VhostRoot" $vhost_root
|
||||
"Dest" ""
|
||||
"NetworkTag" $network_tag
|
||||
)}}
|
||||
{{ else }}
|
||||
{{ range $path, $container := $paths }}
|
||||
{{/* Get the VIRTUAL_PROTO defined by containers w/ the same vhost-vpath, falling back to "http" */}}
|
||||
@ -406,12 +452,20 @@ server {
|
||||
{{ $sum := sha1 $path }}
|
||||
{{ $upstream := printf "%s-%s" $upstream_name $sum }}
|
||||
{{ $dest := (or (first (groupByKeys $container "Env.VIRTUAL_DEST")) "") }}
|
||||
{{ template "location" (dict "Path" $path "Proto" $proto "Upstream" $upstream "Host" $host "VhostRoot" $vhost_root "Dest" $dest "NetworkTag" $network_tag) }}
|
||||
{{ template "location" (dict
|
||||
"Path" $path
|
||||
"Proto" $proto
|
||||
"Upstream" $upstream
|
||||
"Host" $host
|
||||
"VhostRoot" $vhost_root
|
||||
"Dest" $dest
|
||||
"NetworkTag" $network_tag
|
||||
)}}
|
||||
{{ end }}
|
||||
{{ if (not (contains $paths "/")) }}
|
||||
location / {
|
||||
return {{ $default_root_response }};
|
||||
}
|
||||
location / {
|
||||
return {{ $default_root_response }};
|
||||
}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
}
|
||||
@ -421,15 +475,10 @@ server {
|
||||
{{ if or (not $is_https) (eq $https_method "noredirect") }}
|
||||
|
||||
server {
|
||||
server_name {{ $host }};
|
||||
{{ if $server_tokens }}
|
||||
server_tokens {{ $server_tokens }};
|
||||
{{ end }}
|
||||
listen {{ $external_http_port }} {{ $default_server }};
|
||||
{{ if $enable_ipv6 }}
|
||||
listen [::]:{{ $external_http_port }} {{ $default_server }};
|
||||
{{ end }}
|
||||
{{ $access_log }}
|
||||
{{ template "server_config" (deepCopy $baseServerConfig | mustMerge (dict
|
||||
"SSL" false
|
||||
"Port" $external_http_port
|
||||
)) }}
|
||||
|
||||
{{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }}
|
||||
include {{ printf "/etc/nginx/vhost.d/%s" $host }};
|
||||
@ -443,7 +492,15 @@ server {
|
||||
|
||||
{{/* Get the NETWORK_ACCESS defined by containers w/ the same vhost, falling back to "external" */}}
|
||||
{{ $network_tag := or (first (groupByKeys $containers "Env.NETWORK_ACCESS")) "external" }}
|
||||
{{ template "location" (dict "Path" "/" "Proto" $proto "Upstream" $upstream_name "Host" $host "VhostRoot" $vhost_root "Dest" "" "NetworkTag" $network_tag) }}
|
||||
{{ template "location" (dict
|
||||
"Path" "/"
|
||||
"Proto" $proto
|
||||
"Upstream" $upstream_name
|
||||
"Host" $host
|
||||
"VhostRoot" $vhost_root
|
||||
"Dest" ""
|
||||
"NetworkTag" $network_tag
|
||||
)}}
|
||||
{{ else }}
|
||||
{{ range $path, $container := $paths }}
|
||||
{{/* Get the VIRTUAL_PROTO defined by containers w/ the same vhost-vpath, falling back to "http" */}}
|
||||
@ -454,27 +511,34 @@ server {
|
||||
{{ $sum := sha1 $path }}
|
||||
{{ $upstream := printf "%s-%s" $upstream_name $sum }}
|
||||
{{ $dest := (or (first (groupByKeys $container "Env.VIRTUAL_DEST")) "") }}
|
||||
{{ template "location" (dict "Path" $path "Proto" $proto "Upstream" $upstream "Host" $host "VhostRoot" $vhost_root "Dest" $dest "NetworkTag" $network_tag) }}
|
||||
{{ template "location" (dict
|
||||
"Path" $path
|
||||
"Proto" $proto
|
||||
"Upstream" $upstream
|
||||
"Host" $host
|
||||
"VhostRoot" $vhost_root
|
||||
"Dest" $dest
|
||||
"NetworkTag" $network_tag
|
||||
)}}
|
||||
{{ end }}
|
||||
{{ if (not (contains $paths "/")) }}
|
||||
location / {
|
||||
return {{ $default_root_response }};
|
||||
}
|
||||
location / {
|
||||
return {{ $default_root_response }};
|
||||
}
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
}
|
||||
|
||||
{{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }}
|
||||
{{ if (and
|
||||
(not $is_https)
|
||||
(exists "/etc/nginx/certs/default.crt")
|
||||
(exists "/etc/nginx/certs/default.key")
|
||||
)}}
|
||||
server {
|
||||
server_name {{ $host }};
|
||||
{{ if $server_tokens }}
|
||||
server_tokens {{ $server_tokens }};
|
||||
{{ end }}
|
||||
listen {{ $external_https_port }} ssl http2 {{ $default_server }};
|
||||
{{ if $enable_ipv6 }}
|
||||
listen [::]:{{ $external_https_port }} ssl http2 {{ $default_server }};
|
||||
{{ end }}
|
||||
{{ $access_log }}
|
||||
{{ template "server_config" (deepCopy $baseServerConfig | mustMerge (dict
|
||||
"SSL" true
|
||||
"Port" $external_https_port
|
||||
)) }}
|
||||
return 500;
|
||||
|
||||
ssl_certificate /etc/nginx/certs/default.crt;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user