2 files changed, 74 insertions, 74 deletions
diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl
new file mode 100644
index 000000000..a4eb11c81
--- /dev/null
+++ b/data/templates/https/nginx.default.tmpl
@@ -0,0 +1,61 @@
+### Autogenerated by https.py ###
+# Default server configuration
+#
+server {
+        listen 80 default_server;
+        listen [::]:80 default_server;
+        server_name _;
+        return 301 https://$server_name$request_uri;
+}
+
+{% for server in server_block_list %}
+server {
+
+        # SSL configuration
+        #
+{% if server.address == '*' %}
+        listen {{ server.port }} ssl;
+        listen [::]:{{ server.port }} ssl;
+{% else %}
+        listen {{ server.address }}:{{ server.port }} ssl;
+{% endif %}
+
+{% for name in server.name %}
+        server_name {{ name }};
+{% endfor %}
+
+{% if server.certbot %}
+        ssl_certificate /etc/letsencrypt/live/{{ server.certbot_dir }}/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/{{ server.certbot_dir }}/privkey.pem;
+        include /etc/letsencrypt/options-ssl-nginx.conf;
+        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+{% elif server.vyos_cert %}
+        include {{ server.vyos_cert.conf }};
+{% else %}
+        #
+        # Self signed certs generated by the ssl-cert package
+        # Don't use them in a production server!
+        #
+        include snippets/snakeoil.conf;
+{% endif %}
+
+        # proxy settings for HTTP API, if enabled; 503, if not
+        location ~ /(retrieve|configure|config-file|image|generate|show) {
+{% if server.api %}
+                proxy_pass http://localhost:{{ server.api.port }};
+                proxy_buffering off;
+{% else %}
+                return 503;
+{% endif %}
+        }
+
+        error_page 501 502 503 =200 @50*_json;
+
+        location @50*_json {
+                default_type application/json;
+                return 200 '{"error": "Start service in configuration mode: set service https api"}';
+        }
+
+}
+
+{% endfor %}
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index 889b62cf4..83a5f3602 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2019 VyOS maintainers and contributors
+# Copyright (C) 2019-2020 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -13,88 +13,22 @@
 #
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
-#
-#
 
-import sys
 import os
-from copy import deepcopy
 
-import jinja2
+from sys import exit
+from copy import deepcopy
+from jinja2 import FileSystemLoader, Environment
 
 import vyos.defaults
 import vyos.certbot_util
+
 from vyos.config import Config
+from vyos.defaults import directories as vyos_data_dir
 from vyos import ConfigError
 
 config_file = '/etc/nginx/sites-available/default'
 
-# Please be careful if you edit the template.
-config_tmpl = """
-
-### Autogenerated by https.py ###
-# Default server configuration
-#
-server {
-        listen 80 default_server;
-        listen [::]:80 default_server;
-        server_name _;
-        return 301 https://$server_name$request_uri;
-}
-
-{% for server in server_block_list %}
-server {
-
-        # SSL configuration
-        #
-{% if server.address == '*' %}
-        listen {{ server.port }} ssl;
-        listen [::]:{{ server.port }} ssl;
-{% else %}
-        listen {{ server.address }}:{{ server.port }} ssl;
-{% endif %}
-
-{% for name in server.name %}
-        server_name {{ name }};
-{% endfor %}
-
-{% if server.certbot %}
-        ssl_certificate /etc/letsencrypt/live/{{ server.certbot_dir }}/fullchain.pem;
-        ssl_certificate_key /etc/letsencrypt/live/{{ server.certbot_dir }}/privkey.pem;
-        include /etc/letsencrypt/options-ssl-nginx.conf;
-        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
-{% elif server.vyos_cert %}
-        include {{ server.vyos_cert.conf }};
-{% else %}
-        #
-        # Self signed certs generated by the ssl-cert package
-        # Don't use them in a production server!
-        #
-        include snippets/snakeoil.conf;
-{% endif %}
-
-        # proxy settings for HTTP API, if enabled; 503, if not
-        location ~ /(retrieve|configure|config-file|image|generate|show) {
-{% if server.api %}
-                proxy_pass http://localhost:{{ server.api.port }};
-                proxy_buffering off;
-{% else %}
-                return 503;
-{% endif %}
-        }
-
-        error_page 501 502 503 =200 @50*_json;
-
-        location @50*_json {
-                default_type application/json;
-                return 200 '{"error": "Start service in configuration mode: set service https api"}';
-        }
-
-}
-
-{% endfor %}
-"""
-
 default_server_block = {
     'id'        : '',
     'address'   : '*',
@@ -193,10 +127,15 @@ def generate(https):
     if https is None:
         return None
 
+    # Prepare Jinja2 template loader from files
+    tmpl_path = os.path.join(vyos_data_dir['data'], 'templates', 'https')
+    fs_loader = FileSystemLoader(tmpl_path)
+    env = Environment(loader=fs_loader, trim_blocks=True)
+
     if 'server_block_list' not in https or not https['server_block_list']:
         https['server_block_list'] = [default_server_block]
 
-    tmpl = jinja2.Template(config_tmpl, trim_blocks=True)
+    tmpl = env.get_template('nginx.default.tmpl')
     config_text = tmpl.render(https)
     with open(config_file, 'w') as f:
         f.write(config_text)
@@ -217,4 +156,4 @@ if __name__ == '__main__':
         apply(c)
     except ConfigError as e:
         print(e)
-        sys.exit(1)
+        exit(1)