diff options
Diffstat (limited to 'data/templates/https/nginx.default.tmpl')
-rw-r--r-- | data/templates/https/nginx.default.tmpl | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl new file mode 100644 index 000000000..f4f2c1848 --- /dev/null +++ b/data/templates/https/nginx.default.tmpl @@ -0,0 +1,69 @@ +### Autogenerated by https.py ### +# Default server configuration +# +server { + listen 80 default_server; + listen [::]:80 default_server; + server_name _; + return 301 https://$server_name$request_uri; +} + +{% for server in server_block_list %} +server { + + # SSL configuration + # +{% if server.address == '*' %} + listen {{ server.port }} ssl; + listen [::]:{{ server.port }} ssl; +{% else %} + listen {{ server.address }}:{{ server.port }} ssl; +{% endif %} + +{% for name in server.name %} + server_name {{ name }}; +{% endfor %} + +{% if server.certbot %} + ssl_certificate /etc/letsencrypt/live/{{ server.certbot_dir }}/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/{{ server.certbot_dir }}/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; +{% elif server.vyos_cert %} + include {{ server.vyos_cert.conf }}; +{% else %} + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + include snippets/snakeoil.conf; +{% endif %} + + # proxy settings for HTTP API, if enabled; 503, if not + location ~ /(retrieve|configure|config-file|image|generate|show) { +{% if server.api %} + proxy_pass http://localhost:{{ server.api.port }}; + proxy_read_timeout 600; + proxy_buffering off; +{% else %} + return 503; +{% endif %} + } + + error_page 501 502 503 =200 @50*_json; + +{% if api_somewhere %} + location @50*_json { + default_type application/json; + return 200 '{"error": "service https api unavailable at this proxy address: set service https api-restrict virtual-host"}'; + } +{% else %} + location @50*_json { + default_type application/json; + return 200 '{"error": "Start service in configuration mode: set service https api"}'; + } +{% endif %} + +} + +{% endfor %} |